72 lines
2.8 KiB
HTML
72 lines
2.8 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
|
|
<TITLE>Transparent Proxy with Linux and Squid mini-HOWTO: Configuring the Kernel</TITLE>
|
|
<LINK HREF="TransparentProxy-4.html" REL=next>
|
|
<LINK HREF="TransparentProxy-2.html" REL=previous>
|
|
<LINK HREF="TransparentProxy.html#toc3" REL=contents>
|
|
</HEAD>
|
|
<BODY>
|
|
<A HREF="TransparentProxy-4.html">Next</A>
|
|
<A HREF="TransparentProxy-2.html">Previous</A>
|
|
<A HREF="TransparentProxy.html#toc3">Contents</A>
|
|
<HR>
|
|
<H2><A NAME="s3">3. Configuring the Kernel</A></H2>
|
|
|
|
<P>First, we need to make sure all the proper options are set in your kernel.
|
|
If you are using a stock kernel from your distribution, transparent proxying
|
|
may or may not be enabled.
|
|
If you are unsure, the best way to tell is to simply skip this section, and
|
|
if the commands in the next section give you weird errors, it's probably because
|
|
the kernel wasn't configured properly.
|
|
<P>If your kernel is not configured for transparent proxying, you will need
|
|
to recompile. Recompiling a kernel is a complex process (at least at first),
|
|
and it is beyond the scope of this document. If you need help compiling a kernel,
|
|
please see
|
|
<A HREF="http://metalab.unc.edu/pub/Linux/docs/HOWTO/Kernel-HOWTO">The Kernel HOWTO</A><P>The options you need to set in your configuration are as follows (Note:
|
|
if you prefer modules, some (but not all) of these can be built as modules. Luckily, everything that is not modularizable is probably got in your kernel anyway.)
|
|
<P>
|
|
<UL>
|
|
<LI> Under General Setup
|
|
<UL>
|
|
<LI>Networking support</LI>
|
|
<LI>Sysctl support</LI>
|
|
</UL>
|
|
</LI>
|
|
<LI> Under Networking Options
|
|
<UL>
|
|
<LI>Network packet filtering </LI>
|
|
<LI>TCP/IP networking</LI>
|
|
</UL>
|
|
</LI>
|
|
<LI> Under Networking Options -> IP: Netfilter Configuration
|
|
<UL>
|
|
<LI>Connection tracking</LI>
|
|
<LI>IP tables support</LI>
|
|
<LI>Full NAT</LI>
|
|
<LI>REDIRECT target support</LI>
|
|
</UL>
|
|
</LI>
|
|
<LI>Under File Systems
|
|
<UL>
|
|
<LI>/proc filesystem support</LI>
|
|
</UL>
|
|
</LI>
|
|
</UL>
|
|
|
|
You must say NO to ``Fast switching'' under Networking Options.
|
|
<P>Once you have your new kernel up and running, you may need to enable IP
|
|
forwarding. IP forwarding allows your computer to act as a router. Since this
|
|
is not what the average user wants to do, it is off by default and must be
|
|
explicitly enabled at run-time. However, your distribution might do this for
|
|
you already. To check, do ``cat /proc/sys/net/ipv4/ip_forward''. If you see
|
|
``1'' you're good. Otherwise, do ``echo '1' > /proc/sys/net/ipv4/ip_forward''.
|
|
You will then want to add that command to your appropriate bootup scripts (depending on your distribution, these may live in /etc/rc.d, /etc/init.d, or maybe somewhere else entirely).
|
|
<HR>
|
|
<A HREF="TransparentProxy-4.html">Next</A>
|
|
<A HREF="TransparentProxy-2.html">Previous</A>
|
|
<A HREF="TransparentProxy.html#toc3">Contents</A>
|
|
</BODY>
|
|
</HTML>
|