Linux IP Masquerade HOWTO
Linux IP Masquerade HOWTO
v1.79, 21 October 1999
ÀÌ ¹®¼´Â ¸®´ª½º È£½ºÆ®¿¡¼ IP ¸¶½ºÄ¿·¹À̵å¶ó´Â ±â´ÉÀ» »ç¿ëÇÏ´Â ¹æ¹ýÀ» ±â¼úÇÏ°í ÀÖ´Ù. IP ¸¶½ºÄ¿·¹À̵å´Â Network Address Translation(NAT)ÀÇ ÇÑ ÇüÅ·Î, ¸®´ª½º box¿¡ ¿¬°áµÈ ÇÑ°³ÀÇ ÀÎÅÍ³Ý IP ÁÖ¼Ò¸¦ ÅëÇؼ µî·ÏµÈ IP ÁÖ¼Ò°¡ ¾ø´Â ³»ºÎÀÇ ÄÄÇ»Å͵éÀÌ ÀÎÅͳÝÀ» ÀÌ¿ëÇϵµ·Ï ÇÏ´Â ±â´ÉÀÌ´Ù.
(¿ªÀÚÁÖ: [ masquerade ] n, °¡Àå ¹«µµÈ¸, °¡Àå, ±¸½Ç [ masquerade ] v, °¡Àå ¹«µµ¸¦ ÇÏ´Ù, °¡ÀåÇÏ´Ù, üÇÏ´Ù)
ÀÌ ¹®¼´Â ¸®´ª½º È£½ºÆ®¿¡¼ IP ¸¶½ºÄ¿·¹À̵å¶ó´Â ±â´ÉÀ» »ç¿ëÇÏ´Â ¹æ¹ýÀ» ±â¼úÇÏ°í ÀÖ´Ù. IP ¸¶½ºÄ¿·¹À̵å´Â Network Address Translation(NAT)ÀÇ ÇÑ ÇüÅ·Î, ¸®´ª½º box¿¡ ¿¬°áµÈ ÇÑ°³ÀÇ ÀÎÅÍ³Ý IP ÁÖ¼Ò¸¦ ÅëÇؼ µî·ÏµÈ IP ÁÖ¼Ò°¡ ¾ø´Â ³»ºÎÀÇ ÄÄÇ»Å͵éÀÌ ÀÎÅͳÝÀ» ÀÌ¿ëÇϵµ·Ï ÇÏ´Â ±â´ÉÀÌ´Ù. ³»ºÎÀÇ ÄÄÇ»Å͵éÀº ÀÌ´õ³Ý(Ethernet), ÅäÅ« ¸µ(TokenRing), FDDI°°Àº LAN ¿¬°áÀ̳ª ´ÙÀ̾ó¾÷ PPP(¿ªÀÚÁÖ: À©µµ¿ìÁîÀÇ ÀüÈÁ¢¼Ó ³×Æ®¿öÅ·), ȤÀº SLIP °°Àº ¹æ¹ýÀ» ÅëÇؼ ¸®´ª½º È£½ºÆ®¿¡ ¿¬°áÇÒ ¼ö ÀÖ´Ù. ÀÌ ¹®¼´Â ÀÌ´õ³Ý(Ethernet)À» ÀÌ¿ëÇÏ´Â ¹æ¹ýÀ» ¿ì¼±ÀûÀ¸·Î ´Ù·é´Ù.
ÀÌ ¹®¼´Â IBM ȣȯ PC¿¡¼ 2.0.36ÀÌ»ó, 2.2.9ÀÌ»óÀÇ ¾ÈÁ¤ Ä¿³ÎÀ» »ç¿ëÇÏ´Â »ç¿ëÀÚµéÀ» À§Çؼ ¾²¿©Á³´Ù. 1.2.x ³ª 1.3.xÀÇ ¿À·¡µÈ Ä¿³ÎÀº ´Ù·çÁö ¾Ê°í, ¾î¶² ¹öÁ¯ÀÇ Ä¿³Î¿¡¼´Â À߸øµÈ °á°ú¸¦ ³¾ ¼öµµ ÀÖ´Ù. IP ¸¶½ºÄ¿·¹À̵带 »ç¿ëÇϱâ ÀÌÀü¿¡ »õ·Î¿î ¾ÈÁ¤ Ä¿³Î·Î ¾÷±×·¹À̵åÇϱ⠹ٶõ´Ù.
IP ¸¶½ºÄ¿·¹À̵带 ¸ÅŲÅä½Ã¿¡¼ »ç¿ëÇÏ°íÀÚ ÇÑ´Ù¸é, Taro Fukunaga,
tarozax@earthlink.net ¿¡°Ô ¸ÞÀÏÀ» º¸³»¼ ÀÌ HOWTOÀÇ °£·«ÇÑ MkLinux¿ë ¹öÁ¯À» ¾ò±æ ¹Ù¶õ´Ù..
»õ·Î¿î »ç¿ëÀڵ鿡°Ô´Â ¸®´ª½º Ä¿³Î(1.2.x ÀÌÀü ¹öÁ¯ Æ÷ÇÔ)¿¡¼ IP Masq¸¦ ¼³Á¤ÇÏ´Â °ÍÀÌ ¸Å¿ì È¥µ¿½º·´´Ù. FAQ¿Í ¸ÞÀϸµ ¸®½ºÆ®°¡ ÀÖÁö¸¸, IP Masq¸¦ À§Çؼ ¾²¿©Áø ¹®¼´Â ¾ø¾ú´Ù. ±×¸®°í, ¸ÞÀϸµ ¸®½ºÆ®¿¡µµ IP Masq¸¦ À§ÇÑ HOWTO¸¦ ¿äûÇÏ´Â ±ÛÀÌ ÀÖ¾ú´Ù. ±×·¡¼, »õ·Î¿î »ç¿ëÀÚµéÀÌ Ãâ¹ßÁ¡À¸·Î »ïÀ» ¼ö ÀÖµµ·Ï ÀÌ HOWTO¸¦ ¾²±â·Î °áÁ¤Çß°í, ¼÷·ÃµÈ »ç¿ëÀÚµéÀÌ ÃßÈÄ¿¡ ´õ Ãß°¡ÇÒ ¼ö ÀÖ±æ ¹Ù¶õ´Ù. ÀÌ ¹®¼¿¡ ´ëÇØ ¾î¶² Á¾·ùÀÇ ¾ÆÀ̵ð¾î³ª, ¼öÁ¤»çÇ׵鵵 ȯ¿µÇÑ´Ù. ±×·¡¼ ÀÌ ¹®¼°¡ ´õ ÁÁÀº ¹®¼°¡ µÇ±æ ¹Ù¶õ´Ù.
ÀÌ ¹®¼´Â Ken EvesÀÇ FAQ¿Í IP ¸¶½ºÄ¿·¹ÀÌµå ¸ÞÀϸµ ¸®½ºÆ®ÀÇ ¼ö¸¹Àº ¸Þ½ÃÁöµéÀ» Âü°íÇÏ¿© ¸¸µé¾îÁ³´Ù. ³»°¡ IP Masq¸¦ ¼³Á¤Çϴµ¥ µµ¿òÀ» ÁÖ°í, ¸¶Ä§³»´Â ÀÌ ¹®¼¸¦ ¾²´Âµ¥ ¿µ°¨À» ÁØ Mr. Matthew Driver ¿¡°Ô Ưº°ÇÑ °¨»ç¸¦ Ç¥ÇÑ´Ù. ÃÖ±Ù¿¡´Â David Ranch°¡ HOWTO¸¦ ÀçÀÛ¼ºÇßÀ¸¸ç ,HOWOT¿¡ ¸¹Àº sectionµéÀ» Ãß°¡ÇÏ¿© ÀÌ ¹®¼°¡ ´õ¿í ¿Ïº®ÇØ Áöµµ·Ï Çß´Ù.
¼öÁ¤ÇØ¾ß ÇÒ Á¡À̳ª, Á¤º¸, URL, ±âŸÀÇ ¾î¶°ÇÑ ÀÇ°ßÀÌ¶óµµ ±âź¾øÀÌ
ambrose@writeme.com °ú
dranch@trinnet.net·Î º¸³»Áֱ⠹ٶõ´Ù. ¿©·¯ºÐÀÇ Âü¿©°¡ ÀÌ HOWTO¿¡ ¸¹Àº µµ¿òÀ» ÁÙ °ÍÀÌ´Ù.
ÀÌ HOWTO´Â ¿©·¯ºÐÀÌ °¡´ÉÇÑ ºü¸¥ ½Ã°£¾È¿¡ ¸®´ª½º IP ¸¶½ºÄ¿·¹ÀÌµå ³×Æ®¿÷À» ÀÛµ¿Çϵµ·Ï Çϴµ¥ µµ¿òÀ» ÁÙ Àǵµ·Î ¾²¿©Á³´Ù. Ambrose³ª David°¡ Á÷¾÷ÀûÀÎ ÀúÀÚ°¡ ¾Æ´Ï±â ¶§¹®¿¡, ¿©·¯ºÐÀº ÀÌ ¹®¼¿¡¼ ÀϹÝÀûÀÌÁö ¾Ê°Å³ª ¾ÖÃÊÀÇ ¸ñÀûÀÌ ¸ÂÁö ¾Ê´Â ³»¿ëÀ» ¹ß°ß ÇÒ ¼ö ÀÖÀ» °ÍÀÌ´Ù. ÀÌ HOWTO¿¡ °üÇÑ ÃֽŠÁ¤º¸³ª ±âŸ IP ¸¶½ºÄ¿·¹À̵忡 °üÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº ¿ì¸®°¡ ÀÇ¿åÀûÀ¸·Î °ü¸®ÇÏ°í ÀÖ´Â web page
IP Masquerade Resource ¿¡¼ ¾òÀ» ¼ö ÀÖ´Ù. ¿©·¯ºÐÀÌ IP ¸¶½ºÄ¿·¹À̵忡 ´ëÇؼ ±â¼úÀûÀÎ Àǹ®»çÇ×ÀÌ ÀÖ´Ù¸é, Amrose³ª David¿¡°Ô ¸ÞÀÏÀ» º¸³»´Â ´ë½Å¿¡ IP ¸¶½ºÄ¿·¹ÀÌµå ¸ÞÀϸµ ¸®½ºÆ®¿¡ Âü°¡Çϱ⠹ٶõ´Ù. IP ¸¶½ºÄ¿·¹À̵忡 °üÇÑ ¸ðµç ¹®Á¦Á¡Àº ´ëºÎºÐÀÇ À¯Àúµé¿¡°Ô °øÅëµÈ °ÍÀÌ°í, ¸ÞÀϸµ ¸®½ºÆ®ÀÇ ´©±º°¡¿¡°Ô¼ °£´ÜÇÑ ´äÀ» ¾òÀ» ¼öµµ ÀÖÀ» °ÍÀÌ´Ù. µ¡ºÙ¿©¼, Ambrose³ª David·ÎºÎÅÍ ´äÀåÀ» ¹Þ´Â ½Ã°£º¸´Ù ¸ÞÀϸµ ¸®½ºÆ®·ÎºÎÅÍ ´äÀ» ¾ò´Â ½Ã°£ÀÌ ÈξÀ Àû°Ô °É¸± °ÍÀÌ´Ù.
ÀÌ ¹®¼ÀÇ ÃֽŠ¹öÁ¯Àº ´ÙÀ½ »çÀÌÆ®¿¡¼ ¾òÀ» ¼ö ÀÖ°í, ±×°÷¿¡¼ HTMLÀ̳ª postscript¹öÁ¯ÀÇ ¹®¼µµ ¾òÀ» ¼ö ÀÖ´Ù.
ÀÌ ¹®¼´Â Ambrose Au¿Í David Ranch¿¡°Ô ÆDZÇ
ÀÌ ÀÖ°í, ÀÚÀ¯·Ó°Ô ÀÌ¿ë °¡´ÉÇÑ ¹®¼ÀÌ´Ù. ÀÌ ¹®¼´Â GNU General Public License¿¡ ÀÇÇؼ Àç ¹èÆ÷ÇÒ ¼ö ÀÖ´Ù.
This document is copyright(c) 1999 Ambrose Au and David Ranch
and it is a FREE document. You may redistribute it under the terms of the GNU General Public License.
ÀÌ ¹®¼´Â Ambrose¿Í David°¡ ÃÖ¼±À» ´ÙÇÑ ¹®¼·Î¼, ¿Ç¹Ù¸¥ ³»¿ëÀ» ´ã°í ÀÖ´Ù. ±×·¯³ª, ¸®´ª½º IP ¸¶½ºÄ¿·¹ÀÌµå ±â´ÉÀº »ç¶÷¿¡ ÀÇÇؼ °³¹ßµÈ °ÍÀ̹ǷÎ, ¶§¶§·Î ½Ç¼ö³ª ¹ö±×µîÀÌ ÀÖÀ» ¼ö ÀÖ´Ù.
ÀÌ ¹®¼¿¡ ¾²¿©Áø Á¤º¸¸¦ »ç¿ëÇؼ »ý±â´Â, ¿©·¯ºÐÀÇ ÄÄÇ»ÅÍÀÇ ¼Õ»óÀ̳ª ¾î¶°ÇÑ ¼Õ½Ç¿¡ ´ëÇؼµµ ¾Æ¹«µµ Ã¥ÀÓÀ» ÁöÁö ¾Ê´Â´Ù.
ÀÌ ¹®¼ÀÇ Á¤º¸¿¡ ÀÇÇØ ÇàÇØÁø ÇàÀ§ ¶§¹®¿¡ ¹ß»ýµÈ ¾î¶² ¼Õ»óµµ ÀúÀڴ åÀÓÁöÁö ¾Ê´Â´Ù.
No person, group, or other body is responsible for any damage on your computer(s) and any other losses by using the information on this document. i.e.
THE AUTHORS AND ALL MAINTAINERS ARE NOT RESPONSIBLE FOR ANY DAMAGES INCURRED DUE TO ACTIONS TAKEN BASED ON THE INFORMATION IN THIS DOCUMENT.
ÀÚ, ÀÌ »óÀÇ ³»¿ëÀ» ¼÷ÁöÇÏ°í... ½ÃÀÛÇØ º¸µµ·Ï ÇÏÀÚ..
IP ¸¶½ºÄ¿·¹À̵å´Â ¸®´ª½ºÀÇ ³×Æ®¿öÅ· ±â´ÉÀ¸·Î, »ó¿ë ¹æȺ®(firewall)À̳ª ³×Æ®¿÷ ¶ó¿ìÅÍ(network router)¿¡¼ ÈçÈ÷ º¼ ¼ö ÀÖ´Â 1 ´ë ´Ù(one-to-many) ¹æ½ÄÀÇ NAT(Network Address Translation: ³×Æ®¿÷ ÁÖ¼Ò Çؼ®)¿Í À¯»çÇÏ´Ù. ¿¹À» µé¾î¼, ¾î¶² ¸®´ª½º È£½ºÆ®°¡ PPP(¿ªÀÚÁÖ: À©µµ¿ìÁîÀÇ ÀüÈÁ¢¼Ó ³×Æ®¿öÅ·¿¡ ÇØ´çÇÔ), ÀÌ´õ³Ý(Ethernet), ±âŸµîµîÀÇ ¹æ¹ýÀ¸·Î ÀÎÅͳݿ¡ ¿¬°áµÇ¾î ÀÖ´Ù¸é, ÀÌ ¸®´ª½º ¹Ú½º¿¡ ¿¬°áµÈ(PPP, Ethernet, ±âŸµîµî) ³»ºÎÀÇ ÄÄÇ»Å͵鵵 IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ ÀÎÅͳݿ¡ ¿¬°áÇÒ ¼ö ÀÖ´Ù. ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵带 ÅëÇϸé, ³»ºÎÀÇ ÄÄÇ»Å͵éÀÌ °ø½ÄÀûÀ¸·Î ÇÒ´çµÈ IP ÁÖ¼Ò°¡ ¾ø´õ¶óµµ °¡´ÉÇÏ´Ù.
MASQ¸¦ »ç¿ëÇϸé, MASQ °ÔÀÌÆ®¿þÀÌ(gateway: Åë·Î°¡ µÇ´Â ÄÄÇ»ÅÍ)¸¦ ÅëÇؼ ¸î´ëÀÇ ÄÄÇ»Å͵éÀÌ ¼û¾î¼ ÀÎÅͳÝÀ» »ç¿ëÇÒ ¼ö ÀÖ´Ù. Áï, ÀÎÅͳݿ¡ ÀÖ´Â ´Ù¸¥ ÄÄÇ»Å͵鿡°Ô´Â, IP MASQ¸¦ ÅëÇؼ ¹Ù±ùÀ¸·Î ³ª¿À´Â Á¤º¸µéÀº IP MASQ Linux ¼¹ö ÀÚü°¡ º¸³»´Â °Íó·³ º¸ÀδÙ. ÀÌ·¯ÇÑ ±â´É¿¡ µ¡ºÙ¿©¼, IP ¸¶½ºÄ¿·¹À̵å´Â ´ë´ÜÈ÷ ¾ÈÀüÇÑ ³×Æ®¿÷ ȯ°æÀ» Á¦°øÇÑ´Ù. Àß ±¸¼ºµÈ ¸¶½ºÄ¿·¹À̵ù ½Ã½ºÅÛ°ú ³»ºÎ LANÀÇ º¸¾ÈÀ» ±ú´Â °ÍÀº, Àß ±¸¼ºµÈ ¹æȺ®ÀÇ º¸¾ÈÀ» ±ú´Â °Í ¸¸ÅÀ̳ª ¾î·Æ´Ù.
IP ¸¶½ºÄ¿·¹À̵å´Â óÀ½ °³¹ßµÈÁö ¼ö³âÀÌ Áö³µ°í, ¸®´ª½º Ä¿³ÎÀÌ 2.2.x ·Î µé¾î¼¸é¼ ¸Å¿ì ¼º¼÷ÇØÁ³´Ù. ¸®´ª½º Ä¿³ÎÀº 1.3.x ¹öÁ¯ºÎÅÍ MASQ ±â´ÉÀ» ÀÚü Áö¿øÇß´Ù. ÇöÀç´Â ¼ö¸¹Àº °³ÀÎ, ¶Ç´Â »ó¾÷ ±â°üµéÀÌ ÈǸ¢ÇÏ°Ô »ç¿ëÇÏ°í ÀÖ´Ù.
À¥ ÆäÀÌÁö º¸±â, TELNET Á¢¼Ó, FTP, PING, TRACEROUTE, ±âŸµîµîÀÇ Åë»óÀûÀÎ ³×Æ®¿÷ ±â´ÉÀº IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ Àß ÀÛµ¿ÇÑ´Ù. FTP, IRC¿Í Real Audio¿Í °°Àº °Íµµ, ÀûÀýÇÑ IP MASQ ¸ðµâÀ» ÀûÀçÇϸé Àß ÀÛµ¿ÇÑ´Ù. MP3³ª Æ®·ç ½ºÇÇÄ¡(True Speech)µîÀÇ ½ºÆ®¸®¹Ö ¿Àµð¿À(streaming audio)¿Í °°Àº ³×Æ®¿÷ °ü·Ã ÇÁ·Î±×·¥µéµµ ¿ª½Ã ÀÛµ¿ÇÑ´Ù. ¸ÞÀϸµ ¸®½ºÆ®ÀÇ ¾î¶² µ¿·á »ç¿ëÀÚµéÀº È»óȸÀÇ ¼ÒÇÁÆ®¿þ¾î¿¡¼±îÁö ÁÁÀº °á°ú¸¦ ¾òÀº ¹Ù ÀÖ´Ù.
Áö¿øµÇ´Â Àüü ¼ÒÇÁÆ® ¿þ¾î ¸ñ·ÏÀº
Supported Client Software
section¿¡¼ È®ÀÎÇϱ⠹ٶõ´Ù.
IP ¸¶½ºÄ¿·¹À̵å´Â ¿©·¯°¡Áö ´Ù¸¥ OS¿Í Çϵå¿þ¾î Ç÷§ÆûÀ» »ç¿ëÇÏ´Â »ç¿ëÀÚ ÄÄÇ»Å͵é(client machines)¿¡°Ôµµ ¼¹ö·Î¼ Àß µ¿ÀÛÇÑ´Ù. MASQ ³»ºÎ¿¡¼ ¼º°øÀûÀ¸·Î µ¿ÀÛÇÑ ½Ã½ºÅÛµéÀº ´ÙÀ½°ú °°´Ù :
- Unix: Sun Solaris, *BSD, Linux, Digital UNIX, ±âŸµîµî
- Microsoft Windows 95/98, Windows NT¿Í Windows for Workgroups (TCP/IP ÆÐÅ°Áö°¡ ¼³Ä¡µÈ »óÅÂ)
- IBM OS/2
- MacTCP or Open Transport¸¦ »ç¿ëÇÏ´Â Apple Macintosh MacOS machineµé
- packet µå¶óÀ̹ö¿Í NCSA Telnet ÆÐÅ°Áö¸¦ »ç¿ëÇÏ´Â DOS ±â¹Ý ½Ã½ºÅÛ
- VAXen
- ¸®´ª½º³ª NT¸¦ »ç¿ëÇÏ´Â Compaq/Digital Alpha ½Ã½ºÅÛ
- AmiTCP ³ª AS225-stackÀ» »ç¿ëÇÏ´Â Amiga ÄÄÇ»ÅͱîÁö..
¸®½ºÆ®´Â ´õ °è¼ÓµÉ ¼ö ÀÖÁö¸¸ ¿äÁ¡Àº ´ÙÀ½°ú °°´Ù. TCP/IP·Î Åë½ÅÇÒ ¼ö ÀÖ´Â OS¸¦ »ç¿ëÇÑ´Ù¸é ¹Ýµå½Ã IP ¸¶½ºÄ¿·¹À̵å¿Í ÇÔ²² µ¿ÀÛÇÒ ¼ö ÀÖ¾î¾ß ÇÑ´Ù!
- ´ç½ÅÀÌ ÀÎÅͳݿ¡ ¿¬°áµÈ ¸®´ª½º È£½ºÆ®¸¦ °¡Áö°í ÀÖ°í,
- TCP/IP°¡ ¼³Ä¡µÇ¾î ÀÖ°í ·ÎÄà ¼ºê³Ý(local subnet)À» ÅëÇؼ ¸®´ª½º È£½ºÆ®¿¡ ¿¬°áµÈ ÄÄÇ»ÅÍ ¸î´ë¸¦ °¡Áö°í Àְųª,
- ´ç½ÅÀÇ ¸®´ª½º È£½ºÆ®°¡ µÎ°³ ÀÌ»óÀÇ ¸ðµ©À» °¡Áö°í PPP³ª SLIP¼¹ö·Î µ¿ÀÛÇÏ¸é ³»ºÎÀÇ ´Ù¸¥ ÄÄÇ»Å͵é°ú ¿¬°áµÇ¾î ÀÖ°í,
- ±× ´Ù¸¥ ÄÄÇ»Å͵éÀÌ °ø½ÄÀûÀÎ IP ÁÖ¼Ò¸¦ ÇÒ´ç¹ÞÁö ¾Ê¾Ò´Ù¸é,
- ±×¸®°í ¹°·Ð, ISP·ÎºÎÅÍ °ø½ÄÀûÀÎ IP ÁÖ¼Ò¸¦ ÇÒ´ç¹Þ°í ¸®´ª½º¸¦ ¶ó¿ìÅÍ(router)·Î ¼³Á¤Çϰųª ¿ÜºÎ ¶ó¿ìÅ͸¦ ±¸ÀÔÇϴµîÀÇ Ãß°¡ºñ¿ëÀ» µéÀÌÁö ¾Ê°í ±× ´Ù¸¥ ÄÄÇ»Å͵éÀÌ ÀÎÅͳÝÀ» »ç¿ëÇϵµ·Ï ÇÏ°í ½Í´Ù¸é.
- ´ç½ÅÀÇ ÄÄÇ»ÅÍ°¡ ´Üµ¶À¸·Î ¼³Ä¡µÇ¾î ÀÖ°í ÀÎÅͳݿ¡ ¿¬°áµÇ¾î Àְųª (±×·¯³ª ´Üµ¶À¸·Î Á¸ÀçÇÏ´õ¶óµµ ¹æȺ®À» ¼³Á¤ÇÏ´Â °ÍÀº ÁÁÀº »ý°¢ÀÏ ¼ö ÀÖ´Ù),
- ´Ù¸¥ ÄÄÇ»Å͵éÀ» À§Çؼ ÇÒ´çµÈ ¿©·¯°³ÀÇ IP ÁÖ¼Ò¸¦ °¡Áö°í ÀÖ´Ù¸é,
- ±×¸®°í ¹°·Ð, ´ç½ÅÀÌ ¸®´ª½ºÀ» »ç¿ëÇÏ´Â '¹«ÀÓ ½ÂÂ÷'¶ó´Â °ÍÀ» ÁÁ¾ÆÇÏÁö ¾Ê°í, ¿ÀÈ÷·Á °°Àº ÀÏÀ» Çϱâ À§ÇØ ºñ½Ñ ´ë°¡¸¦ ÁöºÒÇÏ´Â °ÍÀ» ´õ ÆíÇÏ°Ô »ý°¢ÇÑ´Ù¸é.
>Ken EvesÀÇ IP ¸¶½ºÄ¿·¹À̵å FAQ·ÎºÎÅÍ :
°¡Àå °£´ÜÇÑ ¼³Ä¡ÀÇ ¿¹´Â ´ÙÀ½ ±×¸²°ú °°´Ù:
SLIP/PPP +------------+ +-------------+
ISP Á¦°øÀÚ·Î | Linux | SLIP/PPP | ´Ù¸¥ ÄÄÇ»ÅÍ |
<---------- modem1| #1 |modem2 ----------- modem3| |
111.222.333.444 | | 192.168.0.100 | |
+------------+ +-------------+
À§ÀÇ ±×¸²¿¡¼, IP_MASQUERADINGÀÌ ¼³Ä¡µÈ ¸®´ª½º box°¡ Linux #1À¸·Î ¼³Á¤µÇ¾î
ÀÖ°í modem1À» ÅëÇÑ SLIP ȤÀº PPP·Î ÀÎÅͳݿ¡ ¿¬°áµÇ¾î ÀÖ´Ù. Linux #1Àº
111.222.333.444¶ó´Â IP ÁÖ¼Ò°¡ ÇÒ´çµÇ¾î ÀÖ´Ù. Linux #1Àº modom2¸¦ ÅëÇؼ ´Ù¸¥
ÄÄÇ»ÅÍ°¡ SLIP ȤÀº PPP·Î Á¢¼ÓÇÒ ¼ö ÀÖµµ·Ï µÇ¾î ÀÖ´Ù.
µÎ¹ø° ½Ã½ºÅÛ(´Ù¸¥ ÄÄÇ»ÅÍ: ¹Ýµå½Ã ¸®´ª½º¸¦ »ç¿ëÇÒ ÇÊ¿ä´Â ¾ø´Ù) Linux #1À¸·Î
SLIP ȤÀº PPP Á¢¼ÓÀ» ÇÑ´Ù. ´Ù¸¥ ÄÄÇ»ÅÍ´Â °ø½ÄÀûÀ¸·Î ÇÒ´çµÈ IP ÁÖ¼Ò¸¦ °¡Áö°í
ÀÖÁö ¾Ê´Ù. ±×·¡¼ ³»ºÎ ÁÖ¼ÒÀÎ 192.168.0.100À̶ó´Â ÁÖ¼Ò°¡ ÇÒ´çµÇ¾î ÀÖ´Ù.
(¾Æ·¡ ÂüÁ¶)
¶ó¿ìÆà Á¤º¸°¡ Á¦´ë·Î ¼³Á¤µÇ¾î ÀÖÀ¸¸é IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ "´Ù¸¥ ÄÄÇ»ÅÍ"´Â
¸¶Ä¡ ÀÎÅͳݿ¡ Á÷Á¢ ¿¬°áµÇ¾î ÀÖ´Â °Íó·³(¸î°¡Áö¸¦ Á¦¿ÜÇÏ°í) ÀÎÅͳÝÀ» »ç¿ë
ÇÒ ¼ö ÀÖ´Ù.
Pauline Middelink¿¡ ÀÇÇϸé:
"´Ù¸¥ ÄÄÇ»ÅÍ"´Â Linux #1À» °ÔÀÌÆ®¿þÀÌ(gateway)·Î ¼³Á¤ÇØ¾ß ÇÑ´Ù´Â »ç½ÇÀ» ÀØÁö
¸»¾Æ¾ß ÇÑ´Ù(±âº» ¶ó¿ìÅÍ(default route)Àΰ¡ ´ÜÁö ¼ºê³Ý(subnet)Àΰ¡´Â »ó°ü¾ø´Ù.)
¸¸¾à "´Ù¸¥ ÄÄÇ»ÅÍ"°¡ Linux #1À» °ÔÀÌÆ®¿þÀÌ·Î ¼³Á¤ÇÏÁö ¾Ê´Â´Ù¸é, Linux #1Àº
proxy arp¸¦ Áö¿øÇϵµ·Ï ¼³Á¤µÇ¾î¾ß Çϴµ¥, proxy arp¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼ÀÇ
¹üÁÖ¸¦ ¹þ¾î³ª´Â ³»¿ëÀÌ´Ù.
´ÙÀ½Àº comp.os.linux.networking¿¡ Æ÷½ºÆÃµÈ ±Û¿¡¼ ¹ßÃéÇÑ °ÍÀ¸·Î À§ÀÇ ¿¹¿¡¼ÀÇ
À̸§¿¡ ¸Âµµ·Ï ¼öÁ¤µÈ °ÍÀÌ´Ù:
o ³ª´Â "´Ù¸¥ ÄÄÇ»ÅÍ"°¡ PPPȤÀº SLIPÀ¸·Î ¿¬°áµÈ ³ªÀÇ Linux #1À» gateway·Î ÀνÄ
Çϵµ·Ï ÇÏ¿´´Ù.
o "´Ù¸¥ ÄÄÇ»ÅÍ"·ÎºÎÅÍ Linux #1À¸·Î ÆÐŶÀÌ Àü´ÞµÉ ¶§, Linux #1Àº ±× ÆÐŶ¿¡
»õ·Î¿î ¹ß½ÅÆ÷Æ®¹øÈ£(source port number)¸¦ ÇÒ´çÇÏ°í ¿ø·¡ÀÇ ÁÖ¼Ò´Â µû·Î
ÀúÀåÇØ µÐ´Ù. MASQ¼¹ö´Â ¼öÁ¤µÈ ÆÐŶÀ» SLIP/PPP¸¦ ÅëÇؼ ÀÎÅͳÝÀ¸·Î
Àü¼ÛÇÑ´Ù.
o ÀÎÅͳÝÀ¸·ÎºÎÅÍ Linux #1À¸·Î ÆÐŶÀÌ µÇµ¹¾Æ¿Ã ¶§, Linux #1Àº Æ÷Æ®¹øÈ£(port
number)¸¦ °Ë»çÇؼ "´Ù¸¥ ÄÄÇ»ÅÍ"·ÎºÎÅÍ ¿äûµÇ¾ú´ø °ÍÀÎÁö È®ÀÎÇÑ´Ù. ¸Â´Ù¸é,
MASQ ¼¹ö´Â ÀúÀåÇص״ø ¿ø·¡ÀÇ Æ÷Æ®¹øÈ£¿Í IP ÁÖ¼Ò¸¦ ÀÎÅͳÝÀ¸·ÎºÎÅÍ ¿Â
ÆÐŶ¿¡ ´Ù½Ã ÇÒ´çÇÏ°í "´Ù¸¥ ÄÄÇ»ÅÍ"·Î º¸³»ÁØ´Ù.
o ÀÎÅͳݿ¡¼ ÆÐŶÀ» º¸³½ È£½ºÆ®´Â ÀÌ·± ÀÏÀÌ ÀϾ´Â °ÍÀ» ÀüÇô ¾Ë ¼ö ¾ø´Ù.
IP MasqueradingÀÇ ¶Ç´Ù¸¥ ¿¹:
¾Æ·¡ ±×¸²¿¡ ÀüÇüÀûÀÎ ¿¹°¡ ÀÖ´Ù:
+----------+
| | Ethernet
| A-box |::::::
| |.2 : 192.168.0.x
+----------+ :
: +----------+
+----------+ : .1 | Linux | PPP Á¢¼Ó
| | :::::::| Masq-Gate|:::::::::::::::::::// Internet
| B-box |:::::: | | 111.222.333.444
| |.3 : +----------+
+----------+ :
:
+----------+ :
| | :
| C-box |::::::
| |.4
+----------+
| | |
| <----³»ºÎ ³×Æ®¿÷----> | | <------¿ÜºÎ ³×Æ®¿÷------>
| | |
ÀÌ ¿¹¿¡¼´Â ¸ðµÎ ³×°³ÀÇ ÄÄÇ»ÅÍ°¡ ÀÖ´Ù. ÀÌ °æ¿ì¿¡µµ ¸¶Âù°¡Áö·Î ¿À¸¥ÂÊ ³¡¿¡´Â
PPPÁ¢¼ÓÀ» ÇÒ ¼ö ÀÖ´Â ¼¹ö°¡ ÀÖ°í, ´õ ¿À¸¥Á·¿¡´Â Á¤º¸¸¦ ±³È¯ÇÏ°íÀÚ ÇÏ´Â
ÀÎÅͳݻóÀÇ È£½ºÆ®µéÀÌ ÀÖ´Ù°í °¡Á¤ÇÑ´Ù. ¸®´ª½º ½Ã½ºÅÛÀÎ Masq-Gate
°¡
³»ºÎ ³×Æ®¿÷ÀÇ A-box
, B-box
, C-box
¸¦
¿ÜºÎÀÇ ÀÎÅͳÝÀ¸·Î ¿¬°áÇϵµ·Ï ÇØÁÖ´Â IP Masquerading °ÔÀÌÆ®¿þÀÌÀÌ´Ù.
