
Requirements:

  * NetPipes, http://freshmeat.net/projects/netpipes/

    Specifically, only getpeername is required.  You can also optionally 
      use faucet to run cheshire as a standalone daemon, if you don't want
      to use your own inetd.

  * sed, awk, tr, cat, grep, and a standard bourne-like shell.  Ash is fine.

  * cron (any version will do; it will reset the firewall as often as you
      like, typically once per day.)

  Currently, only iptables / Linux is supported, but all NoCat compatible
firewall rules and platforms will be supported in due time.

  Also highly recommended: your own web server, for serving graphics and
other content directly from your gateway.  Cheshire will attempt to serve
whatever you have under DocumentRoot, but it's not exactly a speed demon. 
Run khttpd or thttpd, or even link your graphics from a server under
AllowedWebHosts, if speed is any sort of requirement.

  0) Install the netpipes package above.

  1) Extract this archive in /usr/local (to create /usr/local/cheshire/)

  2)  Create a user called 'nocat' with no privileges (for the suid wrapper)

  3) Set up /usr/local/cheshire/cheshire.conf to your liking.

  4) Customize /usr/local/cheshire/htdocs/splash.html if you like.  See the
     above note about running your own web server for graphics...

  5) Run /usr/local/cheshire/bin/grin -R once to set up the firewall.  You
     probably want to add this to your boot scripts (perhaps in rc.local)

  6) You have two options for running the gateway, in inetd or standalone.

  inetd installation:

    * Add this to your /etc/services:

	cheshire		5280/tcp

      ...and this to your /etc/inetd.conf:

	cheshire  stream  tcp  nowait  nocat  /usr/local/cheshire/bin/grin

  standalone installation:

    * Run this:

	su -c "faucet 5280 --in --out --daemon /usr/local/cheshire/bin/grin" nocat

  7) To reset your clients every LoginTimeout seconds, add something like
     this to your cron:

	*/5 * * * *	/usr/local/cheshire/bin/reaper

You're done.  Test it by trying to browse the Internet from behind your
gateway.  If there are problems, it should complain loudly from either the
commandline or your browser, depending on what's wrong.
