Holz wrote:
> I am working in a mixed environment network, both Linux and Xp
> workstations.
> all workstations browse through a proxy running on Ubuntu 7.10 server,
> which also runs Dansguardian.
> Is it possible to set this server to Masquerade clients ip, or should i
> set the clients to do it?

What are you actually trying to achieve?

Chris

Holz wrote:
> Hi all
>
> I am working in a mixed environment network, both Linux and Xp
> workstations.
> all workstations browse through a proxy running on Ubuntu 7.10 server,
> which also runs Dansguardian.
> Is it possible to set this server to Masquerade clients ip, or should i
> set the clients to do it?
> I am looking at a few HOW TO on the net, however it seems like they refer
> to the client itself only.
>
> TIA


First learn what the term masquerade actually means.

http://en.wikipedia.org/wiki/IP_Masquerade

Simply add a NAT router.


--
John

No Microsoft, Apple, AT&T, Intel, Novell, Trend Micro, nor Ford products were used in the preparation or transmission of this message.

The EULA sounds like it was written by a team of lawyers who want to tell me what I can't do. The GPL sounds like it was written by a human being, who wants me to know what I can do.

Chris Davies wrote:
> Holz wrote:
>> I am working in a mixed environment network, both Linux and Xp
>> workstations.
>> all workstations browse through a proxy running on Ubuntu 7.10 server,
>> which also runs Dansguardian.
>> Is it possible to set this server to Masquerade clients ip, or should i
>> set the clients to do it?
>
> What are you actually trying to achieve?
>
> Chris

I am trying to Masquerade the ip of any workstation that will browse the
internet.

--
--
Holz

John F. Morse wrote:
> Holz wrote:
>> Hi all
>>
>> I am working in a mixed environment network, both Linux and Xp
>> workstations.
>> all workstations browse through a proxy running on Ubuntu 7.10 server,
>> which also runs Dansguardian.
>> Is it possible to set this server to Masquerade clients ip, or should
>> i set the clients to do it?
>> I am looking at a few HOW TO on the net, however it seems like they
>> refer to the client itself only.
>>
>> TIA
>
>
> First learn what the term masquerade actually means.
>
> http://en.wikipedia.org/wiki/IP_Masquerade
>
> Simply add a NAT router.
>
>

Thank you for the link, I understand the subject better now.

--
--
Holz

Holz wrote:
> John F. Morse wrote:
>> Holz wrote:
>>> Hi all
>>>
>>> I am working in a mixed environment network, both Linux and Xp
>>> workstations.
>>> all workstations browse through a proxy running on Ubuntu 7.10
>>> server, which also runs Dansguardian.
>>> Is it possible to set this server to Masquerade clients ip, or
>>> should i set the clients to do it?
>>> I am looking at a few HOW TO on the net, however it seems like they
>>> refer to the client itself only.
>>>
>>> TIA
>>
>>
>> First learn what the term masquerade actually means.
>>
>> http://en.wikipedia.org/wiki/IP_Masquerade
>>
>> Simply add a NAT router.
>>
>>
>
> Thank you for the link, I understand the subject better now.


You are welcome.

The easiest solution is to use one of the relatively cheap NAT routers,
like the Linksys BEFSR41 for instance.

You could do a little better if you use a stand-alone (dedicated) Linux
router and firewall computer, but it will not only require
configuration, but substantially more electrical power to run. Plus it
will generate more heat, which will add to the air conditioning load in
the summer.

My use of the term "better" here concerns a possible speed increase over
the off-the-shelf routers, and much better configuration and option
choices -- if really needed.


--
John

No Microsoft, Apple, AT&T, Intel, Novell, Trend Micro, nor Ford products were used in the preparation or transmission of this message.

The EULA sounds like it was written by a team of lawyers who want to tell me what I can't do. The GPL sounds like it was written by a human being, who wants me to know what I can do.

John F. Morse wrote:
> Holz wrote:
>> John F. Morse wrote:
>>> Holz wrote:
>>>> Hi all
>>>>
>>>> I am working in a mixed environment network, both Linux and Xp
>>>> workstations.
>>>> all workstations browse through a proxy running on Ubuntu 7.10
>>>> server, which also runs Dansguardian.
>>>> Is it possible to set this server to Masquerade clients ip, or
>>>> should i set the clients to do it?
>>>> I am looking at a few HOW TO on the net, however it seems like they
>>>> refer to the client itself only.
>>>>
>>>> TIA
>>>
>>>
>>> First learn what the term masquerade actually means.
>>>
>>> http://en.wikipedia.org/wiki/IP_Masquerade
>>>
>>> Simply add a NAT router.
>>>
>>>
>>
>> Thank you for the link, I understand the subject better now.
>
>
> You are welcome.
>
> The easiest solution is to use one of the relatively cheap NAT
> routers, like the Linksys BEFSR41 for instance.
>
> You could do a little better if you use a stand-alone (dedicated)
> Linux router and firewall computer, but it will not only require
> configuration, but substantially more electrical power to run. Plus it
> will generate more heat, which will add to the air conditioning load
> in the summer.
>
> My use of the term "better" here concerns a possible speed increase
> over the off-the-shelf routers, and much better configuration and
> option choices -- if really needed.
>
>
Why tell him to get the BEFSR41 when there is the WRT54GL (L as in
Linux) which was made just for us Linux types?
It has much more memory and a faster CPU (250MHz vs only 100) and there
is a Linux program already written as a kind of guide to work from. Mine
is a firewall, deflects more than one ping every few seconds, and could
care less about DOS attacks (their words). It also has excellent
wireless b/g security.
Bill Baka