³»ºÎ ³×Æ®¿÷Àº
RFC-1918¿¡ Á¤ÇØÁø ¸î°¡Áö ³»ºÎ ³×Æ®¿÷ ÁÖ¼ÒÁß ÇÑ°¡Áö¸¦ »ç¿ë´Âµ¥,
ÀÌ °æ¿ì¿¡´Â C Ŭ·¡½º ³×Æ®¿÷ÀÎ 192.168.0.0ÀÌ´Ù. ¸®´ª½º ¹Ú½º°¡ 192.168.0.1ÀÇ
IP ÁÖ¼Ò¸¦ »ç¿ëÇϸç, ´Ù¸¥ ½Ã½ºÅÛµéÀº ´ÙÀ½°ú °°Àº ÁÖ¼Ò¸¦ °®´Â´Ù:
- A-Box: 192.168.0.2
- B-Box: 192.168.0.3
- C-Box: 192.168.0.4
¼¼ °³ÀÇ ÄÄÇ»ÅÍ, A-box
, B-box
and C-box
´Â TCP/IP¸¦
»ç¿ëÇÒ ¼ö ÀÖ´Ù¸é ¾î¶² OS¸¦ »ç¿ëÇÏ°í ÀÖ´õ¶óµµ »ó°ü ¾ø´Ù. À©µµ¿ìÁî 95,
¸ÅŲÅä½Ã MacTCP ¶Ç´Â OpenTransport³ª ´Ù¸¥ ¸®´ª½º ¹Ú½º¶óµµ
IP MASQ¸¦ ÅëÇؼ ÀÎÅͳݿ¡ ¿¬°áµÉ ¼ö ÀÖ´Ù. ¿¬°áµÇ´Â µ¿¾È, ¸¶½ºÄ¿·¹À̵ùÀ» ÇÏ´Â
½Ã½ºÅÛ, ȤÀº MASQ-gate
´Â ³»ºÎ·ÎºÎÅÍÀÇ ¿¬°áÀ» ¸ðµÎ MASQ-gate
ÀÚü¿¡¼ º¸³»´Â °Íó·³ ÀüȯÇÏ°Ô µÈ´Ù. MASQ´Â ¿ÜºÎ·ÎºÎÅÍ ½ÅÈ£(¶Ç´Â Á¤º¸)°¡ ¿À¸é,
³»ºÎ¿¡ ÀÖ´Â ¿ø·¡ÀÇ ÄÄÇ»ÅÍ·Î °¡µµ·Ï ÀçÁ¤·ÄÇÑ´Ù. ±×·¡¼ ³»ºÎ ³×Æ®¿÷¿¡°Ô´Â ¸¶Ä¡
ÀÎÅͳݿ¡ Á÷Á¢ ¿¬°áµÇ¾î ÀÖ´Â °Íó·³ º¸¿©Áö°í, ¸¶½ºÄ¿·¹À̵ùÀ» »ç¿ëÇÏ°í ÀÖ´ÂÁö
¾Æ´ÑÁö¸¦ ±¸º°ÇÒ ¼ö ¾ø°Ô µÈ´Ù. ÀÌ°ÍÀ» "Åõ¸íÇÑ" ¿¬°áÀ̶ó ÇÑ´Ù.
NOTE: ´ÙÀ½ »çÇ׿¡ ´ëÇÑ ÀÚ¼¼ÇÑ °ÍÀº
FAQ
¸¦ ÂüÁ¶Çϱ⠹ٶ÷:
- NAT, MASQ, proxy ¼¹ö°£ÀÇ Â÷ÀÌÁ¡.
- ÆÐŶ ¹æȺ®ÀÌ µ¿ÀÛÇÏ´Â ¹æ¹ý.
** °¡Àå ÃÖ±ÙÀÇ Á¤º¸´Â
IP Masquerade Resource¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù. **
** °¡Àå ÃÖ±ÙÀÇ Á¤º¸´Â
IP Masquerade Resource ¸¦ Âü°íÇϱ⠹ٶõ´Ù. **
À§ÀÇ ÆÐÄ¡µé¿¡ ´ëÇÑ ´õ ¸¹Àº Á¤º¸¿Í ±×¿ÜÀÇ ´Ù¸¥ Á¤º¸µéÀ»
IP Masquerade Resource ¿¡¼ È®ÀÎÇÒ ¼ö ÀÖ´Ù.
¸¸¾à ´ç½ÅÀÇ ³×Æ®¿÷¿¡ Áß¿äÇÑ Á¤º¸°¡ ÀÖ´Ù¸é, IP ¸¶½ºÄ¿·¹À̵带 ±¸ÇöÇϱâ ÀÌÀü¿¡ "º¸¾È"À̶ó´Â °ÍÀ» »ý°¢ÇØ º¸±æ ¹Ù¶õ´Ù. ±âº»ÀûÀ¸·Î, IP MASQ´Â ´ç½ÅÀÌ ÀÎÅͳݿ¡ ¿¬°áÇÒ ¼ö ÀÖµµ·Ï ÇÏ´Â Åë·ÎÀÌÁö¸¸, ÀÎÅͳݻóÀÇ ´©±º°¡°¡ ´ç½ÅÀÇ ³»ºÎ ³×Æ®¿÷À¸·Î µé¾î¿À´Â Åë·Î°¡ µÉ ¼öµµ ÀÖ´Ù.
ÀÏ´Ü IP MASQ°¡ µ¿ÀÛÇÏ°Ô µÇ¸é, IPFWADM/IPCHAINS ¹æȺ®¿¡ ¸Å¿ì °·ÂÇÑ Á¤Ã¥(ruleset)À» »ç¿ëÇÒ °ÍÀ» °·ÂÈ÷ ±Ç°íÇÑ´Ù. ´õ ÀÚ¼¼ÇÑ Á¤º¸´Â
Strong-IPFWADM-Rulesets
°ú
Strong-IPCHAINS-Rulesets
¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
¸¸¾à ´ç½ÅÀÇ ¸®´ª½º ¹èÆ÷º»ÀÌ ´ÙÀ½Ç׸ñµéÀ» Áö¿øÇϵµ·Ï ÄÄÆÄÀÏ µÇ¾îÁ® ÀÖ°í ¸¶½ºÄ¿·¹À̵忡 °ü°èµÈ ¸ðµâµéÀÌ ÄÄÆÄÀÏµÇ¾î¼ Á¦°øµÇ°í ÀÖ´Ù¸é Ä¿³Î ÄÄÆÄÀÏÀ» ÇÒ ÇÊ¿ä°¡ ¾ø´Ù(´ëºÎºÐÀÇ ¹èÆ÷º»¿¡ Æ÷ÇԵǾî ÀÖÀ» °ÍÀÌ´Ù.):
- IPFWADM/IPCHAINS
- IP forwarding
- IP masquerading
- IP Firewalling
- ±âŸ µîµî
´ç½ÅÀÇ ¹èÆ÷º»ÀÌ ¸¶½ºÄ¿·¹À̵带 Áö¿øÇÏ´ÂÁö È®½ÇÇÏÁö ¾Ê´Ù¸é,
MASQ-supported-Distributions
¼½¼ÇÀ̳ª
IP Masquerade Resource ¿¡¼ ÀÚ¼¼ÇÑ »çÇ×À» È®ÀÎÇÒ ¼ö ÀÖ´Ù. ´ç½ÅÀÇ ÆÐÆ÷º»ÀÌ IP ¸¶½ºÄ¿·¹À̵ùÀ» Áö¿øÇÏ´ÂÁö ¾Ë ¼ö°¡ ¾ø´Ù¸é, Áö¿øÇÏÁö ¾Ê´Â´Ù°í »ý°¢ÇÏ°í ´ÙÀ½ ´Ü°è·Î ³Ñ¾î°¡¶ó.
Áö¿øÇϵµ·Ï µÇ¾î ÀÖµçÁö ¾Æ´ÏµçÁö »ó°ü¾øÀÌ, ÀÌ ¼½¼Ç¿¡´Â ´Ù¸¥ À¯¿ëÇÑ Á¤º¸µéÀÌ ¸¹ÀÌ ÀÖÀ¸¹Ç·Î ÀоîµÎ±â¸¦ ±ÇÀåÇÑ´Ù.
¸®´ª½º 2.0.x Ä¿³Î
ÇÊ¿äÇÑ ¼ÒÇÁÆ®¿þ¾î¿Í ÆÐÄ¡ µîÀº
2.0.x-Requirements
¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
* Prompt for development and/or incomplete code/drivers (CONFIG_EXPERIMENTAL) [Y/n/?]
- YES: ÀÌ·¸°Ô ÇØ¾ß ³ªÁß¿¡ IP ¸¶½ºÄ¿·¹ÀÌµå ±â´ÉÀ» ¼±ÅÃÇÒ ¼ö ÀÖ´Ù.
* Enable loadable module support (CONFIG_MODULES) [Y/n/?]
- YES: IP ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâµéÀ» ÀûÀçÇÒ ¼ö ÀÖµµ·Ï ÇÑ´Ù.
* Networking support (CONFIG_NET) [Y/n/?]
- YES: ³×Æ®¿÷À» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù.
* Network firewalls (CONFIG_FIREWALL) [Y/n/?]
- YES: IPFWADM ¹æȺ®À» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù.
* TCP/IP networking (CONFIG_INET)
- YES: TCP/IP ÇÁ·ÎÅäÄÝÀ» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù.
* IP: forwarding/gatewaying (CONFIG_IP_FORWARD)
- YES: ¸®´ª½º ³×Æ®¿÷ ÆÐŶ Æ÷¿öµù°ú ¶ó¿ìÆÃÀ» °¡´ÉÇÏ°Ô ÇÑ´Ù.
- IPFWADM ¿¡ ÀÇÇؼ Á¦¾îµÈ´Ù.
* IP: syn cookies (CONFIG_SYN_COOKIES) [Y/n/?]
- YES: ±âº»ÀûÀÎ ³×Æ®¿÷ º¸¾ÈÀ» À§Çؼ °·ÂÈ÷ ±ÇÀåÇÑ´Ù.
* IP: firewalling (CONFIG_IP_FIREWALL) [Y/n/?]
- YES: ¹æȺ® ±â´ÉÀ» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù.
* IP: firewall packet logging (CONFIG_IP_FIREWALL_VERBOSE) [Y/n/?]
- YES: (²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸ °·ÂÈ÷ ±ÇÀå): ¹æȺ®ÀÇ Á¢±Ù ±â·ÏÀ» ³²±æ ¼ö
ÀÖµµ·Ï ÇÑ´Ù.
* IP: masquerading (CONFIG_IP_MASQUERADE [Y/n/?]
- YES: IP ¸¶½ºÄ¿·¹À̵ù ±â´ÉÀ» »ç¿ëÇÏ¿© ³»ºÎ ³×Æ®¿÷ÀÇ Æ¯Á¤ ÁּҷκÎÅÍÀÇ
ÆÐŶÀ» ÁÖ¼Ò¸¦ º¯°æÇÏ¿© ¿ÜºÎÀÇ TCP/IP³×Æ®¿÷À¸·Î ³»º¸³»°Ô ÇÑ´Ù.
* IP: ipautofw masquerade support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_IPAUTOFW) [Y/n/?]
- NO: IPautofw Àº TCP/IP Æ÷Å並 Æ÷¿öµùÇÏ´Â ±¸½Ã´ëÀûÀÎ ¹æ¹ýÀÌ´Ù. ¹°·Ð
ÀÛµ¿Çϱâ´Â ÇÏÁö¸¸, IPPORTFW °¡ ´õ ³ªÀº ¹æ¹ýÀÌ´Ù. ±×·¯¹Ç·Î IPAUTOFWÀº
ÃßõÇÏÁö ¾Ê´Â´Ù.
* IP: ipportfw masq support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_IPPORTFW) [Y/n/?]
- YES: ÀÌ ¿É¼ÇÀ» 2.0.x Ä¿³Î¿¡¼ »ç¿ëÇϱâ À§Çؼ´Â ÆÐÄ¡¸¦ ÇØ¾ß ÇÑ´Ù.
ÀÌ ¿É¼ÇÀ» ¼³Á¤Çϸé, ÀÎÅͳݿ¡ ÀÖ´Â ¿ÜºÎ ÄÄÇ»ÅÍ°¡ ¸¶½ºÄ¿·¹À̵åµÈ
³»ºÎÀÇ Æ¯Á¤ ÄÄÇ»ÅÍ·Î Á÷Á¢ ¿¬°áÇÒ ¼ö ÀÖ°Ô µÈ´Ù. ÀÌ ±â´ÉÀº Åë»óÀûÀ¸·Î
³»ºÎÀÇ SMTP, TELNET, WWW ¼¹ö¿¡ Á¢±ÙÇÏ´Â µ¥ »ç¿ëµÈ´Ù. FTP Æ÷Æ®
Æ÷¿öµùÀ» Çϱâ À§Çؼ´Â FAQ¼½¼Ç¿¡ ¾ð±ÞµÇ¾î ÀÖ´Â Ãß°¡ÀûÀÎ ÆÐÄ¡¸¦ Àû¿ë
ÇØ¾ß ÇÑ´Ù. Æ÷Æ® Æ÷¿öµù¿¡ ´ëÇÑ Ãß°¡ÀûÀÎ Á¤º¸´Â ÀÌ HOWTOÀÇ
Forwards ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
* IP: ICMP masquerading (CONFIG_IP_MASQUERADE_ICMP) [Y/n/?]
- YES: ICMP ÆÐŶÀ» ¸¶½ºÄ¿·¹À̵ùÇÒ ¼ö ÀÖµµ·Ï ÇÑ´Ù. ²À ÇÊ¿äÇÏÁö ¾ÊÀ» ¼öµµ
ÀÖÀ¸³ª, ICMP Áö¿ø ¾øÀÌ´Â ¸¹Àº ÇÁ·Î±×·¥µéÀÌ Á¦´ë·Î µ¿ÀÛÇÏÁö ¾ÊÀ»
¼ö ÀÖ´Ù.
* IP: loose UDP port managing (EXPERIMENTAL) (CONFIG_IP_MASQ_LOOSE_UDP) [Y/n/?]
- YES: ÀÌ ¿É¼ÇÀ» 2.0.x Ä¿³Î¿¡¼ »ç¿ëÇϱâ À§Çؼ´Â ÆÐÄ¡¸¦ ÇØ¾ß ÇÑ´Ù.
ÀÌ ¿É¼ÇÀ» ÅëÇؼ, ³»ºÎÀÇ ÄÄÇ»Å͵鿡¼ NAT¿Í °°Àº ½ÄÀ¸·Î ÀÛµ¿ÇÏ´Â
³×Æ®¿÷ °ÔÀÓµéÀ» ÀÎÅͳÝÀ» ÅëÇØ Áñ±æ ¼ö ÀÖ´Ù. ´õ ÀÚ¼¼ÇÑ »çÇ×Àº
ÀÌ HOWTOÀÇ FAQ¼½¼Ç¿¡¼ È®ÀÎÇÒ ¼ö ÀÖ´Ù.
* IP: always defragment (CONFIG_IP_ALWAYS_DEFRAG) [Y/n/?]
- YES: ÀÌ ±â´ÉÀº IP ¸¶½ºÄ¿·¹À̵ù Á¢¼ÓÀ» ÃÖÀûÈ ÁØ´Ù. - °·ÂÈ÷ Ãßõ
* IP: optimize as router not host (CONFIG_IP_ROUTER) [Y/n/?]
- YES: ÀÌ ±â´ÉÀº Ä¿³ÎÀÇ ³×Æ®¿÷ ±â´ÉÀ» ÃÖÀûÈ ÁØ´Ù.
* IP: Drop source routed frames (CONFIG_IP_NOSR) [Y/n/?]
- YES: ±âº»ÀûÀÎ ³×Æ®¿÷ º¸¾ÈÀ» À§Çؼ °·ÂÈ÷ ÃßõÇÑ´Ù.
* Dummy net driver support (CONFIG_DUMMY) [M/n/y/?]
- YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ÀÌ ¿É¼ÇÀº ¹®Á¦°¡ ¹ß»ýÇؼ µð¹ö±ëÀ» ÇÒ ¶§
µµ¿òÀ» ÁÙ °ÍÀÌ´Ù.
* /proc filesystem support (CONFIG_PROC_FS) [Y/n/?]
- YES: ¸®´ª½º ³×Æ®¿÷ Æ÷¿öµùÀ» »ç¿ëÇϱâ À§Çؼ ÇÊ¿äÇÏ´Ù.
NOTE: ÀÌ ¿É¼ÇµéÀº ´ÜÁö IP ¸¶½ºÄ¿·¹µùÀÌ µ¿ÀÛÇϱâ À§ÇÑ ¿ä¼ÒµéÀÌ´Ù. ƯÁ¤ÇÑ ³×Æ®¿÷°ú ƯÁ¤ Çϵå¿þ¾î¸¦ ¼³Á¤Çϱâ À§Çؼ´Â ÇÊ¿äÇÑ ´Ù¸¥ ¿É¼ÇµéÀ» ´õ ¼±ÅÃÇØ¾ß ÇÑ´Ù.
- Ä¿³Î ÀÚü¸¦ ÄÄÆÄÀÏÇÏ°í ³ª¼´Â, ´ÙÀ½°ú °°Àº ¸í·ÉÀ¸·Î Ä¿³ÎÀÇ IP ¸¶½ºÄ¿·¹µù °ü·Ã ¸ðµâµéÀ» ÄÄÆÄÀÏÇÏ°í ¼³Ä¡ÇØ¾ß ÇÑ´Ù:
make modules; make modules_install
- ´ÙÀ½¿¡´Â,
/etc/rc.d/rc.local
ÈÀÏ¿¡ ´ÙÀ½°ú °°ÀÌ ¸îÁÙÀ» Ãß°¡Çؼ IP ¸¶½ºÄ¿·¹À̵带 »ç¿ëÇϱâ À§ÇÑ ½ºÅ©¸³Æ®¸¦ loadÇϵµ·Ï ÇØ¾ß ÇÑ´Ù. ÀÌ·¸°Ô ÇÏ¸é ¸®ºÎÆÃÀ» ÇÒ ¶§¸¶´Ù ÀÚµ¿ÀûÀ¸·Î IP ¸¶½ºÄ¿·¹À̵ù ±â´ÉÀ» »ç¿ëÇÒ ¼ö ÀÖ´Ù:
.
.
.
#rc.firewall script - Start IPMASQ and the firewall
/etc/rc.d/rc.firewall
.
.
.
¸®´ª½º 2.2.x Ä¿³Î
ÇÊ¿äÇÑ ¼ÒÇÁÆ®¿þ¾î¿Í ÆÐÄ¡ µîÀº
2.2.x-Requirements
¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
- ¿ì¼±, 2.2.x ¹öÁ¯ÀÇ Ä¿³Î ¼Ò½º°¡ ÇÊ¿äÇÏ´Ù. (ÃÖ±Ù ¹öÁ¯ÀÎ 2.2.11À̳ª ±× ÀÌ»óÀÇ ¹öÁ¯)
NOTE #1: ¸®´ª½º 2.2.x ¹öÁ¯Áß¿¡¼ 2.2.11 ÀÌÇÏÀÇ ¹öÁ¯Àº
IPCHAINS fragmentation bug¸¦ °¡Áö°í ÀÖ´Ù. ÀÌ·± ÀÌÀ¯·Î, °·ÂÇÑ IPCHAINS rulesetµéÀ» ÁöÁ¤ÇÏ¸é °ø°Ý¿¡ ³ëÃâµÇ°Ô µÈ´Ù. Ä¿³ÎÀ» ¾÷±×·¹À̵åÇÏ¿© ¹®Á¦¸¦ ÇØ°áÇϱ⠹ٶõ´Ù.
- ¸¸¾à Ä¿³Î ÄÄÆÄÀÏÀÌ Ã³À½ÀÌ¶óµµ °Ì¸ÔÁö ¸»±â ¹Ù¶õ´Ù. ½ÇÁ¦·Î ÇØ º¸¸é, ±×´ÙÁö ¾î·ÆÁö ¾Ê°í
2.2.x-Requirements
¼½¼Ç¿¡ ³ª¿À´Â ¸î¸î URL¿¡¼ ÄÄÆÄÀÏ ¹æ¹ý¿¡ ´ëÇØ ¼³¸íÇÏ°í ÀÖ´Ù.
tar xvzf linux-2.2.x.tar.gz -C /usr/src
¶ó°í ¸í·ÉÇÏ¿© Ä¿³ÎÀ» /usr/src/
¿¡ Ǭ´Ù.(2.2.x´Â Ä¿³Î ¹öÁ¯) ¾ÐÃàÀ» Ǭ ´ÙÀ½¿¡, /usr/src/linux/
¶ó´Â µð·ºÅ丮³ª ½Éº¼¸¯ ¸µÅ©°¡ ÀÖ´ÂÁö È®ÀÎÇÑ´Ù.
- ÆÐÄ¡¸¦ °¡ÇÒ °ÍÀÌ ÀÖÀ¸¸é ¾ÐÃàÀ» Ǭ Ä¿³Î ¼Ò½º¿¡ ÆÐÄ¡¸¦ °¡ÇÑ´Ù. 2.2.1 ÀÌ»ó ¹öÁ¯¿¡¼´Â, IP ¸¶½ºÄ¿·¹À̵ùÀ» Çϱâ À§ÇØ Æ¯º°ÇÑ ÆÐÄ¡°¡ ÇÊ¿äÇÏÁö´Â ¾Ê´Ù. PPTP, Xwindows forwarders ¿Í °°Àº ±â´ÉµéÀº ²À ÇÊ¿äÇÏÁö´Â ¾ÊÀº ¼±ÅûçÇ×ÀÌ´Ù. URLµéÀº
2.2.x-Requirements
¼½¼ÇÀ» ÂüÁ¶ÇÏ°í, ÃֽŠÁ¤º¸¿Í ±×¿ÜÀÇ ÆÐÄ¡¿¡ °ü·ÃµÈ URLµéÀº
IP Masquerade Resources À» ÂüÁ¶ÇÏ±æ ¹Ù¶õ´Ù.
- ¾Æ·¡¿¡ Ä¿³Î¿¡ Æ÷ÇԵǾî¾ß ÇÏ´Â ÃÖ¼ÒÇÑÀÇ ¿É¼ÇµéÀÇ ¸ñ·ÏÀÌ ÀÖ´Ù. ÇöÀç ¼³Ä¡µÇ¾î ÀÖ´Â ³×Æ®¿÷ ÀÎÅÍÆäÀ̽º(LAN Ä«µå, ¸ðµ© µîµî)¸¦ »ç¿ëÇÒ ¼ö ÀÖµµ·Ï ¼³Á¤ÇÏ´Â °Íµµ ÀØÁö ¸»¾Æ¾ß ÇÑ´Ù. Ä¿³ÎÀ» ÄÄÆÄÀÏÇÏ´Â ´õ ÀÚ¼¼ÇÑ ¹æ¹ý¿¡ ´ëÇؼ´Â
Linux Kernel HOWTO ¿Í Ä¿³Î ¼Ò½º µð·ºÅ丮 ³»ÀÇ README ÈÀÏÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
´ÙÀ½ÀÇ ¿É¼Çµé¿¡¼ YESÀΰ¡ ¶Ç´Â NOÀΰ¡¸¦ È®ÀÎÇϱ⠹ٶõ´Ù. ÀÌ HOWTO¿¡¼ ³ªÁß¿¡ ¼³¸íÇÏ´Â ÀûÀýÇÑ ÆÐÄ¡¸¦ °¡ÇÏÁö ¾Ê´Â´Ù¸é ¾Æ·¡ÀÇ ¿É¼ÇµéÀÌ ¸ðµÎ º¸ÀÌÁö ¾ÊÀ» ¼öµµ ÀÖ´Ù:
* Prompt for development and/or incomplete code/drivers (CONFIG_EXPERIMENTAL) [Y/n/?]
- YES: IP ¸¶½ºÄ¿·¹À̵带 À§ÇØ ²À ÇÊ¿äÇÑ °ÍÀº ¾Æ´ÏÁö¸¸, ÀÌ ¿É¼ÇÀ» ¼±ÅÃÇϸé
¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀ» »ý¼ºÇÏ°í Æ÷Æ® Æ÷¿öµù(port forwarding)À» ÇÒ ¼ö°¡
ÀÖ´Ù.
* Enable loadable module support (CONFIG_MODULES) [Y/n/?]
- YES: IP ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâµéÀ» ÀûÀçÇÒ ¼ö ÀÖµµ·Ï ÇÑ´Ù.
* Networking support (CONFIG_NET) [Y/n/?]
- YES: ³×Æ®¿÷À» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù.
* Packet socket (CONFIG_PACKET) [Y/m/n/?]
- YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ÀÌ ±â´ÉÀº TCPDUMP¸¦ »ç¿ëÇؼ IP ¸¶½ºÄ¿·¹À̵ù°ú
°ü·ÃÇÑ ¹®Á¦µéÀ» µð¹ö±ëÇÒ ¼ö ÀÖÀ¸¹Ç·Î ¼±ÅÃÇÒ °ÍÀ» ±ÇÀåÇÑ´Ù.
* Kernel/User netlink socket (CONFIG_NETLINK) [Y/n/?]
- YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ÀÌ ±â´ÉÀº ¹æȺ®ÀÇ Á¢±Ù ±â·ÏÀ» ³²±æ ¼ö ÀÖµµ·Ï
ÇÑ´Ù.
* Routing messages (CONFIG_RTNETLINK) [Y/n/?]
- NO: ÀÌ ¿É¼ÇÀº ÆÐŶ ¹æȺ®ÀÌ ±â·ÏÀ» ³²±â´Â °Í°ú ¾Æ¹« »ó°üÀÌ ¾ø´Ù.
* Network firewalls (CONFIG_FIREWALL) [Y/n/?]
- YES: IPCHAINS ¹æȺ® µµ±¸¸¦ »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù.
* TCP/IP networking (CONFIG_INET) [Y/n/?]
- YES: TCP/IP ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù.
* IP: advanced router (CONFIG_IP_ADVANCED_ROUTER) [Y/n/?]
- NO: CONFIG_IP_ROUTE_VERBOSE ¸¦ ¼³Á¤Çϱâ À§Çؼ ÇÊ¿äÇÏ°í ±ò²ûÇÑ ¶ó¿ìÆÃÀ»
À§Çؼ ÇÊ¿äÇÏ´Ù. (ipchains/¸¶½ºÄ¿·¹ÀÌµå ¿Í´Â °ü°è¾ø´Ù.)
* IP: verbose route monitoring (CONFIG_IP_ROUTE_VERBOSE) [Y/n/?]
- YES: ÀÌ ±â´ÉÀº IP ½ºÇªÇÎ(¼ÓÀÓ) ÆÐŶÀ» Á¦°ÅÇÏ°í ±× ±â·ÏÀ» ³²±â´Â Äڵ带
»ç¿ëÇÑ´Ù¸é ¸Å¿ì À¯¿ëÇÒ °ÍÀÌ´Ù.
* IP: firewalling (CONFIG_IP_FIREWALL) [Y/n/?]
- YES: ¹æȺ® ±â´ÉÀ» »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù.
* IP: firewall packet netlink device (CONFIG_IP_FIREWALL_NETLINK) [Y/n/?]
- YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ÀÌ ±â´ÉÀº ¹æȺ®ÀÇ Á¢±Ù ±â·ÏÀ» ³²±â´Â ±â´ÉÀ»
Çâ»ó½ÃÄÑ ÁÙ °ÍÀÌ´Ù.
* IP: always defragment (required for masquerading) (CONFIG_IP_ALWAYS_DEFRAG) [Y/n/?]
- YES: ÀÌ ±â´ÉÀ» ¼±ÅÃÇؾßÁö IP ¸¶½ºÄ¿·¹À̵å¿Í Åõ¸íÇÑ ÇÁ·Ï½Ã ±â´ÉÀ» ¼±ÅÃÇÒ
¼ö ÀÖ´Ù. ÀÌ ±â´ÉÀº IP ¸¶½ºÄ¿·¹À̵å Á¢¼ÓÀ» ÃÖÀûÈ Çϱ⵵ ÇÑ´Ù.
* IP: masquerading (CONFIG_IP_MASQUERADE) [Y/n/?]
- YES: ³»ºÎ ÁÖ¼Ò¸¦ ¿ÜºÎ·Î ³»º¸³¾ ÆÐŶÀ¸·Î º¯È¯ÇØ ÁÖ´Â IP ¸¶½ºÄ¿·¹À̵ù ±â´ÉÀ»
»ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù.
* IP: ICMP masquerading (CONFIG_IP_MASQUERADE_ICMP) [Y/n/?]
- YES: ICMP ÇÎ ÆÐŶÀ» ¸¶½ºÄ¿·¹À̵å Çϱâ À§ÇØ »ç¿ëµÈ´Ù. (¼±ÅÃÇÏÁö ¾Ê´õ¶óµµ
ICMP ¿¡·¯ ÄÚµå ÀÚü´Â ¸¶½ºÄ¿·¹ÀÌµå µÉ °ÍÀÌ´Ù.) Á¢¼Ó¿¡ ¹®Á¦°¡ »ý°åÀ»
¶§ ÇØ°áÇϱâ À§ÇØ »ç¿ëµÇ´Â Áß¿äÇÑ ±â´ÉÀÌ´Ù.
* IP: masquerading special modules support (CONFIG_IP_MASQUERADE_MOD) [Y/n/?]
- YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ÀÌ ±â´ÉÀº ³ªÁß¿¡ TCP/IP Æ÷Æ® Æ÷¿öµùÀ» »ç¿ë
°¡´ÉÇÏ°Ô Çϱâ À§Çؼ ¼±ÅÃÇØ¾ß ÇÑ´Ù. Æ÷Æ® Æ÷¿öµùÀ» ÅëÇؼ ¿ÜºÎ·ÎºÎÅÍ
¸¶½ºÄ¿·¹À̵åµÇ´Â ³»ºÎÀÇ ÄÄÇ»ÅÍ·Î Á÷Á¢ ¿¬°áÇÒ ¼ö ÀÖ´Ù.
* IP: ipautofw masq support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_IPAUTOFW) [N/y/m/?]
- NO: IPautofw ±â´ÉÀº Æ÷Æ® Æ÷¿öµùÀ» »ç¿ëÇϱâ À§Çؼ »ç¿ëµÇ´ø ±¸½Ã´ëÀûÀÎ
¹æ¹ýÀÌ´Ù. ÀÌ ±â´ÉÀº ÇÁ·ÎÅäÄÝ ´ÜÀ§ÀÇ ¸ðµâÀ» »ç¿ëÇÏ´Â °ÍÀÌ ´õ ³´´Ù.
* IP: ipportfw masq support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_IPPORTFW) [Y/m/n/?]
- YES: IPPORTFW¸¦ »ç¿ë°¡´ÉÇÏ°Ô ÇÑ´Ù.
ÀÌ ¿É¼ÇÀ» ¼±ÅÃÇϸé, ÀÎÅͳݻóÀÇ ¿ÜºÎÀÇ ÄÄÇ»Å͵éÀÌ ³»ºÎÀÇ
¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»ÅÍ¿Í Á÷Á¢ Åë½ÅÇÒ ¼ö ÀÖ°Ô µÈ´Ù. ÀÌ ±â´ÉÀº
Åë»óÀûÀ¸·Î ³»ºÎÀÇ SMTP, TELNET, WWW ¼¹ö¿¡ Á¢¼ÓÇϱâ À§Çؼ »ç¿ëµÈ´Ù.
FTP Æ÷Æ® Æ÷¿öµùÀº FAQ ¼½¼Ç¿¡ ¼³¸íµÇ´Â Ãß°¡ ÆÐÄ¡¸¦ »ç¿ëÇØ¾ß ÇÑ´Ù.
Æ÷Æ® Æ÷¿öµù¿¡ ´ëÇÑ Ãß°¡ÀûÀÎ Á¤º¸´Â ÀÌ HOWTOÀÇ Forwards ¼½¼Ç¿¡¼
´Ù·ç°í ÀÖ´Ù.
* IP: ip fwmark masq-forwarding support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_MFW) [Y/m/n/?]
- NO: IPCHAINS·Î ºÎÅÍ Á÷Á¢ IP Æ÷¿öµùÀ» ÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù. ÇöÀç ÀÌ ÄÚµå´Â
½ÃÇè¿ëÀ̸ç, ±ÇÀåÇÏ´Â ¹æ¹ýÀº IPMASQADM ¿Í IPPORTFW¸¦ »ç¿ëÇÏ´Â °ÍÀÌ´Ù.
* IP: optimize as router not host (CONFIG_IP_ROUTER) [Y/n/?]
- YES: ÀÌ ±â´ÉÀº Ä¿³ÎÀÇ ³×Æ®¿÷ ±â´ÉÀ» ÃÖÀûÈ ÇØ ÁØ´Ù.
* IP: GRE tunnels over IP (CONFIG_NET_IPGRE) [N/y/m/?]
- NO: ÀÌ ±â´ÉÀº ²À ÇÊ¿äÇÏÁö´Â ¾ÊÀ¸¸ç, IP ¸¶½ºÄ¿·¹À̵ùÀ» ÅëÇؼ PPTP¿Í
GRE ÅͳÎÀ» »ç¿ë°¡´ÉÇÏ°Ô ÇÑ´Ù.
* IP: TCP syncookie support (not enabled per default) (CONFIG_SYN_COOKIES) [Y/n/?]
- YES: ±âº»ÀûÀÎ ³×Æ®¿÷ º¸¾ÈÀ» À§Çؼ ¼±ÅÃÇÒ °ÍÀ» °·ÂÈ÷ ±ÇÀåÇÑ´Ù.
* Network device support (CONFIG_NETDEVICES) [Y/n/?]
- YES: ¸®´ª½ºÀÇ ³×Æ®¿÷ ÀåÄ¡¸¦ »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù.
* Dummy net driver support (CONFIG_DUMMY) [M/n/y/?]
- YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ¹®Á¦°¡ ¹ß»ýÇßÀ» ¶§ µð¹ö±ë ÇÒ ¶§ µµ¿òÀÌ µÉ
°ÍÀÌ´Ù.
* /proc filesystem support (CONFIG_PROC_FS) [Y/n/?]
- YES: ¸®´ª½ºÀÇ ³×Æ®¿÷ Æ÷¿öµù ½Ã½ºÅÛÀ» »ç¿ëÇϱâ À§Çؼ ÇÊ¿äÇÏ´Ù.
