Linux kernel 2.4 ³×Æ®¿÷ Æ®·¡ÇÈ ºÐ»ê
¼ºÅÂ
À¯
alloying (at) kldp.org
0.1
2001-12-31
styoo
ÃÖÃÊ ÀÛ¼º
0.2
2002-01-19
styoo
¹é¾÷ ¶óÀο¡ ´ëÇÑ ³»¿ë Ãß°¡ - Á¤ÇåÇдÔÀÇ Áú¹®
port ±â¹ÝÀÇ Æ®·¡ÇÈ ºÐ»ê¿¡¼ Ʋ¸° ³»¿ë ¼öÁ¤ - ±è¼ºÃ¶´Ô²² °¨»ç
0.3
2002-03-18
styoo
¶ó¿ìÆà Å×ÀÌºí »ý¼º ½ºÅ©¸³Æ® ¿¹Á¦ Ãß°¡
Âü°íÀÚ·á ¸µÅ© ¼öÁ¤
ȸ»ç¿¡¼ ÀÎÅÍ³Ý »ç¿ë¿¡ ´ëÇÑ ¿ä±¸´Â ¸¹À¸³ª ºñ½Ñ Àü¿ë¼± °¡°Ý ¶§¹®¿¡
Áõ¼ÓÀ» ÇϱⰡ ½±±â ¾ÊÀº °ÍÀÌ Çö½ÇÀÌ´Ù. À̶§ ADSLÀ» µµÀÔÇÏ¿©
Àü¿ë¼±°ú ÇÔ²² »ç¿ëÇÑ´Ù¸é ¸Å¿ì È¿À²ÀûÀÏ °ÍÀÌ´Ù. º» ¹®¼¿¡¼´Â ¸®´ª½º
Ä¿³Î 2.4¿¡¼ Àü¿ë¼±°ú ADSLÀ» ÇÔ²² »ç¿ëÇÏ¿© ³×Æ®¿÷ Æ®·¡ÇÈÀ» ºÐ»ê
½ÃÅ°´Â ¹æ¹ýÀ» ¼³¸íÇÑ´Ù. ±×¸®°í ¾÷·Îµå¿Í ´Ù¿î·Îµå ¼Óµµ°¡ ´Ù¸¥ ADSLÀÇ
Ư¼ºÀ» °í·ÁÇÒ ¶§, ÀÌ ¹®¼¿¡¼ ¼³¸íÇÏ´Â ³×Æ®¿÷ Æ®·¡ÇÈÀÇ ºÐ»êÀº
´Ù¿î·Îµå°¡ ¸¹Àº È®°æ¿¡ ÀûÇÕÇÔÀ» ¹Ì¸® ¹àÇô µÐ´Ù. Àü¿ë¼±°ú ADSL »Ó¸¸
¾Æ´Ï¶ó ADSL µÎ ¶óÀÎ, ¶Ç´Â µÎ °³ÀÇ Àü¿ë¼± ȯ°æ µî¿¡¼µµ Àû¿ëÇÒ ¼ö
ÀÖÀ½Àº ¹°·ÐÀÌ´Ù.
¼¹®
¸®´ª½º Ä¿³Î 2.4ÀÇ ¹ßÇ¥ ¼Ò½ÄÀ» Á¢ÇÑ ÈÄ ±× ¾È¿¡ ¾î¶² »õ·Î¿î ±â´ÉÀÌ
µé¾î ÀÖÀ»Áö ¸Å¿ì ±Ã±ÝÇÏ¿´´Ù. ƯÈ÷ ³×Æ®¿÷°ú °ü·ÃÇÏ¿© Æò¼Ò¿¡ ¿øÇÏ´ø
±â´ÉÀÌ ²À µé¾î ÀÖÀ¸¸®¶ó ¿©°ÜÁ³´Ù. ±×·¯³ª Á¤ÀÛ Ä¿³Î 2.4.9 ¹öÀüÀÌ
¹ßÇ¥µÈ µÚ¿¡¾ß ºñ·Î¼Ò ÇÊ¿äÇÑ Á¤º¸¸¦ ã±â ½ÃÀÛÇÏ¿´´Ù. ÀÌÁ¦ ±× Àû¿ë
°á°ú¸¦ ¹®¼·Î ³²°Ü µÑ Çʿ並 ´À²¸¼ ÀÌ¿ÕÀ̸é kldpÀÇ ¹®¼ ÇüÅ·Î
Àû¼ºÇÏ¿© ¿©·¯ºÐ°ú °øÀ¯ÇÏ°íÀÚ ÇÑ´Ù.
ÀúÀÛ±Ç Á¤º¸
Copyright (C) 2001 À¯¼ºÅÂ
ÀÌ ¹®¼´Â GNU Free
Documentation License ¹öÀü 1.1 ȤÀº ÀÚÀ¯ ¼ÒÇÁÆ®¿þ¾î Àç´Ü¿¡¼
¹ßÇàÇÑ ÀÌÈÄ ÆÇÀÇ ±ÔÁ¤¿¡ µû¸£¸ç ÀúÀ۱ǿ¡ ´ëÇÑ º» »çÇ×ÀÌ ¸í½ÃµÇ´Â ÇÑ
¾î¶°ÇÑ Á¤º¸ ¸Åü¿¡ ÀÇÇÑ º»¹®ÀÇ ÀüÀ糪 ¹ßÃéµµ ¹«»óÀ¸·Î Çã¿ëµË´Ï´Ù.
Ã¥ÀÓÀÇ ÇÑ°è
º» ÀúÀÚ´Â ¹®¼ÀÇ ³»¿ëÀÌ ¾ß±âÇÒ ¼ö ÀÖ´Â ¾î¶°ÇÑ °á°ú¿¡ ´ëÇؼµµ
Ã¥ÀÓÀ» ÁöÁö ¾Ê½À´Ï´Ù. º» ¹®¼¿¡¼ ³»Æ÷ÇÏ°í ÀÖ´Â Á¤º¸µé ¹× ¿¹Á¦µéÀº
¿©·¯ºÐÀÌ ¾Ë¾Æ¼ È°¿ëÇϽʽÿÀ. ºñ·Ï ÃÖ¼±À» ´ÙÇßÀ¸³ª ÀÌ ¹®¼´Â Ʋ¸°
Á¡À̳ª ¿À·ù°¡ ÀÖÀ» ¼öµµ ÀÖ½À´Ï´Ù. ¸¸¾à ¿©·¯ºÐÀÌ Æ²¸° Á¡À»
¹ß°ßÇß´Ù¸é ²À Àú¿¡°Ô ¾Ë·Á Áֽñ⠹ٶø´Ï´Ù.
°¨»çÀÇ ±Û
¿À´Ãµµ ¸®´ª½º Ä¿³ÎÀ» ¸¸Áö°í ÀÖÀ» ¼ö ¸¹Àº ÇØÄ¿µé¿¡°Ô °¨»ç¸¦ º¸³»¸ç
±× ¿Ü¿¡ HOWTO ¹®¼ ÀÛ¼º¿¡ ¼ö°í¸¦ ÇÏ°í ÀÖ´Â ¼ö ¸¹Àº »ç¶÷µé¿¡°Ôµµ
°¨»ç¸¦ µå¸³´Ï´Ù.
Çǵå¹é
ÀÌ ¹®¼¿¡ ´ëÇÑ ¹ßÀüÀûÀÎ Á¦¾ÈÀ̳ª ¼öÁ¤»çÇ×, ¹®Á¦Á¡ µî¿¡ ´ëÇÑ
Çǵå¹éÀº ¾ðÁ¦µçÁö ȯ¿µÇÕ´Ï´Ù. alloying (at) kldp.org·Î
¸ÞÀÏÀ» º¸³» ÁֽʽÿÀ.
