To the list:
HOW-TO on DNS + DHCP + SQUID + Firewall + Router
Since this seems to be a recurring topic:
Thought you might be interested in a working set up of DNS + DHCP + SQUID + Firewall + Router machine that took quite an effort to get working but now runs flawlessly.
Don't get discouraged. This takes some time to set up correctly but once you get through it - it works great!
Remember: tcpdump is your friend!!!!
Anyone having a network internally that needs these features should continue reading:
We set up a new firewall based on CentOS 3.3. (3.4 should work fine)
We needed it to serve many protocols internally.
The specifications for it are:
NOT Microsoft based (We are a MS Partner with all the software but I wanted something that was MS virus proof)
KDE Graphical Firewall Control External Internet LAN Port x 1 Internal Networks x 2 (more can be added) -> we used 192.168.0.X and 192.168.1.X DNS Name Caching Server - internal and external, forward and reverse lookups DHCP Server that does ddns-update internally Squid Server IP Masqerading Routing between all networks
Hardware:
OLD P3-800 Based System (Only non AMD system we run) 3 x Intel Pro 100 NIC's (We have a big box of these) 1GB SDRAM 40GB IDE Disk CDROM Drive Floppy Standard PC Case with extra cooling and 400 w ps.
This hardware is overkill as it never runs above 30% load. Any machine supported by Centos with > 600 MHz CPU and 512M Memory should do.
Software:
Centos 3.3 Full Install (Lessens the chance of missing packages)
Guarddog Firewall RPM for Centos (http://centos.hughesjr.com/3/guarddog/RPMS/) Guidedog router/masqerader RPM for RH9 (works fine) (http://www.simonzone.com/software/guidedog/guidedog-1.0.0-1_rh9.i386.rpm)
Squid source tar ball.
First install Centos and set it for a KDE graphical boot up. Turn off all services not used Leave Iptables on but turn off IP6tables
Then Install Guarddog Then install Guidedog Configure both of the above - read the instructions for these carefully. - questions for these should go to the writer or his mail forum - Make sure to enable DHCP for eth1 and eth2 BUT NOT eth0 (external LAN NIC)
Make sure you can see the internet from the inside LANs with the clients set to use static IPs.
NEXT ---
Please read the instructions on how to set up DHCP and bind(DNS) here:
http://integratedsolutions.org/downloads/DHCP-DDNS.txt
Read this multiple times and make sure you understand it!
Cut and paste can be an enemy. Be careful which editor you use
This set up allows us to have any number of machines on our internal network automagically connected to each other and the internet with all the IP information coming from our firewall / router / masquerader / squid server.
It works for forward and reverse DNS internally for Windows and linux clients and servers.
It also speeds up client internet traffic by caching most outside pages.
Install squid per the INSTALL in the src tar ball and add a startup entry to either chkconfig or rc.local. We set it to use 5 GB of disk cache and start automatically at boot time. We used the standard proxy port.
We configured squid using webmin and this works fine.
We added Webmin just to see how well it works: It can break DNS and DHCP easily if you are not careful but it was helpful getting squid working.
Read up on syslogd and change the config file (or use webmin) to rotate logs every day and keep 7 to 14 old logs for back checking purposes. This will limit log size and make it easier to find any problems.
Your milage mary vary.
Standard software disclaimer applies.
If this is helpful drop me an email so I know.
If this needs work drop me an email with specifics.
We will be adding a knowledgebase to our website with complete instructions for this in the next few weeks.
Best
Seth Bardash
Integrated Solutions and Systems
seth@integratedsolutions.org
719-495-5866
Failure can not cope with perseverance!