NOTE: ÀÌ ¿É¼ÇµéÀº ´ÜÁö IP ¸¶½ºÄ¿·¹À̵ùÀÌ µ¿ÀÛÇϱâ À§ÇÑ ¿ä¼ÒµéÀÌ´Ù. ƯÁ¤ÇÑ ³×Æ®¿÷°ú ƯÁ¤ Çϵå¿þ¾î¸¦ ¼³Á¤Çϱâ À§Çؼ´Â ÇÊ¿äÇÑ ´Ù¸¥ ¿É¼ÇµéÀ» ´õ ¼±ÅÃÇØ¾ß ÇÑ´Ù.
- Ä¿³Î ÀÚü¸¦ ÄÄÆÄÀÏÇÏ°í ³ª¼´Â, ´ÙÀ½°ú °°Àº ¸í·ÉÀ¸·Î Ä¿³ÎÀÇ IP ¸¶½ºÄ¿·¹À̵ù °ü·Ã ¸ðµâµéÀ» ÄÄÆÄÀÏÇÏ°í ¼³Ä¡ÇØ¾ß ÇÑ´Ù:
make modules; make modules_install
- ´ÙÀ½¿¡´Â,
/etc/rc.d/rc.local
ÈÀÏ¿¡ ´ÙÀ½°ú °°ÀÌ ¸îÁÙÀ» Ãß°¡Çؼ IP ¸¶½ºÄ¿·¹À̵带 »ç¿ëÇϱâ À§ÇÑ ½ºÅ©¸³Æ®¸¦ loadÇϵµ·Ï ÇØ¾ß ÇÑ´Ù. ÀÌ·¸°Ô ÇÏ¸é ¸®ºÎÆÃÀ» ÇÒ ¶§¸¶´Ù ÀÚµ¿ÀûÀ¸·Î IP ¸¶½ºÄ¿·¹À̵ù ±â´ÉÀ» »ç¿ëÇÒ ¼ö ÀÖ´Ù:
.
.
.
#rc.firewall script - Start IPMASQ and the firewall
/etc/rc.d/rc.firewall
.
.
.
¸ðµç ³»ºÎÀÇ ¸¶½ºÄ¿·¹ÀÌµå µÈ ÄÄÇ»Å͵鿡 °ø½ÄÀûÀÎ ÀÎÅÍ³Ý ÁÖ¼Ò°¡ ÇÒ´çµÇ¾îÁ® ÀÖÁö ¾Ê±â ¶§¹®¿¡, ¿ÜºÎÀÇ ÀÎÅÍ³Ý ÁÖ¼Ò¿Í Ãæµ¹ÇÏÁö ¾Êµµ·Ï ±× ÄÄÇ»Å͵鿡 ÁÖ¼Ò¸¦ ÇÒ´çÇÒ ¹æ¹ýÀÌ ÀÖ¾î¾ß ÇÑ´Ù.
>IP ¸¶½ºÄ¿·¹À̵å FAQÀÇ ¿øº»À¸·ÎºÎÅÍ Àοë:
RFC 1918 Àº ¿ÜºÎ¿Í ¿¬°áµÇÁö ¾Ê´Â "°³Àοë" ³×Æ®¿÷¿¡ »ç¿ëµÇ´Â IP Áּҵ鿡 °üÇÑ °ø½ÄÀûÀÎ ¹®¼ÀÌ´Ù. ÀÌ·¯ÇÑ °æ¿ì¿¡ »ç¿ëµÇ±â À§Çؼ ¼¼ °¡ÁöÀÇ ÁÖ¼Ò ¿µ¿ªÀÌ ÀÖ´Ù.
Section 3: °³Àοë ÁÖ¼Ò ¿µ¿ª
ÀÎÅÍ³Ý ÁÖ¼Ò ÇÒ´ç ±â±¸(The Internet Assigned Numbers Authority : IANA)´Â
IP ÁÖ¼ÒÁß¿¡¼ ´ÙÀ½ ¼¼°¡Áö ¿µ¿ªÀ» °³ÀÎ¿ë ³×Æ®¿÷À» À§Çؼ ¿¹¾àÇØ µÎ¾ú´Ù:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
ù¹ø° ¿µ¿ªÀº "24-bit ¿µ¿ª", µÎ¹ø°´Â "20-bit ¿µ¿ª", ¼¼¹ø°´Â "16-bit ¿µ¿ª"À¸·Î
ºÎ¸£±â·Î ÇÑ´Ù. ù¹ø° ¿µ¿ªÀº class A ³×Æ®¿÷ ÁÖ¼Ò ¿µ¿ªÀ̸ç, µÎ¹ø°´Â class B
³×Æ®¿÷ ÁÖ¼ÒÀÇ ¿¬¼ÓµÈ 16°³ÀÇ ¹øÈ£µéÀÌ°í, ¼¼¹ø°´Â class C ³×Æ®¿÷ ÁÖ¼ÒÀÇ ¿¬¼ÓµÈ
255°³ÀÇ ¹øÈ£µéÀÌ´Ù.
¼³¸íÀ» À§Çؼ, ÇÊÀÚ´Â 192.168.0.0 ³×Æ®¿÷°ú 255.255.255.0ÀÇ class-C ¼ºê³Ý ¸¶½ºÅ©¸¦ »ç¿ëÇß°í, ÀÌ HOWTO¿¡¼µµ ÀÌ ÁÖ¼Ò¸¦ »ç¿ëÇÒ °ÍÀÌ´Ù. ±×·¯³ª, À§¿¡ ÀÖ´Â °³ÀÎ¿ë ³×Æ®¿÷ ÁÖ¼ÒÁß¿¡¼ ¾î¶² °ÍÀ» »ç¿ëÇصµ ¹«¹æÇÏ´Ù. ´Ü, °¢°¢ÀÇ °æ¿ì¿¡ ÀûÀýÇÑ ¼ºê³Ý ¸¶½ºÅ©¸¦ »ç¿ëÇØ¾ß ÇÑ´Ù.
¸¸¾à Class-C ³×Æ®¿÷À» »ç¿ëÇÑ´Ù¸é, ¸¶½ºÄ¿·¹À̵ùÀ» »ç¿ëÇÒ ÄÄÇ»Å͵鿡 192.168.0.1, 192.168.0.2, 192.168.0.3, ..., 192.168.0.x µî°ú °°ÀÌ ÁÖ¼Ò¸¦ ÇÒ´çÇØ¾ß ÇÑ´Ù.
192.168.0.1 Àº º¸Åë ³»ºÎ °ÔÀÌÆ®¿þÀÌ È¤Àº ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¸Ó½ÅÀÇ Áּҷμ ¿ÜºÎ·Î ¿¬°áµÇ´Â Åë·ÎÀÌ´Ù. 192.168.0.0°ú 192.168.0.255´Â °¢°¢ "³×Æ®¿÷" ÀÚüÀÇ ÁÖ¼Ò¿Í "ºê·Îµåij½ºÆ®" ÁÖ¼ÒÀÌ´Ù. (ÀÌ ÁÖ¼ÒµéÀº ¿¹¾àµÈ ÁÖ¼ÒµéÀÌ´Ù.) ÀÌ ÁÖ¼ÒµéÀ» ÄÄÇ»Å͵鿡°Ô ÇÒ´ç¸é, ³×Æ®¿÷ÀÌ Á¦´ë·Î µ¿ÀÛÇÏÁö ¾ÊÀ» °ÍÀÌ´Ù.
ÀÌÁ¦, Ä¿³Î°ú ±âŸ ÇÊ¿äÇÑ ÆÐÅ°ÁöµéÀÌ ÁغñµÇ¾î ÀÖ¾î¾ß ÇÑ´Ù. ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö¿¡µµ ¸ðµç ³×Æ®¿÷ IP ÁÖ¼Òµé°ú, °ÔÀÌÆ®¿þÀÌ, DNS ÁÖ¼ÒµéÀ» ¼³Á¤ÇØ¾ß ÇÑ´Ù. ³×Æ®¿÷ Ä«µåµéÀ» ¼³Á¤ÇÏ´Â ¹æ¹ýÀ» ¸ð¸¥´Ù¸é,
2.0.x-Requirements
ȤÀº
2.2.x-Requirements
¼½¼Ç¿¡ ¾ð±ÞµÈ HOWTOµéÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
ÀÌÁ¦ ³²Àº °ÍÀº IP ¹æȺ® µµ±¸µéÀ» ¼³Á¤Çؼ Æ÷¿öµù°ú ¸¶½ºÄ¿·¹À̵ùÀ» Çϵµ·Ï ÇÏ´Â °ÍÀÌ´Ù:
** ¼³Á¤Àº ¿©·¯°¡Áö ¹æ¹ýÀ¸·Î ÇÒ ¼ö°¡ ÀÖÁö¸¸, ÇÊÀÚ´Â ´ÙÀ½¿¡ ¿¹·Î µç ¹æ¹ýÀ» »ç¿ëÇؼ ¼º°øÇß´Ù. ÇÏÁö¸¸, ¿©·¯ºÐÀº ´Ù¸¥ ¹æ¹ýÀ» »ç¿ëÇÒ ¼öµµ ÀÖÀ» °ÍÀÌ´Ù.
** ÀÌ ¼½¼Ç¿¡¼ Á¦°øÇÏ´Â °ÍÀº IP ¸¶½ºÄ¿·¹ÀÌµå ±â´ÉÀÌ ÀÛµ¿Çϱâ À§ÇÑ ÃÖ¼ÒÇÑÀÇ ¹æȺ® Á¤Ã¥ÀÌ´Ù. ÀÏ´Ü IP ¸¶½ºÄ¿·¹À̵尡 Á¦´ë·Î µ¿ÀÛÇϸé(ÀÌ HOWTO¿¡¼ ³ªÁß¿¡ ¾ð±ÞÇÑ´Ù)
Strong-IPFWADM-Rulesets
¿Í
Strong-IPCHAINS-Rulesets
¼½¼Ç¿¡¼ º¸¾È °µµ°¡ º¸´Ù ³ôÀº Á¤Ã¥µé¿¡ ´ëÇØ ¾Ë¾Æº¸±â ¹Ù¶õ´Ù. ´õ ÀÚ¼¼ÇÑ »çÇ×Àº IPFWADM (2.0.x) ȤÀº IPCHAINS(2.2.x) man ÆäÀÌÁö¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù.
¸®´ª½º 2.0.x Ä¿³Î
´ÙÀ½°ú °°Àº "°£´ÜÇÑ" Ãʱâ Á¤Ã¥À¸·Î /etc/rc.d/rc.firewall ÈÀÏÀ» »ý¼ºÇÑ´Ù:
# rc.firewall - Initial SIMPLE IP Masquerade setup for 2.0.x kernels using IPFWADM
#
# Load all required IP MASQ modules
#
# NOTE: Only load the IP MASQ modules you need. All current available IP MASQ modules
# are shown below but are commented out from loading.
# Needed to initially load modules
#
/sbin/depmod -a
# Supports the proper masquerading of FTP file transfers using the PORT method
#
/sbin/modprobe ip_masq_ftp
# Supports the masquerading of RealAudio over UDP. Without this module,
# RealAudio WILL function but in TCP mode. This can cause a reduction
# in sound quality
#
#/sbin/modprobe ip_masq_raudio
# Supports the masquerading of IRC DCC file transfers
#
#/sbin/modprobe ip_masq_irc
# Supports the masquerading of Quake and QuakeWorld by default. This modules is
# for for multiple users behind the Linux MASQ server. If you are going to play
# Quake I, II, and III, use the second example.
#
#Quake I / QuakeWorld (ports 26000 and 27000)
#/sbin/modprobe ip_masq_quake
#
#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
#/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960
# Supports the masquerading of the CuSeeme video conferencing software
#
#/sbin/modprobe ip_masq_cuseeme
#Supports the masquerading of the VDO-live video conferencing software
#
#/sbin/modprobe ip_masq_vdolive
#CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options in /etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
echo "1" > /proc/sys/net/ipv4/ip_forward
# Dynamic IP users:
#
# If you get your Internet IP address dynamically from SLIP, PPP, or DHCP, enable this following
# option. This enables dynamic-ip address hacking in IP MASQ, making the life
# with DialD, PPPd, and similar programs much easier.
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users)
#
/sbin/ipfwadm -M -s 7200 10 160
# DHCP: For people who receive their external IP address from either DHCP or BOOTP
# such as ADSL or Cablemodem users, it is necessary to use the following
# before the deny command. The "bootp_client_net_if_name" should be replaced
# the name of the link that the DHCP/BOOTP server will put an address on to?
# This will be something like "eth0", "eth1", etc.
#
# This example is currently commented out.
#
#
#/sbin/ipfwadm -I -a accept -S 0/0 67 -D 0/0 68 -W bootp_clients_net_if_name -P udp
# Enable simple IP forwarding and Masquerading
#
# NOTE: The following is an example for an internal LAN address in the 192.168.0.x
# network with a 255.255.255.0 or a "24" bit subnet mask.
#
# Please change this network number and subnet mask to match your internal LAN setup
#
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0
/etc/rc.d/rc.firewall ÈÀÏÀ» ÆíÁýÇؼ Á¤Ã¥À» »ý¼ºÇÏ°í ³ª¸é,
"chmod 700 /etc/rc.d/rc.firewall
" ¶ó°í ¸í·ÉÇؼ ½ÇÇà°¡´ÉÇÑ ÈÀÏ·Î
¸¸µç´Ù.
À§ÀÇ ¹æ¹ýó·³ Àüü TCP/IP ³×Æ®¿÷¿¡ ´ëÇؼ°¡ ¾Æ´Ï¶ó, °¢°¢ÀÇ ¸Ó½Åº°·Î IP ¸¶½ºÄ¿·¹À̵ùÀ» ¼³Á¤ÇÒ ¼öµµ ÀÖ´Ù. ¿¹¸¦ µé¾î¼, 192.168.0.2¿Í 192.168.0.8ÀÇ ÁÖ¼Ò¸¦ °®´Â È£½ºÆ®´Â ÀÎÅͳݿ¡ Á¢±Ù°¡´ÉÇϵµ·Ï ÇÏ°í ´Ù¸¥ ³»ºÎÀÇ ¸Ó½ÅµéÀº Á¢±ÙÇÏÁö ¸øÇϵµ·Ï ÇÏ°íÀÚ ÇÑ´Ù¸é, À§ÀÇ /etc/rc.d/rc.firewall ÈÀÏ¿¡¼ "Enable simple IP forwarding and Masquerading" À̶ó°í µÇ¾î ÀÖ´Â ºÎºÐÀ» ¹Ù²ãÁÖ¸é µÈ´Ù.
# Enable simple IP forwarding and Masquerading
#
# NOTE: The following is an example to only allow IP Masquerading for the 192.168.0.2
# and 192.168.0.8 machines with a 255.255.255.0 or a "24" bit subnet mask.
#
# Please use the following in ADDITION to the simple ruleset above for specific
# MASQ networks. Also change the network numbers and subnet masks to match your
# internal LAN setup
#
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -S 192.168.0.2/32 -D 0.0.0.0/0
/sbin/ipfwadm -F -a m -S 192.168.0.8/32 -D 0.0.0.0/0
IP ¸¶½ºÄ¿·¹À̵ùÀ» óÀ½ »ç¿ëÇÏ´Â »ç¶÷µéÀÌ ÈçÈ÷ ÀúÁö¸£´Â ½Ç¼ö´Â ´ÙÀ½°ú °°ÀÌ ¸í·ÉÇÏ´Â °ÍÀÌ´Ù:
ipfwadm -F -p masquerade
µðÆúÆ®·Î ¸¶½ºÄ¿·¹À̵ùÀ» Çϵµ·Ï Çؼ´Â ¾ÈµÈ´Ù. ¸¸¾à ±×·¸°Ô ¼³Á¤Çϸé
¶ó¿ìÆà Å×À̺íÀ» ´Ù·ê ÁÙ ¾Æ´Â ¾î¶² ´©±º°¡°¡ ¿©·¯ºÐÀÇ °ÔÀÌÆ®¿þÀ̸¦ ÅëÇؼ
ÀÚ½ÅÀÇ ½ÅºÐÀ» ¼û±â°í¼ ¾îµò°¡·Î Á¢¼ÓÇÒ ¼ö°¡ ÀÖ°Ô µÈ´Ù!
À§ÀÇ ¼³Á¤ÈÀÏ ³»¿ëÀº, /etc/rc.d/rc.firewall
ÈÀÏÀ̳ª ȤÀº ¿øÇÏ´Â ´Ù¸¥ rc ÈÀÏ¿¡ ³ÖÀ» ¼öµµ ÀÖ°í, ¾Æ´Ï¸é IP ¸¶½ºÄ¿·¹À̵尡 ÇÊ¿äÇÒ ¶§¸¶´Ù ¼öµ¿À¸·Î ¸í·ÉÇÒ ¼öµµ ÀÖ´Ù.
Strong-IPFWADM-Rulesets
°ú
Strong-IPCHAINS-Rulesets
¼½¼Ç¿¡¼ IPFWADM¿¡ °üÇÑ ÀÚ¼¼ÇÑ ¾È³»¿Í ´õ °·ÂÇÑ IPFWADM Á¤Ã¥µéÀÇ ¿¹¸¦ º¼¼ö°¡ ÀÖ´Ù.
¸®´ª½º 2.2.x Ä¿³Î
2.1.x ³ª 2.2.x Ä¿³Î¿¡¼ IP ¸¶½ºÄ¿·¹À̵ù Á¤Ã¥µéÀ» ´Ù·ç±â À§ÇÑ ¹æȺ® µµ±¸·Î¼ IPFWADMÀº ´õÀÌ»ó »ç¿ëµÇÁö ¾Ê´Â´Ù ÀÌ »õ ¹öÁ¯ÀÇ Ä¿³ÎµéÀº ÀÌÁ¦ IPCHAINS¶ó´Â µµ±¸¸¦ »ç¿ëÇÑ´Ù. ÀÌ·¸°Ô µÈ ÀÚ¼¼ÇÑ ÀÌÀ¯´Â
FAQ
¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
´ÙÀ½°ú °°Àº "°£´ÜÇÑ" Ãʱâ Á¤Ã¥À¸·Î /etc/rc.d/rc.firewall ÈÀÏÀ» »ý¼ºÇÑ´Ù:
#!/bin/sh
#
# rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x and 2.2.x kernels using IPCHAINS
#
# Load all required IP MASQ modules
#
# NOTE: Only load the IP MASQ modules you need. All current IP MASQ modules
# are shown below but are commented out from loading.
# Needed to initially load modules
#
/sbin/depmod -a
# Supports the proper masquerading of FTP file transfers using the PORT method
#
/sbin/modprobe ip_masq_ftp
# Supports the masquerading of RealAudio over UDP. Without this module,
# RealAudio WILL function but in TCP mode. This can cause a reduction
# in sound quality
#
#/sbin/modprobe ip_masq_raudio
# Supports the masquerading of IRC DCC file transfers
#
#/sbin/modprobe ip_masq_irc
# Supports the masquerading of Quake and QuakeWorld by default. This modules is
# for for multiple users behind the Linux MASQ server. If you are going to play
# Quake I, II, and III, use the second example.
#
#Quake I / QuakeWorld (ports 26000 and 27000)
#/sbin/modprobe ip_masq_quake
#
#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
#/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960
# Supports the masquerading of the CuSeeme video conferencing software
#
#/sbin/modprobe ip_masq_cuseeme
#Supports the masquerading of the VDO-live video conferencing software
#
#/sbin/modprobe ip_masq_vdolive
#CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options in /etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
echo "1" > /proc/sys/net/ipv4/ip_forward
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following
# option. This enables dynamic-ip address hacking in IP MASQ, making the life
# with Diald and similar programs much easier.
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users)
#
/sbin/ipchains -M -S 7200 10 160
# DHCP: For people who receive their external IP address from either DHCP or BOOTP
# such as ADSL or Cablemodem users, it is necessary to use the following
# before the deny command. The "bootp_client_net_if_name" should be replaced
# the name of the link that the DHCP/BOOTP server will put an address on to?
# This will be something like "eth0", "eth1", etc.
#
# This example is currently commented out.
#
#
#/sbin/ipchains -A input -j ACCEPT -i bootp_clients_net_if_name -s 0/0 67 -d 0/0 68 -p udp
# Enable simple IP forwarding and Masquerading
#
# NOTE: The following is an example for an internal LAN address in the 192.168.0.x
# network with a 255.255.255.0 or a "24" bit subnet mask.
#
# Please change this network number and subnet mask to match your internal LAN setup
#
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ
/etc/rc.d/rc.firewall ÈÀÏÀ» ÆíÁýÇؼ Á¤Ã¥À» »ý¼ºÇÏ°í ³ª¸é, chmod 700 /etc/rc.d/rc.firewall
¶ó°í ¸í·ÉÇؼ ½ÇÇà°¡´ÉÇÑ ÈÀÏ·Î ¸¸µç´Ù.
À§ÀÇ ¹æ¹ýó·³ Àüü TCP/IP ³×Æ®¿÷¿¡ ´ëÇؼ°¡ ¾Æ´Ï¶ó, °¢°¢ÀÇ ¸Ó½Åº°·Î IP ¸¶½ºÄ¿·¹À̵ùÀ» ¼³Á¤ÇÒ ¼öµµ ÀÖ´Ù. ¿¹¸¦ µé¾î¼, 192.168.0.2¿Í 192.168.0.8ÀÇ ÁÖ¼Ò¸¦ °®´Â È£½ºÆ®´Â ÀÎÅͳݿ¡ Á¢±Ù°¡´ÉÇϵµ·Ï ÇÏ°í ´Ù¸¥ ³»ºÎÀÇ ¸Ó½ÅµéÀº Á¢±ÙÇÏÁö ¸øÇϵµ·Ï ÇÏ°íÀÚ ÇÑ´Ù¸é, À§ÀÇ /etc/rc.d/rc.firewall ÈÀÏ¿¡¼ "Enable simple IP forwarding and Masquerading" À̶ó°í µÇ¾î ÀÖ´Â ºÎºÐÀ» ¹Ù²ãÁÖ¸é µÈ´Ù.
#!/bin/sh
#
# Enable simple IP forwarding and Masquerading
#
# NOTE: The following is an example to only allow IP Masquerading for the 192.168.0.2
# and 192.168.0.8 machines with a 255.255.255.0 or a "24" bit subnet mask.
#
# Please change this network number and subnet mask to match your internal LAN setup
#
/sbin/ipchains -P forward deny
/sbin/ipchains -A forward -s 192.168.0.2/32 -j MASQ
/sbin/ipchains -A forward -s 192.168.0.8/32 -j MASQ
IP ¸¶½ºÄ¿·¹À̵ùÀ» óÀ½ »ç¿ëÇÏ´Â »ç¶÷µéÀÌ ÈçÈ÷ ÀúÁö¸£´Â ½Ç¼ö´Â ´ÙÀ½°ú °°ÀÌ ¸í·ÉÇÏ´Â °ÍÀÌ´Ù:
/sbin/ipchains -P forward masquerade
µðÆúÆ®·Î ¸¶½ºÄ¿·¹À̵ùÀ» Çϵµ·Ï Çؼ´Â ¾ÈµÈ´Ù. ¸¸¾à ±×·¸°Ô ¼³Á¤ÇÏ¸é ¶ó¿ìÆà Å×À̺íÀ» ´Ù·ê ÁÙ ¾Æ´Â ¾î¶² ´©±º°¡°¡ ¿©·¯ºÐÀÇ °ÔÀÌÆ®¿þÀ̸¦ ÅëÇؼ ÀÚ½ÅÀÇ ½ÅºÐÀ» ¼û±â°í¼ ¾îµò°¡·Î Á¢¼ÓÇÒ ¼ö°¡ ÀÖ°Ô µÈ´Ù!
À§ÀÇ ¼³Á¤ÈÀÏ ³»¿ëÀº, /etc/rc.d/rc.firewall
ÈÀÏÀ̳ª ȤÀº ¿øÇÏ´Â ´Ù¸¥ rc ÈÀÏ¿¡ ³ÖÀ» ¼öµµ ÀÖ°í, ¾Æ´Ï¸é IP ¸¶½ºÄ¿·¹À̵尡 ÇÊ¿äÇÒ ¶§¸¶´Ù ¼öµ¿À¸·Î ¸í·ÉÇÒ ¼öµµ ÀÖ´Ù.
Strong-IPFWADM-Rulesets
°ú
Strong-IPCHAINS-Rulesets
¼½¼Ç¿¡¼ IPCHAINS¿¡ °üÇÑ ÀÚ¼¼ÇÑ ¾È³»¿Í ´õ °·ÂÇÑ IPCHAINS Á¤Ã¥µéÀÇ ¿¹¸¦ º¼ ¼ö°¡ ÀÖ´Ù. IPCHAINSÀÇ »ç¿ë¹ý¿¡ °üÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº
Linux IP CHAINS HOWTOÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
³»ºÎÀÇ ¸¶½ºÄ¿·¹ÀÌµå µÇ´Â ÄÄÇ»Å͵éÀÇ IP ÁÖ¼Ò¸¦ ÀûÀýÈ÷ ¼³Á¤ÇÏ´Â °Í ¿Ü¿¡, ³»ºÎÀÇ °¢ ÄÄÇ»Å͵éÀÌ ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼¹öÀÇ ÁÖ¼Ò¸¦ °ÔÀÌÆ®¿þÀÌ ÁÖ¼Ò·Î ¼³Á¤ÇÏ°í DNS ¼¹ö ÁÖ¼Ò¸¦ ÀûÀýÈ÷ ¼³Á¤ÇØ¾ß ÇÑ´Ù. ´ë°³ÀÇ °æ¿ì¿¡ ÀÌ°ÍÀº ²Ï ¼ö¿ùÇÏ´Ù. °£´ÜÈ÷, °ÔÀÌÆ®¿þÀÌ ÁÖ¼Ò¿¡ ¸®´ª½º È£½ºÆ®ÀÇ ÁÖ¼Ò(ÀϹÝÀûÀ¸·Î 192.168.0.1)¸¦ ÀÔ·ÂÇÏ¸é µÈ´Ù.
µµ¸ÞÀÎ ³×ÀÓ ¼ºñ½º(DNS)ÀÇ °æ¿ì¿¡´Â, »ç¿ë °¡´ÉÇÑ ¾î¶² DNS ¼¹öÀÇ ÁÖ¼Ò¶óµµ Ãß°¡ÇÒ ¼ö ÀÖ´Ù. °¡Àå ±ú²ýÇÑ ¹æ¹ýÀº ¸®´ª½º ¼¹ö°¡ »ç¿ëÇÏ°í ÀÖ´Â DNS ¼¹ö¸¦ ÀÔ·ÂÇÏ´Â °ÍÀÌ´Ù. Ãß°¡·Î, "µµ¸ÞÀÎ °Ë»ö" Á¢¹Ì»ç¸¦ Ãß°¡ÇÒ ¼öµµ ÀÖ´Ù.
¸¶½ºÄ¿·¹ÀÌµå µÇ´Â ³»ºÎÀÇ ÄÄÇ»Å͵éÀ» Á¦´ë·Î ¼³Á¤ÇÏ°í ³ª¸é, ÇØ´ç ÄÄÇ»ÅÍÀÇ ³×Æ®¿÷À» Àç½Ãµ¿ÇϵçÁö ¾Æ´Ï¸é ÀçºÎÆÃÇÑ´Ù.
´ÙÀ½ÀÇ ¼³Á¤ °úÁ¤¿¡¼´Â, ¿©·¯ºÐÀÌ Class C ³×Æ®¿÷ ÁÖ¼ÒµéÀ» »ç¿ëÇÏ°í, ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼¹öÀÇ ÁÖ¼Ò°¡ 192.168.0.1À̶ó°í °¡Á¤ÇÑ´Ù. 192.168.0.0°ú 192.168.0.255´Â ¿¹¾àµÈ ÁÖ¼ÒÀÌ´Ï °¢ ÄÄÇ»ÅÍÀÇ ÁÖ¼Ò·Î »ç¿ëÇؼ´Â ¾ÈµÈ´Ù.
´ÙÀ½°ú °°Àº Ç÷§ÆûµéÀÌ ¸¶½ºÄ¿·¹À̵ù ³»ºÎ¿¡¼ Å×½ºÆ®µÇ¾ú´Ù:
- Linux 1.2.x, 1.3.x, 2.0.x, 2.1.x, 2.2.x
- Solaris 2.51, 2.6, 7
- Windows 95, OSR2, 98
- Windows NT 3.51, 4.0, 2000 (¿÷½ºÅ×À̼ǰú ¼¹ö ¸ðµÎ)
- Windows For Workgroup 3.11 (TCP/IP ÆÐÅ°Áö ¼³Ä¡)
- Windows 3.1 (Netmanage Chameleon ÆÐÅ°Áö ¼³Ä¡)
- TCP/IP ¼ºñ½º¸¦ ¼³Ä¡ÇÑ Novell 4.01 ¼¹ö
- OS/2 (Warp v3 Æ÷ÇÔ)
- Macintosh OS (MacTCP ȤÀº Open Transport ¼³Ä¡)
- DOS (NCSA Telnet ÆÐÅ°Áö ¼³Ä¡, DOS TrumpetÀº ºÎºÐÀûÀ¸·Î µ¿ÀÛ)
- Amiga (AmiTCP ȤÀº AS225-stack ¼³Ä¡)
- UCX¸¦ ¼³Ä¡ÇÑ VAX Stations 3520°ú 3100 (VMSÀÇ °æ¿ì¿¡´Â TCP/IP stack)
- Linux/RedhatÀ» ¼³Ä¡ÇÑ Alpha/AXP
- SCO Openserver (v3.2.4.2¿Í 5)
- AIX¸¦ ¼³Ä¡ÇÑ IBM RS/6000
- ³×Æ®¿÷ ÀåÄ¡ µå¶óÀ̹ö¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´Ù¸é Áö±Ý ¼³Ä¡ÇÑ´Ù. µå¶óÀ̹ö ¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼¿¡¼ ´Ù·çÁö ¾Ê´Â´Ù.
- 'Á¦¾îÆÇ' --> '³×Æ®¿÷' À» ¼±ÅÃÇÑ´Ù.
- TCP/IP ÇÁ·ÎÅäÄÝÀÌ ¼³Ä¡µÇÁö ¾Ê¾Ò´Ù¸é, Ãß°¡ --> ÇÁ·ÎÅäÄÝ --> Á¦Á¶È¸»ç: Microsoft --> ÇÁ·ÎÅäÄÝ: 'TCP/IP ÇÁ·ÎÅäÄÝ' À» Â÷·Ê·Î ¼±ÅÃÇؼ ¼³Ä¡ÇÑ´Ù.
- TCP/IP Ç׸ñÀ» Windows95 ³×Æ®¿÷ Ä«µå·Î ¿¬°á(bound)µÇµµ·Ï ÇÏ°í 'µî·ÏÁ¤º¸'¸¦ ¼±Ã¥ÇÑ´Ù. 'IP ÁÖ¼Ò' ÅÇÀ» Ŭ¸¯ÇÏ°í IP ÁÖ¼Ò¸¦ 192.168.0.x(1 < x < 255)·Î ¼³Á¤ÇÑ´Ù. ±×¸®°í ¼ºê³Ý ¸¶½ºÅ©¸¦ 255.255.255.0À¸·Î ¼³Á¤ÇÑ´Ù.
- "°ÔÀÌÆ®¿þÀÌ" ÅÇÀ» Ŭ¸¯ÇÏ°í '°ÔÀÌÆ®¿þÀÌ'¿¡ 192.168.0.1À̶ó°í ÀÔ·ÂÇÑÈÄ "Ãß°¡"¸¦ Ŭ¸¯ÇÑ´Ù.
- 'DNS ¼³Á¤' ÅÇÀ» Ŭ¸¯ÇÏ°í, ÄÄÇ»ÅÍÀÇ À̸§°ú µµ¸ÞÀÎ ¸íÀ» ÀÔ·ÂÇÑ´Ù. µµ¸ÞÀÎÀÌ ¾ø´Ù¸é, ¿©·¯ºÐÀÌ »ç¿ëÇÏ´Â ISPÀÇ µµ¸ÞÀÎÀ» ÀÔ·ÂÇÑ´Ù. ÀÌÁ¦, DNS ¼¹ö ÁÖ¼Ò¿¡ ¸®´ª½º È£½ºÆ®°¡ »ç¿ëÇÏ°í ÀÖ´Â DNS ¼¹ö(´ë°³ÀÇ °æ¿ì
/etc/resolv.conf
ÈÀÏ¿¡ ÀúÀåµÇ¾î ÀÖ´Ù)¸¦ ÀÔ·ÂÇÑ´Ù. ÀÌ DNS ¼¹öµéÀº ISP°¡ ¿î¿µÇÏ°í ÀÖÁö¸¸, ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö¿¡ ¿©·¯ºÐ ÀÚ½ÅÀÇ "ij½¬"¼¹ö³ª DNS ¼¹ö¸¦ ¿î¿µÇÒ ¼öµµ ÀÖ´Ù. ¿øÇÏ´Â µµ¸ÞÀÎ °Ë»ö Á¢¹Ì»ç(ãÀ» µµ¸ÞÀÎ ¸í)À» Ãß°¡ÇÒ ¼öµµ ÀÖ´Ù.
- ³ª¸ÓÁö ¼³Á¤µéÀº Àß ¾ËÁö ¸øÇÑ´Ù¸é ±×´ë·Î µÎµµ·Ï ÇÑ´Ù.
- ¸ðµç ´ëÈ»óÀÚ¿¡¼ 'È®ÀÎ(OK)' À» Ŭ¸¯ÇÏ°í ÀçºÎÆÃÇÑ´Ù.
- ³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇØ º¸±â À§Çؼ ¸®´ª½º È£½ºÆ®·Î
Ping
À» Çغ»´Ù: '½ÃÀÛ/½ÇÇà', ping 192.168.0.1
¶ó°í ÀÔ·Â.
(ÀÌ°ÍÀº ´ÜÁö ³»ºÎ LAN ¿¬°áÀ» ½ÃÇèÇÏ´Â °ÍÀÌ´Ù. ¾ÆÁ÷Àº ¹Ù±ù ¼¼°è·Î ping
À» ÇÒ ¼ö°¡ ¾ø´Ù.) PING ÇÑ °Í¿¡ ´ëÇØ ÀÀ´äÀÌ ¾ø´Ù¸é ³×Æ®¿÷ ¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù.
