Regarding your question about if it is better to use two network cards of the same model. Sometimes it's actually easier to use two different network cards. I have had problems running multiple 3com 3c905 cards but have never had a problem running cards of different types. You define which interface name (eth0,eth1,eth2 etc) is assigned to which card in the /etc/conf.modules. Normally "kudzu" will set this up for you at boot time with no problems. But when you have:
alias eth0 3c59x
alias eth1 3c59x
Instead of:
alias eth0 3c59x
alias eth1 eepro100
in your conf.modules you can see where different types of NICs can be less confusing (which card is eth0 when using the same driver?). And you usually have to pass other parameters "io_addr" etc to the driver when using two of the same type to distinguish them. Having said this, there is nothing wrong with using the same card types, in fact many may argue that it is better that way. And if kudzu does it's job you should not have to mess with this file.
On to IP Masq. This is extremely easy to configure. First you need to make sure it's compiled into the kernel and most if not all distros ship that way by default. But rather than going into detail I just found a HOWTO for you:
http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/If you have any questions after going through this DOC let me know and I'll help you out.
On to Proxy Servers. Squid is a VERY powerful and configurable caching proxy server. Install the Squid RPM. You will find the configuration file in /etc/squid/squid.conf, however if you are fairly new to Linux and are new to Squid you might install the "Webmin" RPM (
http://www.webmin.com) to help you configure it graphically. It might help you undstand the concepts more quickly. And the Squid web site is:
http://www.squid-cache.org/I use both IP Masq and Squid and IP Chains for firewalling. I do not allow any port 80 traffic out of my house without authentication. The proxy server does the authentication and I can restrict what users are allowed to go where on the internet. For instance, my wife and I are allowed to browse anywhere but my kids are restricted. I use ipchains in my firewall script to allow no outbound port 80 traffic, except from my proxy server. This forces any machine on my internal network to go through my proxy server if they want to browse the net. Squid does the authentication and browsing rules. In addition Squid blocks specific sites for me so those specific sites will never be accessed by a machine at my house (.microsoft.com, .msn.com, .goosencherryclock.com, zombie.somefreehost.com, etc).
In addition to this basic authentication and blocking, Squid caches content so if multiple machines on my network go to the same site, the content only comes off the internet the first time on the first machine. The second machine pulls it from the proxy cache.
And one of the best additions I've made to my Squid proxy is a 3rd party redirector script called "squid_redirect". This script filters out all the banner adds, graphics, and popup advertizements. I update the script automatically once a week from cron. You can find out more information about this redirector at:
http://www.zip.com.au/~cs/adzap/index.htmlI have also written a custom web based utility to modify my squid blocked sites, manage squid users and groups, etc. When I say "custom", I mean it's tailored to me and it would take some work to make it generic enough for public consumption. I actually wrote it for work to manage several squid servers and around 2000 users.
Good luck and feel free to ask any questions, after reading the HOWTOs of course.