³×Æ®¿÷ Æ®·¡ÇÈ ºÐ»êÀÇ °³¿ä
A¶ó´Â ÄÄÇ»ÅÍ¿¡¼ ÀÎÅͳÝÀ¸·Î µ¥ÀÌŸ¸¦ ³»º¸³¾ ¼ö ÀÖ´Â ¹®(gateway)Àº
Çϳª¹Û¿¡ ¾ø´Â °æ¿ì°¡ ´ëºÎºÐÀÌ´Ù. ±×·¯³ª A¶ó´Â ÄÄÇ»ÅÍ¿¡¼ µ¥ÀÌŸ¸¦
³»º¸³¾ ¼ö ÀÖ´Â ¹®(gateway)ÀÌ ¿©·¯°³ ÀÖ´Ù°í °¡Á¤ÇØ º¸ÀÚ. À̶§ 1¹ø ¹®À»
ÅëÇؼ ³ª°£ µ¥ÀÌŸ¿¡ ´ëÇÑ ÀÀ´äÀº 1¹ø ¹®À» ÅëÇؼ µé¾î¿À°í, 2¹ø ¹®À»
ÅëÇؼ ³ª°£ µ¥ÀÌŸ¿¡ ´ëÇÑ ÀÀ´äÀº 2¹ø ¹®À» ÅëÇؼ µé¾î¿À°Ô µÇ¾î ÀÖ´Ù.
Ưº°ÇÑ Á¶ÀÛÀ» ÇÏÁö ¾Ê´Â ÇÑ, 1¹ø ¹®À» ÅëÇؼ ³ª°£ µ¥ÀÌŸ°¡ ´Ù¸¥ ¹®À¸·Î
µé¾î¿Ã °¡´É¼ºÀº ¾ø´Ù. À̸¦ ³×Æ®¿÷ Æ®·¡ÇÈ ºÐ»ê°ú °ü·ÃÁö¾î »ý°¢Çϸé,
³ª°¡´Â µ¥ÀÌŸ¸¦ ÀûÀýÈ÷ ºÐ·ùÇÏ¿© ¿©·¯°³ÀÇ ¹®À¸·Î ºÐ»ê½ÃÄÑ ³»º¸³»¸é °¢
µ¥ÀÌŸ¿¡ ´ëÇÑ ÀÀ´äÀº ÀÚ¿¬½º·´°Ô ¿©·¯°³ÀÇ ¹®À¸·Î ºÐ»êµÇ¾î µé¾î¿Ã
°ÍÀ̶ó´Â °ÍÀÌ´Ù. Áï, ³»º¸³»´Â µ¥ÀÌŸ¸¸ ÀûÀýÈ÷ ºÐ»ê½ÃÄÑ ³»º¸³»¸é
¿øÇÏ´Â ³×Æ®¿÷ Æ®·¡ÇÈ ºÐ»êÀ» ´Þ¼ºÇÒ ¼ö ÀÖ´Ù´Â °ÍÀÌ´Ù.
³×Æ®¿÷À» ÅëÇؼ ¿À°¡´Â µ¥ÀÌŸ´Â packetÀ̶ó´Â
Á¶°¢À¸·Î ³ª´µ¾î¼ ¿À°£´Ù. ÀÌÇÏ¿¡¼´Â µ¥ÀÌŸ ´ë½Å¿¡ ÆÐŶÀ̶ó´Â ¿ë¾î¸¦
»ç¿ëÇϵµ·Ï ÇÏ°Ú´Ù.
³»º¸³»´Â ÆÐŶÀ» ºÐ·ùÇÏ´Â ¹æ¹ýÀº Å©°Ô µÎ °¡Áö·Î ³ª´ ¼ö ÀÖ´Ù. ù°´Â
³»º¸³¾ ÆÐŶÀÌ ¾î´À ÄÄÇ»ÅÍ ¶Ç´Â ¾î´À ³×Æ®¿÷À¸·ÎºÎÅÍ ³ª¿À´À³Ä¿¡ µû¶ó
³ª°¡´Â ¹®À» ¹èÁ¤ÇÒ ¼ö ÀÖ´Ù. µÎ¹ø°´Â ³»º¸³¾ ÆÐŶÀÌ À¥À» »ç¿ëÇÏ´ÂÁö,
ftp¸¦ »ç¿ëÇÏ´ÂÁö, telnetÀ» »ç¿ëÇÏ´ÂÁö µî¿¡ µû¶ó, Áï port¿¡ µû¶ó
³ª°¡´Â ¹®À» ¹èÁ¤ÇÒ ¼ö ÀÖ´Ù. ±»ÀÌ ¹æ¹ýÀ» ÇÑ °¡Áö ´õ Ãß°¡ÇÑ´Ù¸é ù¹ø°¿Í
µÎ¹ø° ¹æ¹ýÀ» ¼¯¾î¼ »ç¿ëÇÏ´Â °ÍÀÌ´Ù. Áï, A¶ó´Â ÄÄÇ»ÅÍ¿¡¼ ³ª¿À´Â www
ÆÐŶÀº 2¹ø ¹®À» ÅëÇÏ°Ô ÇÑ´Ù¶ó´Â ½ÄÀÌ´Ù.
ÇÊÀÚ´Â ÇöÀç E1 Àü¿ë¼± 1°³¿Í ADSL 2°³¸¦ »ç¿ëÇÏ°í ÀÖÀ¸¸ç, ù ¹ø° ¹æ¹ýÀ»
»ç¿ëÇÏ¿© ³×Æ®¿÷ Æ®·¡ÇÈ ºÐ»êÀ» ºñ±³Àû ¸¸Á·½º·´°Ô ÇÏ°í ÀÖ´Ù.
³×Æ®¿÷ ȯ°æ
³×Æ®¿÷ Æ®·¡ÇÈ ºÐ»êÀ» ¼³¸íÇÒ °¡»óÀÇ ³×Æ®¿÷ ȯ°æÀ» ²Ù¸çº¸ÀÚ.
³»ºÎ ³×Æ®¿÷ +----------------+
+------------+ | À¥¼¹ö |
| Net-A | |(100.100.100.10)|
| |-+ ¸®´ª½º ¹æȺ® +----------------+
|192.168.1.x | | Ä¿³Î 2.4.14 | +--------------+
+------------+ | +---------------+ | | |
| |(100.100.100.2)| | | |
+------------+ | +------+ | eth0|-----------------| |
| Net-B | | | ³»ºÎ | |eth1 | (100.100.100.1) | |
| |-+-| |-|(192.168.1.254)| E1 Àü¿ë¼± | ÀÎÅÍ³Ý |
|192.168.2.x | | |¶ó¿ìÅÍ| | | | |
+------------+ | +------+ | ppp0|-----------------| |
| |(200.200.200.2)| ADSL | |
+------------+ | +---------------+ (200.200.200.1) | |
| Net-C | | +--------------+
| |-+
|192.168.3.x |
+------------+
À§ÀÇ ±×¸²°ú °°ÀÌ ³»ºÎ ³×Æ®¿÷Àº ¸ðµÎ ¼¼ °³ÀÇ ¼ºê³ÝÀ¸·Î ³ª´©¾îÁ® ÀÖ°í,
°¢ ¼ºê³Ý °£ÀÇ ³×Æ®¿öÅ·Àº ³»ºÎ ¶ó¿ìÅ͸¦ ÅëÇؼ ÀÌ·ç¾îÁö¸ç ÀÎÅͳÝÀ»
»ç¿ëÇϱâ À§Çؼ´Â ³»ºÎ ¶ó¿ìÅ͸¦ °ÅÄ£ ÈÄ ¸®´ª½º ¹æȺ®À» ÅëÇØ¾ß ÇÑ´Ù.
Áï, ¸®´ª½º ¹æȺ®¿¡¼ IP Masqueradingµµ Áö¿øÇØ¾ß ÇÑ´Ù. ±×¸®°í
ÀÎÅͳÝÀ¸·Î ¿¬°áµÇ´Â ¶óÀÎÀº E1 Àü¿ë¼±°ú ADSLÀÌ ÀÖÀ½À» ¾Ë ¼ö ÀÖ´Ù.
°¢ ¼ºê³ÝÀÇ default gateway´Â 192.168.?.1 À̸ç, netmask´Â 255.255.255.0À̶ó°í
°¡Á¤ÇÑ´Ù. Ä¿³Î 2.4.14ÀÇ ¸®´ª½º ¹æȺ®¿¡¼ ³×Æ®¿÷ Æ®·¡ÇÈ ºÐ»ê ¹× ÆÐŶ ÇÊÅ͸µÀ»
ÇÒ °ÍÀÌ´Ù.