- C:\Windows µð·ºÅ丮¿¡
HOSTS
ÈÀÏÀ» ¸¸µé¸é, DNS ¼¹ö°¡ ¾ø¾îµµ "È£½ºÆ®¸í"À¸·Î LAN ¾È¿¡ ÀÖ´Â ÄÄÇ»Å͵鿡°Ô PINGÀ» ÇÒ ¼ö°¡ ÀÖ´Ù. C:\windows µð·ºÅ丮¿¡ HOSTS.SAM
¶ó´Â ¿¹Á¦ ÈÀÏÀÌ ÀÖÀ» °ÍÀÌ´Ù.
- ³×Æ®¿÷ ÀåÄ¡ µå¶óÀ̹ö¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´Ù¸é Áö±Ý ¼³Ä¡ÇÑ´Ù. µå¶óÀ̹ö ¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼¿¡¼ ´Ù·çÁö ¾Ê´Â´Ù.
- 'Á¦¾îÆÇ' --> '³×Æ®¿÷' --> ÇÁ·ÎÅäÄÝ À» ¼±ÅÃÇÑ´Ù.
- TCP/IP ¼ºñ½º°¡ ¾ÆÁ÷ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù¸é '¼ÒÇÁÆ®¿þ¾î Ãß°¡' ¸Þ´º¿¡¼ TCP/IP ÇÁ·ÎÅäÄÝ°ú ±×¿Ü Ç׸ñµéÀ» Ãß°¡ÇÑ´Ù.
- '³×Æ®¿÷ ¼ÒÇÁÆ®¿þ¾î¿Í ¾î´ðÅÍ Ä«µå' ºÎºÐ¿¡¼, '¼³Ä¡µÈ ³×Æ®¿÷ ¼ÒÇÁ¿þ¾î'¿¡ ÀÖ´Â 'TCP/IP ÇÁ·ÎÅäÄÝ'À» ¼±ÅÃÇÑ´Ù.
- 'TCP/IP ¼³Á¤'¿¡¼ ÀûÀýÇÑ ¾î´ðÅ͸¦ ¼±ÅÃÇÑ´Ù. ¿¹¸¦ µé¸é
[1]Novell NE2000 ¾î´ðÅÍ
. ±×¸®°í IP ÁÖ¼Ò¸¦ 192.168.0.x (1 < x < 255)·Î ¼³Á¤ÇÏ°í, ¼ºê³Ý ¸¶½ºÅ©¸¦ 255.255.255.0, µðÆúÆ® °ÔÀÌÆ®¿þÀ̸¦ 192.168.0.1·Î ¼³Á¤ÇÑ´Ù.
- Windows NT µµ¸ÞÀÎ ³»¿¡ ÀÖÁö ¾Ê°Å³ª °¢ Ç׸ñÀÌ ¹«¾ùÀ» ÀǹÌÇÏ´ÂÁö Àß ¸ð¸¦ ¶§¿¡´Â 'Automatic DHCP Configuration'ÀÇ È°¼ºÈ¸¦ ÇØÁ¦ÇÏ°í, 'WINS Server' ºÎºÐ¿¡ ¾Æ¹«°Íµµ ÀÔ·ÂÇÏÁö ¸»°í, Enable IP ForwardingsÀÇ È°¼ºÈ¸¦ ÇØÁ¦ÇÑ´Ù.
- 'DNS'¸¦ Ŭ¸¯ÇÏ°í, ¸®´ª½º È£½ºÆ®°¡ »ç¿ëÇÏ°í ÀÖ´Â ÀûÀýÇÑ Á¤º¸µé(´ë°³´Â /etc/resolv.conf¿¡ ÀúÀåµÇ¾î ÀÖÀ½)À» ÀÔ·ÂÇÑ´Ù. ´Ù µÇ¾úÀ¸¸é 'È®ÀÎ'À» Ŭ¸¯ÇÑ´Ù.
- '°í±Þ'À» Ŭ¸¯ÇÏ°í, ÀÌ ¿É¼ÇµéÀÌ ¾î¶² ¿ªÇÒÀ» ÇÏ´Â Áö Àß ¸ð¸£¸é 'DNS for Windows Name Resolution'°ú 'Enable LMHOSTS lookup'ÀÇ È°¼ºÈ¸¦ ÇØÁ¦ÇÑ´Ù. ¸¸¾à¿¡ LMHOSTS ÈÀÏÀ» »ç¿ëÇÏ°íÀÚ ÇÑ´Ù¸é, C:\winnt\system32\drivers\etc¿¡ ÀúÀåµÇ¾î ÀÖ´Â °ÍÀ» ÂüÁ¶ÇÑ´Ù.
- ¸ðµç ´ëÈ»óÀÚ¿¡¼ 'È®ÀÎ'À» Ŭ¸¯ÇÏ°í ½Ã½ºÅÛÀ» Àç½ÃÀÛÇÑ´Ù.
- ³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇØ º¸±â À§Çؼ ¸®´ª½º È£½ºÆ®·Î
Ping
À» Çغ»´Ù: 'ÈÀÏ/½ÇÇà', ping 192.168.0.1
¶ó°í ÀÔ·Â.
(ÀÌ°ÍÀº ´ÜÁö ³»ºÎ LAN ¿¬°áÀ» ½ÃÇèÇÏ´Â °ÍÀÌ´Ù. ¾ÆÁ÷Àº ¹Ù±ù ¼¼°è·Î ping
À» ÇÒ ¼ö°¡ ¾ø´Ù.) PING ÇÑ °Í¿¡ ´ëÇØ ÀÀ´äÀÌ ¾ø´Ù¸é ³×Æ®¿÷ ¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù.
- ³×Æ®¿÷ ÀåÄ¡ µå¶óÀ̹ö¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´Ù¸é Áö±Ý ¼³Ä¡ÇÑ´Ù. µå¶óÀ̹ö ¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼¿¡¼ ´Ù·çÁö ¾Ê´Â´Ù.
- TCP/IP 32b ÆÐÅ°Áö°¡ ¾ÆÁ÷ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù¸é ¼³Ä¡ÇÑ´Ù.
- 'Main'/'Windows Setup'/'Network Setup'¿¡¼, 'Drivers'¸¦ Ŭ¸¯ÇÑ´Ù.
- 'Network Drivers' ºÎºÐ¿¡¼ 'Microsoft TCP/IP-32 3.11b'¸¦ ¼±ÅÃÇÑ´Ù. 'Setup'À» Ŭ¸¯ÇÑ´Ù.
- IP ÁÖ¼Ò¸¦ 192.168.0.x (1 < x < 255)·Î ¼³Á¤ÇÑ´Ù. ±×¸®°í ¼ºê³Ý ¸¶½ºÅ©¸¦ 255.255.255.0À¸·Î µðÆúÆ® °ÔÀÌÆ®¿þÀ̸¦ 192.168.0.1·Î ¼³Á¤ÇÑ´Ù.
- Windows NT µµ¸ÞÀÎ ³»¿¡ ÀÖÁö ¾Ê°Å³ª °¢ Ç׸ñÀÌ ¹«¾ùÀ» ÀǹÌÇÏ´ÂÁö Àß ¸ð¸¦ ¶§¿¡´Â 'Automatic DHCP Configuration'ÀÇ È°¼ºÈ¸¦ ÇØÁ¦ÇÏ°í, 'WINS Server' ºÎºÐ¿¡ ¾Æ¹«°Íµµ ÀÔ·ÂÇÏÁö ¸»µµ·Ï ÇÑ´Ù.
- 'DNS'¸¦ Ŭ¸¯ÇÏ°í, ¸®´ª½º È£½ºÆ®°¡ »ç¿ëÇÏ°í ÀÖ´Â ÀûÀýÇÑ Á¤º¸µé(´ë°³´Â /etc/resolv.conf¿¡ ÀúÀåµÇ¾î ÀÖÀ½)À» ÀÔ·ÂÇÑ´Ù. ´Ù µÇ¾úÀ¸¸é 'È®ÀÎ'À» Ŭ¸¯ÇÑ´Ù.
- '°í±Þ'À» Ŭ¸¯ÇÏ°í, 'Enable DNS for Windows Name Resolution'°ú 'Enable LMHOSTS lookup'¸¦ ¼±ÅÃÇÑ´Ù. ¸¸¾à¿¡ LMHOSTS ÈÀÏÀ» »ç¿ëÇÏ°íÀÚ ÇÑ´Ù¸é, C:\winnt\system32\drivers\etc¿¡ ÀúÀåµÇ¾î ÀÖ´Â °ÍÀ» ÂüÁ¶ÇÑ´Ù.
- ¸ðµç ´ëÈ»óÀÚ¿¡¼ 'È®ÀÎ'À» Ŭ¸¯ÇÏ°í ½Ã½ºÅÛÀ» Àç½ÃÀÛÇÑ´Ù.
- ³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇØ º¸±â À§Çؼ ¸®´ª½º È£½ºÆ®·Î
Ping
À» Çغ»´Ù: 'ÈÀÏ/½ÇÇà', ping 192.168.0.1
¶ó°í ÀÔ·Â.
(ÀÌ°ÍÀº ´ÜÁö ³»ºÎ LAN ¿¬°áÀ» ½ÃÇèÇÏ´Â °ÍÀÌ´Ù. ¾ÆÁ÷Àº ¹Ù±ù ¼¼°è·Î ping
À» ÇÒ ¼ö°¡ ¾ø´Ù.) PING ÇÑ °Í¿¡ ´ëÇØ ÀÀ´äÀÌ ¾ø´Ù¸é ³×Æ®¿÷ ¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù.
- ¾ÆÁ÷ ³×Æ®¿÷ Ä«µå¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò°Å³ª ÇØ´ç µå¶óÀ̹ö¸¦ Áö¿øÇϵµ·Ï Ä¿³ÎÀ» ´Ù½Ã ÄÄÆÄÀÏ ÇÏÁö ¾Ê¾Ò´Ù¸é Áö±Ý ÇÑ´Ù. ÀÌ ¹®¼¿¡¼ ÀÌ ³»¿ëÀº ´Ù·çÁö ¾Ê´Â´Ù.
- TCP/IP ³×Æ®¿÷ÀÌ ¾ÆÁ÷ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù¸é, net-tools ÆÐÅ°Áö¿Í °°Àº TCP/IP ³×Æ®¿÷ ÅøÀ» ¼³Ä¡ÇÑ´Ù.
- IPADDR¸¦ 192.168.0.x (1 < x < 255)·Î ¼³Á¤ÇÑ´Ù. NETMASK¸¦ 255.255.255.0, GATEWAY¸¦ 192.168.0.1, ±×¸®°í BROADCAST¸¦ 192.168.0.255·Î ¼³Á¤ÇÑ´Ù.
¿¹¸¦ µé¾î¼ ·¡µåÇÞ ¸®´ª½º ½Ã½ºÅÛÀ̶ó¸é, /etc/sysconfig/network-scripts/ifcfg-eth0
ÈÀÏÀ» ÆíÁýÇϰųª, °£´ÜÇÏ°Ô Control Panel¿¡¼ ÇØ°áÇÒ ¼ö ÀÖ´Ù. SunOS, BSDi, Slackware Linux, Solaris, SuSe, Debian µîµî.. ´Ù¸¥ UNIX¿¡¼´Â ¹æ¹ýÀÌ ´Ù¸¦ ¼öµµ ÀÖ´Ù. Á¤º¸¸¦ ´õ ¾ò°íÀÚ ÇÑ´Ù¸é ¿©·¯ºÐÀÇ ÇØ´ç UNIX ¹®¼¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù.
/etc/resolv.conf
ÈÀÏ¿¡ µµ¸ÞÀÎ ³×ÀÓ ¼ºñ½º(DNS)¸¦ Ãß°¡ÇÏ°í µµ¸ÞÀÎ °Ë»ö Á¢¹Ì»ç¸¦ Ãß°¡ÇÑ´Ù. UNIX ¹öÁ¯°ú Á¾·ù¿¡ µû¶ó¼´Â, /etc/nsswitch.conf ÈÀÏÀ» ÆíÁýÇؼ DNS ¼ºñ½º¸¦ »ç¿ë°¡´ÉÇÏ°Ô ÇÑ´Ù.
- ¼³Á¤¿¡ µû¶ó¼´Â
/etc/networks
ÈÀÏÀ» ÆíÁýÇؼ ¹Ù²Ù¾îÁà¾ß ÇÒ ¼öµµ ÀÖ´Ù.
- ÀûÀýÇÑ ¼ºñ½ºµéÀ» Àç½Ãµ¿Çϰųª, ȤÀº °£´ÜÇÏ°Ô ¾Æ¿¹ ½Ã½ºÅÛ ÀÚü¸¦ Àç½ÃÀÛÇÑ´Ù.
- °ÔÀÌÆ®¿þÀÌ°¡ µÇ´Â ÄÄÇ»ÅÍ·ÎÀÇ ¿¬°áÀ» ½ÃÇèÇϱâ À§Çؼ ´ÙÀ½°ú °°ÀÌ
ping
¸í·ÉÀ» ³»¸°´Ù: ping 192.168.0.1
.
(ÀÌ°ÍÀº ´ÜÁö ³»ºÎ LAN ¿¬°áÀ» ½ÃÇèÇÏ´Â °ÍÀÌ´Ù. ¾ÆÁ÷Àº ¹Ù±ù ¼¼°è·Î ping
À» ÇÒ ¼ö°¡ ¾ø´Ù.) PING ÇÑ °Í¿¡ ´ëÇØ ÀÀ´äÀÌ ¾ø´Ù¸é ³×Æ®¿÷ ¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù.
- ¾ÆÁ÷ ³×Æ®¿÷ Ä«µå¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´Ù¸é Áö±Ý ¼³Ä¡ÇÑ´Ù. ³×Æ®¿÷ Ä«µå ¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼¿¡¼ ´Ù·çÁö ¾Ê´Â´Ù.
- ÀûÀýÇÑ ÆÐŶ µå¶óÀ̹ö¸¦ ·ÎµåÇÑ´Ù. ¿¹¸¦ µé¾î¼: NE2000 ÀÌ´õ³Ý Ä«µå¸¦ I/O Æ÷Æ® 300, IRQ 10À¸·Î »ç¿ëÇÑ´Ù¸é,
nwpd 0x60 10 0x300
¶ó°í ¸í·ÉÇÑ´Ù.
- »õ·Î¿î µð·ºÅ丮¸¦ ¸¸µé°í, ±× µð·ºÅ丮¿¡ NCSA ÅÚ³Ý ÆÐÅ°Áö¸¦ Ç®¾î ³õ´Â´Ù:
pkunzip tel2308b.zip
- ÅؽºÆ® ¿¡µðÅÍ·Î
config.tel
ÈÀÏÀ» ¿¬´Ù.
myip=192.168.0.x
(1 < x < 255)·Î, netmask=255.255.255.0·Î ¼³Á¤ÇÑ´Ù.
- ÀÌ ¿¹¿¡¼´Â,
hardware=packet, interrupt=10, ioaddr=60
¶ó°í ¼³Á¤ÇØ¾ß ÇÑ´Ù.
- °ÔÀÌÆ® ¿þÀ̷μ Àû¾îµµ ÇÑ°³ÀÇ ÄÄÇ»ÅÍ¿¡ ´ëÇÑ ¼³Á¤ÀÌ ÀÖ¾î¾ß ÇÑ´Ù(¿¹¸¦ µé¸é ÀÌ °æ¿ì¿¡´Â ¸®´ª½º È£½ºÆ®):
name=default
host=¸®´ª½ºÈ£½ºÆ®À̸§
hostip=192.168.0.1
gateway=1
- µµ¸ÞÀÎ ³×ÀÓ ¼ºñ½º¸¦ À§Çؼ ¶Ç ÇϳªÀÇ ¼³Á¤À» ÇØÁà¾ß ÇÑ´Ù:
name=dns.domain.com ; hostip=123.123.123.123; nameserver=1
Note: ¸®´ª½º È£½ºÆ®°¡ »ç¿ëÇÏ°í ÀÖ´Â Á¤º¸´ë·Î À§ÀÇ ³»¿ëÀ» ¼öÁ¤ÇØ ÁØ´Ù.
config.tel
ÈÀÏÀ» ÀúÀåÇÑ´Ù.
- ³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇϱâ À§Çؼ ¸®´ª½º È£½ºÆ®·Î ÅÚ³Ý ¿¬°áÀ» ÇØ º»´Ù:
telnet 192.168.0.1
¸¸¾à ·Î±ä ÇÁ·ÒÇÁÆ®°¡ ³ª¿ÀÁö ¾Ê´Â´Ù¸é, ³×Æ®¿÷ ¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù.
- ÀÌ´õ³Ý ¾î´ðÅ͸¦ À§ÇÑ ¼ÒÇÁÆ®¿þ¾î¸¦ ¾ÆÁ÷ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´Ù¸é Áö±Ý ¼³Ä¡ÇÑ´Ù. ¾î´ðÅÍ ¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼¿¡¼ ´Ù·çÁö ¾Ê´Â´Ù.
- MacTCP control panelÀ» ¿¬´Ù. ÀûÀýÇÑ ³×Æ®¿÷ µå¶óÀ̹ö¸¦ ¼±ÅÃÇÑ´Ù(EtherTalkÀÌ ¾Æ´Ï°í EthernetÀ» ¼±ÅÃ). ±×¸®°í 'More...' ¹öÆ°À» Ŭ¸¯ÇÑ´Ù.
- 'Obtain Address:' ºÎºÐ¿¡¼, 'Manually'¸¦ Ŭ¸¯ÇÑ´Ù.
- 'IP Address:' ºÎºÐ¿¡¼, Æ˾÷ ¸Þ´º¿¡¼ class C¸¦ ¼±ÅÃÇÑ´Ù. ÀÌ ´ëÈ»óÀÚÀÇ ³ª¸ÓÁö ºÎºÐÀº ¹«½ÃÇÑ´Ù.
- 'Domain Name Server Information:'¿¡¼ DNS Á¤º¸¸¦ ÀÔ·ÂÇÑ´Ù.
- 'Gateway Address:'¿¡¼, 192.168.0.1¸¦ ÀÔ·ÂÇÑ´Ù.
- 'OK'¸¦ Ŭ¸¯Çؼ ¼³Á¤À» ÀúÀåÇÑ´Ù. MacTCP control panelÀÇ ¸ÞÀÎ À©µµ¿ì¿¡¼, 'IP Address:'ºÎºÐ¿¡ Mac ÄÄÇ»ÅÍÀÇ IP ÁÖ¼Ò (192.168.0.x, 1 < x < 255)¸¦ ÀÔ·ÂÇÑ´Ù.
- MacTCP control panelÀ» ´Ý´Â´Ù. Àç½ÃÀÛÀ» ¹¯´Â ´ëÈ»óÀÚ°¡ ³ªÅ¸³ª¸é ½Ã½ºÅÛÀ» Àç½ÃÀÛÇÑ´Ù.
- ³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇϱâ À§Çؼ ¸®´ª½º È£½ºÆ®¿¡ pingÀ» º¸³¾ ¼ö ÀÖ´Ù. MacTCP Watcher¶ó´Â ÇÁ¸®¿þ¾î ¼ÒÇÁÆ®¿þ¾î°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù¸é, 'Ping' ¹öÆ°À» ´©¸£°í, ³ªÅ¸³ª´Â ´ëÈ»óÀÚ¿¡¼ ¸®´ª½º È£½ºÆ®ÀÇ ÁÖ¼Ò(192.168.0.1)¸¦ ÀÔ·ÂÇÑ´Ù. (ÀÌ°ÍÀº ´ÜÁö ³»ºÎ LAN ¿¬°áÀ» ½ÃÇèÇÏ´Â °ÍÀÌ´Ù. ¾ÆÁ÷Àº ¹Ù±ù ¼¼°è·Î
ping
À» ÇÒ ¼ö°¡ ¾ø´Ù.) PING ÇÑ °Í¿¡ ´ëÇØ ÀÀ´äÀÌ ¾ø´Ù¸é ³×Æ®¿÷ ¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù.
- ³»ºÎ LAN¿¡¼ IP ÁÖ¼Ò ´ë½Å È£½ºÆ® À̸§À» »ç¿ëÇϱâ À§Çؼ, ½Ã½ºÅÛ Æú´õ¿¡
Hosts
ÈÀÏÀ» ¸¸µé ¼öµµ ÀÖ´Ù. ½Ã½ºÅÛ Æú´õ¿¡´Â ÀÌ ÈÀÏÀÌ ÀÌ¹Ì Á¸ÀçÇÏ°í ÀÖÀ» °ÍÀÌ´Ù. ÀÌ ÈÀÏ¿¡´Â ¿©·¯ºÐÀÇ °æ¿ì¿¡ ¸ÂÃç¼ ¼öÁ¤Çؼ »ç¿ëÇÒ ¼öÀÖ´Â »ùÇÃÀÌ µé¾î ÀÖÀ» °ÍÀÌ´Ù.
- ÀÌ´õ³Ý ¾î´ðÅ͸¦ À§ÇÑ ÀûÀýÇÑ µå¶óÀ̹ö°¡ ¾ÆÁ÷ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù¸é, Áö±Ý ¼³Ä¡ÇÑ´Ù. µå¶óÀ̹ö ¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼¿¡¼ ´Ù·çÁö ¾Ê´Â´Ù.
- TCP/IP Control PanelÀ» ¿¾î¼ Edit ¸Þ´º¿¡¼ 'User Mode ...'¸¦ ¼±ÅÃÇÑ´Ù. user mode °¡ ÃÖ¼ÒÇÑ 'Advanced' ÀÌ»ó¿¡ ¼³Á¤µÇ¾î ÀÖ´ÂÁö È®ÀÎÇÏ°í 'OK' ¹öÆ°À» ´©¸¥´Ù.
- File ¸Þ´º¿¡¼ 'Configurations...'¸¦ ¼±ÅÃÇÑ´Ù. 'Default' ·Î µÇ¾î ÀÖ´Â ¼³Á¤À» ¼±ÅÃÇÏ°í 'Duplicate...' ¹öÆ°À» Ŭ¸¯ÇÑ´Ù. 'Duplicate Configuration' ´ëÈ»óÀÚ¿¡¼, 'IP Masq' (ȤÀº º¸ÅëÀÇ °æ¿ì¿¡¼ÀÇ ¼³Á¤ÀÌ ¾Æ´Ï¶ó´Â °ÍÀ» ÀǹÌÇÏ´Â °Í)À» ÀÔ·ÂÇÑ´Ù. ÀÌ·¸°Ô Çϸé 'Default copy'¿Í °°Àº °ÍÀÌ ³ªÅ¸³¯ °ÍÀÌ´Ù. ±×·¯¸é 'OK' ¹öÆ°À» Ŭ¸¯ÇÏ°í, 'Make Active' ¹öÆ°À» Ŭ¸¯ÇÑ´Ù.
- 'Connect via:' ´ëÈ»óÀÚ¿¡¼ 'Ethernet'À» ¼±ÅÃÇÑ´Ù.
- 'Configure:' ´ëÈ»óÀÚ¿¡¼ ÀûÀýÇÑ Ç׸ñÀ» ¼±ÅÃÇÑ´Ù. ¾î¶² °ÍÀ» ¼±ÅÃÇØ¾ß ÇÏ´ÂÁö Àß ¸ð¸£°Ú´Ù¸é, ¾Æ¸¶µµ 'Default' ¼³Á¤À» ´Ù½Ã ¼±ÅÃÇÏ°í ³ª°¡¾ß ÇÒ °ÍÀÌ´Ù. ÇÊÀÚÀÇ °æ¿ì¿¡´Â 'Manually' ¸¦ ¼±ÅÃÇؼ ¼³Á¤Çß´Ù.
- 'IP Address:' ´ëÈ»óÀÚ¿¡¼ Mac ÄÄÇ»ÅÍÀÇ IP ÁÖ¼Ò(192.168.0.x, 1 < x < 255)¸¦ ÀÔ·ÂÇÑ´Ù.
- 'Subnet mask:' ´ëÈ»óÀÚ¿¡¼ 255.255.255.0¸¦ ÀÔ·ÂÇÑ´Ù.
- 'Router address:' ´ëÈ»óÀÚ¿¡¼ 192.168.0.1À» ÀÔ·ÂÇÑ´Ù.
- 'Name server addr.:' ´ëÈ»óÀÚ¿¡¼ DNS ¼¹öÀÇ IP ÁÖ¼Ò¸¦ ÀÔ·ÂÇÑ´Ù.
- 'Implicit Search Path:' ºÎºÐÀÇ 'Starting domain name' ´ëÈ»óÀÚ¿¡¼ ÀÎÅÍ³Ý µµ¸ÞÀÎÀ» ÀÔ·ÂÇÑ´Ù.
- ´ÙÀ½ °úÁ¤Àº ¼±ÅÃÀûÀÌ´Ù. À߸ø ¼³Á¤Çϸé Á¤»ó µ¿ÀÛÇÏÁö ¾ÊÀ» ¼öµµ ÀÖ´Ù. Àß ¸ð¸£°Ú´Ù¸é, ¾Æ¹«°Íµµ ÀÔ·ÂÇÏÁö ¸»°í ºñ¿öµÎ°Å³ª, ¾Æ¹«°Íµµ ¼±ÅõÇÁö ¾ÊÀº ä·Î µÎ´Â °ÍÀÌ ÁÁÀ» °ÍÀÌ´Ù. ÇÊ¿äÇÏ´Ù¸é, ÀԷµǾî ÀÖ´Â Á¤º¸¸¦ ¸ðµÎ ¾ø¾Öµµ·Ï ÇÑ´Ù. ÇÊÀÚ°¡ ¾Æ´Â ÇÑ, TCP/IP ´ëÈ»óÀÚ¸¦ ÅëÇؼ ½Ã½ºÅÛÀÌ ÀÌÀü¿¡ ¼±ÅõǾî ÀÖ´Â ´Ù¸¥ "Hosts" ÈÀÏÀ» »ç¿ëÇÏÁö ¾Êµµ·Ï ÇÏ´Â ¹æ¹ýÀº ¾ø´Ù. ¸¸¾à ¿©·¯ºÐÀÌ ±× ¹æ¹ýÀ» ¾Ë°í ÀÖ´Ù¸é, ÇÊÀÚ¿¡°Ô ¾Ë·ÁÁÖ±æ ¹Ù¶õ´Ù.
¿©·¯ºÐÀÇ ³×Æ®¿÷ÀÌ 802.3 ŸÀÔÀÇ ÇÁ·¹ÀÓÀ» ÇÊ¿ä·Î ÇÑ´Ù¸é '802.3'À» üũÇÑ´Ù.
- 'Options...' ¹öÆ°À» Ŭ¸¯Çؼ TCP/IP °¡ È°¼ºÈ µÇµµ·Ï ÇÑ´Ù. ÇÊÀÚÀÇ °æ¿ì¿¡´Â 'Load only when needed' ¿É¼ÇÀ» »ç¿ëÇß´Ù. ¿©·¯ºÐÀÌ ÄÄÇ»Å͸¦ ÀçºÎÆà ÇÏÁö ¾Ê´Âä·Î TCP/IP ÀÀ¿ëÇÁ·Î±×·¥ÀÇ ½ÇÇà°ú Á¾·á¸¦ ¹Ýº¹À» ¿©·¯¹ø ¹Ýº¹ÇÏ´Â °æ¿ì¿¡´Â, 'Load only when needed' ¿É¼ÇÀ» üũÇÏÁö ¾Ê´Â °ÍÀÌ ¿©·¯ºÐÀÇ ÄÄÇ»ÅÍÀÇ ¸Þ¸ð¸® °ü¸®¿¡ µµ¿òÀ» ÁÙ °ÍÀÌ´Ù. ±× Ç׸ñÀ» üũÇÏÁö ¾ÊÀº ä·Î µÎ¸é, TCP/IP ÇÁ·ÎÅäÄÝ ½ºÅÃÀº Ç×»ó ·ÎµåµÇ¾î¼ »ç¿ë °¡´ÉÇÑ »óÅ°¡ µÈ´Ù. ¸¸¾à üũÇØ µÐ´Ù¸é, TCP/IP ½ºÅÃÀº ÇÊ¿äÇÒ ¶§ ÀÚµ¿ÀûÀ¸·Î ·ÎµåµÇ°í ÇÊ¿ä¾ø¾îÁö¸é ÀÚµ¿ÀûÀ¸·Î Á¦°ÅµÈ´Ù. ÀÌ·¸°Ô µÇ¸é, °è¼ÓÀûÀÎ loading°ú unloadingÀ» ÇÔÀ¸·Î½á ¸Þ¸ð¸®°¡ ÆÄÆíÀ¸·Î Á¶ÀÛ³ª°Ô µÈ´Ù. (¿ªÀÚÁÖ: À©µµ¿ìÁîÀÇ µð½ºÅ© Á¶°¢ ¸ðÀÓÀÌ ÇÊ¿äÇÑ ÀÌÀ¯¿Í ºñ½ÁÇÏ´Ù.)
- ³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇϱâ À§Çؼ ¸®´ª½º È£½ºÆ®¿¡ pingÀ» º¸³¾ ¼ö ÀÖ´Ù. MacTCP Watcher¶ó´Â ÇÁ¸®¿þ¾î ¼ÒÇÁÆ®¿þ¾î°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù¸é, 'Ping' ¹öÆ°À» ´©¸£°í, ³ªÅ¸³ª´Â ´ëÈ»óÀÚ¿¡¼ ¸®´ª½º È£½ºÆ®ÀÇ ÁÖ¼Ò(192.168.0.1)¸¦ ÀÔ·ÂÇÑ´Ù. (ÀÌ°ÍÀº ´ÜÁö ³»ºÎ LAN ¿¬°áÀ» ½ÃÇèÇÏ´Â °ÍÀÌ´Ù. ¾ÆÁ÷Àº ¹Ù±ù ¼¼°è·Î
ping
À» ÇÒ ¼ö°¡ ¾ø´Ù.) PING ÇÑ °Í¿¡ ´ëÇØ ÀÀ´äÀÌ ¾ø´Ù¸é ³×Æ®¿÷ ¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù.
- ³»ºÎ LAN¿¡¼ IP ÁÖ¼Ò ´ë½Å È£½ºÆ® À̸§À» »ç¿ëÇϱâ À§Çؼ, ½Ã½ºÅÛ Æú´õ¿¡
Hosts
ÈÀÏÀ» ¸¸µé ¼öµµ ÀÖ´Ù. ÀÌ ÈÀÏÀº ½Ã½ºÅÛ Æú´õ¿¡ ÀÖÀ» ¼öµµ ÀÖ°í ¾øÀ» ¼öµµ ÀÖ´Ù. ÀÌ ÈÀÏÀÌ Á¸ÀçÇÑ´Ù¸é, ¿©·¯ºÐÀÇ °æ¿ì¿¡ ¸ÂÃç¼ ¼öÁ¤Çؼ »ç¿ëÇÒ ¼öÀÖ´Â »ùÇÃÀÌ µé¾î ÀÖÀ» °ÍÀÌ´Ù. Á¸ÀçÇÏÁö ¾Ê´Â´Ù¸é, MacTCP¸¦ »ç¿ëÇÏ°í ÀÖ´Â ½Ã½ºÅÛÀ¸·ÎºÎÅÍ º¹»çÇØ ¿Í¼ ¼öÁ¤ÇØ ¾²°Å³ª, ±×³É ¿©·¯ºÐ ÀÚ½ÅÀÌ ¸¸µé¾î¼ »ç¿ëÇصµ µÈ´Ù(ÀÌ ÈÀÏÀÇ Çü½ÄÀº UNIXÀÇ /etc/hosts
ÈÀÏ Çü½ÄÀÇ ÀϺθ¦ »ç¿ëÇϸç, RFC952¿¡ ¼³¸íµÇ¾î ÀÖ´Ù). ÀÏ´Ü ÈÀÏÀ» ¸¸µé°í ³ª¸é, TCP/IP control panelÀ» ¿¾î¼, 'Select Hosts File...' ¹öÆ°À» ´©¸£°í Hosts
ÈÀÏÀ» ¿¬´Ù.
- ´Ý±â »óÀÚ¸¦ Ŭ¸¯Çϰųª File ¸Þ´º¿¡¼ 'Close' ȤÀº 'Quit' À» ¼±ÅÃÇÑ´Ù. ±×¸®°í 'Save' ¹öÆ°À» Ŭ¸¯Çؼ º¯°æ»çÇ×À» ÀúÀåÇÑ´Ù.
- º¯°æ »çÇ×Àº Áï½Ã ¹Ý¿µµÇÁö¸¸, ½Ã½ºÅÛÀ» ÀçºÎÆÃÇÏ´Â °Íµµ ÁÁ´Ù.
- ÀÌ´õ³Ý ¾î´ðÅÍÀ» À§ÇÑ µå¶óÀ̹ö ¼ÒÇÁÆ®¿þ¾î°¡ ¾ÆÁ÷ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù¸é, Áö±Ý ¼³Ä¡ÇÑ´Ù. µå¶óÀ̹ö ¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼¿¡¼ ´Ù·çÁö ¾Ê´Â´Ù.
-
The Novell LanWorkPlace page¿¡¼ tcpip16.exe¸¦ ´Ù¿î·ÎµåÇÑ´Ù.
-
c:\nwclient\startnet.bat¸¦ ÆíÁýÇÑ´Ù
: (ÇÊÀÚ°¡ ¾²´Â ÈÀÏ ³»¿ëÀÌ´Ù)
SET NWLANGUAGE=ENGLISH
LH LSL.COM
LH KTC2000.COM
LH IPXODI.COM
LH tcpip
LH VLM.EXE
F:
-
c:\nwclient\net.cfg¸¦ ÆíÁýÇÑ´Ù
: (link driver´Â ¿©·¯ºÐ¿¡ ¸Â°Ô ¼öÁ¤ÇÑ´Ù. ¿¹¸¦ µé¸é NE2000)
Link Driver KTC2000
Protocol IPX 0 ETHERNET_802.3
Frame ETHERNET_802.3
Frame Ethernet_II
FRAME Ethernet_802.2
NetWare DOS Requester
FIRST NETWORK DRIVE = F
USE DEFAULTS = OFF
VLM = CONN.VLM
VLM = IPXNCP.VLM
VLM = TRAN.VLM
VLM = SECURITY.VLM
VLM = NDS.VLM
VLM = BIND.VLM
VLM = NWP.VLM
VLM = FIO.VLM
VLM = GENERAL.VLM
VLM = REDIR.VLM
VLM = PRINT.VLM
VLM = NETX.VLM
Link Support
Buffers 8 1500
MemPool 4096
Protocol TCPIP
PATH SCRIPT C:\NET\SCRIPT
PATH PROFILE C:\NET\PROFILE
PATH LWP_CFG C:\NET\HSTACC
PATH TCP_CFG C:\NET\TCP
ip_address 192.168.0.xxx
ip_router 192.168.0.1
À§ÀÇ "ip_address" ºÎºÐÀº ¿©·¯ºÐÀÇ IP ÁÖ¼Ò·Î ÇÑ´Ù (192.168.0.x, 1 < x < 255)
±×¸®°í ¸¶Áö¸·À¸·Î c:\bin\resolv.cfg¸¦ ÆíÁýÇÑ´Ù:
SEARCH DNS HOSTS SEQUENTIAL
NAMESERVER xxx.xxx.xxx.xxx
NAMESERVER yyy.yyy.yyy.yyy
- À§ÀÇ "NAMESERVER" ºÎºÐÀº ¿©·¯ºÐÀÌ »ç¿ëÇÏ´Â DNS ¼¹ö·Î ´ëüÇÑ´Ù.