> Why tell him to get the BEFSR41 when there is the WRT54GL (L as in
> Linux) which was made just for us Linux types?
> It has much more memory and a faster CPU (250MHz vs only 100) and there
> is a Linux program already written as a kind of guide to work from. Mine
> is a firewall, deflects more than one ping every few seconds, and could
> care less about DOS attacks (their words). It also has excellent
> wireless b/g security.
> Bill Baka

Thanks for all the advice, I have the budget for some Cisco perimeter
devices, so I will go with it.
--
--
Holz

Bill Baka wrote:
> Why tell him to get the BEFSR41 when there is the WRT54GL (L as in
> Linux) which was made just for us Linux types?
> It has much more memory and a faster CPU (250MHz vs only 100) and there
> is a Linux program already written as a kind of guide to work from. Mine
> is a firewall, deflects more than one ping every few seconds, and could
> care less about DOS attacks (their words). It also has excellent
> wireless b/g security.
> Bill Baka
>


Because the WRT54GL also has that "W" in it.

That router may (or may not) have excellent security, but consider the
other clients. Some were stated to be Windows PCs.

There goes your "excellent security" out the "window" (or probably any
security). ;-)

I'm still, and will forever be, a believer that if you "broadcast"
something, somebody will eventually crack it, regardless of the security.

Keep your business inside coax or tightly twisted-pair, and it's not
nearly as vulnerable. It can still be sniffed, but they will be on the
property and the range of deadly force (the Castle Doctrine).

I can't shoot 'em if they are parked out front on the street doing WiFi
sniffing, nor if they are a close neighbor. ;-)


--
John

No Microsoft, Apple, AT&T, Intel, Novell, Trend Micro, nor Ford products were used in the preparation or transmission of this message.

The EULA sounds like it was written by a team of lawyers who want to tell me what I can't do. The GPL sounds like it was written by a human being, who wants me to know what I can do.

John F. Morse wrote:
> Bill Baka wrote:
>> Why tell him to get the BEFSR41 when there is the WRT54GL (L as in
>> Linux) which was made just for us Linux types?
>> It has much more memory and a faster CPU (250MHz vs only 100) and there
>> is a Linux program already written as a kind of guide to work from. Mine
>> is a firewall, deflects more than one ping every few seconds, and could
>> care less about DOS attacks (their words). It also has excellent
>> wireless b/g security.
>> Bill Baka
>>
>
>
> Because the WRT54GL also has that "W" in it.
>
> That router may (or may not) have excellent security, but consider the
> other clients. Some were stated to be Windows PCs.
>
> There goes your "excellent security" out the "window" (or probably any
> security). ;-)
Maybe. I have the wireless 802.11/B/G set for her laptop's MAC only, G
only, use channel 11, maximum strength WPA,
and I am looking for a way to lower the transmit power since it only
goes about 20 feet to her computer.
This is a home network so there are no other clients, and I have a 3COM
3CR990 10/100 Ethernet card that has it's own security. I believe I am
pretty secure with this setup and in the area I live I doubt that
someone could pull off a war driving attack on me.
>
> I'm still, and will forever be, a believer that if you "broadcast"
> something, somebody will eventually crack it, regardless of the security.
Hence the attempt to lower the power, since my daughter gets maximum
signal in her room, and I could probably cut her down to merely 'good'
on the signal strength.
>
>
> Keep your business inside coax or tightly twisted-pair, and it's not
> nearly as vulnerable. It can still be sniffed, but they will be on the
> property and the range of deadly force (the Castle Doctrine).
>
> I can't shoot 'em if they are parked out front on the street doing
> WiFi sniffing, nor if they are a close neighbor. ;-)
>
> True, but I can get sneaky and toss rocks from the back yard over the
> house and hope to hit the snooper's windshield. Then said snoop would
> be looking around for the kid who tossed the rock.
Bill (devious) Baka