Ä¿³Î ÄÄÆÄÀÏ ¿É¼Ç
Ä¿³Î 2.4.14¸¦ ±âÁØÀ¸·Î Ä¿³Î ÄÄÆÄÀÏ ¿É¼Ç¿¡ ´ëÇØ ¾Ë¾Æº»´Ù. ¿©±â¿¡¼ ¾ð±ÞÇÏ´Â
¿É¼ÇÀº ³×Æ®¿÷ Æ®·¡ÇÈ ºÐ»ê ¹× IP Masquerading¿¡ ÇÊ¿äÇÑ ºÎºÐµéÀÌ´Ù. °ýÈ£
ºÎºÐ¿¡ ¾Æ¹«·± Ç¥½Ã°¡ ¾øÀÌ ºñ¾î ÀÖ´Â ¿É¼ÇÀº ¹Ýµå½Ã ÇÊ¿äÇÑ °ÍÀº ¾Æ´Ï¸ç Çصµ
ÁÁ°í ¾ÈÇصµ ±×¸¸ÀÎ ¿É¼ÇÀÌ´Ù.
General setup --->
[*] Networking support
Networking options --->
<*> Packet socket
[*] Packet socket: mmapped IO
[*] Kernel/User netlink socket
[*] Routing messages
[*] Network packet filtering (replaces ipchains)
[ ] Network packet filtering debugging
[*] Socket Filtering
<*> Unix domain sockets
[*] TCP/IP networking
[*] IP: advanced router
[*] IP: policy routing
[*] IP: use netfilter MARK value as routing key
[*] IP: fast network address translation
[ ] IP: equal cost multipath
[*] IP: use TOS value as routing key
[*] IP: verbose route monitoring
[*] IP: large routing tables
IP: Netfilter Configuration --->
<M> Connection tracking (required for masq/NAT)
<M> FTP protocol support
<M> IRC protocol support
<M> Userspace queueing via NETLINK (EXPERIMENTAL)
<M> IP tables support (required for filtering/masq/NAT)
<M> limit match support
<M> MAC address match support
<M> netfilter MARK match support
<M> Multiple port match support
<M> TOS match support
<M> LENGTH match support
<M> TTL match support
<M> tcpmss match support
<M> Connection state match support
<M> Unclean match support (EXPERIMENTAL)
<M> Owner match support
<M> Packet filtering
<M> REJECT target support
<M> Full NAT
<M> MASQUERADE target support
<M> Packet mangling
<M> TOS target support
<M> MARK target support
<M> LOG target support
<M> TCPMSS target support
Ethernet card, PPP µî¿¡ ´ëÇÑ Ä¿³Î ¿É¼Ç ¼³Á¤µµ ÀØÁö ¸»¾Æ¾ß ÇÒ °ÍÀÌ´Ù.
³×Æ®¿÷ Æ®·¡ÇÈ ºÐ»êÀÇ ½ÇÁ¦
¼³Ä¡ÇØ¾ß ÇÒ ¼ÒÇÁÆ®¿þ¾î
³×Æ®¿÷ Æ®·¡ÇÈ ºÐ»ê ¹× IP Masquerading, ±×¸®°í PPP¿Í °ü·ÃÇÏ¿© ¸®´ª½º
¹æȺ®¿¡ ¼³Ä¡ÇØ¾ß ÇÒ ¼ÒÇÁÆ®¿þ¾î¸¦ »ìÆ캸ÀÚ. ÇÊÀÚÀÇ ¸®´ª½º ¹æȺ®¿¡
¼³Ä¡µÇ¾î ÀÖ´Â ¼ÒÇÁÆ®¿þ¾î ¸ñ·ÏÀº ¾Æ·¡¿Í °°´Ù.
iproute-20001007
iptables-1.2.4
ppp-2.4.1
pppoe-3.2
iproute´Â iproute2 ¶ó´Â À̸§ÀÇ ¼ÒÇÁÆ®¿þ¾îÀÌ¸ç µ¥ºñ¾È¿¡¼´Â iproute
¶ó´Â À̸§ÀÇ ÆÐÅ°Áö·Î ¹èÆ÷ÇÏ°í ÀÖ´Ù. ÀÌ ¼ÒÇÁÆ®¿þ¾î´Â ±âÁ¸ÀÇ route
¸í·ÉÀ» ´ëüÇÏ´Â ¸í·É¾î(ip)¸¦ Æ÷ÇÔÇÏ°í ÀÖÀ¸¸ç ³×Æ®¿÷ ´ë¿ªÆøÀ» Á¶ÀýÇÏ´Â
¸í·É¾î(tc)µµ Æ÷ÇԵǾî ÀÖ´Ù.
iptables´Â Ä¿³Î 2.2¿¡¼ Á¦°øÇÏ´ø ipchains¸¦ ´ëüÇÏ´Â ¸í·É¾î·Î
ipchainsº¸´Ù ¸¹Àº ±â´ÉÀ» Á¦°øÇÑ´Ù.
Æ®·¡ÇÈ ºÐ»êÀÇ ¼ø¼
º»·Ð¿¡ µé¾î°¡±â Àü¿¡ ³×Æ®¿÷ Æ®·¡ÇÈÀ» ºÐ»ê½ÃÅ°±â À§Çؼ ¹â¾Æ¾ß ÇÒ
¼ø¼¸¦ ¤¾îº¸ÀÚ.
¸ÕÀú Æ®·¡ÇÈ ºÐ»ê Á¤Ã¥À» °áÁ¤ÇØ¾ß ÇÒ °ÍÀÌ´Ù. Áï, a Á¾·ùÀÇ ÆÐŶÀº 1¹ø
¹®À¸·Î ³»º¸³»°í, b Á¾·ùÀÇ ÆÐŶÀº 2¹ø ¹®À¸·Î ³»º¸³½´Ù´Â ½ÄÀÇ Á¤Ã¥À»
°áÁ¤ÇØ¾ß ÇÒ °ÍÀÌ´Ù. ÀÌ·¯ÇÑ Á¤Ã¥À» °áÁ¤Çϱâ À§Çؼ´Â °í·ÁÇØ¾ß ÇÒ °ÍÀÌ
¸î°¡Áö ÀÖÀ» °ÍÀÌ´Ù. ¿¹¸¦ µé¸é, ²÷±èÀÌ ¾ø¾î¾ß ÇÏ´Â ÆÐŶÀº Àü¿ë¼±
ÂÊÀ¸·Î ³»º¸³»°í, ±×·¸Áö ¾ÊÀº ÆÐŶÀº ADSL ÂÊÀ¸·Î ³»º¸³½´Ù´Â ½ÄÀÌ´Ù.
±×¸®°í ÀüüÀûÀÎ ³×Æ®¿÷ Æ®·¡ÇÈÀÇ ¾çµµ °¨¾ÈÇØ¾ß ÇÒ °ÍÀÌ´Ù.
±× ´ÙÀ½, °áÁ¤µÈ Á¤Ã¥¿¡ µû¶ó¼ ip ¸í·ÉÀ¸·Î ¶ó¿ìÆà ·êÀ» ¼³Á¤ÇÏ°í, ¶ó¿ìÆÃ
Å×À̺íÀ» ¸¸µé¾î¾ß ÇÑ´Ù. ±×¸®°í ³»º¸³¾ ÆÐŶ°ú ³»º¸³»Áö ¾ÊÀ» ÆÐŶ,
µé¾î¿Í¼´Â ¾ÈµÇ´Â ÆÐŶ µîÀ» ±¸ºÐÇÏ¿© ÇÊÅ͸µÀ» ÇÒ ¿¹Á¤À̶ó¸é iptables
¸í·ÉÀ¸·Î ÆÐŶÀ» ¾î¶»°Ô °É·¯³¾ °ÍÀÎÁö ¼³Á¤ÇÑ´Ù. ±×¸®°í iptables
¸í·ÉÀ¸·Î Masquerading ¼³Á¤À» ÇÑ´Ù. ¾Æ·¡¿¡ ±× ¼ø¼¸¦ °£´ÜÇÏ°Ô Á¤¸®ÇÏ¿´´Ù.
³×Æ®¿÷ Æ®·¡ÇÈ ºÐ»ê Á¤Ã¥À» °áÁ¤ÇÑ´Ù.
ºÐ»ê Á¤Ã¥¿¡ µû¶ó¼ ¶ó¿ìÆà ·êÀ» ¼³Á¤ÇÑ´Ù.
ºÐ»ê Á¤Ã¥¿¡ ÇØ´çÇÏ´Â ¶ó¿ìÆà Å×À̺íÀ» ¼³Á¤ÇÑ´Ù.
iptables ¸í·ÉÀ¸·Î ÇÊÅ͸µ ·êÀ» ¼³Á¤ÇÑ´Ù.
iptables ¸í·ÉÀ¸·Î MasqueradingÀ» ¼³Á¤ÇÑ´Ù.