- °ÔÀÌÆ®¿þÀÌ ÄÄÇ»ÅÍ·ÎÀÇ ³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇϱâ À§Çؼ
ping
¸í·ÉÀ» ÇÑ´Ù: ping 192.168.0.1
(ÀÌ°ÍÀº ´ÜÁö ³»ºÎ LAN ¿¬°áÀ» ½ÃÇèÇÏ´Â °ÍÀÌ´Ù. ¾ÆÁ÷Àº ¹Ù±ù ¼¼°è·Î ping
À» ÇÒ ¼ö°¡ ¾ø´Ù.) PING ÇÑ °Í¿¡ ´ëÇØ ÀÀ´äÀÌ ¾ø´Ù¸é ³×Æ®¿÷ ¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù.
- ÀÌ´õ³Ý ¾î´ðÅ͸¦ À§ÇÑ ÀûÀýÇÑ µå¶óÀ̹ö ¼ÒÇÁÆ®¿þ¾î°¡ ¾ÆÁ÷ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù¸é Áö±Ý ¼³Ä¡ÇÑ´Ù. µå¶óÀ̹ö ¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼¿¡¼ ´Ù·çÁö ¾Ê´Â´Ù.
- TCP/IP ÇÁ·ÎÅäÄÝÀÌ ¾ÆÁ÷ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù¸é Áö±Ý ¼³Ä¡ÇÑ´Ù.
- Programs/TCP/IP (LAN) / TCP/IP ¼³Á¤À¸·Î °£´Ù.
- 'Network'¿¡¼ TCP/IP ÁÖ¼Ò(192.168.0.x)¸¦ ÀÔ·ÂÇÏ°í ³×Æ®¿÷ ¸¶½ºÅ©¸¦ ¼³Á¤ÇÑ´Ù(255.255.255.0).
- 'Routing'¿¡¼ 'Add'¸¦ ´©¸¥´Ù. TypeÀº 'default'·Î ÇÏ°í 'Router Address' ºÎºÐ¿¡¼ ¸®´ª½º È£½ºÆ®ÀÇ IP ÁÖ¼Ò¸¦ ÀÔ·ÂÇÑ´Ù(192.168.0.1).
- 'Hosts'¿¡ ¸®´ª½º È£½ºÆ®°¡ »ç¿ëÇÏ°í ÀÖ´Â DNS (Nameserver) ÁÖ¼Ò¿Í °°ÀÌ ¼³Á¤ÇØ ÁØ´Ù.
- TCP/IP control panelÀ» ´Ý°í µÚÀÌ¾î ³ª¿À´Â Áú¹®µé¿¡ yes¸¦ ´äÇÑ´Ù.
- ½Ã½ºÅÛÀ» ÀçºÎÆÃÇÑ´Ù.
- ³×Æ®¿÷ ¼³Á¤À» ½ÃÇèÇϱâ À§Çؼ ¸®´ª½º È£½ºÆ®¸¦ ping ÇÒ ¼öµµ ÀÖ´Ù. 'OS/2 Command prompt Window'¿¡¼
'ping 192.168.0.1'
¶ó°í ÀÔ·ÂÇÑ´Ù. ping ÆÐŶÀÌ µ¹¾Æ¿À¸é ¸ðµç°Ô Á¦´ë·Î ¼³Á¤µÈ °ÍÀÌ´Ù.
±×¿Ü ´Ù¸¥ ½Ã½ºÅÛÀ» ¼³Á¤ÇÒ ¶§¿¡µµ Áö±Ý±îÁö¿Í °°Àº ¹æ½ÄÀ» »ç¿ëÇÑ´Ù. À§ÀÇ ¼½¼ÇµéÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. À§¿¡¼ ´Ù·çÁö ÀÖÁö ¾Ê´Â ½Ã½ºÅÛ¿¡¼ÀÇ ¼³Á¤¿¡ ´ëÇؼ ±ÛÀ» ½á ÁÖ½Ç ºÐÀº, ±× ÀÚ¼¼ÇÑ ¼³Á¤°úÁ¤À»
ambrose@writeme.com°ú
dranch@trinnet.netÀ¸·Î º¸³»Áֱ⠹ٶõ´Ù.
ÀÌÁ¦ ¸¶Áö¸·À¸·Î, IP ¸¶½ºÄ¿·¹À̵ùÀ» ½ÃÇèÇÒ ¶§´Ù. ¸®´ª½º È£½ºÆ®¸¦ ¾ÆÁ÷ ÀçºÎÆÃÇغ¸Áö ¾Ê¾Ò´Ù¸é, Áö±Ý ÀçºÎÆÃÇÏ°í ºÎÆÃÀÌ ¼º°øÇÏ´ÂÁö È®ÀÎÇÏ°í, /etc/rc.d/rc.firewall Á¤Ã¥À» ½ÇÇàÇÑ´Ù. ´ÙÀ½À¸·Î, ³»ºÎ LAN°úÀÇ ¿¬°á°ú ¿ÜºÎ ÀÎÅͳÝÀ¸·ÎÀÇ ¿¬°áÀÌ Á¦´ë·Î µÇ¾î ÀÖ´ÂÁö È®ÀÎÇÑ´Ù.
ÀÌÁ¦ ´ÙÀ½°ú °°ÀÌ ÇÑ´Ù:
- ù¹ø°: ¸¶½ºÄ¿·¹À̵ù ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡¼, ³»ºÎÀÇ ´Ù¸¥ ÄÄÇ»ÅÍ·Î pingÀ» Çغ»´Ù(¿¹¸¦ µé¸é ping 192.168.0.10 °ú °°ÀÌ). ÀÌ°ÍÀ¸·Î ³»ºÎ LANÀÇ ÄÄÇ»ÅÍ¿¡¼ TCP/IP°¡ Á¦´ë·Î µ¿ÀÛÇÏ´ÂÁö È®ÀÎÇÒ ¼ö ÀÖ´Ù. ¸¸¾à Á¦´ë·Î µÇÁö ¾Ê´Â´Ù¸é, ³»ºÎ ÄÄÇ»Å͵鿡¼ TCP/IP ¼³Á¤À» ÀÌ HOWTO¿¡¼ ¼³¸íÇÑ ´ë·Î Á¦´ë·Î Çß´ÂÁö ´Ù½Ã È®ÀÎÇÑ´Ù.
- µÎ¹ø°: ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö ÀÚü¿¡¼, ¸¶½ºÄ¿·¹ÀÌµå ³»Æ®¿÷ ³»ºÎÀÇ IP ÁÖ¼Ò·Î pingÀ» Çغ»´Ù(¿¹¸¦ µé¸é ping 192.168.0.1°ú °°ÀÌ). ÀÌÁ¦ ÀÎÅÍ³Ý »óÀÇ ¿ÜºÎ IP ÁÖ¼Ò·Î pingÀ» Çغ»´Ù. ÀÌ ¿ÜºÎÀÇ ÁÖ¼Ò´Â ISP¿¡ ¿¬°áµÈ ÀÚ±â ÀÚ½ÅÀÇ PPP, ÀÌ´õ³Ý µîÀÇ ÁÖ¼Ò¿©µµ µÈ´Ù. ÀÌ IP ÁÖ¼Ò¸¦ ¸ð¸¥´Ù¸é, "/sbin/ifconfig"¶ó°í ¸í·ÉÇؼ ÀÎÅÍ³Ý ÁÖ¼Ò¸¦ ¾Ë¾Æ³½´Ù. ÀÌ°ÍÀ¸·Î ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö¿¡ ³×Æ®¿÷ÀÌ ¿ÂÀüÈ÷ ¿¬°áµÇ¾î ÀÖ´ÂÁö ¾Ë ¼ö°¡ ÀÖ´Ù.
- ¼¼¹ø°: ´Ù½Ã ¸¶½ºÄ¿·¹À̵ù µÇ´Â ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡¼, ¸¶½ºÄ¿·¹À̵ù ¸®´ª½º È£½ºÆ®ÀÇ ³»ºÎ ÀÌ´õ³Ý Ä«µå¿¡ ¿¬°áµÈ IP ÁÖ¼Ò·Î pingÀ» Çغ»´Ù(¿¹¸¦ µé¸é ping 192.168.0.1°ú °°ÀÌ). ÀÌ°ÍÀ¸·Î ³»ºÎ ³×Æ®¿÷°ú ¶ó¿ìÆÃÀÌ Á¦´ë·Î µÇ°í ÀÖ´ÂÁö È®ÀÎÇÒ ¼ö ÀÖ´Ù. ¸¸¾à ÀÌ°ÍÀÌ ½ÇÆÐÇÑ´Ù¸é, ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö¿Í ³»ºÎ ÄÄÇ»ÅÍÀÇ ÀÌ´õ³Ý Ä«µå°¡ "¹°¸®ÀûÀ¸·Î" ¿¬°áµÇ¾î ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. ÀÌ´Â ÀÌ´õ³Ý Ä«µå µÞ¸éÀ̳ª ÀÌ´õ³Ý Çãºê/½ºÀ§Ä¡(¸¸¾à ÀÖ´Ù¸é)ÀÇ LED°¡ Á¡µîÇÏ´ÂÁö È®ÀÎÇÏ¸é µÈ´Ù.
- ³×¹ø°: ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡¼, ¸¶½ºÄ¿·¹ÀÌµå ¼¹öÀÇ ¿ÜºÎ·Î ¿¬°áµÈ TCP/IP ÁÖ¼Ò·Î pingÀ» Çغ»´Ù. ÀÌ ÁÖ¼Ò´Â ISP¿¡ ¿¬°áµÈ ¿©·¯ºÐÀÇ PPP, ÀÌ´õ³Ý µîÀÇ ÁÖ¼ÒÀÏ °ÍÀÌ´Ù. ÀÌ ping Å×½ºÆ®·Î, ¸¶½ºÄ¿·¹À̵ù(ƯÈ÷ ICMP ¸¶½ºÄ¿·¹À̵ù)ÀÌ Á¦´ë·Î ÀÛµ¿ÇÏ°í ÀÖ´ÂÁö È®ÀÎÇÒ ¼ö ÀÖ´Ù. ¸¸¾à ÀÌ°ÍÀÌ Á¦´ë·Î µ¿ÀÛÇÏÁö ¾Ê´Â´Ù¸é, Ä¿³ÎÀÌ "ICMP Masquerading"À» Áö¿øÇϵµ·Ï µÇ¾î ÀÖ´ÂÁö¿Í /etc/rc.d/rc.firewall ½ºÅ©¸³Æ®¿¡¼ "IP Forwarding"À» Çã¿ëÇß´ÂÁö È®ÀÎÇÑ´Ù. /etc/rc.d/rc.firewall Á¤Ã¥ÀÌ Á¦´ë·Î ·ÎµåµÇ¾ú´ÂÁöµµ È®ÀÎÇÑ´Ù. /etc/rc.d/rc.firewall ½ºÅ©¸³Æ®¸¦ ¼öµ¿À¸·Î ½ÇÇàÇؼ Á¦´ë·Î µ¿ÀÛÇÏ´ÂÁöµµ È®ÀÎÇÑ´Ù.
¿©ÀüÈ÷ Á¦´ë·Î ÀÛµ¿ÇÏÁö ¾Ê´Â´Ù¸é, ´ÙÀ½ ¸í·ÉÀÇ Ãâ·ÂÀ» Àß È®ÀÎÇØ º»´Ù.
- "ifconfig" : ÀÎÅÍ³Ý ¿¬°áÀÌ UP µÇ¾î ÀÖ´ÂÁö¿Í ÀÎÅÍ³Ý ¿¬°á¿¡ Á¦´ë·Î µÈ IP ÁÖ¼Ò°¡ ¼³Á¤µÇ¾î ÀÖ´ÂÁö¸¦ È®ÀÎÇÑ´Ù.
- "netstat -rn" : µðÆúÆ® °ÔÀÌÆ®¿þÀÌ(Gateway ºÎºÐ¿¡ 0.0.0.0ÀÌ ¾Æ´Ñ IP ÁÖ¼Ò°¡ ÀÖ´Â °Í)°¡ ¼³Á¤µÇ¾î ÀÖ´ÂÁö È®ÀÎÇÑ´Ù.
- "cat /proc/sys/net/ipv4/ip_forward" : "1"À» Ãâ·ÂÇÏ¸é ¸®´ª½º Æ÷¿öµùÀÌ Çã¿ëµÇ¾î ÀÖ´Â °ÍÀε¥ ÀÌ·¸°Ô ³ª¿À´ÂÁö È®ÀÎÇÑ´Ù.
- Ä¿³Î 2.0.x¿¡¼´Â "/sbin/ipfwadm -F -l", Ä¿³Î 2.2.x¿¡¼´Â "/sbin/ipchains -F -L" : ¸¶½ºÄ¿·¹À̵ùÀÌ È°¼ºÈ µÇ¾î ÀÖ´ÂÁö È®ÀÎÇÑ´Ù.
- ´Ù¼¸¹ø°: ¸¶½ºÄ¿·¹À̵ùµÇ´Â ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡¼, ÀÎÅÍ³Ý»ó¿¡ ÀÖ´Â °íÁ¤ IP ÁÖ¼Ò·Î pingÀ» Çغ»´Ù (¿¹¸¦ µé¸é, ping 152.19.254.81 ¿Í °°ÀÌ (ÀÌ ÁÖ¼Ò´Â LDP ȨÆäÀÌÁöÀÎ http://metalab.unc.edu ÀÇ ÁÖ¼ÒÀÌ´Ù). ÀÌ°ÍÀÌ µ¿ÀÛÇϸé, ÀÎÅͳÝÀ» ÇâÇÑ ICMP ¸¶½ºÄ¿·¹À̵ùÀÌ Á¦´ë·Î ÀÌ·ç¾îÁö°í ÀÖ´Ù´Â °ÍÀ» ÀǹÌÇÑ´Ù. ¸¸¾à µ¿ÀÛÇÏÁö ¾ÊÀ¸¸é, ÀÎÅÍ³Ý ¿¬°áÀ» ´Ù½Ã È®ÀÎÇÑ´Ù. ´Ù½Ã È®ÀÎÇߴµ¥µµ µ¿ÀÛÇÏÁö ¾ÊÀ¸¸é, ¿¹·Î µç °£´ÜÇÑ rc.firewall Á¤Ã¥À» »ç¿ëÇÏ°í ÀÖ´ÂÁö¿Í Ä¿³ÎÀ» ICMP ¸¶½ºÄ¿·¹À̵ùÀ» Æ÷ÇÔÇÏ¿© ÄÄÆÄÀÏÇß´ÂÁö È®ÀÎÇÑ´Ù.
- ¿©¼¸¹ø°: ÀÌÁ¦ ¿ÜºÎÀÇ "IP ÁÖ¼Ò"·Î telnetÀ» Çغ»´Ù(¿¹¸¦ µé¸é telnet 152.2.254.81 (metalab.unc.edu - ÀÌ ¼¹ö´Â ºÎÇÏ°¡ ¸¹ÀÌ °É¸®±â ¶§¹®¿¡ ·Î±ä ÇÁ·ÒÇÁÆ®¸¦ ¹Þ±â±îÁö ½Ã°£ÀÌ °É¸± ¼öµµ ÀÖ´Ù). ¾î´ÀÁ¤µµ ½Ã°£ÀÌ Áö³ ÈÄ¿¡ ·Î±ä ÇÁ·ÒÇÁÆ®¸¦ ¹Þ´Â°¡? ÀÌ°ÍÀÌ ¼º°øÇϸé, TCP ¸¶½ºÄ¿·¹À̵ùÀÌ Á¦´ë·Î µ¿ÀÛÇÏ°í ÀÖ´Â °ÍÀÌ´Ù. ¸¸¾à ¼º°øÇÏÁö ¸øÇß´Ù¸é, telnetÀ» Áö¿øÇÏ´Â °Í Áß¿¡¼ ¿©·¯ºÐÀÌ ¾Ë°í ÀÖ´Â °÷À» ½ÃµµÇØ º»´Ù. (¿¹¸¦ µé¸é 198.182.196.55 (www.linux.org). ¿©ÀüÈ÷ µ¿ÀÛÇÏÁö ¾Ê´Â´Ù¸é, ÇöÀç ¿¹·Î µç °£´ÜÇÑ rc.firewall Á¤Ã¥À» »ç¿ëÇÏ°í ÀÖ´ÂÁö È®ÀÎÇÑ´Ù.
- ÀÏ°ö¹ø°: ÀÌÁ¦ ¿ÜºÎÀÇ "È£½ºÆ® À̸§"À¸·Î telnetÀ» Çغ»´Ù(¿¹¸¦ µé¸é "telnet metalab.unc.edu" (152.2.254.81). ÀÌ°ÍÀÌ ¼º°øÇϸé, DNS°¡ Á¦´ë·Î µ¿ÀÛÇÏ°í ÀÖ´Â °ÍÀÌ´Ù. ÀÌ°ÍÀº ¼º°øÇÏÁö ¸øÇßÁö¸¸ "³×¹ø°" ´Ü°è´Â ¼º°øÇß´Ù¸é, ¸¶½ºÄ¿·¹À̵ù ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡ DNS ¼¹ö°ü·Ã ¼³Á¤À» Á¦´ë·Î Çß´ÂÁö È®ÀÎÇÑ´Ù.
- ¿©´ü¹ø°: ¸¶Áö¸· ½ÃÇèÀ¸·Î½á, ¸¶½ºÄ¿·¹À̵ù ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡¼ À¥ ºê¶ó¿ìÁ®¸¦ ÅëÇؼ 'INTERNET'»óÀÇ WWW »çÀÌÆ®¸¦ ¿¾îº¸°í ºê¶ó¿ìÁ®¿¡ Ç¥½Ã°¡ µÇ´ÂÁö È®ÀÎÇÑ´Ù. ¿¹¸¦ µé¾î¼,
Linux Documentation Project site¸¦ Á¢¼ÓÇØ º»´Ù. ÀÌ°ÍÀÌ ¼º°øÇϸé, ¸ðµç °ÍÀÌ ÈǸ¢ÇÏ°Ô µ¿ÀÛÇÏ°í ÀÖ´Â °ÍÀÌ´Ù!
¸®´ª½º ¹®¼ ÇÁ·ÎÁ§Æ®ÀÇ È¨ÆäÀÌÁö¸¦ º¼ ¼ö ÀÖ´Ù¸é, ÃàÇÏÇÑ´Ù! ¼º°øÇß´Ù!
ÀÌ À¥ »çÀÌÆ®¸¦ Á¦´ë·Î º¼ ¼ö ÀÖ´Ù¸é, PING, TELNET, SSHµîÀÇ Ç¥ÁØ ³×Æ®¿÷ Åë½Åµé°ú, °ü·ÃµÈ IP ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀ» ÀûÀçÇϸé FTP, Real Audio, IRC DCCs, Quake I/II/III, CuSeeme, VDOLiveµîµµ Á¦´ë·Î µ¿ÀÛÇÒ °ÍÀÌ´Ù! FTP, IRC, RealAudio, Quake I/II/IIIµîÀÌ Á¦´ë·Î µ¿ÀÛÇÏÁö ¾Ê°Å³ª ºÎ½ÇÇÏ°Ô µ¿ÀÛÇÑ´Ù¸é, "lsmod"¸í·ÉÀ¸·Î °ü·ÃµÈ ¸¶½ºÄ¿·¹À̵ù ¸ðµâµéÀÌ Á¦´ë·Î ÀûÀçµÇ¾î ÀÖ´ÂÁö È®ÀÎÇϰųª ºÎÀûÀýÇÑ ¼¹ö Æ÷Æ®·Î ÀûÀçµÇ¾î ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. ÇÊ¿äÇÑ ¸ðµâÀÌ ÀûÀçµÇ¾î ÀÖÁö ¾Ê´Ù¸é, /etc/rc.d/rc.firewall ½ºÅ©¸³Æ®°¡ ±× ¸ðµâµéÀ» ÀûÀçÇϵµ·Ï µÇ¾î ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. (¿¹¸¦ µé¸é ÇØ´ç IP ¸¶½ºÄ¿·¹À̵ù ¸ðµâÀÌ ÀÖ´Â ºÎºÐÀÌ "#" ¹®ÀÚ¸¦ Á¦°Å)
¾î¶² TCP/IP ÀÀ¿ë ÇÁ·Î±×·¥µéÀÇ ÇÁ·ÎÅäÄÝÀº, Æ÷Æ® ¹øÈ£¿¡ ´ëÇÑ °ÍµéÀ» Àڱ⠳ª¸§´ë·Î °¡Á¤Çϰųª ±×µé µ¥ÀÌÅÍÀÇ TCP/IP ÁÖ¼Ò³ª Æ÷Æ® ¹øÈ£¸¦ ¾ÏÈ£ÈÇϱ⠶§¹®¿¡, ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵ùÀ» ÅëÇؼ´Â Á¦´ë·Î µ¿ÀÛÇÏÁö ¾Ê´Â´Ù. ¾ÏÈ£È ¶§¹®¿¡ ¹®Á¦°¡ µÇ´Â ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇÏ´Â ÀÀ¿ëÇÁ·Î±×·¥µéÀº, ƯÁ¤ÇÑ ÇÁ·Ï½Ã ¼¹ö¶óµç°¡, ¸¶½ºÄ¿·¹À̵ù ÄÚµå ³»¿¡ ƯÁ¤ IP ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀ» Ãß°¡ÇØ¾ß ÀÛµ¿ÇÑ´Ù.
±âº»ÀûÀ¸·Î, ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵ùÀº ¿ÜºÎ·ÎºÎÅÍ µé¾î¿À´Â ¼ºñ½ºµéÀ» ÀüÇô ó¸®ÇÏÁö ¸øÇÑ´Ù. ÇÏÁö¸¸, ÀÌ°ÍÀ» ó¸®ÇÒ ¼ö ÀÖ´Â ¸î°¡Áö ¹æ¹ýÀÌ ÀÖ´Ù.
¸¸¾à ³ôÀº ¼öÁØÀÇ º¸¾ÈÀ» ÇÊ¿ä·Î ÇÏÁö ¾Ê´Â´Ù¸é, °£´ÜÈ÷ ¿äûÀÌ µé¾î¿À´Â IP Æ÷Æ®¸¦ Æ÷¿öµùÇØ ÁÖ¸é µÈ´Ù. À̸¦ ¼öÇàÇÏ´Â ¹æ¹ýÀº ¿©·¯°¡Áö°¡ ÀÖÁö¸¸, °¡Àå ¾ÈÁ¤ÀûÀÎ ¹æ¹ýÀº IPPORTFW¸¦ »ç¿ëÇÏ´Â °ÍÀÌ´Ù. ´õ ÀÚ¼¼ÇÑ Á¤º¸´Â
Forwarders
¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù.
¿ÜºÎ·ÎºÎÅÍ µé¾î¿À´Â ¼ºñ½ºµé¿¡ ´ëÇؼ ¾î´ÀÁ¤µµÀÇ ÀÎÁõÀýÂ÷¸¦ °®°Ô ÇÏ·Á¸é, TCP-wrappers³ª Xinetd µîÀ» »ç¿ëÇؼ ƯÁ¤ÇÑ IP ÁÖ¼Ò¸¸ Åë°ú½Ãų ¼ö ÀÖ´Ù. ±× µµ±¸³ª Á¤º¸¸¦ ¾ò±â À§Çؼ´Â TIS Firewall ToolkitÀ» »ìÆ캸¸é ÁÁÀ» °ÍÀÌ´Ù.
¿ÜºÎ·ÎºÎÅÍ µé¾î¿À´Â ¼ºñ½ºÀÇ º¸¾È¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº
TrinityOS ¹®¼¿Í
IP Masquerade Resource¿¡¼ ãÀ» ¼ö ÀÖÀ» °ÍÀÌ´Ù.
**
Linux Masquerade Application list¿¡¼ ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵ùÀ» ÅëÇؼ µ¿ÀÛÇÏ´Â ÀÀ¿ëÇÁ·Î±×·¥µé¿¡ °üÇÑ ´Ù·®ÀÇ ¿ì¼öÇÑ Á¤º¸µéÀ» ¾òÀ» ¼ö ÀÖ´Ù. ÀÌ »çÀÌÆ®´Â ÇöÀç Steve Grevemeyer°¡ °ü¸®ÇÏ°í ÀÖÀ¸¸ç, ±×´Â dzºÎÇÑ µ¥ÀÌŸº£À̽º¸¦ ±¸ÃàÇØ ³õ¾Ò´Ù. ¾ÆÁÖ ÈǸ¢ÇÑ Á¤º¸ÀÚ¿øÀÌ´Ù!
ÀϹÝÀûÀ¸·Î, Ç¥ÁØ TCP¿Í UDP¸¦ »ç¿ëÇÏ´Â ÀÀ¿ëÇÁ·Î±×·¥µéÀº Àß ÀÛµ¿ÇÒ °ÍÀÌ´Ù. ¸¸¾à ¾î¶°ÇÑ Á¦¾ÈÀ̳ª ÈùÆ®µîÀÌ ÀÖ´Ù¸é
IP Masquerade Resource¸¦ È®ÀÎÇؼ ÀÚ¼¼ÇÑ »çÇ×À» È®ÀÎÇϱ⠹ٶõ´Ù.
IP ¸¶½ºÄ¿·¹À̵å¿Í ÇÔ²² -µ¿ÀÛÇÏ´Â- ³×Æ®¿÷ Ŭ¶óÀ̾ðÆ®µé
ÀϹÝÀûÀΠŬ¶óÀ̾ðÆ®µé:
- Archie
-
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, ÈÀÏ °Ë»ö Ŭ¶óÀ̾ðÆ® (¸ðµç archie Ŭ¶óÀ̾ðÆ®°¡ Áö¿øµÇÁö´Â ¾Ê´Â´Ù).
- FTP
-
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, active FTP Á¢¼ÓÀ» À§Çؼ ip_masq_ftp.o Ä¿³Î ¸ðµâ »ç¿ë.
- Gopher client
-
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû.
- HTTP
-
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, À¥ ¼ÇÎ.
- IRC
-
Áö¿øµÇ´Â ¿©·¯°¡Áö Ç÷§Æû¿¡¼ µ¿ÀÛÇÏ´Â ¸ðÀº IRC Ŭ¶óÀ̾ðÆ®, DCC´Â ip_masq_irc.o ¸ðµâÀ» ÅëÇؼ Áö¿ø.
- NNTP (USENET)
-
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, USENET ´º½º Ŭ¶óÀ̾ðÆ®.
- PING
-
¸ðµç Ç÷§Æû, ICMP ¸¶½ºÄ¿·¹À̵ù Ä¿³Î ¿É¼Ç »ç¿ë
- POP3
-
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, À̸ÞÀÏ Å¬¶óÀ̾ðÆ®.
- SSH
-
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, º¸¾È»ó ¾ÈÀüÇÑ TELNET/FTP Ŭ¶óÀ̾ðÆ®.
- SMTP
-
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, Sendmail, Qmail, PostFixµîÀÇ À̸ÞÀÏ ¼¹ö.
- TELNET
-
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, ¿ø°Ý Á¢¼Ó.
- TRACEROUTE
-
UNIX¿Í Windows ±â¹Ý Ç÷§Æû, ¸î°¡Áö º¯Á¾µéÀº µ¿ÀÛÇÏÁö ¾ÊÀ» ¼ö ÀÖ´Ù.
- VRML
-
Windows(Áö¿øµÇ´Â ¸ðµç Ç÷§Æû¿¡¼µµ ¾î¼¸é °¡´É), °¡»ó Çö½Ç.
- WAIS client
-
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû.
¸ÖƼ¹Ìµð¾î¿Í Åë½Å Ŭ¶óÀ̾ðÆ®:
- Alpha Worlds
-
Windows, Ŭ¶óÀ̾ðÆ®-¼¹ö ¹æ½ÄÀÇ 3D äÆà ÇÁ·Î±×·¥.
- CU-SeeMe
-
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, ip_masq_cuseeme ¸ðµâ »ç¿ë, ÀÚ¼¼ÇÑ »çÇ×Àº
CuSeeme
¼½¼Ç ÂüÁ¶.
- ICQ
-
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû. ¸®´ª½º Ä¿³ÎÀÌ IPPORTFW¸¦ Áö¿øÇϵµ·Ï ÄÄÆÄÀϵǾî¾ß Çϸç, ICQ°¡ NON-SOCKS ÇÁ·Ï½Ã µÚÂÊ¿¡¼ µ¿ÀÛÇϵµ·Ï ¼³Á¤µÇ¾î¾ß ÇÑ´Ù. ÀÌ ¼³Á¤¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ ¼³¸íÀº
ICQ
¼½¼Ç¿¡¼ È®ÀÎÇÒ ¼ö ÀÖ´Ù.
- Internet Phone 3.2
-
Windows, Peer-to-peer ¹æ½ÄÀÇ À½¼º Åë½Å, ´ç½ÅÀÌ Åëȸ¦ ¿äûÇÏ´Â °æ¿ì¿¡´Â Åë½ÅÀÌ °¡´ÉÇÏÁö¸¸, ´Ù¸¥ »ç¶÷µéÀÌ ´ç½Å¿¡°Ô Åëȸ¦ ¿äûÇÒ ¼ö ÀÖ°Ô ÇÏ·Á¸é ƯÁ¤ Æ÷Æ®¸¦ Æ÷¿öµùÇϵµ·Ï ¼³Á¤ÇØ¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº
Forwarders
¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù.
- Internet Wave Player
-
Windows, ³×Æ®¿÷ ½ºÆ®¸®¹Ö ¿Àµð¿À(network streaming audio).
- Powwow
-
Windows, Peer-to-peer ¹æ½ÄÀÇ ÅؽºÆ®, À½¼º, ÂÊÁö Åë½Å, ´ç½ÅÀÌ Åëȸ¦ ¿äûÇÏ´Â °æ¿ì¿¡´Â Åë½ÅÀÌ °¡´ÉÇÏÁö¸¸, ´Ù¸¥ »ç¶÷µéÀÌ ´ç½Å¿¡°Ô Åëȸ¦ ¿äûÇÒ ¼ö ÀÖ°Ô ÇÏ·Á¸é ƯÁ¤ Æ÷Æ®¸¦ Æ÷¿öµùÇϵµ·Ï ¼³Á¤ÇØ¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº
Forwarders
¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù.
- Real Audio Player
-
Windows, ³×Æ®¿÷ ½ºÆ®¸®¹Ö ¿Àµð¿À(network streaming audio), ip_masq_raudio UDP ¸ðµâÀ» »ç¿ëÇÏ¸é ´õ ÁÁÀº À½ÁúÀ» ¾òÀ» ¼ö ÀÖ´Ù.
- True Speech Player 1.1b
-
Windows, ³×Æ®¿÷ ½ºÆ®¸®¹Ö ¿Àµð¿À(network streaming audio)
- VDOLive
-
Windows, ip_masq_vdolive ÆÐÄ¡ Àû¿ë.
- Worlds Chat 0.9a
-
Windows, Ŭ¶óÀ̾ðÆ®-¼¹ö ¹æ½ÄÀÇ 3D äÆà ÇÁ·Î±×·¥.
°ÔÀÓ - LooseUDP ÆÐÄ¡¿¡ °üÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº
LooseUDP
¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
- Battle.net
-
µ¿ÀÛÀº ÇÏÁö¸¸, TCP Æ÷Æ® 116°ú 118°ú UDP Æ÷Æ® 6112¸¦ °ÔÀÓÀ» ½ÇÇàÇÏ´Â ÄÄÇ»ÅÍ·Î IP Æ÷¿öµù(IPPORTFW)ÇØÁà¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº
Forwarders
¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. FSGS¿Í Bnetd ¼¹ö´Â NAT¿Í Àß µ¿ÀÛÇϵµ·Ï ¸¸µé¾îÁ® ÀÖÁö ¾Ê±â ¶§¹®¿¡ IPPORTFW¸¦ ÇÊ¿ä·Î ÇÑ´Ù.
- BattleZone 1.4
-
LooseUDP ÆÐÄ¡¸¦ ÇÏ°í »õ·Î¿î NAT¿Í Àß µ¿ÀÛÇÏ´Â
.DLLs from Activision¸¦ »ç¿ëÇÏ¸é µ¿ÀÛÇÑ´Ù.
