Deploying Intranet proxy servers in Centos

Deploying Intranet proxy servers in Centos
Environment and requirements

10 internal network worker machines, all of which are win7, with the network segment 192.168.1./24, 1 server, and CentOS6 System (dual Nic ). One vro (Dynamic IP, accessing the Internet through the PPPOP account password) and one vswitch with 48 ports. To deploy a CentOS server as a proxy server, the Intranet worker must connect to the network through the server.

Analysis: To become a proxy server, that is, a network card of the CentOS server becomes the gateway of all working groups, and the other network card connects to the Internet, and then forwards it. For PPPOP dial-up Internet access, you also need to configure CentOS dial-up Internet access settings.

Deploy CENTOS6 dial-up Internet access

First, install the dialing program:

yum -y install rp-pppoe*

Then set dial-up Internet access:

/usr/sbin/pppop-setup

Welcome to the PPPoE client setup. First, I will run some checks on
Your system to make sure the PPPoE client is installed properly...

LOGIN NAME

Enter your Login Name (default root): # username of PPPOP

INTERFACE

Enter the Ethernet interface connected to the PPPoE modem
For Solaris, this is likely to be something like/dev/hme0.
For Linux, it will be ethX, where 'x' is a number.
(Default eth0): # which network card to use

Do you want the link to come up on demand, or stay up continuously?
If you want it to come up on demand, enter the idle time in seconds
After which the link shoshould be dropped. If you want the link
Stay up permanently, enter 'no' (two letters, lower-case .)
NOTE: Demand-activated links do not interact well with dynamic IP
Addresses. You may have some problems with demand-activated links.
Enter the demand value (default no): # Press Enter

DNS

Please enter the IP address of your ISP's primary DNS server.
If your ISP claims that 'the server will provide dynamic DNS address ',
Enter 'server' (all lower-case) here.
If you just press enter, I will assume you know what you are
Doing and not modify your DNS setup.
Enter the DNS information here: # Enter DNS

PASSWORD

Please enter your Password: # enter the ADSL Password
Please re-enter your Password: # enter the Password again

USERCTRL

Please enter 'yes' (three letters, lower-case.) if you want to allow
Normal user to start or stop DSL connection (default yes): # whether normal users are allowed to start the connection

FIREWALLING

Please choose the firewall rules to use. Note that these rules are
Very basic. You are strongly encouraged to use a more sophisticated
Firewall setup; however, these will provide basic security. If you
Are running any servers on your machine, you must choose 'none' and
Set up firewalling yourself. Otherwise, the firewall rules will deny
Access to all standard servers like Web, e-mail, ftp, etc. If you
Are using SSH, the rules will block outgoing SSH connections which
Allocate a privileged source port.

The firewall choices are:
0-NONE: This script will not set any firewall rules. You are responsible
For ensuring the security of your machine. You are STRONGLY
Recommended to use some kind of firewall rules.
1-STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2-MASQUERADE: Appropriate for a machine acting as an Internet gateway
For a LAN
Choose a type of firewall (0-2): # select firewall and select 0

Start this connection at boot time

Do you want to start this connection at boot time?
Please enter no or yes (default no): # whether to start automatically

** Summary of what you entered **

Ethernet Interface: eth0
User name: root
Activate-on-demand: No
DNS: Do not adjust
Firewalling: NONE
User Control: yes
Accept these settings and adjust configuration files (y/n )? # Whether to write the configuration to the configuration file, enter y

Then you can start ADSL for dial-up Internet access:

/usr/sbin/pppoe-start

If no connection is available, check whether the configuration file is correct and whether the network cable is properly inserted. Add it to the startup Item:

chkconfig pppoe-server on

Set Intranet forwarding for CENTOS servers

Deploy the IP address of another network card. Assume that the eth0 network card is used by ADSL and the ip address is 202.102.123.32. The intranet uses the eth1 network card, IP is 192.168.1.1 (/etc/sysconfig/network-scripts/ifcfg-eth1 is set to static ).

Enable IP Forwarding

echo 1 >/proc/sys/net/ipv4/ip_forward

Configure iptables rules

iptables -t nat -A POSTROUTING -j MASQUERADE

iptables -t nat -A POSTROUTING –s 192.168.1.0/24 -j MASQUERADE

Configure Static Routing rules

route add -net 202.102.123.32 netmask 255.255.255.0

route add -net 192.168.1.1 netmask 255.255.255.0

route add default gw 202.102.123.32

Set automatic start upon startup

vim /etc/rc.local

/sbin/iptables -t nat -A POSTROUTING –s 192.168.1.0/24 -j MASQUERADE

echo 1 >/proc/sys/net/ipv4/ip_forward

Set a work machine to access the Internet

Set the gateway of the worker to 192.168.1.1 to access the Internet through the CentOS server.