È£½ºÆ® ¶Ç´Â ³×Æ®¿÷ ±â¹ÝÀÇ Æ®·¡ÇÈ ºÐ»ê
¿¡¼ ¼³¸íÇÑ ³×Æ®¿÷ ȯ°æÀ» ±âÁØÀ¸·Î ÇÏ¿©,
³×Æ®¿÷ Æ®·¡ÇÈÀ» ¼ºê³×Æ®¿÷ º°·Î ºÐ»ê½ÃÅ°´Â »óȲÀ» °¡Á¤ÇÑ´Ù.
¾Æ·¡´Â ¸®´ª½º ¹æȺ®¿¡ ¼³Á¤µÇ¾î ÀÖ´Â ¶ó¿ìÆà Å×À̺íÀ» route ¸í·É°ú ip
¸í·ÉÀ¸·Î º» °á°úÀÌ´Ù. ±×¸®°í ±× µÚ¿¡ ¶ó¿ìÆà ·ê°ú main ¶ó¿ìÆà Å×ÀÌºíµµ
Ç¥½Ã ÇÏ¿´´Ù.
# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
200.200.200.1 0.0.0.0 255.255.255.255 UH 40 0 0 ppp0
100.100.100.0 0.0.0.0 255.255.255. U 40 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1
0.0.0.0 100.100.100.1 0.0.0.0 UG 40 0 0 eth0
# ip route ls
200.200.200.1 dev ppp0 proto kernel scope link src 200.200.200.2
100.100.100.0/24 dev eth0 proto kernel scope link src 100.100.100.2
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254
default via 100.100.100.1 dev eth0
# ip rule ls
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
# ip route ls table main
200.200.200.1 dev ppp0 proto kernel scope link src 200.200.200.2
100.100.100.0/24 dev eth0 proto kernel scope link src 100.100.100.2
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254
default via 100.100.100.1 dev eth0
ip rule ls ¸í·ÉÀÇ °á°ú¸¦ º¸¸é ±âº»ÀûÀ¸·Î ¼¼°³ÀÇ ¶ó¿ìÆÃ
Å×À̺í local, main ±×¸®°í default°¡ ÀÖÀ½À» ¾Ë ¼ö ÀÖ´Ù. °¢ ¶ó¿ìÆà Å×À̺íÀÇ
ÀÚ¼¼ÇÑ ³»¿ëÀº ip route ls table local°ú °°Àº ¸í·ÉÀ¸·Î
¾Ë ¼ö ÀÖ´Ù. ¿©·¯ºÐ °¢ÀÚ È®ÀÎÇØ º¸±â ¹Ù¶õ´Ù. À§¿¡¼ º¸´Ù½ÃÇÇ °¢ ¶ó¿ìÆà Å×À̺í
¿¡´Â ¹øÈ£°¡ ºÙ¾î ÀÖÀ¸¸ç ¸®´ª½º Ä¿³ÎÀº ³·Àº ¹øÈ£ ¼ø¼´ë·Î ÆÐŶÀ» ó¸®ÇÑ´Ù.
Áï ÆÐŶÀÌ ³×Æ®¿÷À» ÅëÇؼ µé¾î¿À¸é Ä¿³ÎÀº ±× ÆÐŶÀÌ ¾îµð·Î
ÇâÇÏ´ÂÁö È®ÀÎÇÏ°í¼´Â ¾î¶»°Ô ¶ó¿ìÆÃÇÒ Áö local Å×ÀÌºí¿¡¼ ¸ÕÀú
ã¾Æº»´Ù. local Å×ÀÌºí¿¡ Àû´çÇÑ Ã³¸® ±ÔÁ¤ÀÌ ¾øÀ¸¸é main Å×À̺íÀ» ã¾Æº¸°í
°Å±â¿¡µµ ¾øÀ¸¸é ¸¶Áö¸·À¸·Î default Å×À̺íÀ» ã¾Æº¸´Â °ÍÀÌ´Ù.
from allÀÌ ÀǹÌÇÏ´Â ¹Ù´Â ÆÐŶÀÌ ¾îµð¿¡¼ ¿Â °ÍÀÎÁö¸¦
Á¤ÀÇÇÏ´Â °ÍÀÌ´Ù. all À̹ǷΠ¾îµð¿¡¼ ¿Â °ÍÀÌµç »ó°ü¾ø´Ù´Â ÀǹÌÀÌ´Ù.
from allÀ» from 192.168.1.100À¸·Î
¹Ù²Ù¸é 192.168.1.100 ¿¡¼ Ãâ¹ßÇÑ ÆÐŶÀ» ÀǹÌÇÏ°Ô µÈ´Ù.
Áï Ãâ¹ßÁö¿¡ µû¶ó¼ ¶ó¿ìÆÃÀ» °áÁ¤ÇÒ ¼ö ÀÖ´Â °ÍÀÌ´Ù. À̸¦ µÎ°í
Source RoutingÀ̶ó ÇÑ´Ù.
ip route ls table main ¸í·ÉÀÇ ½ÇÇà °á°ú¸¦ »ìÆ캸¸é,
main Å×ÀÌºí¿¡ ppp0¿¡ ´ëÇÑ ¶ó¿ìÆÃÀÌ ¼³Á¤µÇ¾î ÀÖ°í, E1 Àü¿ë¼±¿¡
´ëÇÑ ¶ó¿ìÆÃÀÌ default·Î¼ ¼³Á¤µÇ¾î ÀÖÀ½À» ¾Ë ¼ö ÀÖ´Ù.
netstat -rn ¸í·ÉÀÇ °á°ú¿Í °°À½À» ¾Ë ¼ö ÀÖ´Ù. Áï,
netstat -rn ¸í·ÉÀº main Å×À̺íÀ» Ç¥½ÃÇÑ °ÍÀÌ´Ù.
ÀÌÁ¦ Æ®·¡ÇÈ ºÐ»êÀÇ ¼ø¼¿¡¼ ¼³¸íÇÑ ´ë·Î Çϳª¾¿
Çغ¸ÀÚ.
³×Æ®¿÷ Æ®·¡ÇÈÀÇ ºÐ»ê Á¤Ã¥ °áÁ¤
Net-A¿Í Net-B·ÎºÎÅÍ ÀÎÅͳÝÀ¸·Î ÇâÇÏ´Â ÆÐŶÀº E1 Àü¿ë¼±À» ÅëÇÏ¿© ³ª°£´Ù.
Net-C·ÎºÎÅÍ ÀÎÅͳÝÀ¸·Î ÇâÇÏ´Â ÆÐŶÀº ADSL(ppp0)À» ÅëÇÏ¿© ³ª°£´Ù.
¶ó¿ìÆà ·êÀÇ ¼³Á¤
/etc/iproute2/rt_tables¿¡ Àû´çÇÑ
¶ó¿ìÆà Å×À̺í À̸§À» ³Ö¾î ÁØ´Ù. ¶ó¿ìÆà Å×À̺í À̸§À» e1line, adslline
À̶ó°í ÇÏÀÚ.
# echo 201 e1line >> /etc/iproute2/rt_tables
# echo 202 adslline >> /etc/iproute2/rt_tables
ºÐ»ê Á¤Ã¥¿¡ µû¶ó¼ ¶ó¿ìÆà ·êÀ» Ãß°¡ÇÑ´Ù.
# ip rule add from 192.168.1.0/24 table e1line
# ip rule add from 192.168.2.0/24 table e1line
# ip rule add from 192.168.3.0/24 table adslline
¶ó¿ìÆà Å×À̺íÀÇ ¼³Á¤
e1line°ú adslline ¶ó¿ìÆà Å×À̺íÀ» ¸¸µç´Ù.
# ip route add default via 100.100.100.1 dev eth0 table e1line
# ip route add default via 200.200.200.1 dev ppp0 table adslline
¿©±â¼ Àá±ñ
ÇÊÅ͸µ ·êÀ» ¼³Á¤Çϱâ Àü¿¡ ¼³Á¤µÈ ¶ó¿ìÆà ·êÀ» »ìÆ캸°í °í·ÁÇؾß
ÇÒ »çÇ×À» ¾Ë¾Æº¸ÀÚ.
