Linux Networking Quick and dirty I will assume that you are using kernel 2.2.x, for which you will need ipchains to do some firewall stuff. Older kernels use a different utility called ipfwadm (I think). Okay, you've got your network card and got the modules loaded for it and have an eth0 device (right?). Next step is to give yourself an IP address. If this network is not accessible to the internet, you should pick a network ID that is reserved for private networks. I will use a reserved class C network: 192.168.1.x with [sub]net mask 255.255.255.0. I will be assuming that YOUR IP node address is 1 (192.168.1.1). This also assumes that your lo device is already setup and configured. To configure your IP address, use ifconfig: ifconfig eth0 192.168.1.1 broadcast 192.168.1.255 netmask 255.255.255.0 Next up is to configure your routing table: route add -net 192.168.1.0 netmask 255.255.255.0 dev eth0 route add -host 192.198.1.1 eth0 Try pinging some computers on your network, it should work! Sharing an internet connection (do not forget the DENY line!!! It is a SERIOUS security risk): ipchains -P forward DENY ipchains -A input -p TCP -s 192.168.1.0/24 -d 127.0.0.1/32 www -j ACCEPT ipchains -A input -p TCP -s 192.168.1.0/24 -d 192.168.1.1/32 www -j ACCEPT ipchains -A forward -s 192.168.1.0/24 -j MASQ Try pinging something on the internet. It should work! Here is a script I wrote to be run at start up. I'm not great with shell scripts, so don't make fun of me. I have two subnets (discluding the internet). This script configures the firewall to forward packets between these two networks so that my computer can act as a gateway server for the two subnets. It automatically forwards all data destined for port 80 (http/www) to go through a caching proxy server running on port 3128. Any data not destined for one of the subnets is masqueraded through my computer, picked up by the routing table and forwarded to the default route. #! /bin/sh # 19990501 by, Daniel Miller # This configures IP masquerading for my network # See how we were called from the command line case "$1" in start) echo -n "socks5 proxy server: " /usr/local/bin/socks5 -t -s 2> /var/log/socks5 echo done echo -n "Configuring IP masquerading: " (p4 of 6) ipchains -P forward DENY # For transparent proxy # ipchains -A input -p TCP -s 192.168.1.11/32 -d 0/0 www -j ACCEPT ipchains -A input -p TCP -s 192.168.1.0/24 -d 127.0.0.1/32 www -j ACCEPT ipchains -A input -p TCP -s 192.168.1.0/24 -d 192.168.1.1/32 www -j ACCEPT ipchains -A input -p TCP -s 192.168.1.0/24 -d 0/0 www -j REDIRECT 3128 ipchains -A forward -s 192.168.1.0/24 -d 193.168.1.0/24 -j ACCEPT ipchains -A forward -s 192.168.1.0/24 -j MASQ ipchains -A input -p TCP -s 193.168.1.0/24 -d 127.0.0.1/32 www -j ACCEPT ipchains -A input -p TCP -s 193.168.1.0/24 -d 192.168.1.1/32 www -j ACCEPT ipchains -A input -p TCP -s 193.168.1.0/24 -d 0/0 www -j REDIRECT 3128 ipchains -A forward -s 193.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT ipchains -A forward -s 193.168.1.0/24 -j MASQ echo -n "rules, " insmod ip_masq_ftp echo -n "ftp, " insmod ip_masq_irc echo -n "irc, " insmod ip_masq_raudio echo -n "raudio, " echo "done" ;; status) echo "blablabla - how's that for status???" ;; stop) echo -n "Turning off masquerading: " ipchains -F echo -n "rules, " echo "done" echo -n "Killing socks5: " killall socks5 echo "done" ;; *) echo "Usage: masquerade {start|stop}" ;; esac exit 0 So, you want to get more advanced. Read the squid HOWTO and figure out how to set it up. To transparently redirect all http/www (port 80) requests through the a proxy server on port 3128, use this: ipchains -A input -p TCP -s 192.168.1.0/24 -d 0/0 www -j REDIRECT 3128 If you have multiple subnets then you can do more fun stuff with routing and things. ...but I'll save that info for another day.