Masquerading Simple HOWTO GR

Greek - Masquerading Made Simple HOWTO
John Tapsell
<tapselj0@cs.man.ac.uk>
Thomas Spellman
<thomas@resonance.org>
Matthias Grimm
<DeadBull@gmx.net>
: Sotiris Ganouris
<topgan1@clug.gr>

0.08 2002-07-11
0.07 2002-02-27
0.06 2001-09-08
0.05 2001-09-07
0.04 2001-09-01
0.03 2001-07-06
jpt
jpt
jpt
jpt
jpt
jpt
#debian
irc.opensource.net
John Tapsell (JohnFlux)
how-to.
Email (John Tapsell) ,
, , .
David Ranch <dranch@trinnet.net>.
IP-Masquerading HOWTO
,
.
HOWTO, ,
. http://ipmasq.cjb.net
Masq-HOWTO guides
.
IP
Masquerade feature Linux host. IP Masq
Network Address Translation
NAT
Internet
IP
Internet Internet IP () Linux Box.
GNU Free
Documentation License.
http://www.gnu.org/copyleft/fdl.html
_________________________________________________________

1.
2.
3.
4.
5.
: ( )

Post-install
FAQ's - Frequently Asked Compla Questions,
1.
.

Internet:
[network.png]
_________________________________________________________
2. : ( )

() eth0, IP
123.12.23.43 ( )
eth1, :
$> modprobe ipt_MASQUERADE #
$> iptables -F; iptables -t nat -F; iptables -t mangle -F

$> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 123.12.23.43
$> echo 1 > /proc/sys/net/ipv4/ip_forward
$>
$>
$>
$>
dial-up:
modprobe ipt_MASQUERADE #
iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
$>
$>
$>
$>

iptables
iptables
iptables
iptables
-A
-A
-P
-A
$>
$>
$>
$>

):
iptables -A
iptables -A
iptables -P
iptables -A
:
INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
INPUT -m state --state NEW -i ! eth0 -j ACCEPT
INPUT DROP #
FORWARD -i eth0 -o eth0 -j REJECT
dial-up ( eth0
INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
INPUT DROP #only if the first two are succesful
FORWARD -i ppp0 -o ppp0 -j REJECT
! iptables
"iptables -t nat -L"
_________________________________________________________
3.
compile : ( 2.4.x
)
:
*
+
*
+
+
+
+
+
+
+
+
Networking Options
Network packet filtering (CONFIG_NETFILTER)
Networking Options->Netfilter Configuration
Connection tracking (CONFIG_IP_NF_CONNTRACK)
FTP Protocol support (CONFIG_IP_NF_FTP)
IP tables support (CONFIG_IP_NF_IPTABLES)
Connection state match support
(CONFIG_IP_NF_MATCH_STATE)
Packet filtering (CONFIG_IP_NF_FILTER)
o REJECT target support
(CONFIG_IP_NF_TARGET_REJECT)
Full NAT (CONFIG_IP_NF_NAT)
o MASQUERADE target support
(CONFIG_IP_NF_TARGET_MASQUERADE)
o REDIRECT target support
(CONFIG_IP_NF_TARGET_REDIRECT)
Packet mangling (CONFIG_IP_NF_MANGLE)
LOG target support (CONFIG_IP_NF_TARGET_LOG)
, iptables masq module

compile ,
modules, .
insmod ipt_MASQUERADE ip_tables, ip_conntrack
iptable_nat.
$> modprobe ipt_MASQERADE
Intranet ( )
,
Internet .
iptables,
:
$> iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables,
.
'nat', recompile nat
support. 'mangle',
, .
iptables ,
2.4.x compile
iptables support.
(static) ip (..
DHCP):
$> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 123.12.23.43
(dynamic) (.. modem
(dialup):
$> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
,
forwarding ( ) : (
reboot
)
$> echo 1 > /proc/sys/net/ipv4/ip_forward
(
Post-install )