# ip rule ls
0: from all lookup local
32763: from 192.168.3.0/24 lookup adslline
32764: from 192.168.2.0/24 lookup e1line
32765: from 192.168.1.0/24 lookup e1line
32766: from all lookup main
32767: from all lookup default
¶ó¿ìÆà ·êÀÇ ¹øÈ£ ¹× ¼ø¼¸¦ »ìÆ캸¸é À§¿¡¼ ½ÇÇà½ÃŲ ip rule
add ¸í·ÉÀÇ ¼ø¼¿Í ¿ª¼øÀÓÀ» ¾Ë ¼ö ÀÖÀ» °ÍÀÌ´Ù. ¿°µÎ¿¡ µÎ±â
¹Ù¶õ´Ù. ÀÌÁ¦ ¿¹¸¦ µé¸é¼ °í·ÁÇØ¾ß ÇÒ »çÇ×À» ¾Ë¾Æº¸ÀÚ.
192.168.1.10¿¡¼ 111.111.111.100
À¸·Î ÇâÇÏ´Â ÆÐŶÀ» »ý°¢ÇØ º¸ÀÚ. ±× ÆÐŶÀÌ ¸®´ª½º ¹æȺ®¿¡ µé¾î°¡¸é
¸®´ª½º Ä¿³ÎÀº 0¹ø ¶ó¿ìÆà ·êºÎÅÍ ´ëÁ¶ÇÏ¿© ¾î¶»°Ô ¶ó¿ìÆà ÇÒ °ÍÀÎÁö °áÁ¤ÇÒ
°ÍÀÌ´Ù. 0¹ø ¶ó¿ìÆà ·êÀº ±× ÆÐŶÀÌ ¾îµð¿¡¼ Ãâ¹ß ÇÑ °ÍÀÎÁö »ó°ü¾øÀÌ
(from all) local ¶ó¿ìÆà Å×À̺íÀ» ÂüÁ¶Çϵµ·Ï µÇ¾î ÀÖ´Ù. ±×·¯³ª local
Å×À̺íÀ» »ìÆ캸¸é ¾Ë°ÚÁö¸¸ °Å±â¿¡´Â 111.111.111.100À¸·Î
ÇâÇÏ´Â ÆÐŶ¿¡ ´ëÇÏ¿© ¸¶¶¥È÷ ó¸®ÇÒ ¶ó¿ìÆà ±ÔÄ¢ÀÌ ¾ø´Ù. ±× ´ÙÀ½ ¶ó¿ìÆÃ
·ê(32763¹ø)Àº 192.168.3.0³×Æ®¿÷À¸·ÎºÎÅÍ Ãâ¹ßÇÏ´Â
ÆÐŶ¿¡ ´ëÇÑ °ÍÀ̹ǷΠÇØ´ç »çÇ×ÀÌ ¾ø´Ù. 32764¹ø ·êµµ ºñ½ÁÇÏ´Ù. 32765¹ø
·êÀº 192.168.1.0 ³×Æ®¿÷À¸·ÎºÎÅÍ Ãâ¹ßÇÏ´Â ÆÐŶ¿¡
´ëÇÏ¿© Àû¿ë °¡´ÉÇÏ´Ù. e1line ¶ó¿ìÆà Å×À̺íÀ» »ìÆ캸ÀÚ.
# ip route ls table e1line
default via 100.100.100.1 dev eth0
ÆÐŶÀÌ ¾îµð·Î ÇâÇϵçÁö »ó°ü¾øÀÌ(default) 100.100.100.1
À» °ÅÃļ ÆÐŶÀ» ¶ó¿ìÆà Çϵµ·Ï ¼³Á¤µÇ¾î ÀÖÀ½À» ¾Ë ¼ö ÀÖ´Ù. µû¶ó¼
192.168.1.10¿¡¼ 111.111.111.100
À¸·Î ÇâÇÏ´Â ÆÐŶÀº 32765¹ø ·êÀ» Àû¿ëÇÒ ¼ö ÀÖ´Â °ÍÀÌ´Ù. ±×·±µ¥
ÀÌ ÀýÀÇ ¾ÕºÎºÐÀ» ´Ù½Ã Àо¸é ¾Ë°ÚÁö¸¸, e1line Å×ÀÌºí¿¡ ÀÖ´Â ¶ó¿ìÆÃ
±ÔÄ¢°ú ¶È°°Àº °ÍÀÌ main Å×ÀÌºí¿¡µµ ÀÖ´Ù. ´Ù½Ã »ý°¢ÇØ º¸¸é
192.168.1.0³×Æ®¿÷À¸·ÎºÎÅÍ Ãâ¹ßÇÏ´Â ÆÐŶÀÇ ¶ó¿ìÆÃÀº
main Å×ÀÌºí¿¡¼ ó¸®ÇÒ ¼ö ÀÖ´Ù´Â °ÍÀÌ´Ù. Áï, e1line Å×À̺íÀ» ±»ÀÌ Ãß°¡ ÇÒ
ÇÊ¿ä°¡ ¾ø´Ù´Â °ÍÀÌ´Ù.
¶Ç ´Ù¸¥ °æ¿ì¸¦ »ìÆ캸ÀÚ. 192.168.3.10¿¡¼ À¥¼¹öÀÎ
100.100.100.10 À¸·Î ÇâÇÏ´Â ÆÐŶÀ» »ý°¢ÇØ º¸ÀÚ.
¾Õ¿¡¼ »ìÆ캻 °úÁ¤°ú ºñ½ÁÇÏ°Ô µû¶ó°¡ º¸¸é ÀÌ ÆÐŶÀº ADSLÀ» ÅëÇؼ ºüÁ®
³ª°£ ÈÄ ÀÎÅͳÝÀ» °ÅÃļ À¥¼¹ö·Î µé¾î¿ÈÀ» ¾Ë ¼ö ÀÖ´Ù. eth0¸¦ ÅëÇؼ ºüÁ®
³ª°¡¸é ¹Ù·Î °¥ ¼ö ÀÖ´Â ±æÀ» Å©°Ô µ¹¾Æ¼ ¿Â °ÍÀÌ´Ù. µû¶ó¼ ÀÌ¿¡ ´ëÇÑ
º¸¿Ïµµ ÇÊ¿äÇÔÀ» ¾Ë ¼ö ÀÖ´Ù. ADSLµµ ºñ½ÁÇÑ »óȲÀ» °¡Á¤ÇÒ ¼ö ÀÖÀ¸³ª
¿©±â¼´Â ±»ÀÌ °í·ÁÇÏÁö ¾Ê°Ú´Ù. ¿Ö³ÄÇÏ¸é ±ÍÂúÀ¸´Ï±î.... ±×¸®°í »ý°¢ÇØ
º» Àûµµ ¾øÀ¸¹Ç·Î.... °Ô´Ù°¡ º° ÇÊ¿ä°¡ ¾øÀ¸¹Ç·Î...
ÇÑ °¡Áö ´õ °í·ÁÇØ¾ß ÇÒ »çÇ×Àº ¸®´ª½º ¹æȺ®¿¡¼ 192.168.1.0
³×Æ®¿÷À¸·Î ³ª°¡´Â ¶ó¿ìÆà ±ÔÄ¢Àº local Å×ÀÌºí¿¡ ¸í½ÃµÇ¾î ÀÖÁö¸¸
192.168.2.0, 192.168.3.0 ³×Æ®¿÷À¸·Î
³ª°¡´Â ¶ó¿ìÆà ±ÔÄ¢Àº ¸í½ÃµÇ¾î ÀÖÁö ¾Ê´Ù. À̸¦ local Å×ÀÌºí¿¡ Ãß°¡ÇØ
ÁÖ¾î¾ß ÇÑ´Ù. ¿Ö local Å×ÀÌºí¿¡ Ãß°¡ÇÏ´Â Áö´Â »ý°¢ÇØ º¸¸é ¾Ë ¼ö ÀÖÀ»
°ÍÀÌ´Ù.
À§ÀÇ »óȲÀ» °í·ÁÇÏ¿© ¶ó¿ìÆà ·ê°ú ¶ó¿ìÆà Å×À̺íÀ» ´Ù½Ã ¸¸µé¾î º¸ÀÚ.
¾Õ¿¡¼ /etc/iproute2/rt_tables¿¡
echo ¹®À¸·Î Ãß°¡Çß´ø µÎ ÁÙÀ» Áö¿î ÈÄ ¾Æ·¡ ¸í·ÉÀ»
½ÇÇàÇØ¾ß ÇÒ °ÍÀÌ´Ù.