- Dark Reign 1.4
-
LooseUDP ÆÐÄ¡¸¦ Çϰųª TCP Æ÷Æ® 116°ú 118°ú UDP Æ÷Æ® 6112¸¦ °ÔÀÓÀ» ½ÇÇàÇÏ´Â ÄÄÇ»ÅÍ·Î IP Æ÷¿öµù(IPPORTFW)ÇØÁà¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº
Forwarders
¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
- Diablo
-
LooseUDP ÆÐÄ¡¸¦ Çϰųª TCP Æ÷Æ® 116°ú 118°ú UDP Æ÷Æ® 6112¸¦ °ÔÀÓÀ» ½ÇÇàÇÏ´Â ÄÄÇ»ÅÍ·Î IP Æ÷¿öµù(IPPORTFW)ÇØÁà¾ß ÇÑ´Ù. DiabloÀÇ »õ·Î¿î ¹öÁ¯Àº TCP Æ÷Æ® 6112¿Í UDP Æ÷Æ® 6112¸¸À» »ç¿ëÇÑ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº
Forwarders
¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
- Heavy Gear 2
-
LooseUDP ÆÐÄ¡¸¦ Çϰųª TCP Æ÷Æ® 116°ú 118°ú UDP Æ÷Æ® 6112¸¦ °ÔÀÓÀ» ½ÇÇàÇÏ´Â ÄÄÇ»ÅÍ·Î IP Æ÷¿öµù(IPPORTFW)ÇØÁà¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº
Forwarders
¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
- Quake I/II/III
-
¹Ù·Î ÀÛµ¿ÇÏÁö¸¸, ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö µÚÂÊ¿¡ Quake I/II/III Ç÷¹À̾ µÎ ¸í ÀÌ»ó ÀÖÀ» ¶§¿¡´Â ip_masq_quake ¸ðµâÀÌ ÇÊ¿äÇÏ´Ù. ¶Ç,, ÀÌ ¸ðµâÀº ±âº»ÀûÀ¸·Î´Â Quake I°ú QuakeWorld¸¸ Áö¿øÇÑ´Ù. Quake II¸¦ Áö¿øÇÏ°Ô Çϰųª ¼¹ö¿¡ ±âº»À¸·Î Á¤ÇØÁø ÀÌ¿ÜÀÇ Æ÷Æ®·Î Á¢¼ÓÇÏ°íÀÚ ÇÒ ¶§¿¡´Â,
rc.firewall-2.0.x
¿Í
rc.firewall-2.2.x
ÀÇ ¸ðµâ ¼³Ä¡ ¼½¼ÇÀ» ÂüÁ¶Ç϶ó.
- StarCraft
-
LooseUDP ÆÐÄ¡¸¦ ÇÏ°í TCP¿Í UDPÀÇ 6112¹ø Æ÷Æ®¸¦ ¸¶½ºÄ¿·¹À̵ù ³»ºÎÀÇ °ÔÀÓÀ» ½ÇÇàÇÏ·Á´Â ÄÄÇ»ÅÍ·Î Æ÷¿öµù(IPPORTFW)ÇØÁÖ¾î¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº
Forwarders
¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
- WorldCraft
-
LooseUDP ÆÐÄ¡¸¦ ÇÏ¸é µ¿ÀÛÇÑ´Ù.
±×¿ÜÀÇ Å¬¶óÀ̾ðÆ®µé:
- Linux net-acct package
-
Linux, ³×Æ®¿÷ °ü¸®-¾îÄ«¿îÆà °ü·Ã ÆÐÅ°Áö
- NCSA Telnet 2.3.08
-
DOS, TELNET, FTP, PINGµîÀÌ Æ÷ÇÔµÈ ÆÐÅ°Áö
- PC-anywhere for Windows
-
MS-Windows, TCP/IP¸¦ ÅëÇؼ ¿ø°ÝÀ¸·Î PC¸¦ Á¦¾îÇÑ´Ù. ƯÁ¤ÇÑ Æ÷Æ®¸¦ Æ÷¿öµùÇϵµ·Ï ¼³Á¤ÇÏÁö ¾ÊÀ¸¸é, Ŭ¶óÀ̾ðÆ®·Î´Â µ¿ÀÛÇÏÁö¸¸ È£½ºÆ®(¼¹ö)·Î´Â µ¿ÀÛÇÏÁö ¾Ê´Â´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº
Forwarders
¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
- Socket Watch
-
NTP »ç¿ë - ³×Æ®¿÷ ½Ã°£Á¶Àý ÇÁ·ÎÅäÄÝ
µ¿ÀÛÇÏÁö ¾Ê´Â Ŭ¶óÀ̾ðÆ®:
- All H.323 programs
-
- MS Netmeeting, Intel Internet Phone Beta 2 - ¿¬°áÀº µÇÁö¸¸ ¸ñ¼Ò¸®´Â ÇÑÂÊÀ¸·Î¸¸(³ª°¡´Â ÂÊ) Àü´ÞµÈ´Ù. À̸¦ ÇØ°á °¡´ÉÇÑ ¹æ¹ýÀ¸·Î½á,
Equivalence's PhonePatch H.323 gateway¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù.
- Intel Streaming Media Viewer Beta 1
-
¼¹ö¿¡ ¿¬°áÇÒ ¼ö ¾ø´Ù.
- Netscape CoolTalk
-
»ó´ëÆí¿¡ ¿¬°áÇÒ ¼ö ¾ø´Ù.
- WebPhone
-
ÇöÀç´Â µ¿ÀÛÇÏÁö ¾Ê´Â´Ù. (ÀÌ ÀÀ¿ëÇÁ·Î±×·¥Àº IP ÁÖ¼Ò¿¡ ´ëÇÑ À߸øµÈ °¡Á¤À» ÇÑ´Ù.)
ÀÌ ¼½¼Ç¿¡´Â Ä¿³Î 2.0.x¿¡¼ »ç¿ëµÇ´Â ¹æȺ® µµ±¸ÀÎ IPFWADM¿¡ ´ëÇÑ ´õ ½Éµµ ÀÖ´Â ¾È³»°¡ ½Ç·Á ÀÖ´Ù. IPCHAINS(2.2.x ¿ë)ÀÇ Á¤Ã¥µé¿¡ ´ëÇؼ´Â ´ÙÀ½ ¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù.
ÀÌ ¿¹´Â ¹æȺ®/¸¶½ºÄ¿·¹ÀÌµå ½Ã½ºÅÛÀ» °íÁ¤ ÁÖ¼Ò¸¦ °¡Áø PPP Á¢¼ÓÀ» ÅëÇؼ ±¸ÃàÇÏ´Â °ÍÀÌ´Ù.(µ¿Àû PPP¿¡ °üÇÑ °Íµµ Æ÷ÇԵǾî ÀÖÁö¸¸ ÄÚ¸àÆ® 󸮵Ǿî ÀÖ´Ù.) »ç¿ëµÈ ÀÎÅÍÆäÀ̽º´Â 192.168.0.1ÀÌ°í, PPP ÀÎÅÍÆäÀ̽ºÀÇ IP ÁÖ¼Ò´Â À߸øµÈ »ç¿ëÀ» ¿ì·ÁÇؼ ½ÇÁ¦¿Í ´Ù¸¥ ÁÖ¼Ò·Î ´ëüµÇ¾ú´Ù :) IP ½ºÇªÇÎ(¼ÓÀÓ)°ú ºÎÁ¤ÀûÀÎ ¶ó¿ìÆÃÀ̳ª ¸¶½ºÄ¿·¹À̵ùÀ» °ËÃâÇϱâ À§Çؼ µé¾î¿À°í ³ª°¡´Â ÀÎÅÍÆäÀ̽º¸¦ µû·Î µû·Î Àû¾ú´Ù. ¸í½ÃÀûÀ¸·Î Çã¿ëµÇÁö ¾ÊÀº °ÍÀº ±ÝÁöµÇ¾î ÀÖ´Ù (½ÇÁ¦ÀûÀ¸·Î´Â °ÅºÎµÈ´Ù). ¿©±â¿¡ ³ª¿Â rc.firewall ½ºÅ©¸³Æ®¸¦ ½ÇÇàÇÏ°í ³ª¼ IP ¸¶½ºÄ¿·¹ÀÌµå ¹Ú½º°¡ Á״´ٸé, ¿©·¯ºÐÀÇ »óȲ¿¡ ¸Âµµ·Ï ÆíÁýÀ» Çß´ÂÁö¸¦ È®ÀÎÇÏ°í, /var/log/messages³ª /var/adm/messagesÀÇ ½Ã½ºÅÛ ·Î±×ÈÀÏÀ» °ËÅäÇÑ´Ù.
PPP, ÄÉÀ̺í¸ðµ© µî¿¡ ´ëÇؼ Á»´õ ÀÌÇØÇϱ⠽¬¿î, "°µµ ³ôÀº IP ¸¶½ºÄ¿·¹À̵ùÀÇ IPFWADM Á¤Ã¥"¿¡ ´ëÇؼ´Â,
TrinityOS - Section 10¿Í
GreatCircle's Firewall WWW page¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù.
ÁÖÀÇ: ISP·ÎºÎÅÍ(PPP, ADSL, ÄÉÀÌºí ¸ðµ© µî) µ¿Àû TCP/IP ÁÖ¼Ò¸¦ ¹Þ¾Ò´Ù¸é ºÎÆýÿ¡ ÀÌ "°µµ ³ôÀº" Á¤Ã¥À» ·ÎµåÇÒ ¼ö ¾ø´Ù. µ¿ÀûÀ¸·Î IP ÁÖ¼Ò¸¦ ÇÒ´ç¹ÞÀ» ¶§¸¶´Ù ¹æȺ® Á¤Ã¥ÈÀÏÀ» ´Ù½Ã ·ÎµåÇϰųª, /etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏÀ» Á»´õ Áö´ÉÀûÀ¸·Î ¸¸µé ÇÊ¿ä°¡ ÀÖ´Ù. PPP À¯ÀúÀÇ °æ¿ì¿¡´Â, "Dynamic PPP IP fetch" ºÎºÐÀ» ÁÖÀÇ ±í°Ô ´Ù½Ã ÀÐ¾î º¸°í¼ ÀûÀýÇÑ ºÎºÐÀÇ ÄÚ¸ÇÆ®¸¦ ÇØÁ¦ÇØ ÁØ´Ù. °µµ ³ôÀº ¹æȺ® Á¤Ã¥µé°ú µ¿Àû IP ÁÖ¼Ò¿¡ °üÇÑ ´õ ÀÚ¼¼ÇÑ »çÇ×Àº
TrinityOS - Section 10 ¹®¼¸¦ ÂüÁ¶ÇÑ´Ù.
¶ÇÇÑ ¸î°¡ÁöÀÇ GUI ¹æ½ÄÀÇ ¹æȺ® ¼³Á¤ µµ±¸°¡ ÀÖ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº
FAQ
¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù.
¸¶Áö¸·À¸·Î, °íÁ¤ PPP IP ÁÖ¼Ò¸¦ »ç¿ëÇÏ°í ÀÖ´Ù¸é, "ppp_ip = "your.static.PPP.address"" ¶ó°í µÇ¾î ÀÖ´Â ÁÙÀ» ¿©·¯ºÐÀÇ IP ÁÖ¼Ò¿¡ ¸Â°Ô ¹Ù²Û´Ù.
----------------------------------------------------------------
#!/bin/sh
#
# /etc/rc.d/rc.firewall: An example of a semi-STRONG IPFWADM firewall ruleset
#
PATH=/sbin:/bin:/usr/sbin:/usr/bin
# testing, wait a bit then clear all firewall rules.
# uncomment following lines if you want the firewall to automatically
# disable after 10 minutes.
# (sleep 600; \
# ipfwadm -I -f; \
# ipfwadm -I -p accept; \
# ipfwadm -O -f; \
# ipfwadm -O -p accept; \
# ipfwadm -F -f; \
# ipfwadm -F -p accept; \
# ) &
# Load all required IP MASQ modules
#
# NOTE: Only load the IP MASQ modules you need. All current IP MASQ modules
# are shown below but are commented from loading.
# Needed to initially load modules
#
/sbin/depmod -a
# Supports the proper masquerading of FTP file transfers using the PORT method
#
/sbin/modprobe ip_masq_ftp
# Supports the masquerading of RealAudio over UDP. Without this module,
# RealAudio WILL function but in TCP mode. This can cause a reduction
# in sound quality
#
#/sbin/modprobe ip_masq_raudio
# Supports the masquerading of IRC DCC file transfers
#
#/sbin/modprobe ip_masq_irc
# Supports the masquerading of Quake and QuakeWorld by default. This modules is
# for for multiple users behind the Linux MASQ server. If you are going to play
# Quake I, II, and III, use the second example.
#
#Quake I / QuakeWorld (ports 26000 and 27000)
#/sbin/modprobe ip_masq_quake
#
#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
#/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960
# Supports the masquerading of the CuSeeme video conferencing software
#
#/sbin/modprobe ip_masq_cuseeme
#Supports the masquerading of the VDO-live video conferencing software
#
#/sbin/modprobe ip_masq_vdolive
#CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options in /etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
echo "1" > /proc/sys/net/ipv4/ip_forward
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following
# option. This enables dynamic-ip address hacking in IP MASQ, making the life
# with Diald and similar programs much easier.
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# Specify your Static IP address here.
#
# If you have a DYNAMIC IP address, you need to make this ruleset understand your
# IP address everytime you get a new IP. To do this, enable the following one-line
# script. (Please note that the different single and double quote characters MATTER).
#
# You will also need to either create the following link or have your existing
# /etc/ppp/ip-up script run the /etc/rc.d/rc.firewall script.
#
# ln -s /etc/rc.d/rc.firewall /etc/ppp/ip-up
#
# If the /etc/ppp/ip-up file already exists, you should edit it and add a line
# containing "/etc/rc.d/rc.firewall" near the end of the file.
#
# If you aren't already aware, the /etc/ppp/ip-up script is always run when a PPP
# connection comes up. Because of this, we can make the ruleset go and get the
# new PPP IP address and update the strong firewall ruleset.
#
# PPP users: If your Internet connect is via a PPP connection, the following
one-line script will work fine.
#
# DHCP users: If you get your TCP/IP address via DHCP, you will need to replace
# the word "ppp0" with the name of your external Internet connection
# (eth0, eth1, etc). It should be also noted that DHCP can change
# IP addresses on you. To fix this, users should configure their
# DHCPc or DHCP client to re-run the firewall ruleset when their
# DHCP lease is renewed. For DHCPcd users, use the "-c" option.
#
#ppp_ip = "`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
#
ppp_ip = "your.static.PPP.address"
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec firewall timeout in ICQ itself)
#
/sbin/ipfwadm -M -s 7200 10 60
#############################################################################
# Incoming, flush and set default policy of reject. Actually the default policy
# is irrelevant because there is a catch all rule with deny and log.
#
/sbin/ipfwadm -I -f
/sbin/ipfwadm -I -p reject
# local interface, local machines, going anywhere is valid
#
/sbin/ipfwadm -I -a accept -V 192.168.0.1 -S 192.168.0.0/24 -D 0.0.0.0/0
# remote interface, claiming to be local machines, IP spoofing, get lost
#
/sbin/ipfwadm -I -a reject -V $ppp_ip -S 192.168.0.0/24 -D 0.0.0.0/0 -o
# remote interface, any source, going to permanent PPP address is valid
#
/sbin/ipfwadm -I -a accept -V $ppp_ip -S 0.0.0.0/0 -D $ppp_ip/32
# loopback interface is valid.
#
/sbin/ipfwadm -I -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0
# catch all rule, all other incoming is denied and logged. pity there is no
# log option on the policy but this does the job instead.
#
/sbin/ipfwadm -I -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o
#############################################################################
# Outgoing, flush and set default policy of reject. Actually the default policy
# is irrelevant because there is a catch all rule with deny and log.
#
/sbin/ipfwadm -O -f
/sbin/ipfwadm -O -p reject
# local interface, any source going to local net is valid
#
/sbin/ipfwadm -O -a accept -V 192.168.0.1 -S 0.0.0.0/0 -D 192.168.0.0/24
# outgoing to local net on remote interface, stuffed routing, deny
#
/sbin/ipfwadm -O -a reject -V $ppp_ip -S 0.0.0.0/0 -D 192.168.0.0/24 -o
# outgoing from local net on remote interface, stuffed masquerading, deny
#
/sbin/ipfwadm -O -a reject -V $ppp_ip -S 192.168.0.0/24 -D 0.0.0.0/0 -o
# outgoing from local net on remote interface, stuffed masquerading, deny
#
/sbin/ipfwadm -O -a reject -V $ppp_ip -S 0.0.0.0/0 -D 192.168.0.0/24 -o
# anything else outgoing on remote interface is valid
#
/sbin/ipfwadm -O -a accept -V $ppp_ip -S $ppp_ip /32 -D 0.0.0.0/0
# loopback interface is valid.
#
/sbin/ipfwadm -O -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0
# catch all rule, all other outgoing is denied and logged. pity there is no
# log option on the policy but this does the job instead.
#
/sbin/ipfwadm -O -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o
#############################################################################
# Forwarding, flush and set default policy of deny. Actually the default policy
# is irrelevant because there is a catch all rule with deny and log.
#
/sbin/ipfwadm -F -f
/sbin/ipfwadm -F -p deny
# Masquerade from local net on local interface to anywhere.
#
/sbin/ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/24 -D 0.0.0.0/0
#
# catch all rule, all other forwarding is denied and logged. pity there is no
# log option on the policy but this does the job instead.
#
/sbin/ipfwadm -F -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o
IPFWADMÀ» »ç¿ëÇϸé, ¿©·¯ºÐÀº -I, -O, -F µîÀÇ ¿É¼ÇÀ» ÀÌ¿ëÇؼ ƯÁ¤ »çÀÌÆ®·ÎÀÇ Á¢±ÙÀ» Á¦ÇÑÇÒ ¼ö ÀÖ´Ù. °¢ Á¤Ã¥ ¸í·ÉµéÀº À§¿¡¼ºÎÅÍ ¾Æ·¡·Î ÀÐÇôÁö°í, "-a" ´Â ±âÁ¸ÀÇ Á¤Ã¥¿¡ "µ¡ºÙÀδÙ"´Â °ÍÀ» À¯³äÇÑ´Ù. ±×·¯¹Ç·Î, ƯÁ¤ÇÑ Á¦ÇÑ »çÇ×Àº Àü¹ÝÀûÀÎ Á¤Ã¥º¸´Ù ¾Õ¿¡ ¿Í¾ß ÇÑ´Ù. ¿¹¸¦ µé¸é:
-I ¸¦ »ç¿ëÇϸé, °¡Àå ºü¸£Áö¸¸ Á¦ÇÑ »çÇ×Àº ³»ºÎÀÇ ÄÄÇ»Å͵鿡°Ô¸¸ Àû¿ëµÈ´Ù. ¹æȺ® ÄÄÇ»ÅÍ ÀÚü´Â ¿©ÀüÈ÷ "±ÝÁöµÈ" »çÀÌÆ®¿¡ Á¢¼ÓÇÒ ¼ö ÀÖ´Ù. ¹°·Ð ¿©·¯ºÐÀº À̰͵éÀ» Á¶ÇÕÇؼ »ç¿ëÇÒ ¼öµµ ÀÖ´Ù.
/etc/rc.d/rc.firewall Á¤Ã¥ ÈÀÏ Áß¿¡¼:
... start of -I rules ...
# reject and log local interface, local machines going to 204.50.10.13
#
/sbin/ipfwadm -I -a reject -V 192.168.0.1 -S 192.168.0.0/24 -D 204.50.10.13/32 -o
# local interface, local machines, going anywhere is valid
#
/sbin/ipfwadm -I -a accept -V 192.168.0.1 -S 192.168.0.0/24 -D 0.0.0.0/0
... end of -I rules ...
-O ¸¦ »ç¿ëÇϸé, ÆÐŶµéÀÌ ¸¶½ºÄ¿·¹À̵ùÀ» ¸ÕÀú Åë°úÇϱ⠶§¹®¿¡ ¼Óµµ´Â °¡Àå ´À¸®Áö¸¸, ¹æȺ® ÄÄÇ»ÅÍ ÀÚüµµ ±ÝÁöµÈ »çÀÌÆ®¿¡ Á¢¼ÓÇÒ ¼ö ¾ø´Ù.
... start of -O rules ...
# reject and log outgoing to 204.50.10.13
#
/sbin/ipfwadm -O -a reject -V $ppp_ip -S $ppp_ip/32 -D 204.50.10.13/32 -o
# anything else outgoing on remote interface is valid
#
/sbin/ipfwadm -O -a accept -V $ppp_ip -S $ppp_ip/32 -D 0.0.0.0/0
... end of -O rules ...
-F ¸¦ »ç¿ëÇϸé, -I ¸¦ »ç¿ëÇÑ °Íº¸´Ù´Â Á¶±Ý ´õ ´À¸®°í ¿ª½Ã ¸¶½ºÄ¿·¹ÀÌµå µÇ´Â (³»ºÎÀÇ) ÄÄÇ»Å͵鸸 Á¦ÇÑÇÏ°í ¹æȺ® ÄÄÇ»ÅÍ ÀÚü´Â ±ÝÁöµÈ »çÀÌÆ®¿¡ Á¢¼ÓÇÒ ¼ö ÀÖ´Ù.
... start of -F rules ...
# Reject and log from local net on PPP interface to 204.50.10.13.
#
/sbin/ipfwadm -F -a reject -W ppp0 -S 192.168.0.0/24 -D 204.50.10.13/32 -o
# Masquerade from local net on local interface to anywhere.
#
/sbin/ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/24 -D 0.0.0.0/0
... end of -F rules ...
192.168.0.0/24°¡ 204.50.11.0·Î Á¢¼ÓÇÒ ¼ö ÀÖµµ·Ï Çã¿ëÇϱâ À§ÇØ Æ¯º°ÇÑ Á¤Ã¥ÀÌ ÇÊ¿äÇÏÁö´Â ¾Ê´Ù. Àü¹ÝÀûÀÎ Á¤Ã¥¿¡ Æ÷ÇԵǾî Àֱ⠶§¹®ÀÌ´Ù.
À§ÀÇ Á¤Ã¥ÈÀÏ¿¡¼ ÀÎÅÍÆäÀ̽º¸¦ ±¸¼ºÇÏ´Â ¹æ¹ýÀº ¿©·¯°¡Áö°¡ ÀÖÀ» ¼ö ÀÖ´Ù. ¿¹¸¦ µé¾î¼, "-V 192.168.255.1" ´ë½Å¿¡ "-W eth0"¶ó°í ÀûÀ» ¼ö ÀÖ°í, "-V $ppp_ip" ´ë½Å¿¡ "-W ppp0"¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù. "-V" ¸¦ »ç¿ëÇÏ´Â °ÍÀº IPCHAINS¿ÍÀÇ È£È¯À» À§Çؼ »ç¿ëµÈ °ÍÀÌ°í, IPFWADM¸¸À» »ç¿ëÇÑ´Ù¸é ÀüÀûÀ¸·Î »ç¿ëÀÚÀÇ ¼±ÅÃÀÌ´Ù.
ÀÌ ¼½¼Ç¿¡´Â Ä¿³Î 2.2.x¿¡¼ »ç¿ëµÇ´Â ¹æȺ® µµ±¸ÀÎ IPCHAINS¿¡ ´ëÇÑ ´õ ½Éµµ ÀÖ´Â ¾È³»°¡ ½Ç·Á ÀÖ´Ù. IPFWADM(2.0.x ¿ë)ÀÇ Á¤Ã¥µé¿¡ ´ëÇؼ´Â ÀÌÀü ¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù.
ÀÌ ¿¹´Â ¹æȺ®/¸¶½ºÄ¿·¹ÀÌµå ½Ã½ºÅÛÀ» °íÁ¤ ÁÖ¼Ò¸¦ °¡Áø PPP Á¢¼ÓÀ» ÅëÇؼ ±¸ÃàÇÏ´Â °ÍÀÌ´Ù.(µ¿Àû PPP¿¡ °üÇÑ °Íµµ Æ÷ÇԵǾî ÀÖÁö¸¸ ÄÚ¸àÆ® 󸮵Ǿî ÀÖ´Ù.) »ç¿ëµÈ ÀÎ>ÅÍÆäÀ̽º´Â 192.168.0.1ÀÌ°í, PPP ÀÎÅÍÆäÀ̽ºÀÇ IP ÁÖ¼Ò´Â À߸øµÈ »ç¿ëÀ» ¿ì·ÁÇؼ ½ÇÁ¦¿Í ´Ù¸¥ ÁÖ¼Ò·Î ´ëüµÇ¾ú´Ù :) IP ½ºÇªÇÎ(¼ÓÀÓ)°ú ºÎÁ¤ÀûÀÎ ¶ó¿ìÆÃÀ̳ª ¸¶½ºÄ¿·¹À̵ùÀ» °ËÃâÇϱâ À§Çؼ µé¾î¿À°í ³ª°¡´Â ÀÎÅÍÆäÀ̽º¸¦ µû·Î µû·Î Àû¾ú´Ù. ¸í½ÃÀûÀ¸·Î Çã¿ëµÇÁö ¾ÊÀº °ÍÀº ±ÝÁöµÇ¾î ÀÖ´Ù (½ÇÁ¦ÀûÀ¸·Î´Â °ÅºÎµÈ´Ù). ¿©±â¿¡ ³ª¿Â rc.firewall ½ºÅ©¸³Æ®¸¦ ½ÇÇàÇÏ°í ³ª¼ IP ¸¶½ºÄ¿·¹ÀÌµå ¹Ú½º°¡ Á״´ٸé, ¿©·¯ºÐÀÇ >»óȲ¿¡ ¸Âµµ·Ï ÆíÁýÀ» Çß´ÂÁö¸¦ È®ÀÎÇÏ°í, /var/log/messages³ª /var/adm/messagesÀÇ ½Ã½ºÅÛ ·Î±×ÈÀÏÀ» °ËÅäÇÑ´Ù.
PPP, ÄÉÀ̺í¸ðµ© µî¿¡ ´ëÇؼ Á»´õ ÀÌÇØÇϱ⠽¬¿î, "°µµ ³ôÀº IP ¸¶½ºÄ¿·¹À̵ùÀÇ IPFWADM Á¤Ã¥"¿¡ ´ëÇؼ´Â,
TrinityOS - Section 10¿Í
GreatCircle's Firewall WWW page¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù.
ÁÖÀÇ #1: 2.2.11º¸´Ù ¹öÁ¯ÀÌ ³·Àº ¸®´ª½º 2.2.x Ä¿³ÎÀº
IPCHAINS fragmentation bug¸¦ °¡Áö°í ÀÖ´Ù. ÀÌ ¶§¹®¿¡, °µµ ³ôÀº IPCHAINS Á¤Ã¥À» »ç¿ëÇÏ¸é °ø°Ý¿¡ ³ëÃâµÇ°Ô µÈ´Ù. ¹ö±×°¡ ¼öÁ¤µÈ Ä¿³Î·Î ¾÷±×·¹À̵åÇϱ⠹ٶõ´Ù.
ÁÖÀÇ #2: ISP·ÎºÎÅÍ(PPP, ADSL, ÄÉÀÌºí ¸ðµ© µî) µ¿Àû TCP/IP ÁÖ¼Ò¸¦ ¹Þ¾Ò´Ù¸é ºÎÆýÿ¡ ÀÌ "°µµ ³ôÀº" Á¤Ã¥À» ·ÎµåÇÒ ¼ö ¾ø´Ù. µ¿ÀûÀ¸·Î IP ÁÖ¼Ò¸¦ ÇÒ´ç¹ÞÀ» ¶§¸¶´Ù ¹æȺ® Á¤Ã¥ÈÀÏÀ» ´Ù½Ã ·ÎµåÇϰųª, /etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏÀ» Á»´õ Áö´ÉÀûÀ¸·Î ¸¸µé ÇÊ¿ä°¡ ÀÖ´Ù. PPP À¯ÀúÀÇ °æ¿ì¿¡´Â, "Dynamic PPP IP fetch" >ºÎºÐÀ» ÁÖÀÇ ±í°Ô ´Ù½Ã ÀÐ¾î º¸°í¼ ÀûÀýÇÑ ºÎºÐÀÇ ÄÚ¸ÇÆ®¸¦ ÇØÁ¦ÇØ ÁØ´Ù. °µµ ³ôÀº ¹æȺ® Á¤Ã¥µé°ú µ¿Àû IP ÁÖ¼Ò¿¡ °üÇÑ ´õ ÀÚ¼¼ÇÑ »çÇ×Àº
TrinityOS - Section 10 >¹®¼¸¦ ÂüÁ¶ÇÑ´Ù.
¶ÇÇÑ ¸î°¡ÁöÀÇ GUI ¹æ½ÄÀÇ ¹æȺ® ¼³Á¤ µµ±¸°¡ ÀÖ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº
FAQ
¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù.
¸¶Áö¸·À¸·Î, °íÁ¤ PPP IP ÁÖ¼Ò¸¦ »ç¿ëÇÏ°í ÀÖ´Ù¸é, "ppp_ip = "your.static.PPP.address"" ¶ó°í µÇ¾î ÀÖ´Â ÁÙÀ» ¿©·¯ºÐÀÇ IP ÁÖ¼Ò¿¡ ¸Â°Ô ¹Ù²Û´Ù.
----------------------------------------------------------------
#!/bin/sh
#
# /etc/rc.d/rc.firewall: An example of a Semi-Strong IPCHAINS firewall ruleset.
#
PATH=/sbin:/bin:/usr/sbin:/usr/bin
# Load all required IP MASQ modules
#
# NOTE: Only load the IP MASQ modules you need. All current IP MASQ modules
# are shown below but are commented from loading.
# Needed to initially load modules
#
/sbin/depmod -a
# Supports the proper masquerading of FTP file transfers using the PORT method
#
/sbin/modprobe ip_masq_ftp
# Supports the masquerading of RealAudio over UDP. Without this module,
# RealAudio WILL function but in TCP mode. This can cause a reduction
# in sound quality
#
/sbin/modprobe ip_masq_raudio
# Supports the masquerading of IRC DCC file transfers
#
#/sbin/modprobe ip_masq_irc
# Supports the masquerading of Quake and QuakeWorld by default. This modules is
# for for multiple users behind the Linux MASQ server. If you are going to play
# Quake I, II, and III, use the second example.
#
#Quake I / QuakeWorld (ports 26000 and 27000)
#/sbin/modprobe ip_masq_quake
#
#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
#/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960
# Supports the masquerading of the CuSeeme video conferencing software
#
#/sbin/modprobe ip_masq_cuseeme
#Supports the masquerading of the VDO-live video conferencing software
#
#/sbin/modprobe ip_masq_vdolive
#CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options in /etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
echo "1" > /proc/sys/net/ipv4/ip_forward
# Get the dynamic IP address assigned via DHCP
#
extip="`/sbin/ifconfig eth1 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
extint="eth1"
# Assign the internal IP
intint="eth0"
intnet="192.168.1.0/24"
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec firewall timeout in ICQ itself)
#
ipchains -M -S 7200 10 60
#############################################################################
# Incoming, flush and set default policy of reject. Actually the default policy
# is irrelevant because there is a catch all rule with deny and log.
#
ipchains -F input
ipchains -P input REJECT
# local interface, local machines, going anywhere is valid
#
ipchains -A input -i $intint -s $intnet -d 0.0.0.0/0 -j ACCEPT
# remote interface, claiming to be local machines, IP spoofing, get lost
#
ipchains -A input -i $extint -s $intnet -d 0.0.0.0/0 -l -j REJECT
# remote interface, any source, going to permanent PPP address is valid
#
ipchains -A input -i $extint -s 0.0.0.0/0 -d $extip/32 -j ACCEPT
# loopback interface is valid.
#
ipchains -A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
# catch all rule, all other incoming is denied and logged. pity there is no
# log option on the policy but this does the job instead.
#
ipchains -A input -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT
#############################################################################
# Outgoing, flush and set default policy of reject. Actually the default policy
# is irrelevant because there is a catch all rule with deny and log.
#
ipchains -F output
ipchains -P output REJECT
# local interface, any source going to local net is valid
#
ipchains -A output -i $intint -s 0.0.0.0/0 -d $intnet -j ACCEPT
# outgoing to local net on remote interface, stuffed routing, deny
#
ipchains -A output -i $extint -s 0.0.0.0/0 -d $intnet -l -j REJECT
# outgoing from local net on remote interface, stuffed masquerading, deny
#
ipchains -A output -i $extint -s $intnet -d 0.0.0.0/0 -l -j REJECT
# anything else outgoing on remote interface is valid
#
ipchains -A output -i $extint -s $extip/32 -d 0.0.0.0/0 -j ACCEPT
# loopback interface is valid.
#
ipchains -A output -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
# catch all rule, all other outgoing is denied and logged. pity there is no
# log option on the policy but this does the job instead.
#
ipchains -A output -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT
#############################################################################
# Forwarding, flush and set default policy of deny. Actually the default policy
# is irrelevant because there is a catch all rule with deny and log.
#
ipchains -F forward
ipchains -P forward DENY
# Masquerade from local net on local interface to anywhere.
#
ipchains -A forward -i $extint -s $intnet -d 0.0.0.0/0 -j MASQ
#
# catch all rule, all other forwarding is denied and logged. pity there is no
# log option on the policy but this does the job instead.
#
ipchains -A forward -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT
IPCHAINS¸¦ »ç¿ëÇϸé, ¿©·¯ºÐÀº "input", "output", "forward" ±ÔÄ¢À» ÅëÇؼ ƯÁ¤ »çÀÌÆ®¿ÍÀÇ Åë½ÅÀ» Á¦ÇÑÇÒ ¼ö ÀÖ´Ù. °¢ Á¤Ã¥ ¸í·ÉµéÀº À§¿¡¼ºÎÅÍ ¾Æ·¡·Î ÀÐÇôÁö°í, "-A" ´Â ±âÁ¸ÀÇ Á¤Ã¥¿¡ "µ¡ºÙÀδÙ"´Â °ÍÀ» À¯³äÇÑ´Ù. ±×·¯¹Ç·Î, ƯÁ¤ÇÑ Á¦ÇÑ »çÇ×Àº Àü¹ÝÀûÀÎ Á¤Ã¥º¸´Ù ¾Õ¿¡ ¿Í¾ß ÇÑ´Ù. ¿¹¸¦ µé¸é:
"input" ±ÔÄ¢: °¡Àå ºü¸£Áö¸¸ Á¦ÇÑÀº ³»ºÎÀÇ ÄÄÇ»Å͵鿡°Ô¸¸ Àû¿ëµÈ´Ù. ¹æȺ® ÄÄÇ»ÅÍ ÀÚü´Â ¿©ÀüÈ÷ "±ÝÁöµÈ" »çÀÌÆ®¿¡ Á¢¼ÓÇÒ ¼ö ÀÖ´Ù. ¹°·Ð ¿©·¯ºÐÀº À̰͵éÀ» Á¶ÇÕÇؼ »ç¿ëÇÒ ¼öµµ ÀÖ´Ù.
/etc/rc.d/rc.firewall Á¤Ã¥ ÈÀÏ Áß¿¡¼:
... start of "input" rules ...