Internet :)
, ,
(.. server ftp
)
$> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
,
state tracking
recompile.
intranet (/ ). ppp0
eth0 . ( !
)
$> iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
:
$> iptables -P INPUT DROP #only if the first two are succesful
,

.
"iptables -P INPUT ACCEPT".
_________________________________________________________
4. Post-install
. :
*
P Linux server gateway. (
windows - network
neighbourhood->properties->gateway
IP Linux server(gateway)).
*
proxy ISP ( transparent
proxy), (
transparent proxying
), squid linux server . (
).
* DNS
.
resolving IP
address.
[Offtopic] I wonder if you could simply send out a dhcp
broadcast that just forwards on the dns server (and
http_proxy while you're at it) without having to setup a
dhcp server (or even if you do). Can someone mail me about
this? :)
Thanks to Richard Atcheson for pointing this out.
*
. forwarding:
"iptables -P FORWARD DROP",
iptables /etc/hosts.allow
/etc/hosts.deny .
iptables

( iptables)
DENY. (
"iptables -P FORWARD ACCEPT")
* services internet.
access web server
:
$> iptables -A INPUT --protocol tcp --dport 80 -j ACCEPT
ident ( irc )
:
* web
IP. IP Google
216.239.33.100 ( )
.. "ping 216.239.33.100"
"lynx 216.239.33.100".
* resolve hostname ..
"ping www.google.com" "lynx google.com" Internet
Explorer netscape
eth0 Internet
(), 123.12.23.43 ip
.
_________________________________________________________
5. FAQ's - Frequently Asked Compla Questions,
$>
$>
$>
$>
$>
* ?
-
iptables -L
iptables -t nat -L
* resolve IP! 'www.microsoft.com'

- dns
-.
* ! iptables / NAT / SNAT /
MASQ
- , compile
iptables NAT
* ! (masquerading)
!
- echo 1 > /proc/sys/net/ipv4/ip_forward
* !
!
-
iptables -F
iptables -t nat -F
iptables -t mangle -F
( ).
.
- iptables -P FORWARD ACCEPT
*
- H, "dmesg | tail" ?
"cat /var/log/messages | tail" ?
:)
* , !
- .. :
1) Linux box
2) Linux Box
3) Linux box
.
* Where do I put this stuff?

- In the /etc/network/interfaces file, or firewall.rc. If
you put it in the interfaces file, then put it as a pre-up
to the external interface, and have "iptables -t nat -F"
as the post-down.
*
?(ppp up on demand)
- gateway ISP
23.43.12.43 , :
:23.43.12.43
/etc/ppp/peers/provider. (
dynamic
IP
static IP
my.external.ip.number:23.43.12.43 )
:
demand
* !
- , dialing on demand?
?
/etc/ppp/peers/provider,
dial up .
- ,
(Linux 2.4.3)
...
* !
GUI.
- http://shorewall.sourceforge.net/
...
* Cable modems static dynamic IP?
- .. dynamic.
* DHCP?
- dynamic.
* services?
- forwarding redirecting
IP
*
ip linux gateway,
internet.
-, "rmmod iptable_filter" - more info on
this as I get it.
- routed gated
"ps aux | grep -e routed -e gated".
- http://ipmasq.cjb.net
*
(established)? netstat..
- cat /proc/net/ip_conntrack
* squid
routing !
- Advanced Routing HOWTO
http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html
* howto !
?
- #debian irc.opensource.net
JohnFlux. - Mail (JohnFlux)
tapselj0@cs.man.ac.uk
* howto !
- http://ipmasq.cjb.net
- LDP Masq-HOWTO.
* ?
linux
anti-missile-missiles-made-simple.
. :)

Masquerading Simple HOWTO GR

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Masquerading Simple HOWTO GR

Încărcat de

Drepturi de autor:

Formate disponibile

Greek - Masquerading Made Simple HOWTO

$> iptables -F; iptables -t nat -F; iptables -t mangle -F

, iptables masq module

* Where do I put this stuff?

S-ar putea să vă placă și