# echo 201 adslline >> /etc/iproute2/rt_tables
# ip rule add from 192.168.3.0/24 table adslline
# ip route add default via 200.200.200.1 dev ppp0 table adslline
# ip route add 100.100.100.0/24 via 100.100.100.2 dev eth0 table local
# ip route add 192.168.2.0/24 via 192.168.1.254 dev eth1 table local
# ip route add 192.168.3.0/24 via 192.168.1.254 dev eth1 table local
¸¶Áö¸· µÎ ÁÙÀº 192.168.0.0 ³×Æ®¿÷¿¡ ´ëÇÑ ¶ó¿ìÆÃ
±ÔÄ¢À¸·Î »ý°¢Çؼ ÇÑ ÁٷΠǥÇöÇÒ ¼ö ÀÖ´Ù.
# echo 201 adslline >> /etc/iproute2/rt_tables
# ip rule add from 192.168.3.0/24 table adslline
# ip route add default via 200.200.200.1 dev ppp0 table adslline
# ip route add 100.100.100.0/24 via 100.100.100.2 dev eth0 table local
# ip route add 192.168.0.0/16 via 192.168.1.254 dev eth1 table local
ÇÊÅ͸µ ·êÀÇ ¼³Á¤
ÇÊÅ͸µ ·êÀ» ¼³Á¤ÇÏ´Â °ÍÀº ¿©±â¼ »ý·«ÇÑ´Ù.
MasqueradingÀÇ ¼³Á¤
Àü¿ë¼± ÂÊÀ¸·Î ³ª°¡´Â ÆÐŶ°ú ADSL ÂÊÀ¸·Î ³ª°¡´Â ÆÐŶ¿¡ ´ëÇÑ
Masquerading ¼³Á¤ÀÌ ÇÊ¿äÇÒ °ÍÀÌ´Ù.
# iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/16 ! -d 192.168.0.0/16 -j SNAT --to 100.100.100.2
# iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/16 ! -d 192.168.0.0/16 -j MASQUERADE
ÀÌ°ÍÀ¸·Î È£½ºÆ® ¶Ç´Â ¼ºê³×Æ®¿÷ º°·Î ³×Æ®¿÷ Æ®·¡ÇÈÀ» ºÐ»ê½ÃÅ°´Â
¹æ¹ýÀ» ¾Ë¾Æ º¸¾Ò´Ù. ¾Æ·¡¿¡ ¸í·É¾î¸¦ ´Ù½Ã ÇÑ ¹ø Á¤¸®ÇÏ¿´´Ù.
# echo 201 adslline >> /etc/iproute2/rt_tables
# ip rule add from 192.168.3.0/24 table adslline
# ip route add default via 200.200.200.1 dev ppp0 table adslline
# ip route add 100.100.100.0/24 via 100.100.100.2 dev eth0 table local
# ip route add 192.168.0.0/16 via 192.168.1.254 dev eth1 table local
# iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/16 ! -d 192.168.0.0/16 -j SNAT --to 100.100.100.2
# iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/16 ! -d 192.168.0.0/16 -j MASQUERADE
port ±â¹ÝÀÇ Æ®·¡ÇÈ ºÐ»ê
port¸¦ ±¸ºÐÇؼ ÆÐŶÀ» ³»º¸³»´Â ¹æ¹ý°ú È£½ºÆ® ¶Ç´Â ¼ºê³×Æ®¿÷À»
±¸ºÐÇؼ ÆÐŶÀ» ³»º¸³»´Â ¹æ¹ýÀº ÇÑ °¡Áö¸¦ Á¦¿ÜÇÏ°í´Â Å« Â÷ÀÌ°¡ ¾ø´Ù.
±âº»ÀûÀ¸·Î Ä¿³ÎÀº ¾î¶² ÆÐŶÀÌ ¾îµð·Î ÇâÇÏ´Â Áö¸¦ º¸°í¼ ¶ó¿ìÆÃÀ»
¾î¶»°Ô ÇÒ Áö¸¦ °áÁ¤Çϸç, ±× ÆÐŶÀÌ www port¸¦ »ç¿ëÇÏ´ÂÁö, telnet
port¸¦ »ç¿ëÇÏ´ÂÁö µîÀº ¶ó¿ìÆÃÀÇ ±âÁØÀÌ µÇÁö ¾Ê´Â´Ù. µû¶ó¼ port¸¦
±¸ºÐÇؼ ¶ó¿ìÆÃÀ» Çϱâ À§Çؼ´Â ¶Ç ´Ù¸¥ ±âÁØÀ» ¸¸µé¾î ÁÖ¾î¾ß Çϸç,
±× ¹æ¹ýÀº ƯÁ¤ port¸¦ »ç¿ëÇÏ´Â ÆÐŶ¿¡ Ç¥½ÄÀ» Çؼ ±¸ºÐÇÏ´Â °ÍÀÌ´Ù.
ÆÐŶ¿¡ Ç¥½ÄÀ» ÇÏ´Â °ÍÀº iptables ¸í·ÉÀ»
ÀÌ¿ëÇÑ´Ù.
³×Æ®¿÷ Æ®·¡ÇÈÀÇ ºÐ»ê Á¤Ã¥ °áÁ¤
www, ftp, ftp-data port¸¦ »ç¿ëÇÏ´Â ÆÐŶÀº ADSL(ppp0)À» ÅëÇÏ¿© ³ª°£´Ù.
³ª°£´Ù.
ÀÌ¿ÜÀÇ ³ª¸ÓÁö ÆÐŶÀº E1 Àü¿ë¼±À» ÅëÇÏ¿© ³ª°£´Ù.
¶ó¿ìÆà ·êÀÇ ¼³Á¤
/etc/iproute2/rt_tables¿¡
ADSLÀ» ÅëÇؼ ³ª°¡´Â ÆÐŶÀ» À§ÇØ adslline ¶ó¿ìÆà Å×À̺í À̸§À»
Ãß°¡ÇÑ´Ù.
# echo 201 adslline >> /etc/iproute2/rt_tables
ºÐ»ê Á¤Ã¥¿¡ µû¶ó¼ ¶ó¿ìÆà ·êÀ» Ãß°¡ÇÑ´Ù.
# ip rule add fwmark 1 table adslline
À§ ¸í·ÉÀÇ Àǹ̴ "1"À̶ó°í Ç¥½ÃµÈ ÆÐŶÀº adslline Å×À̺íÀ»
ÂüÁ¶ÇÏ¿© ¶ó¿ìÆÃÇÑ´Ù¶ó´Â ¶æÀÌ´Ù. Æ®·¡ÇÈ ºÐ»ê Á¤Ã¥¿¡ µû¶ó¼
www, ftp, ftp-data port¸¦ »ç¿ëÇÏ´Â ÆÐŶ¿¡ ´ëÇÏ¿© ´ÙÀ½°ú °°ÀÌ
"1"À̶ó°í Ç¥½ÃÇÏ¸é µÇ´Â °ÍÀÌ´Ù.
# iptables -A PREROUTING -i eth1 -s 192.168.0.0/16 ! -d 192.168.0.0/16 \
-t mangle -p tcp --dport www -j MARK --set-mark 1
# iptables -A PREROUTING -i eth1 -s 192.168.0.0/16 ! -d 192.168.0.0/16 \
-t mangle -p tcp --dport ftp -j MARK --set-mark 1
# iptables -A PREROUTING -i eth1 -s 192.168.0.0/16 ! -d 192.168.0.0/16 \
-t mangle -p tcp --dport ftp-data -j MARK --set-mark 1
ù¹ø° ¸í·ÉÀ» Çؼ®ÇØ º¸¸é, eth1¸¦ ÅëÇؼ µé¾î¿À´Â ÆÐŶ Áß¿¡¼ Ãâ¹ßÁö°¡
192.168.0.0/16 ³×Æ®¿÷ÀÌ°í ¸ñÀûÁö´Â 192.168.0.0/16ÀÌ ¾Æ´Ï¸ç www port¸¦
»ç¿ëÇÏ´Â ÆÐŶ¿¡ ´ëÇÏ¿© "1"À̶ó°í Ç¥½ÃÇÑ´Ù¶ó´Â ÀǹÌÀÌ´Ù.