# reject and log local interface, local machines going to 204.50.10.13
#
/sbin/ipfwadm -I -a reject -V 192.168.0.1 -S 192.168.0.0/24 -D 204.50.10.13/32 -o
# local interface, local machines, going anywhere is valid
#
/sbin/ipfwadm -I -a accept -V 192.168.0.1 -S 192.168.0.0/24 -D 0.0.0.0/0
... end of "input" rules ...
"output"À» »ç¿ëÇϸé, ÆÐŶµéÀÌ ¸¶½ºÄ¿·¹À̵ùÀ» ¸ÕÀú Åë°úÇϱ⠶§¹®¿¡ ¼Óµµ´Â °¡Àå ´À¸®Áö¸¸, ¹æȺ® ÄÄÇ»ÅÍ ÀÚüµµ ±ÝÁöµÈ »çÀÌÆ®¿¡ Á¢¼ÓÇÒ ¼ö ¾ø´Ù.
... start of "output" rules ...
# reject and log outgoing to 204.50.10.13
#
/sbin/ipfwadm -O -a reject -V $ppp_ip -S $ppp_ip/32 -D 204.50.10.13/32 -o
# anything else outgoing on remote interface is valid
#
/sbin/ipfwadm -O -a accept -V $ppp_ip -S $ppp_ip/32 -D 0.0.0.0/0
... end of "output" rules ...
"forward"¸¦ »ç¿ëÇϸé, "input"À» »ç¿ëÇÑ °Íº¸´Ù´Â Á¶±Ý ´õ ´À¸®°í ¿ª½Ã ¸¶½ºÄ¿·¹ÀÌµå µÇ´Â (³»ºÎÀÇ) ÄÄÇ»Å͵鸸 Á¦ÇÑÇÏ°í ¹æȺ® ÄÄÇ»ÅÍ ÀÚü´Â ±ÝÁöµÈ »çÀÌÆ®¿¡ Á¢¼ÓÇÒ ¼ö ÀÖ´Ù.
... start of "forward" rules ...
# Reject and log from local net on PPP interface to 204.50.10.13.
#
/sbin/ipfwadm -F -a reject -W ppp0 -S 192.168.0.0/24 -D 204.50.10.13/32 -o
# Masquerade from local net on local interface to anywhere.
#
/sbin/ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/24 -D 0.0.0.0/0
... end of "forward" rules ...
192.168.0.0/24°¡ 204.50.11.0·Î Á¢¼ÓÇÒ ¼ö ÀÖµµ·Ï Çã¿ëÇϱâ À§ÇØ Æ¯º°ÇÑ Á¤Ã¥ÀÌ ÇÊ¿äÇÏÁö´Â ¾Ê´Ù. Àü¹ÝÀûÀÎ Á¤Ã¥¿¡ Æ÷ÇԵǾî Àֱ⠶§¹®ÀÌ´Ù.
IPFWADM¿Í´Â ´Ù¸£°Ô, À§ÀÇ Á¤Ã¥ÈÀÏ¿¡¼ ÀÎÅÍÆäÀ̽º¸¦ ±¸¼ºÇÏ´Â ¹æ¹ýÀº ¿ÀÁ÷ ÇÑ°¡Áö »ÓÀÌ´Ù. IPCHAINS´Â "-i eth0" ¿É¼ÇÀ» »ç¿ëÇÑ´Ù. "-V"´Â IPFWADMÀÇ ¹æ¹ýÀ¸·Î IPCHAINS¿ÍÀÇ È£È¯À» À§Çؼ »ç¿ëµÈ °ÍÀÌ°í, IPFWADM¸¸À» »ç¿ëÇÑ´Ù¸é ÀüÀûÀ¸·Î »ç¿ëÀÚÀÇ ¼±ÅÃÀÌ´Ù.
¿©·¯°³ÀÇ ³»ºÎ ³×Æ®¿÷À» ¸¶½ºÄ¿·¹À̵ùÇÏ´Â °ÍÀÌ ¸Å¿ì °£´ÜÇÏ´Ù. ¿ì¼± ³»ºÎ¿Í ¿ÜºÎÀÇ ¸ðµç ³×Æ®¿÷ÀÌ Á¦´ë·Î µ¿ÀÛÇÏ´ÂÁö È®ÀÎÇØ¾ß ÇÑ´Ù. ±×·± ÈÄ¿¡ ³×Æ®¿÷ Æ®·¡ÇÈÀÌ ³»ºÎÀÇ ´Ù¸¥ ÄÄÇ»Å͵鿡°Ôµµ Àü´ÞµÇ°í ÀÎÅͳÝÀ¸·Î ¸¶½ºÄ¿·¹À̵ùµÇµµ·Ï ¸¸µé¾î¾ß ÇÑ´Ù.
´ÙÀ½À¸·Î, ³»ºÎÀÇ ÀÎÅÍÆäÀ̽º¿¡ ¸¶½ºÄ¿·¹À̵ùÀ» »ç¿ë°¡´ÉÇϵµ·Ï ÇØÁà¾ß ÇÑ´Ù. ÀÌ ¿¹´Â eth1 (192.168.0.1)¿Í eth2 (192.168.1.1)ÀÇ µÎ°³ÀÇ ³»ºÎ ÀÎÅÍÆäÀ̽º°¡ ¿ÜºÎ·Î ÇâÇÏ´Â eth0 ÀÎÅÍÆäÀ̽º·Î ¸¶½ºÄ¿·¹À̵ùµÇµµ·Ï ¼³Á¤ÇÏ´Â °ÍÀÌ´Ù. rc.firewall Á¤Ã¥ÈÀÏ¿¡ ´ÙÀ½ ³»¿ëÀ» Ãß°¡ÇÑ´Ù:
- IPFWADMÀ» »ç¿ëÇÏ´Â 2.0.x Ä¿³Î¿ë
#Enable internal interfaces to communication between each other
/sbin/ipfwadm -F -a accept -V 192.168.0.1 -D 192.168.1.0/24
/sbin/ipfwadm -F -a accept -V 192.168.1.1 -D 192.168.0.0/24
#Enable internal interfaces to MASQ out to the Internet
/sbin/ipfwadm -F -a masq -W eth0 -S 192.168.0.0/24 -D 0.0.0.0/0
/sbin/ipfwadm -F -a masq -W eth0 -S 192.168.1.0/24 -D 0.0.0.0/0
- IPCHAINS¸¦ »ç¿ëÇÏ´Â 2.2.x Ä¿³Î¿ë
#Enable internal interfaces to communication between each other
/sbin/ipchains -A forward -i eth1 -d 192.168.1.0/24
/sbin/ipchains -A forward -i eth2 -d 192.168.0.0/24
#Enable internal interfaces to MASQ out to the Internet
/sbin/ipchains -A forward -j MASQ -i eth0 -s 192.168.0.0/24 -d 0.0.0.0/0
/sbin/ipchains -A forward -j MASQ -i eth0 -s 192.168.1.0/24 -d 0.0.0.0/0
- ÀÎÅͳݿ¡ ¿¬°áÇϱâ À§Çؼ ÀÚµ¿À¸·Î ÀüÈ Á¢¼ÓÀ» Çϵµ·Ï ¼³Á¤ÇÏ°íÀÚ ÇÑ´Ù¸é, Diald¸¦ »ç¿ëÇÑ ÀüȰɱ⳪ PPPdÀÇ »õ ¹öÁ¯À» »ç¿ëÇÏ´Â °ÍÀÌ ÁÁÀ» °ÍÀÌ´Ù. ±¸¼ºÀÌ ´õ ³ªÀº Diald¸¦ »ç¿ëÇÏ´Â °ÍÀ» ±ÇÀåÇÑ´Ù.
- Diald¸¦ ¼³Á¤Çϱâ À§Çؼ´Â,
Setting Up Diald for Linux Page³ª
TrinityOS - Section 23¸¦ »ìÆ캸±â ¹Ù¶õ´Ù.
- ÀÏ´Ü Diald¿Í IP ¸¶½ºÄ¿·¹À̵ùÀÌ Á¦´ë·Î ¼³Á¤µÇ°í ³ª¸é, ¸¶½ºÄ¿·¹À̵åµÇ´Â Ŭ¶óÀ̾ðÆ®µéÀÌ À¥À̳ª telnet, ftpµîÀÇ Á¢¼ÓÀ» ÇÏ·Á°í ÇÏ¸é ¸®´ª½º box°¡ ÀÚµ¿À¸·Î ÀÎÅÍ³Ý ¿¬°áÀ» ÇÒ °ÍÀÌ´Ù.
- óÀ½ Á¢¼Ó ¶§´Â ½Ã°£ ÃÊ°ú°¡ ÀÖÀ» ¼öµµ Àִµ¥, ¾Æ³¯·Î±× ¸ðµ©À» »ç¿ëÇÑ´Ù¸é ¾î¿ ¼ö ¾ø´Ù. ¸ðµ© ÀÚüÀÇ Á¢¼Ó°ú PPP Á¢¼ÓÀ» À§ÇÑ ½Ã°£ ¶§¹®¿¡, Ŭ¶óÀ̾ðÆ® ÇÁ·Î±×·¥µé(À¥ ºê¶ó¿ìÀú µî)ÀÌ ½Ã°£ ÃÊ°ú¸¦ ÀÏÀ¸Å³ ¼ö ÀÖ´Ù. ÇÏÁö¸¸ ´Ã ±×·± °ÍÀº ¾Æ´Ï´Ù. ¸¸¾à ÀÌ·± Çö»óÀÌ ÀϾ¸é, ´ÜÁö Àç½Ãµµ(À̸¦Å׸é, À¥ ÆäÀÌÁö¸¦ ´Ù½Ã º¸±â)¸¦ ÇÏ¸é ±× ´ÙÀ½ºÎÅÍ´Â Àß µ¿ÀÛÇÒ °ÍÀÌ´Ù. ¶Ç´Â, echo "1" > /proc/sys/net/ipv4/ip_dynaddr¶ó°í Ä¿³Î¿¡ ¿É¼ÇÀ» ÁÖ¾î¼ ÀÌ·¯ÇÑ Ãʱ⠼³Á¤¿¡ °üÇÑ °ÍÀ» ÇØ°áÇÒ ¼öµµ ÀÖ´Ù.
IPPORTFW, IPAUTOFW, REDIR, UDPRED µî°ú ±âŸ ´Ù¸¥ ÇÁ·Î±×·¥µéÀº ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵带 À§ÇÑ ÀϹÝÀûÀº TCP¶Ç´Â UDP Æ÷Æ® Æ÷¿öµù µµ±¸µéÀÌ´Ù. ÀÌ·¯ÇÑ µµ±¸µéÀº ÀϹÝÀûÀ¸·Î, ÇöÀçÀÇ FTP, Quake µîÀ» À§ÇÑ Æ¯Á¤ÇÑ IP ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâµé°ú ÇÔ²² »ç¿ëµÇ°Å³ª ´ëüÇؼ »ç¿ëµÈ´Ù. Æ÷Æ® Æ÷¿öµù µµ±¸µéÀ» »ç¿ëÇϸé, ÀÎÅͳÝÀ¸·ÎºÎÅÍ ¿À´Â Á¢¼ÓµéÀ», IP ¸¶½ºÄ¿·¹À̵ù µÚ¿¡¼ ³»ºÎ ÁÖ¼Ò¸¸ °¡Áö°í ÀÖ´Â ÄÄÇ»ÅÍ·Î Àü´ÞÇØ ÁÙ ¼ö ÀÖ´Ù. ÀÌ·¯ÇÑ Æ÷¿öµù ±â´ÉÀº TELNET, WWW, SMTP, FTP (Ưº°ÇÑ ÆÐÄ¡¸¦ ÇÊ¿ä·Î ÇÑ´Ù - ¾Æ·¡¸¦ º¼ °Í), ICQ ¿Í ´Ù¸¥ ¸¹Àº ³×Æ®¿÷ ÇÁ·ÎÅäÄݵéÀ» ó¸®ÇÒ ¼ö ÀÖ´Ù.
ÁÖÀÇ: ¸¸¾à IP ¸¶½ºÄ¿·¹À̵ù ¾øÀÌ ´ÜÁö Æ÷Æ® Æ÷¿öµù¸¸À» ÇÏ±æ ¿øÇÑ´Ù Çصµ, ¿©ÀüÈ÷ Ä¿³Î°ú IPFWADM³ª IPCHAINS Á¤Ã¥ ³»¿¡ IP ¸¶½ºÄ¿·¹À̵ù ±â´ÉÀ» Ãß°¡ÇÏ°í¼ ¸®´ª½ºÀÇ Æ÷Æ® Æ÷¿öµù µµ±¸µéÀ» »ç¿ëÇØ¾ß ÇÑ´Ù.
±×·¯¸é À̰͵éÀÇ Â÷ÀÌ´Â ¹«¾ùÀΰ¡? IPAUTOFW, REDIR¿Í UDPRED(¸ðµç URLµéÀº
2.0.x-Requirements
¼½¼Ç¿¡ ÀÖ´Ù)µîÀº IP ¸¶½ºÄ¿·¹ÀÌµå »ç¿ëÀÚ°¡ ÀÌ ±â´ÉÀ» »ç¿ëÇϱâ À§Çؼ ÇÊ¿äÇÑ ÃʱâÀÇ µµ±¸µéÀ̾ú´Ù. ½Ã°£ÀÌ È帣°í, ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵尡 ¹ßÀüÇϸé¼, ÀÌ µµ±¸µéÀº ´õ Áö´ÉÀûÀÎ ÇØ°áÃ¥ÀÎ IPPORTFW·Î ´ëüµÇ¾ú´Ù. »õ·Î¿î µµ±¸µéÀ» »ç¿ë°¡´ÉÇÏ°Ô µÇ¾ú±â ¶§¹®¿¡, IPQUTOFW¿Í REDIR¿Í °°Àº ¿¹ÀüÀÇ µµ±¸µéÀ» »ç¿ëÇÏ´Â °ÍÀº *¸Å¿ì ¹Ù¶÷Á÷ÇÏÁö ¾Ê´Ù*. À̵éÀº Ä¿³Î°ú ÇÔ²² Á¦´ë·Î µ¿ÀÛÇÏÁö ¸øÇϰųª ½ÉÁö¾î ¿©·¯ºÐÀÇ ¸®´ª½º ¼¹ö¸¦ Æı«ÇÒ ¼öµµ ÀÖ´Ù.
2.0.x ¹öÁ¯ÀÇ IPPORTFW³ª 2.2.x ¹öÁ¯ÀÇ IPMASQADMÀ» IPPORTFW¿Í ÇÔ²² »ç¿ëÇϱâ Àü¿¡, ´Ù¸¥ Æ÷Æ® Æ÷¿öµù µµ±¸µéÀ» »ç¿ëÇÏ¸é ³×Æ®¿÷ º¸¾È ¹®Á¦¸¦ ÀÏÀ¸Å³ ¼ö ÀÖ´Ù. ±× ÀÌÀ¯´Â ÀÌ·¯ÇÑ µµ±¸µéÀº TCP/UDP Æ÷Æ®¸¦ Æ÷¿öµùÇϱâ À§Çؼ ±âº»ÀûÀ¸·Î ÆÐŶ ¹æȺ®¿¡ ±¸¸ÛÀ» ¸¸µé±â ¶§¹®ÀÌ´Ù. ÀÌ°ÍÀÌ ¸®´ª½º ¸Ó½Å¿¡ À§ÇùÀ» ÁÖÁö´Â ¾ÊÁö¸¸, ÆÐŶÀÌ Æ÷¿öµùµÇ´Â ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡°Ô´Â ¹®Á¦°¡ µÉ ¼öµµ ÀÖ´Ù. Å« ¹®Á¦´Â ¾Æ´ÏÁö¸¸, IPPORTFWÀÇ Á¦ÀÛÀÚÀÎ Steven ClarkeÀº ´ÙÀ½°ú °°ÀÌ ¸»ÇÑ´Ù:
"ÇØ´çÇÏ´Â IPFWADM/IPCHAINS Á¤Ã¥¿¡ µé¾î¸Âµµ·Ï, Æ÷Æ® Æ÷¿öµùÀº
¸¶½ºÄ¿·¹À̵ù ÇÔ¼ö¿¡¼¸¸ ºÒ·ÁÁø´Ù. ¸¶½ºÄ¿·¹À̵ùÀº IP Æ÷¿öµùÀ¸·Î
È®ÀåµÈ´Ù. ±×·¡¼, ipportfw´Â ÀԷ°ú ipfwadm Á¤Ã¥ ¸ðµÎ¿¡ µé¾î¸Â´Â
ÆÐŶ¸¸À» º¼ ¼ö ÀÖ´Ù."
ÀÌ·¯ÇÑ ÀÌÀ¯·Î, °·ÂÇÑ ¹æȺ® Á¤Ã¥À» »ç¿ëÇÏ´Â °ÍÀÌ Áß¿äÇÏ´Ù. °·ÂÇÑ ¹æȺ® Á¤Ã¥¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ °ÍÀº
Strong-IPFWADM-Rulesets
°ú
Strong-IPCHAINS-Rulesets
¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
ÀÌÁ¦, IPPORTFW Æ÷¿öµùÀ» 2.0.x³ª 2.2.x Ä¿³Î¿¡ »ç¿ëÇϱâ À§Çؼ´Â, ¸®´ª½º Ä¿³ÎÀÌ IPPORTFW¸¦ Áö¿øÇϵµ·Ï ÀçÄÄÆÄÀÏÇØ¾ß ÇÑ´Ù.
- 2.0.x Ä¿³Î »ç¿ëÀÚµéÀº ¾Æ·¡¿Í °°Àº °£´ÜÇÑ Ä¿³Î ¿É¼Ç ÆÐÄ¡¸¦ ÇØ¾ß ÇÑ´Ù.
- 2.2.x Ä¿³Î »ç¿ëÀÚµéÀº IPMASQADMÀ» ÅëÇؼ ÀÌ¹Ì IPPORTFW Ä¿³Î ¿É¼ÇÀ» »ç¿ëÇÒ ¼ö ÀÖÀ» °ÍÀÌ´Ù.
2.0.x Ä¿³Î¿¡¼ IPPORTFW »ç¿ë
¿ì¼±, /usr/src/linux µð·ºÅ丮¿¡ °¡Àå ÃÖ½ÅÀÇ 2.0.x Ä¿³ÎÀÌ Á¸ÀçÇÏ´ÂÁö È®ÀÎÇÑ´Ù. ¸¸¾à ¾ø´Ù¸é,
Kernel-Compile
¼½¼Ç¿¡¼ ÀÚ¼¼ÇÑ »çÇ×À» ÂüÁ¶ÇÑ´Ù. ´ÙÀ½À¸·Î,
2.0.x-Requirements
¼½¼Ç¿¡¼ "ipportfw.c" ÇÁ·Î±×·¥°ú "subs-patch-x.gz" Ä¿³Î ÆÐÄ¡¸¦ ´Ù¿î·ÎµåÇؼ /usr/src/ µð·ºÅ丮¿¡ ¾ÐÃàÀ» Ǭ´Ù.
ÁÖÀÇ: "subs-patch-x.gz"ÀÇ ÈÀÏ¸í¿¡¼ "x"´Â ±× »çÀÌÆ®¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â °¡Àå ÃÖ½ÅÀÇ ¹öÁ¯À¸·Î ´ëÄ¡ÇÑ´Ù.
ÀÌÁ¦, IPPORTFW ÆÐÄ¡(subs-patch-x.gz)¸¦ ¸®´ª½º µð·ºÅ丮·Î º¹»çÇÑ´Ù.
cp /usr/src/subs-patch-1.37.gz /usr/src/linux
´ÙÀ½¿¡, IPPORTFW Ä¿³Î ¿É¼ÇÀ» »ý¼ºÇϱâ À§Çؼ Ä¿³Î ÆÐÄ¡¸¦ ÇÑ´Ù:
cd /usr/src/linux
zcat subs-patch-1.3x.gz | patch -p1
´ÙÀ½À¸·Î, FTP Á¢¼ÓÀ» ³»ºÎÀÇ ¼¹ö·Î Æ÷Æ® Æ÷¿öµùÇÏ°íÀÚ ÇÑ´Ù¸é,
2.0.x-Requirements
¼½¼Ç¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â »õ·Î¿î IP_MASQ_FTP ¸ðµâ ÆÐÄ¡¸¦ ÇØ¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº ÀÌ ¼½¼ÇÀÇ ³ªÁß ºÎºÐ¿¡ ³ª¿Í ÀÖ´Ù.
ÀÚ,
Kernel-Compile
¼½¼Ç¿¡ ÀÖ´Â °Íó·³ Ä¿³ÎÀ» ÄÄÆÄÀÏÇÒ Â÷·ÊÀÌ´Ù. Ä¿³ÎÀ» ¼³Á¤ÇÏ´Â ´Ü°è¿¡¼ IPPORTFW ¿É¼Ç¿¡ YES¶ó°í Çϵµ·Ï ÇÑ´Ù. ÀÏ´Ü ÄÄÆÄÀÏÀÌ ³¡³ª°í »õ·Î¿î Ä¿³Î·Î ¸®ºÎÆ®ÇÏ°í ³ª¸é, ´Ù½Ã ÀÌ ¼½¼ÇÀ¸·Î µ¹¾Æ¿Â´Ù.
ÀÌÁ¦ »õ·Î ÄÄÆÄÀÏÇÑ Ä¿³ÎÀ» »ç¿ëÇؼ, ½ÇÁ¦ÀÇ "IPPORTFW" ÇÁ·Î±×·¥À» ÄÄÆÄÀÏÇÏ°í ¼³Ä¡ÇÑ´Ù.
cd /usr/src
gcc ipportfw.c -o ipportfw
mv ipportfw /usr/local/sbin
ÀÌÁ¦, ¿¹¸¦ µé¾î¼ ¸ðµç À¥ Á¢¼Ó(Æ÷Æ® 80)À» ¸¶½ºÄ¿·¹À̵åµÇ´Â ³»ºÎÀÇ ¸Ó½Å Áß¿¡¼ 192.168.0.10À» ÁÖ¼Ò·Î °°Àº ¸Ó½ÅÀ¸·Î Æ÷¿öµåÇÏ·Á ÇÑ´Ù°í ÇÏÀÚ.
ÁÖÀÇ: ÀÏ´Ü Æ÷Æ® 80À» Æ÷Æ® Æ÷¿öµùÇϸé, ¸®´ª½º IP ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö´Â ±× Æ÷Æ®¸¦ ´õÀÌ»ó »ç¿ëÇÏÁö ¸øÇÑ´Ù. ´õ ±¸Ã¼ÀûÀ¸·Î, ¸¸¾à ¿©·¯ºÐÀÌ ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö¿¡ ÀÌ¹Ì À¥ ¼¹ö¸¦ ¿î¿µÇÏ°í ÀÖ°í Æ÷Æ® 80À» ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»ÅÍ·Î Æ÷Æ® Æ÷¿öµùÇÑ´Ù¸é, ¸ðµç ÀÎÅÍ³Ý »ç¿ëÀÚµéÀº IP ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö¿¡¼ º¸³»´Â ÆäÀÌÁö°¡ ¾Æ´Ñ -³»ºÎÀÇ- À¥ ¼¹ö¿¡¼ º¸³»´Â ÆäÀÌÁö¸¦ º¼ °ÍÀÌ´Ù. À̸¦ ÇØ°áÇϱâ À§ÇÑ À¯ÀÏÇÑ ¹æ¹ýÀº ¿¹¸¦ µé¾î 8080°ú °°Àº ´Ù¸¥ Æ÷Æ®¸¦ ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ¸Ó½ÅÀ¸·Î Æ÷Æ® Æ÷¿öµùÇÏ´Â °ÍÀÌ´Ù. ÀÌ·¸°Ô ÇÏ¸é µÇ±ä ÇÏÁö¸¸, ¸ðµç ÀÎÅÍ³Ý »ç¿ëÀÚµéÀº ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â À¥ ¼¹ö¿¡ Á¢¼ÓÇϱâ À§Çؼ URL¿¡ :8080À» µ¡ºÙ¿©¾ß ÇÑ´Ù.
¾î·µç, Æ÷Æ® Æ÷¿öµùÀ» »ç¿ëÇϱâ À§Çؼ´Â, /etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏÀ» ÆíÁýÇÑ´Ù. ´ÙÀ½¿¡ ÀÖ´Â ³»¿ëÀ» Ãß°¡ÇϵÇ, "$extip"´Â ¿©·¯ºÐÀÇ ÀÎÅÍ³Ý IP ÁÖ¼Ò·Î ´ëÄ¡ÇÑ´Ù.
ÁÖÀÇ: ¸¸¾à ¿©·¯ºÐÀÌ ISP ·ÎºÎÅÍ(PPP, ADSL, ÄÉÀÌºí ¸ðµ©, ±âŸ µîµî) µ¿Àû TCP/IP ÁÖ¼Ò¸¦ ¹Þ¾Æ¼ »ç¿ëÇÑ´Ù¸é, /etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏÀ» ´õ Áö´ÉÀûÀ¸·Î ¸¸µé¾î¾ß ÇÒ °ÍÀÌ´Ù. °·ÂÇÑ Á¤Ã¥µé°ú µ¿Àû IP ÁÖ¼Ò¿¡ °üÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº
TrinityOS - Section 10À» ÂüÁ¶Çϱ⠹ٶõ´Ù.
/etc/rc.d/rc.firewall
--
#echo "Enabling IPPORTFW Redirection on the external LAN.."
#
/usr/local/sbin/ipportfw -C
/usr/local/sbin/ipportfw -A -t$extip/80 -R 192.168.0.10/80
--
ÀÚ ÀÌÁ¦ µÆ´Ù! /etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏÀ» ´Ù½Ã ½ÇÇà½ÃÅ°°í ½ÃÇèÇØ º¸ÀÚ!
¸¸¾à¿¡ "ipfwadm: setsockopt failed: Protocol not available" ¶ó´Â ¿¡·¯ ¸Þ½ÃÁö¸¦ º¸°Ô µÈ´Ù¸é, »õ·Î ÄÄÆÄÀÏÇÑ Ä¿³ÎÀ» »ç¿ëÇÏ°í ÀÖÁö ¾Ê´Â °ÍÀÌ´Ù. »õ·Î¿î Ä¿³ÎÀ» Á¦´ë·Î µÈ À§Ä¡¿¡ ¿Å°Ü ³õ¾Ò´ÂÁö, LILO¸¦ Àç ½ÇÇàÇß´ÂÁö È®ÀÎÇÏ°í ´Ù½Ã Çѹø ¸®ºÎÆ®ÇÑ´Ù.
FTP ¼¹öÀÇ Æ÷Æ® Æ÷¿öµù:
FTP¸¦ ³»ºÎÀÇ ¸Ó½ÅÀ¸·Î Æ÷Æ® Æ÷¿öµùÇÏ°íÀÚ ÇÑ´Ù¸é, ÀÏÀÌ Á» ´õ º¹ÀâÇØÁø´Ù. ±× ÀÌÀ¯´Â Ç¥ÁØÀÇ IP_MASQ_FTP Ä¿³Î ¸ðµâÀÌ ÀÌ·¯ÇÑ ¸ñÀûÀ¸·Î ¸¸µé¾îÁ® ÀÖÁö ¾Ê±â ¶§¹®ÀÌ´Ù. ´ÙÇàÈ÷ Fred Viles°¡ ÀÌ·¯ÇÑ ¸ñÀûÀ¸·Î µ¿ÀÛÇϵµ·Ï ¼öÁ¤µÈ IP_MASQ_FTP ¸ðµâÀ» ÀÛ¼ºÇß´Ù. Á¤È®È÷ ¹«¾ùÀÌ ¹®Á¦ÀÎÁö ¾Ë°í ½Í´Ù¸é, Fred°¡ ¹®¼¸¦ ¸Å¿ì Àß ÀÛ¼ºÇØ ³õ¾ÒÀ¸´Ï ±×°ÍÀ» ´Ù¿î·ÎµåÇØ º¸±â ¹Ù¶õ´Ù. ÀÌ ÆÐÄ¡´Â ´Ù¼Ò ½ÇÇèÀûÀÎ ¸éÀÌ ÀÖ´Ù´Â °Íµµ ¾Ë¾ÆµÎ±â ¹Ù¶õ´Ù. ¶ÇÇÑ ÇöÀç ÀÌ ÆÐÄ¡´Â 2.0.x Ä¿³Î¿ë¿¡¼¸¸ »ç¿ëÇÒ ¼ö ÀÖ´Ù´Â °Íµµ ¾Ë¾ÆµÎ±â ¹Ù¶õ´Ù. 2.2.x Ä¿³Î·ÎÀÇ Æ÷Æõµ ¾î´À Á¤µµ ÀÌ·ç¾îÁ® ÀÖÁö¸¸, ¿©±â¿¡ µµ¿òÀ» ÁÖ°í ½Í´Ù¸é
Fred Viles - fv@episupport.com·Î Á÷Á¢ À̸ÞÀÏÀ» º¸³»±â ¹Ù¶õ´Ù.
ÀÌÁ¦ ´ÙÀ½ °úÁ¤À» °ÅÃļ 2.0.x ÆÐÄ¡¸¦ ÇÑ´Ù:
- ¿ì¼± ÀÌ ¼½¼ÇÀÇ ¾Õ ºÎºÐ¿¡ ÀÖ´Â °Í°ú °°ÀÌ IPPORTFW Ä¿³Î ÆÐÄ¡¸¦ °¡ÇÑ´Ù.
-
2.0.x-Requirements
¼½¼Ç¿¡ ¼ö·ÏµÈ Fred VilesÀÇ FTP ¼¹ö¿¡¼ "msqsrv-patch-36"¸¦ ´Ù¿î·ÎµåÇÏ°í /usr/src/linux¿¡ ³Ö´Â´Ù.
- "cat msqsrv-patch-36 | patch -p1"¶ó°í ¸í·ÉÇؼ ÀÌ »õ·Î¿î ÄÚµå·Î Ä¿³ÎÀ» ÆÐÄ¡ÇÑ´Ù.
- ÀÌÁ¦, ¿ø·¡ÀÇ "ip_masq_ftp.c" Ä¿³Î ¸ðµâÀ» »õ·Î¿î °ÍÀ¸·Î ´ëüÇÑ´Ù.
- mv /usr/src/linux/net/ipv4/ip_masq_ftp.c /usr/src/linux/net/ipv4/ip_masq_ftp.c.orig
- mv /usr/src/linux/ip_masq_ftp.c /usr/src/linux/net/ipv4/ip_masq_ftp.c
- ¸¶Áö¸·À¸·Î »õ·Î¿î Äڵ尡 Àû¿ëµÈ Ä¿³ÎÀ» »ý¼ºÇؼ ÀνºÅçÇÑ´Ù.
´Ù µÆÀ¸¸é, /etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏÀ» ÆíÁýÇؼ ´ÙÀ½ ³»¿ëÀ» Ãß°¡Ç쵂 "$extip"´Â ¿©·¯ºÐÀÇ ÀÎÅÍ³Ý IP ÁÖ¼Ò·Î ´ëÄ¡ÇÑ´Ù.
ÁÖÀÇ: ¸¸¾à ¿©·¯ºÐÀÌ ISP ·ÎºÎÅÍ(PPP, ADSL, ÄÉÀÌºí ¸ðµ©, ±âŸ µîµî) µ¿Àû TCP/IP ÁÖ¼Ò¸¦ ¹Þ¾Æ¼ »ç¿ëÇÑ´Ù¸é, /etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏÀ» ´õ Áö´ÉÀûÀ¸·Î ¸¸µé¾î¾ß ÇÒ °ÍÀÌ´Ù. °·ÂÇÑ Á¤Ã¥µé°ú µ¿Àû IP ÁÖ¼Ò¿¡ °üÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº
TrinityOS - Section 10À» ÂüÁ¶Çϱ⠹ٶõ´Ù.
ÀÌ ¿¹´Â À§¿¡¼¿Í °°ÀÌ ¸ðµç FTP Á¢¼Ó(Æ÷Æ® 21)À» ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ¸Ó½Å Áß 192.168.0.10ÀÇ ÁÖ¼Ò¸¦ °®´Â ¸Ó½ÅÀ¸·Î Æ÷Æ® Æ÷¿öµùÇÒ °ÍÀÌ´Ù.
ÁÖÀÇ: ÀÏ´Ü Æ÷Æ® 21À» Æ÷Æ® Æ÷¿öµùÇϸé, ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö´Â ±× Æ÷Æ®¸¦ ´õ ÀÌ»ó »ç¿ëÇÏÁö ¸øÇÒ °ÍÀÌ´Ù. ´õ ±¸Ã¼ÀûÀ¸·Î, ¸¸¾à ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö¿¡ ÀÌ¹Ì FTP ¼¹ö¸¦ ¿î¿µÇÏ°í ÀÖ´Ù¸é, ¸ðµç ÀÎÅÍ³Ý »ç¿ëÀÚÀÇ FTP Á¢¼ÓÀº IP ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö°¡ ¾Æ´Ï¶ó -³»ºÎÀÇ- FTP ¼¹ö·Î °¥ °ÍÀÌ´Ù.
/etc/rc.d/rc.firewall
--
#echo "Enabling IPPORTFW Redirection on the external LAN.."
#
/usr/local/sbin/ipportfw -C
/usr/local/sbin/ipportfw -A -t$extip/21 -R 192.168.0.10/21
--
ÀÚ ÀÌÁ¦ µÆ´Ù! /etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏÀ» ´Ù½Ã ½ÇÇà½ÃÅ°°í ½ÃÇèÇØ º¸ÀÚ!
¸¸¾à¿¡ "ipchains: setsockopt failed: Protocol not available" ¶ó´Â ¿¡·¯ ¸Þ½ÃÁö¸¦ º¸°Ô µÈ´Ù¸é, »õ·Î ÄÄÆÄÀÏÇÑ Ä¿³ÎÀ» »ç¿ëÇÏ°í ÀÖÁö ¾Ê´Â °ÍÀÌ´Ù. »õ·Î¿î Ä¿³ÎÀ» Á¦´ë·Î µÈ À§Ä¡¿¡ ¿Å°Ü ³õ¾Ò´ÂÁö, LILO¸¦ Àç ½ÇÇàÇß´ÂÁö È®ÀÎÇÏ°í ´Ù½Ã Çѹø ¸®ºÎÆ®ÇÑ´Ù. »õ·Î¿î Ä¿³ÎÀ» »ç¿ëÇÏ°í ÀÖ´Â °ÍÀÌ È®½ÇÇÏ´Ù¸é, "ls /proc/net"À̶ó°í ¸í·ÉÇؼ "ip_portfw" ÈÀÏÀÌ ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. ¾ø´Ù¸é, Ä¿³ÎÀ» ¼³Á¤ÇÏ´Â ´Ü°è¿¡¼ ¹«¾ùÀΰ¡ ºüÆ®·ÈÀ» °ÍÀÌ´Ù. Ä¿³ÎÀ» ´Ù½Ã ¸¸µç´Ù.
