LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/TransparentProxy-3.html

72 lines
2.8 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
<TITLE>Transparent Proxy with Linux and Squid mini-HOWTO: Configuring the Kernel</TITLE>
<LINK HREF="TransparentProxy-4.html" REL=next>
<LINK HREF="TransparentProxy-2.html" REL=previous>
<LINK HREF="TransparentProxy.html#toc3" REL=contents>
</HEAD>
<BODY>
<A HREF="TransparentProxy-4.html">Next</A>
<A HREF="TransparentProxy-2.html">Previous</A>
<A HREF="TransparentProxy.html#toc3">Contents</A>
<HR>
<H2><A NAME="s3">3. Configuring the Kernel</A></H2>
<P>First, we need to make sure all the proper options are set in your kernel.
If you are using a stock kernel from your distribution, transparent proxying
may or may not be enabled.
If you are unsure, the best way to tell is to simply skip this section, and
if the commands in the next section give you weird errors, it's probably because
the kernel wasn't configured properly.
<P>If your kernel is not configured for transparent proxying, you will need
to recompile. Recompiling a kernel is a complex process (at least at first),
and it is beyond the scope of this document. If you need help compiling a kernel,
please see
<A HREF="http://metalab.unc.edu/pub/Linux/docs/HOWTO/Kernel-HOWTO">The Kernel HOWTO</A><P>The options you need to set in your configuration are as follows (Note:
if you prefer modules, some (but not all) of these can be built as modules. Luckily, everything that is not modularizable is probably got in your kernel anyway.)
<P>
<UL>
<LI> Under General Setup
<UL>
<LI>Networking support</LI>
<LI>Sysctl support</LI>
</UL>
</LI>
<LI> Under Networking Options
<UL>
<LI>Network packet filtering </LI>
<LI>TCP/IP networking</LI>
</UL>
</LI>
<LI> Under Networking Options -> IP: Netfilter Configuration
<UL>
<LI>Connection tracking</LI>
<LI>IP tables support</LI>
<LI>Full NAT</LI>
<LI>REDIRECT target support</LI>
</UL>
</LI>
<LI>Under File Systems
<UL>
<LI>/proc filesystem support</LI>
</UL>
</LI>
</UL>
You must say NO to ``Fast switching'' under Networking Options.
<P>Once you have your new kernel up and running, you may need to enable IP
forwarding. IP forwarding allows your computer to act as a router. Since this
is not what the average user wants to do, it is off by default and must be
explicitly enabled at run-time. However, your distribution might do this for
you already. To check, do ``cat /proc/sys/net/ipv4/ip_forward''. If you see
``1'' you're good. Otherwise, do ``echo '1' &gt; /proc/sys/net/ipv4/ip_forward''.
You will then want to add that command to your appropriate bootup scripts (depending on your distribution, these may live in /etc/rc.d, /etc/init.d, or maybe somewhere else entirely).
<HR>
<A HREF="TransparentProxy-4.html">Next</A>
<A HREF="TransparentProxy-2.html">Previous</A>
<A HREF="TransparentProxy.html#toc3">Contents</A>
</BODY>
</HTML>
Reference in New Issue View Git Blame Copy Permalink