¶ó¿ìÆà Å×À̺íÀÇ ¼³Á¤
adslline ¶ó¿ìÆà Å×À̺íÀ» ¸¸µé°í local Å×ÀÌºí¿¡ ÇÊ¿äÇÑ
¶ó¿ìÆà ±ÔÄ¢À» Ãß°¡ÇÑ´Ù.
# ip route add default via 200.200.200.1 dev ppp0 table adslline
# ip route add 100.100.100.0/24 via 100.100.100.2 dev eth0 table local
# ip route add 192.168.0.0/16 via 192.168.1.254 dev eth1 table local
ÇÊÅ͸µ ·êÀÇ ¼³Á¤
ÇÊÅ͸µ ·êÀ» ¼³Á¤ÇÏ´Â °ÍÀº ¿©±â¼ »ý·«ÇÑ´Ù.
MasqueradingÀÇ ¼³Á¤
¿¡¼¿Í ¸¶Âù°¡Áö·Î Àü¿ë¼± ÂÊÀ¸·Î ³ª°¡´Â
ÆÐŶ°ú ADSL ÂÊÀ¸·Î ³ª°¡´Â ÆÐŶ¿¡ ´ëÇÑ Masquerading ¼³Á¤ÀÌ
ÇÊ¿äÇÒ °ÍÀÌ´Ù.
# iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/16 ! -d 192.168.0.0/16 -j SNAT --to 100.100.100.2
# iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/16 ! -d 192.168.0.0/16 -j MASQUERADE
¸í·É¾î¸¦ ´Ù½Ã ÇÑ ¹ø Á¤¸®Çϸé,
# echo 201 adslline >> /etc/iproute2/rt_tables
# ip rule add fwmark 1 table adslline
# iptables -A PREROUTING -i eth1 -s 192.168.0.0/16 ! -d 192.168.0.0/16 \
-t mangle -p tcp --dport www -j MARK --set-mark 1
# iptables -A PREROUTING -i eth1 -s 192.168.0.0/16 ! -d 192.168.0.0/16 \
-t mangle -p tcp --dport ftp -j MARK --set-mark 1
# iptables -A PREROUTING -i eth1 -s 192.168.0.0/16 ! -d 192.168.0.0/16 \
-t mangle -p tcp --dport ftp-data -j MARK --set-mark 1
# ip route add default via 200.200.200.1 dev ppp0 table adslline
# ip route add 100.100.100.0/24 via 100.100.100.2 dev eth0 table local
# ip route add 192.168.0.0/16 via 192.168.1.254 dev eth1 table local
# iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/16 ! -d 192.168.0.0/16 -j SNAT --to 100.100.100.2
# iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/16 ! -d 192.168.0.0/16 -j MASQUERADE
ÇÑ°¡Áö ´õ
À§¿Í °°ÀÌ port º°·Î ³×Æ®¿÷ Æ®·¡ÇÈÀ» ºÐ»ê½ÃÅ°·Á ÇÒ ¶§ ÀüÇô ¶ó¿ìÆÃÀÌ ¾ÈµÇ´Â
°æ¿ì°¡ ÀÖ´Ù. ¾Æ¸¶µµ ´ëºÎºÐÀÇ ¸®´ª½º ¹èÆ÷º»¿¡¼ ÀÌ·± Çö»óÀÌ ¹ß»ýÇÒ °ÍÀ¸·Î
»ý°¢µÈ´Ù. ÀÌ´Â spoof protectionÀ» À§ÇØ
/proc/sys/net/ipv4/conf/*/rp_filter ÆÄÀÏÀÇ °ªÀ» "1"·Î
¼³Á¤Ç߱⠶§¹®ÀÌ´Ù. ¸ðµç µð¹ÙÀ̽º¿¡ ´ëÇÏ¿© rp_filter
ÆÄÀÏÀÇ °ªÀ» "0"À¸·Î ¼³Á¤ÇÏ¸é ¹®Á¦°¡ ÇØ°áµÉ °ÍÀÌ´Ù.
¹é¾÷ ¶óÀο¡ ´ëÇÏ¿©
ÀÌ ¹®¼¿¡¼ ´Ù·ç°í ÀÖ´Â Àü¿ë¼± + ADSL°ú °°Àº ȯ°æÀÇ °æ¿ì, ADSLÀÇ Á¢¼ÓÀÌ
²÷±æ ¶§°¡ ÀÖ´Ù. ÇöÀç¿Í °°Àº ³×Æ®¿÷ ȯ°æÀ̶ó¸é ADSL Á¢¼ÓÀÌ ²÷±â´õ¶óµµ
Àü¿ë¼±À» ÅëÇؼ ÀÎÅͳÝÀ» »ç¿ëÇÒ ¼ö´Â ÀÖ´Ù. adslline ¶ó¿ìÆà Å×ÀÌºí¿¡¼
¶ó¿ìÆà ±ÔÄ¢À» ãÁö ¸øÇϸé main ¶ó¿ìÆà Å×ÀÌºí¿¡¼ ¶ó¿ìÆà ±ÔÄ¢À» ã±â
¶§¹®ÀÌ´Ù. ±×·¯³ª, ADSLÀº »ì¾Æ ÀÖ°í Àü¿ë¼±ÀÌ ²÷¾îÁö´Â °æ¿ì¿¡´Â Àü¿ë¼±À»
Ÿ°í ³ª°¡¾ß ÇÒ ÆÐŶÀ» ¾î¶»°Ô ¶ó¿ìÆà ÇÒ °ÍÀÎÁö¸¦ ¾Ë ¼ö°¡ ¾ø°Ô µÈ´Ù.
ÆÐŶÀ» ¾î¶»°Ô ¶ó¿ìÆÃÇÒ Áö´Â adslline ¶ó¿ìÆà Å×À̺íÀ» °Ë»öÇÑ ´ÙÀ½ Àû´çÇÑ
¶ó¿ìÆà ±ÔÄ¢ÀÌ ¾øÀ¸¸é main ¶ó¿ìÆà Å×ÀÌºí¿¡¼ ±ÔÄ¢À» °Ë»öÇÒÅÙµ¥, main
Å×ÀÌºí¿¡´Â ADSLÀ» ÀÌ¿ëÇÏ´Â Àû´çÇÑ ¶ó¿ìÆà ±ÔÄ¢ÀÌ ¾ø±â ¶§¹®ÀÌ´Ù. ÀÌ °°Àº
°æ¿ì¿¡, main ¶ó¿ìÆà Å×ÀÌºí¿¡ ADSL°ú °ü·ÃµÈ ¶ó¿ìÆà ±ÔÄ¢À» ³Ö¾î ³õ¾Ò´Ù¸é
±¦ÂúÀ» °ÍÀÌ´Ù. Áï, ¹é¾÷ ¶óÀÎÀ» ±¸¼ºÇÏ·Á¸é adslline °ú main ¶ó¿ìÆÃ
Å×ÀÌºí¿¡ ¼·Î¿¡ ´ëÇÑ ¶ó¿ìÆà ±ÔÄ¢À» Ãß°¡ÇÏ´Â °ÍÀÌ´Ù.
ip route ¸í·ÉÀ» »ç¿ëÇÒ ¶§ metric °ªÀ» ´Þ¸®ÇÏ¿©
¼·Î¿¡ ´ëÇÑ ¶ó¿ìÆà ±ÔÄ¢À» ³Ö¾îÁÖ¸é µÈ´Ù.
adslline ¶ó¿ìÆà Å×ÀÌºí¿¡´Â,
# ip route add default via 200.200.200.1 dev ppp0 table adslline metric 1
# ip route add default via 100.100.100.1 dev eth0 table adslline metric 2
main ¶ó¿ìÆà Å×ÀÌºí¿¡´Â,
# ip route add default via 200.200.200.1 dev ppp0 table main metric 2
Á÷Á¢ ½ÃÇèÇØ º¸±â ¹Ù¶õ´Ù.
