Skip to main content

Posts

Showing posts from May, 2006

bond0 interface

In the example below, the bond0 interface is the master (MASTER) while eth0 and eth1 are slaves (SLAVE). Notice all slaves of bond0 have the same MAC address (HWaddr) as bond0 for all modes except TLB and ALB that require a unique MAC address for each slave.

# /sbin/ifconfig
bond0 Link encap:Ethernet HWaddr 00:C0:F0:1F:37:B4
inet
addr:XXX.XXX.XXX.YYY Bcast:XXX.XXX.XXX.255 Mask:255.255.252.0
UP BROADCAST
RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:7224794 errors:0
dropped:0 overruns:0 frame:0
TX packets:3286647 errors:1 dropped:0
overruns:1 carrier:0
collisions:0 txqueuelen:0

eth0 Link
encap:Ethernet HWaddr 00:C0:F0:1F:37:B4
inet addr:XXX.XXX.XXX.YYY
Bcast:XXX.XXX.XXX.255 Mask:255.255.252.0
UP BROADCAST RUNNING SLAVE
MULTICAST MTU:1500 Metric:1
RX packets:3573025 errors:0 dropped:0 overruns:0
frame:0
TX packets:1643167 errors:1 dropped:0 overruns:1 carrier:0
collisions:0 txqueuelen:100
Interrupt:10 Base address:0x1080

eth1 Link encap:Ethernet HWaddr 00:C0:F0:1F:37:B4
inet
addr:XXX.XXX.XXX.YYY Bcast:X…

squid and iptables - revisited

One of best combinations for internet connected LAN is squid, a proxy server and iptables, a packet filtering ruleset. To make it useful, this combination is used to configure transparent proxy for a LAN or more.

iptables -t nat -I PREROUTING -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128Above command is for LAN (192.168.0.0/24) connecting to the internet via proxy server running on port 3128.

To make https proxied( it is not actually because we can't proxied encrypted packets but they are just forwarded), the command is as below :
iptables -t nat -I PREROUTING -s 192.168.0.0/24 -p tcp --dport 443 -j REDIRECT --to-port 3128You can NOT do the same for ftp (port 21). For ftp, you have manually inserted the proxy address for ftp protocol in your browser connection setting.

By above command executed on a proxy server (a.k.a firewall), the PCs in the LAN need not be configured one by one to use the proxy server. Less work for system/network administrator :). They are said…