½ºÅ©¸³Æ® ¿¹
¿¡¼ ¼³¸íÇÑ ³»¿ëÀ» ±âÁØÀ¸·Î ½ºÅ©¸³Æ®¸¦
ÀÛ¼ºÇÏ¿´À¸¸ç, À̸¦ Àû¿ëÇϱâ À§Çؼ´Â ¿©·¯ºÐ °¢ÀÚÀÇ È¯°æ¿¡ ¸Â°Ô ¼öÁ¤ÇÒ
ÇÊ¿ä°¡ ÀÖÀ» °ÍÀÌ´Ù. ¾Æ·¡ÀÇ ½ºÅ©¸³Æ®´Â ¶ó¿ìÆà Å×À̺íÀ» »ý¼ºÇÏ´Â ¿ªÇÒÀ»
Çϸç IP Masquerading ¿ªÇÒÀº ÇÏÁö ¾Ê´Â´Ù´Â °ÍÀ» ÁÖÀÇÇϱ⠹ٶõ´Ù. µû¶ó¼
IP MasqueradingÀ» ±¸ÇöÇÏ´Â ½ºÅ©¸³Æ®¸¦"Linux IP Masquerade HOWTO" ¹®¼¸¦
Âü°í·ÎÇÏ¿© µû·Î ÀÛ¼ºÇϱ⠹ٶõ´Ù. ¾Æ·¡ÀÇ ½ºÅ©¸³Æ®µµ "Linux IP Masquerade
HOWTO" ¹®¼¸¦ Âü°í·ÎÇÏ¿© ÀÛ¼ºÇÏ¿´´Ù.
#! /bin/sh
KERNELVER="`uname -r | cut -d. -f1,2`"
if [ "$KERNELVER" = "2.2" ]
then
echo "This does not support the Kernel 2.2.x"
exit 1
fi
IPTABLES=/sbin/iptables
IFCONFIG=/sbin/ifconfig
ECHO=/bin/echo
GREP=/bin/grep
AWK=/usr/bin/awk
SED=/bin/sed
IP=/sbin/ip
RTTAB=/etc/iproute2/rt_tables
ONLINEPPP0=`$IFCONFIG | $GREP ppp0 | $AWK '{print $1}'`
if [ -n "$ONLINEPPP0" ]
then
$ECHO "PPP0 is ON-LINE... Initializing routing table......"
else
$ECHO "PPP0 is OFF-LINE..."
exit 1
fi
# ³»ºÎ ³×Æ®¿÷¿¡ ¿¬°áµÈ ÀÌ´õ³Ý Ä«µå
INTIF="eth1"
# ÀÎÅͳݿ¡ ¿¬°áµÈ ÀÌ´õ³Ý Ä«µå
EXITIFETH="eth0"
#ppp ¿¬°á
EXITIFPPP0="ppp0"
ALLPPP="ppp+"
# eth1¿¡ ÇÒ´çµÈ ip address
INTIP="`$IFCONFIG $INTIF | $GREP 'inet addr' | $AWK '{print $2}' | $SED -e 's/.*://'`"
# eth0¿¡ ÇÒ´çµÈ ip address
FWIP="`$IFCONFIG $EXITIFETH | $GREP 'inet addr' | $AWK '{print $2}' | $SED -e 's/.*://'`"
# ppp0¿¡ ÇÒ´çµÈ ip address
PPP0IP="`$IFCONFIG $EXITIFPPP0 | $GREP 'inet addr' | $AWK '{print $2}' | $SED -e 's/.*://'`"
# E1 Àü¿ë¼± °ÔÀÌÆ®¿þÀÌ
FWGW="100.100.100.1"
# ppp0 °ÔÀÌÆ®¿þÀÌ
PPP0GW="`$IFCONFIG $EXITIFPPP0 | $GREP 'inet addr' | $AWK '{print $3}' | $SED -e 's/.*://'`"
# ³»ºÎ ³×Æ®¿÷ ¹× Àü¿ë¼± ³×Æ®¿÷
NETA="192.168.1.0/24"
NETB="192.168.2.0/24"
NETC="192.168.3.0/24"
NETALL="192.168.0.0/16"
NETE1="100.100.100.0/24"
UNIVERSE="0.0.0.0/0"
add_rt_table() {
# rt_tables ÆÄÀÏ »ý¼º
$ECHO 255 local > $RTTAB
$ECHO 254 main >> $RTTAB
$ECHO 253 default >> $RTTAB
$ECHO 0 unspec >> $RTTAB
$ECHO 1 inr.ruhep >> $RTTAB
# »ç¿ëÇÒ ¶ó¿ìÆà Å×À̺í À̸§ »ðÀÔ
$ECHO 201 adslline >> $RTTAB
# ¶ó¿ìÆà ·ê Ãß°¡
$IP rule add from $NETC table adslline
# ¶ó¿ìÆà Å×ÀÌºí »ý¼º
$IP route add default via $PPP0GW dev $EXITIFPPP0 table adslline
# ³»ºÎ ³×Æ®¿÷°ú E1 Àü¿ë¼± ³×Æ®¿÷¿¡ ´ëÇÑ ¶ó¿ìÆÃÀ» local table¿¡ Ãß°¡
$IP route add $NETE1 via $FWIP dev eth0 table local
$IP route add $NETALL via $INTIP dev eth1 table local
}
del_rt_table() {
# ¶ó¿ìÆà Å×À̺í°ú ·ê »èÁ¦
$IP route del $NETALL via $INTIP dev $INTIF table local
$IP route del $NETE1 via $FWIP dev $EXITIFETH table local
$IP route del default via $PPP0GW dev $EXITIFPPP0 table adslline
$IP rule del from $NETC table adslline
}
case "$1" in
start)
add_rt_table
;;
stop)
del_rt_table
;;
restart)
del_rt_table
add_rt_table
;;
*)
echo "Usage: ½ºÅ©¸³Æ® ÆÄÀÏ À̸§ {start|stop|restart}"
exit 1
;;
esac
exit 0
µ¡ºÙÀÌ´Â ¸»
ÀÌ¿ÕÀ̸é ÆÐŶ ÇÊÅ͸µ µî¿¡ ´ëÇÑ ¾ð±Þµµ ÇÏ°í ½Í¾úÀ¸³ª ³Ê¹« ³»¿ëÀÌ ¸¹¾ÆÁö°í
´Ù·ç°íÀÚ Çß´ø ³»¿ëÀÇ ¹üÀ§¸¦ ¹þ¾î³ª¹Ç·Î ¿©±â¼´Â ¾ð±ÞÇÏÁö ¾Ê¾Ò´Ù. ÇÏÁö¸¸
´Ù¸¥ ¿©·¯ ¹®¼¿¡¼ ³»¿ëÀ» ´Ù·ç°í ÀÖÀ¸¹Ç·Î Âü°íÇϱ⠹ٶõ´Ù.
ADSL »ç¿ëÀÚ¸¦ À§ÇÏ¿© ¸¶Áö¸·À¸·Î ÇÑ °¡Áö µ¡ºÙÀÌ°Ú´Ù. ADSLÀ» »ç¿ëÇÏ¿©
MasqueradingÀ» ÇÒ ¶§ ƯÁ¤ »çÀÌÆ®¿¡ Á¢¼ÓÀÌ ¾ÈµÇ´Â ¹®Á¦°¡ ÀÖÀ» ¼ö ÀÖ´Ù.
ÀÌ ¶§´Â ppp¿¡¼ pppoe¸¦ ½ÇÇà½Ãų ¶§
-m 1412 ¿É¼ÇÀ» ÁÖ¸é ¾Æ¸¶µµ Àß µÉ °ÍÀÌ´Ù.
³×Æ®¿÷ Æ®·¡ÇÈ ºÐ»êÀ» À§Çؼ ¼³¸íÇÑ ³»¿ë ±×´ë·Î ½ÃÇèÇÑ °ÍÀº ¾Æ´Ï¸ç ƯÈ÷
port¿¡ µû¶ó¼ Æ®·¡ÇÈÀ» ºÐ»êÇÏ´Â °ÍÀº Á¤È®È÷ Å×½ºÆ®µÈ °ÍÀÌ ¾Æ´Ï´Ù. Ʋ¸°
³»¿ëÀÌ ÀÖÀ» ¼ö ÀÖÀ¸´Ï ¹Ì¸® ¾Ë¾Æ µÎ±â ¹Ù¶õ´Ù.
Âü°íÀÚ·á
¾Æ·¡ÀÇ Âü°í ÀÚ·á ´ëºÎºÐÀº ¸®´ª½º ÇÑ±Û ¹®¼
ÇÁ·ÎÁ§Æ® ȨÆäÀÌÁö¿¡¼ ÇÑ±Û ¹ø¿ªÀڷḦ ãÀ» ¼ö ÀÖÀ» °ÍÀÌ´Ù.
Linux Advanced Routing and Traffic Control HOWTO
Linux IP Masquerade HOWTO
Linux 2.4 NAT HOWTO
Linux 2.4 Packet Filtering HOWTO