2.2.x Ä¿³Î¿¡¼ IPPORTFW¿Í ÇÔ²² IPMASQADM »ç¿ë
¿ì¼±, /usr/src/linux µð·ºÅ丮¿¡ ÃÖ½ÅÀÇ 2.2.x Ä¿³ÎÀÌ ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. ¾ø´Ù¸é,
Kernel-Compile
¼½¼Ç¿¡¼ ÀÚ¼¼ÇÑ »çÇ×À» ÂüÁ¶ÇÑ´Ù. ´ÙÀ½À¸·Î,
2.2.x-Requirements
¼½¼Ç¿¡¼ "ipmasqadm.c" ÇÁ·Î±×·¥À» ´Ù¿î·ÎµåÇؼ /usr/src/ µð·ºÅ丮¿¡ ³Ö´Â´Ù.
´ÙÀ½À¸·Î,
Kernel-Compile
¼½¼Ç¿¡ ÀÖ´Â °Í°ú °°ÀÌ 2.2.x Ä¿³ÎÀ» ÄÄÆÄÀÏÇØ¾ß ÇÑ´Ù. Ä¿³ÎÀ» ¼³Á¤ÇÏ´Â ´Ü°è¿¡¼ IPPORTFW ¿É¼Ç¿¡ YES ¶ó°í ÇÑ´Ù. ÀÏ´Ü Ä¿³ÎÀ» ÄÄÆÄÀÏÇؼ ¸®ºÎÆ®ÇÑ ÈÄ¿¡ ÀÌ ¼½¼ÇÀ¸·Î µ¹¾Æ¿Â´Ù.
ÀÌÁ¦, IPMASQADM µµ±¸¸¦ ÄÄÆÄÀÏÇÏ°í ¼³Ä¡ÇÑ´Ù:
cd /usr/src
tar xzvf ipmasqadm-x.tgz
cd ipmasqadm-x
make
make install
ÀÌÁ¦, ¿¹¸¦ µé¾î¼ ¸ðµç À¥ Á¢¼Ó(Æ÷Æ® 80)À» ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ¸Ó½ÅÁß¿¡¼ 192.168.0.10À» ÁÖ¼Ò·Î °®´Â ¸Ó½ÅÀ¸·Î Æ÷Æ® Æ÷¿öµùÇÑ´Ù°í ÇÏÀÚ.
ÁÖÀÇ: FTP Á¢¼ÓÀ» Æ÷Æ® Æ÷¿öµùÇϱâ À§Çؼ ¼öÁ¤µÈ IP_MASQ_FTP ¸ðµâÀÌ ÇöÀç·Î´Â 2.2.x Ä¿³Î¿¡¼ µ¿ÀÛÇÏÁö ¾ÊÀ» Áöµµ ¸ð¸¥´Ù. ÇÏÁö¸¸ À̸¦ ½ÃÇèÇØ º¸°í ½Í´Ù¸é, ÀÌ ¸ðµâÀ» 2.2.x Ä¿³Î¿ëÀ¸·Î Æ÷ÆÃÇØ º¸¶ó. ±×¸®°í Ambrose ¿Í David¿¡°Ô ¿©·¯ºÐÀÇ °á°ú¹°À» ¸ÞÀÏ·Î º¸³» Áֱ⠹ٶõ´Ù.
ÁÖÀÇ: ÀÏ´Ü Æ÷Æ® 80À» Æ÷Æ® Æ÷¿öµùÇÏ°í ³ª¸é, ¸®´ª½º IP ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö´Â ±× Æ÷Æ®¸¦ »ç¿ëÇÏÁö ¸øÇÑ´Ù. ´õ ±¸Ã¼ÀûÀ¸·Î, ¸¸¾à ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö¿¡ ÀÌ¹Ì À¥ ¼¹ö¸¦ ¿î¿µÇÏ°í ÀÖ´Ù¸é, ¸ðµç ÀÎÅÍ³Ý »ç¿ëÀÚµéÀº ¿©·¯ºÐÀÇ IP ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö°¡ ¾Æ´Ñ -³»ºÎÀÇ- À¥ ¼¹ö¿¡¼ À¥ ÆäÀÌÁö¸¦ ¹Þ¾Æ º¼ °ÍÀÌ´Ù.
¾î·µç, Æ÷Æ® Æ÷¿öµùÀ» Çϱâ À§Çؼ´Â /etc/rc.d/rc.firewall Á¤Ã¥ ÈÀÏÀ» ÆíÁýÇÑ´Ù. ´ÙÀ½ÀÇ ³»¿ëÀ» Ãß°¡ÇϵÇ, "$extip"¸¦ ¿©·¯ºÐÀÇ ÀÎÅÍ³Ý IP ÁÖ¼Ò·Î ´ëÄ¡ÇÑ´Ù.
ÁÖÀÇ: ¸¸¾à ISP·ÎºÎÅÍ(PPP, ADSL, ÄÉÀÌºí ¸ðµ©, ±âŸ µîµî) µ¿Àû TCP/IP ÁÖ¼Ò¸¦ ¹Þ¾Æ¼ »ç¿ëÇÏ°í ÀÖ´Ù¸é, /etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏÀ» Á»´õ Áö´ÉÀûÀ¸·Î ¸¸µé ÇÊ¿ä°¡ ÀÖ´Ù. °·ÂÇÑ ¹æȺ® Á¤Ã¥°ú µ¿Àû IP ÁÖ¼Ò¿¡ °üÇÑ ÀÚ¼¼ÇÑ »çÇ׿¡ ´ëÇؼ´Â
TrinityOS - Section 10À» ÂüÁ¶Çϱ⠹ٶõ´Ù. ¿©±â¿¡ ÈùÆ®¸¦ ÇÑ°¡Áö Á¦°øÇÑ´Ù: PPP »ç¿ëÀÚµéÀ» À§ÇÑ /etc/ppp/ip-up ÈÀÏ.
/etc/rc.d/rc.firewall
--
#echo "Enabling IPPORTFW Redirection on the external LAN.."
#
/usr/sbin/ipmasqadm portfw -f
/usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 80 -R 192.168.0.10 80
--
ÀÚ ÀÌÁ¦ µÆ´Ù! /etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏÀ» ´Ù½Ã ½ÇÇà½ÃÅ°°í ½ÃÇèÇØ º¸ÀÚ!
¸¸¾à¿¡ "ipchains: setsockopt failed: Protocol not available" ¶ó´Â ¿¡·¯ ¸Þ½ÃÁö¸¦ º¸°Ô µÈ´Ù¸é, »õ·Î ÄÄÆÄÀÏÇÑ Ä¿³ÎÀ» »ç¿ëÇÏ°í ÀÖÁö ¾Ê´Â °ÍÀÌ´Ù. »õ·Î¿î Ä¿³ÎÀ» Á¦´ë·Î µÈ À§Ä¡¿¡ ¿Å°Ü ³õ¾Ò´ÂÁö, LILO¸¦ Àç ½ÇÇàÇß´ÂÁö È®ÀÎÇÏ°í ´Ù½Ã Çѹø ¸®ºÎÆ®ÇÑ´Ù. »õ·Î¿î Ä¿³ÎÀ» »ç¿ëÇÏ°í ÀÖ´Â °ÍÀÌ È®½ÇÇÏ´Ù¸é, "ls /proc/net/ip_masq"¶ó°í ¸í·ÉÇؼ "portfw" ÈÀÏÀÌ ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. ¾ø´Ù¸é, Ä¿³ÎÀ» ¼³Á¤ÇÏ´Â ´Ü°è¿¡¼ ¹«¾ùÀΰ¡ ºüÆ®·ÈÀ» °ÍÀÌ´Ù. Ä¿³ÎÀ» ´Ù½Ã ¸¸µç´Ù.
¸®´ª½º IP ¸¶½ºÄ¿·¹À̵å´Â "ip_masq_cuseeme" Ä¿³Î ¸ðµâÀ» ÅëÇؼ CuSeeme¸¦ Áö¿øÇÑ´Ù. ÀÌ Ä¿³Î ¸ðµâÀº /etc/rc.d/rc.firewall ½ºÅ©¸³Æ®¿¡¼ ¸Þ¸ð¸®¿¡ ÀûÀçµÇ¾î¾ß ÇÑ´Ù. ÀÏ´Ü "ip_masq_cuseeme" ¸ðµâÀÏ ¼³Ä¡µÇ¸é, ¿ø°ÝÀÇ reflectorµéÀ̳ª »ç¿ëÀڵ鿡°Ô Á¢¼Ó ½ÅÈ£¸¦ º¸³»°Å³ª Á¢¼ÓÀ» ¹Þ¾ÆµéÀÏ ¼ö ÀÖ°Ô µÈ´Ù.
ÁÖÀÇ: CuSeeme¸¦ »ç¿ëÇϱâ À§Çؼ´Â ¿¹ÀüÀÇ IPAUTOFW µµ±¸ ´ë½Å¿¡ IPPORTFW µµ±¸¸¦ »ç¿ëÇÒ °ÍÀ» ±ÇÀåÇÑ´Ù.
CuSeeme¸¦ ¼³Á¤ÇÏ´Â µ¥ ÀÖ¾î¼ ´õ È®½ÇÇÑ Á¤º¸°¡ ÇÊ¿äÇÏ´Ù¸é,
Michael Owings's CuSeeMe page¿¡¼ ¹Ì´Ï-ÇÏ¿ìÅõ¸¦ º¸°Å³ª
The IP Masquerade Resources¿¡¼ ¹Ì´Ï-ÇÏ¿ìÅõÀÇ ¹Ì·¯ ÆäÀÌÁö¸¦ º¼ ¼ö ÀÖÀ» °ÍÀÌ´Ù.
¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼¹öÀÇ µÚ¿¡¼ ICQ¸¦ »ç¿ëÇÏ´Â ¹æ¹ýÀº µÎ°¡Áö°¡ ÀÖ´Ù. ÇÑ°¡Áö ¹æ¹ýÀº »õ·Î¿î ICQ ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀ» »ç¿ëÇÏ´Â °ÍÀÌ°í, ´Ù¸¥ ÇÑ°¡Áö´Â IPPORTFW¸¦ »ç¿ëÇÏ´Â °ÍÀÌ´Ù.
ICQ ¸ðµâÀº ¸î°¡Áö À̵æ°ú ÇÔ²² Á¦Çѵµ ÀÖ´Ù. ÀÌ ¸ðµâÀº °£´ÜÇÑ ¼³Á¤À¸·Î ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö µÚ¿¡¼ ¿©·¯¸íÀÌ ICQ¸¦ »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù. ICQ Ŭ¶óÀ̾ðÆ®¿¡¼ Ưº°ÇÑ ¼³Á¤À» ÇÊ¿ä·Î ÇÏÁöµµ ¾Ê´Â´Ù. ±×·¯³ª, ÇöÀç´Â ÈÀÏ Àü¼Û°ú ½Ç½Ã°£ äÆÃÀÌ µÇÁö ¾Ê´Â´Ù.
IPPORTFW¸¦ ¼³Á¤Çؼ »ç¿ëÇϸé, ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö¿Í ICQ Ŭ¶óÀ̾ðÆ® ¸ðµÎ¿¡ ¸î°¡Áö ¼³Á¤À» º¯°æ½ÃÄÑÁà¾ß ÇÏÁö¸¸, ICQÀÇ ¸Þ½ÃÁö ±â´É, URL ±â´É, äÆÃ, ÈÀÏ Àü¼Û µî ¸ðµç °ÍÀÌ µ¿ÀÛÇÒ °ÍÀÌ´Ù.
Andrew DeryabinÀÇ
djsf@usa.net 2.2.x Ä¿³ÎÀ» À§ÇÑ ICQ IP ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâ¿¡ °ü½ÉÀÌ ÀÖ´Ù¸é,
2.2.x-Requirements
¼½¼Ç¿¡¼ ÀÚ¼¼ÇÑ »çÇ×À» È®ÀÎÇϱ⠹ٶõ´Ù.
¸¶½ºÄ¿·¹ÀÌµå ¼¹ö µÚ¿¡¼ ICQ¸¦ »ç¿ëÇϱâ À§ÇØ ´Ù¼Ò °íÀüÀûÀÎ ¹æ¹ýÀ» ¾²±æ ¿øÇÑ´Ù¸é ´ÙÀ½°ú °°ÀÌ ÇÑ´Ù:
- ¿ì¼±, ¸®´ª½º Ä¿³Î¿¡ IPPORTFW ±â´ÉÀ» Æ÷ÇÔ½ÃŲ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº
Forwarders
¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù.
- ´ÙÀ½À¸·Î, ´ÙÀ½ÀÇ ³»¿ëÀ» /etc/rc.d/rc.firewall ÈÀÏ¿¡ Ãß°¡ÇÑ´Ù. ÀÌ ¿¹´Â ¿ÜºÎ·Î ÅëÇÏ´Â ¿©·¯ºÐÀÇ ÀÎÅÍ³Ý IP ÁÖ¼Ò¸¦ 10.1.2.3À¸·Î, ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ICQ Ŭ¶óÀ̾ðÆ®¸¦ 192.168.0.10À¸·Î °¡Á¤Çß´Ù:
IPFWADMÀ» »ç¿ëÇÏ´Â 2.0.x Ä¿³ÎÀÇ ¿¹:
µÎ°¡Áö ¿¹¸¦ Æ÷ÇÔ½ÃÄ×´Ù: ¾î¶² °ÍÀ̵ç Àß µ¿ÀÛÇÒ °ÍÀÌ´Ù:
¿¹ #1
--
/usr/local/sbin/ipportfw -A -t10.1.2.3/2000 -R 192.168.0.10/2000
/usr/local/sbin/ipportfw -A -t10.1.2.3/2001 -R 192.168.0.10/2001
/usr/local/sbin/ipportfw -A -t10.1.2.3/2002 -R 192.168.0.10/2002
/usr/local/sbin/ipportfw -A -t10.1.2.3/2003 -R 192.168.0.10/2003
/usr/local/sbin/ipportfw -A -t10.1.2.3/2004 -R 192.168.0.10/2004
/usr/local/sbin/ipportfw -A -t10.1.2.3/2005 -R 192.168.0.10/2005
/usr/local/sbin/ipportfw -A -t10.1.2.3/2006 -R 192.168.0.10/2006
/usr/local/sbin/ipportfw -A -t10.1.2.3/2007 -R 192.168.0.10/2007
/usr/local/sbin/ipportfw -A -t10.1.2.3/2008 -R 192.168.0.10/2008
/usr/local/sbin/ipportfw -A -t10.1.2.3/2009 -R 192.168.0.10/2009
/usr/local/sbin/ipportfw -A -t10.1.2.3/2010 -R 192.168.0.10/2010
/usr/local/sbin/ipportfw -A -t10.1.2.3/2011 -R 192.168.0.10/2011
/usr/local/sbin/ipportfw -A -t10.1.2.3/2012 -R 192.168.0.10/2012
/usr/local/sbin/ipportfw -A -t10.1.2.3/2013 -R 192.168.0.10/2013
/usr/local/sbin/ipportfw -A -t10.1.2.3/2014 -R 192.168.0.10/2014
/usr/local/sbin/ipportfw -A -t10.1.2.3/2015 -R 192.168.0.10/2015
/usr/local/sbin/ipportfw -A -t10.1.2.3/2016 -R 192.168.0.10/2016
/usr/local/sbin/ipportfw -A -t10.1.2.3/2017 -R 192.168.0.10/2017
/usr/local/sbin/ipportfw -A -t10.1.2.3/2018 -R 192.168.0.10/2018
/usr/local/sbin/ipportfw -A -t10.1.2.3/2019 -R 192.168.0.10/2019
/usr/local/sbin/ipportfw -A -t10.1.2.3/2020 -R 192.168.0.10/2020
--
¿¹ #2
--
port=2000
while [ $port -lt 2020 ]
do
/usr/local/sbin/ipportfw -A t10.1.2.3/$port -R 192.168.0.10/$port
port=$((port+1)
done
--
IPCHAINS¸¦ »ç¿ëÇÏ´Â 2.2.x Ä¿³ÎÀÇ ¿¹:
µÎ°¡Áö ¿¹¸¦ Æ÷ÇÔ½ÃÄ×´Ù: ¾î¶² °ÍÀ̵ç Àß µ¿ÀÛÇÒ °ÍÀÌ´Ù:
¿¹ #1
--
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2000 -R 192.168.0.10 2000
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2001 -R 192.168.0.10 2001
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2002 -R 192.168.0.10 2002
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2003 -R 192.168.0.10 2003
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2004 -R 192.168.0.10 2004
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2005 -R 192.168.0.10 2005
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2006 -R 192.168.0.10 2006
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2007 -R 192.168.0.10 2007
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2008 -R 192.168.0.10 2008
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2009 -R 192.168.0.10 2009
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2010 -R 192.168.0.10 2010
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2011 -R 192.168.0.10 2011
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2012 -R 192.168.0.10 2012
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2013 -R 192.168.0.10 2013
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2014 -R 192.168.0.10 2014
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2015 -R 192.168.0.10 2015
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2016 -R 192.168.0.10 2016
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2017 -R 192.168.0.10 2017
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2018 -R 192.168.0.10 2018
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2019 -R 192.168.0.10 2019
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2020 -R 192.168.0.10 2020
--
¿¹ #2
--
port=2000
while [ $port -lt 2020 ]
do
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 $port -R 192.168.0.10 $port
port=$((port+1)
done
--
- »õ·Î¿î rc.firewallÀÌ ÁغñµÇ¸é, °£´ÜÈ÷ "/etc/rc.d/rc.firewall"¶ó°í ¸í·ÉÇؼ Á¤Ã¥À» ´Ù½Ã ·ÎµåÇÏ°í Á¦´ë·Î µÇ´ÂÁö È®ÀÎÇÑ´Ù. ¸¸¾à ¿¡·¯°¡ ³´Ù¸é, Ä¿³Î¿¡ IPPORTFW Áö¿øÀ» Æ÷ÇÔ½ÃÅ°Áö ¾Ê¾Ò°Å³ª rc.firewall ÈÀÏ¿¡¼ ¿ÀŸ°¡ ³µÀ» °ÍÀÌ´Ù.
- ÀÌÁ¦, ICQÀÇ Preferences(¼³Á¤)-->Connection(Á¢¼Ó)¿¡¼, "Behind a LAN(LANÀ» ÅëÇؼ Á¢¼Ó)"°ú "Behind a firewall or Proxy(¹æȺ®À̳ª ÇÁ·Ï½Ã¸¦ ÅëÇؼ Á¢¼Ó)"À» ¼³Á¤ÇÑ´Ù. ÀÌÁ¦, "Firewall Settings(¹æȺ® ¼³Á¤)"À» Ŭ¸¯ÇÏ°í "I don't use a SOCK5 proxy(SOCK5 ÇÁ·Ï½Ã¸¦ »ç¿ëÇÏÁö ¾ÊÀ½)"·Î ¼³Á¤ÇÑ´Ù. ¿¹Àü¿¡´Â ICQÀÇ "Firewall session timeouts(¹æȺ® Á¢¼Ó Á¦Çѽð£)"À» "30"ÃÊ·Î ÇÏ´Â °ÍÀ» ±ÇÀåÇßÁö¸¸, ICQ°¡ ºÒ¾ÈÁ¤ÇØÁüÀÌ ¾Ë·ÁÁ³´Ù. stock timeout settingÀ» ¼±ÅÃÇÏ°í ´Ü¼øÈ÷ ¸¶½ºÄ¿·¹ÀÌµå ¼¹öÀÇ Á¦Çѽð£À» 160ÃÊ·Î º¯°æÇϸé ICQ°¡ ´õ ¾ÈÁ¤ÀûÀÌ µÈ´Ù´Â °ÍÀÌ ¾Ë·ÁÁ³´Ù. ÀÌ Á¦Çѽð£À» º¯°æÇÏ´Â ¹ýÀº
rc.firewall-2.0.x
°ú
rc.firewall-2.2.x
Á¤Ã¥¿¡¼ È®ÀÎÇÒ ¼ö ÀÖ´Ù. ¸¶Áö¸·À¸·Î, Next¸¦ Ŭ¸¯ÇÏ°í "Use the following TCP listen ports..(´ÙÀ½ÀÇ TCP Æ÷Æ®¸¦ È®ÀÎ..)"ºÎºÐÀ» "2000"¿¡¼ "2020"À¸·Î ¼³Á¤ÇÑ´Ù. ÀÌÁ¦ "¿Ï·á"¸¦ Ŭ¸¯ÇÑ´Ù.
ÀÌÁ¦ ICQ°¡ º¯°æ»çÇ×À» ¹Ý¿µÇϱâ À§ÇØ ICQ¸¦ Àç½ÃÀÛÇÒ °ÍÀ» ¿ä±¸ÇÒ °ÍÀÌ´Ù. »ç½ÇÀº, ÇÊÀÚ´Â ¸ðµç °ÍÀÌ Á¦´ë·Î µÇµµ·Ï Çϱâ À§Çؼ´Â Windows9x¸¦ ¸®ºÎÆ®Çؾ߸¸ ÇßÁö¸¸ ´Ù¸¥ »ç¶÷µéÀº ´Ù¸£°Ô ¸»ÇÑ´Ù. ±×·¯´Ï ¾ÈÀüÇÏ°Ô ÇÏ·Á¸é µÎ°¡Áö¸¦ ¸ðµÎ ÇØ º»´Ù(ICQ Àç½ÃÀÛ, ¸®ºÎÆ®)
- ¾Æ¿ï·¯ ¾Ë¸®°í ½ÍÀº °ÍÀº, ¾î¶² »ç¿ëÀÚ´Â ´Ü¼øÈ÷ Æ÷Æ® 4000À» ±×ÀÇ ICQ Ŭ¶óÀ̾ðÆ®·Î Æ÷Æ® Æ÷¿öµùÇÏ´Â °ÍÀÌ °¡Àå Àß µ¿ÀÛÇÑ´Ù°í ¸»Çß´Ù. ±×´Â ICQ¸¦ ±âº»¼³Á¤¿¡¼ º¯°æÇÏÁö ¾Ê°íµµ ¸ðµç °ÍÀÌ(äÆÃ, ÈÀÏ Àü¼Û, ±âŸ µîµî) Àß µ¿ÀÛÇß´Ù°í Çß´Ù. ÀÌ ¹®Á¦´Â ¿©·¯ºÐÀÌ ¼±ÅÃÇÒ ¹®Á¦ÀÌÁö¸¸, ÀÌ·¯ÇÑ ÀÇ°ß¿¡ ´ëÇؼµµ ¾Ë°í ½Í¾îÇÏ´Â »ç¶÷ÀÌ ÀÖÀ» °ÍÀÌ´Ù.
LooseUDP ÆÐÄ¡´Â, ÀϹÝÀûÀ¸·Î ¸®´ª½º IP ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö µÚ¿¡¼ µ¿ÀÛÇÏ¸é¼ UDP Á¢¼ÓÀ» »ç¿ëÇÏ´Â, NAT¿Í Àß µ¿ÀÛÇÏ´Â °ÔÀÓµéÀ» ÇÒ ¼ö ÀÖµµ·Ï ÇØ ÁØ´Ù. ÇöÀç, LooseUDP´Â 2.0.36ÀÌ»óÀÇ Ä¿³Î¿¡ ÆÐÄ¡·Î¼ Á¦°øµÇ°í 2.2.3ÀÌ»óÀÇ Ä¿³Î¿¡´Â ÀÌ¹Ì ÀÚü Æ÷ÇԵǾî ÀÖ´Ù. À̸¦ »ç¿ëÇϱâ À§Çؼ´Â, ¸î°¡Áö Àϸ¸ ÇØÁÖ¸é µÈ´Ù:
- /usr/src/linux µð·ºÅ丮¿¡ ÃÖ½ÅÀÇ 2.0.x Ä¿³Î ¼Ò½º°¡ µé¾î ÀÖ´ÂÁö È®ÀÎÇÑ´Ù.
- ¹öÁ¯ 2.0.x¿¡¼´Â Àý´ëÀûÀ¸·Î ÇÊ¿äÇÑ °Í:
2.0.x-Requirements
¼½¼Ç¿¡¼ IPPORTFW ÆÐÄ¡¸¦ ´Ù¿î·Îµå ÇÏ°í ÀÌ ÇÏ¿ìÅõÀÇ
Forwarders
¼½¼Ç¿¡ ¼³¸íµÈ ´ë·Î ¼³Ä¡ÇÑ´Ù.
-
2.0.x-Requirements
¼½¼Ç¿¡¼ LooseUDP ÆÐÄ¡¸¦ ´Ù¿î·ÎµåÇÑ´Ù.
ÀÌÁ¦, LooseUDP ÆÐÄ¡¸¦ /usr/src/linux µð·ºÅ丮¿¡ ³Ö´Â´Ù. ±× ´ÙÀ½¿¡ ´ÙÀ½°ú °°ÀÌ ¸í·ÉÇÑ´Ù:
¾ÐÃàµÈ ÆÐÄ¡ ÈÀÏÀÏ ¶§: zcat loose-udp-2.0.36.patch.gz | patch -p1
¾ÐÃàµÇÁö ¾Ê´Â ÆÐÄ¡ ÈÀÏÀÏ ¶§: cat loose-udp-2.0.36.patch | patch -p1
ÀÌÁ¦, "patch" ÇÁ·Î±×·¥ÀÇ ¹öÁ¯¿¡ µû¶ó¼, ´ÙÀ½°ú °°Àº ¸Þ½ÃÁö¸¦ º¼ °ÍÀÌ´Ù:
patching file `CREDITS'
patching file `Documentation/Configure.help'
patching file `include/net/ip_masq.h'
patching file `net/ipv4/Config.in'
patching file `net/ipv4/ip_masq.c'
ÆÐÄ¡ÀÇ Á¦ÀÏ Ã³À½¿¡¼¸¸ "Hunk FAILED"¶ó´Â ¸Þ½ÃÁö¸¦ º¸°Ô µÈ´Ù¸é, ½É°¢ÇÑ ¹®Á¦´Â ¾Æ´Ï´Ù. ¾Æ¸¶µµ ¿À·¡µÈ ÆÐÄ¡ ÈÀÏÀÏ Å×Áö¸¸ µ¿ÀÛÇÒ °ÍÀÌ´Ù. ÇÏÁö¸¸ ¸¸¾à ÆÐÄ¡°¡ ¿ÏÀüÈ÷ ½ÇÆÐÇÑ´Ù¸é, IPPORTFW Ä¿³Î ÆÐÄ¡¸¦ "¸ÕÀú" Àû¿ëÇß´ÂÁö È®ÀÎÇØ º»´Ù.
ÆÐÄ¡°¡ ¼³Ä¡µÇ¸é,
Kernel-Compile
¼½¼Ç¿¡ ³ª¿Í ÀÖ´Â ´ë·Î Ä¿³ÎÀ» À籸¼ºÇÏ°í "IP: loose UDP port managing (EXPERIMENTAL) (CONFIG_IP_MASQ_LOOSE_UDP) [Y/n/?]" ¿É¼Ç¿¡¼ "Y"¶ó°í ÇÑ´Ù.
ÀÏ´Ü LooseUDP ±â´ÉÀÌ Ãß°¡µÈ »õ Ä¿³ÎÀ» »ç¿ëÇϸé, NAT¿Í Àß µ¿ÀÛÇÏ´Â °ÔÀÓµéÀº Àß µ¿ÀÛÇÒ °ÍÀÌ´Ù. BattleZoneÀ̳ª ´Ù¸¥ °ÔÀÓµéÀ» NAT¿Í Àß µ¿ÀÛÇϵµ·Ï ÇØ ÁÖ´Â ÆÐÄ¡µéÀ» ±¸ÇÒ ¼ö ÀÖ´Â ¸î°¡Áö URLµéÀÌ ÀÖ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº
Game-Clients
¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù.
À¯¿ëÇÑ FAQ°¡ ÀÖ´Ù¸é,
ambrose@writeme.com°ú
dranch@trinnet.netÀ¸·Î º¸³»Áֱ⠹ٶõ´Ù. Áú¹®À» ¸íÈ®ÇÏ°Ô Ç¥½ÃÇÏ°í ÀûÀýÇÑ ´äº¯À» ´Þ¾ÆÁֱ⠹ٶõ´Ù. ¹Ì¸® °¨»çµå¸°´Ù!
¿©·¯ºÐÀÇ ¸®´ª½º ¹èÆ÷º»ÀÌ IP ¸¶½ºÄ¿·¹À̵带 ¹Ù·Î »ç¿ëÇÒ ¼ö ¾ø´Ù Çصµ °ÆÁ¤ÇÏÁö ¸¶½Ê½Ã¿ä. ´ÜÁö ÀÌ ÇÏ¿ìÅõ¿¡ ³ª¿Â ´ë·Î Ä¿³ÎÀ» ÀçÄÄÆÄÀÏÇϱ⸸ ÇÏ¸é µË´Ï´Ù.
ÁÖÀÇ: ÀÌ Ç¥¸¦ ¿Ïº®È÷ ä¿ì´Âµ¥ µµ¿òÀ» ÁÖ°íÀÚ ÇÒ ¶§¿¡´Â
ambrose@writeme.comÀ̳ª
dranch@trinnet.netÀ¸·Î À̸ÞÀÏÀ» Áֽʽÿä.
- Caldera < v1.2 : NO - ?
- Caldera v1.3 : YES - 2.0.35 ±â¹Ý
- Caldera v2.2 : YES - 2.2.5 ±â¹Ý
- Debian v1.3 : NO - ?
- Debian v2.0 : NO - ?
- Debian v2.1 : NO - 2.2.1 ±â¹Ý
- DLX Linux v? : ? - ?
- DOS Linux v? : ? - ?
- Hal91 Linux v? : ? - ?
- Linux Mandrake v5.3 : YES - ?
- Linux Mandrake v6.0 : YES - 2.2.5 ±â¹Ý
- Linux PPC vR4 : NO - ?
- Linux Pro v? : ? - ?
- LinuxWare v? : ? - ?
- MkLinux v? : ? - ?
- MuLinux v3rl : YES - ?
- Redhat < v4.x : NO - ?
- Redhat v5.0 : YES - ?
- Redhat v5.1 : YES - ?
- Redhat v5.2 : YES - 2.0.36 ±â¹Ý
- Redhat v6.0 : YES - 2.2.5 ±â¹Ý
- Slackware v3.0 : ? - ?
- Slackware v3.1 : ? - ?
- Slackware v3.2 : ? - ?
- Slackware v3.3 : ? - 2.0.34 ±â¹Ý
- Slackware v3.4 : ? - ?
- Slackware v3.5 : ? - ?
- Slackware v3.6 : ? - ?
- Slackware v3.9 : ? - 2.0.37pre10 ±â¹Ý
- Slackware v4.0 : ? - ?
- Stampede Linux v? : ? - ?
- SuSE v5.2 : YES - ?
- SuSE v5.3 : YES - ?
- SuSE v6.0 : YES - ?
- SuSE v6.1 : YES - 2.2.5 ±â¹Ý
- Tomsrbt Linux v? : ? - ?
- TriLinux v? : ? - ?
- TurboLinux v? : ? - ?
- Yggdrasil Linux v? : ? - ?
16MB RAMÀ» °®´Â 486/66À¸·Îµµ 1.54Mb/s T1À» 100% ó¸®ÇÏ°íµµ ³²¾Ò¾ú´Ù! ¸¶½ºÄ¿·¹À̵å´Â 386SX-16s ¿¡¼ 8BM RAMÀ» °¡Áö°í¼µµ Àß µ¿ÀÛÇÑ´Ù°í ¾Ë·ÁÁ® ÀÖ´Ù. ±×·¯³ª, ¸¶½ºÄ¿·¹À̵å Ç׸ñÀÌ 500°³°¡ ³ÑÀ¸¸é ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵嵵 ¹ö¹÷À̱⠽ÃÀÛÇÑ´Ù´Â °Íµµ ¾Ë¾ÆµÎ¾î¾ß ÇÒ °ÍÀÌ´Ù.
¸®´ª½º IP ¸¶½ºÄ¿·¹À̵带 Àá½Ã³ª¸¶ ¸ØÃß°Ô ÇÒ ¼ö ÀÖ´Â À¯ÀÏÇÑ ÀÀ¿ëÇÁ·Î±×·¥À¸·Î´Â, ÇÊÀÚ°¡ ¾Æ´Â ÇÑ GameSpy»ÓÀÌ´Ù. ±× ÀÌÀ¯´Â ¸ñ·ÏÀ» °»½ÅÇÒ ¶§, ¸Å¿ì ªÀº ½Ã°£µ¿¾È 10,000°³ÀÇ ºü¸¥ Á¢¼ÓÀ» ÇÊ¿ä·Î Çϱ⠶§¹®ÀÌ´Ù. ÀÌ ÀÏÀÌ ³¡³¯ ¶§±îÁö´Â, ¸¶½ºÄ¿·¹À̵å Å×À̺íÀÌ "²Ë" Â÷°Ô µÈ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº FAQÀÇ
No-Free-Ports
¼½¼ÇÀ» »ìÆ캸±â ¹Ù¶õ´Ù.
¸»ÇÏ´Â ±è¿¡ ¸î°¡Áö ´õ:
TCP¿Í UDP¿¡´Â 4096°³ÀÇ µ¿½Ã Á¢¼Ó ÇÑ°è°¡ ÀÖ´Ù. ÀÌ ÇÑ°è´Â /usr/src/linux/net/ipv4/ip_masq.h¿¡¼ °ªÀ» °Çµå¸®¸é ¼öÁ¤µÉ ¼ö ÀÖ´Ù - À§ÂÊ ÇÑ°èÀÎ 32000 Á¤µµµµ ±¦Âú´Ù. ÇÑ°èÄ¡¸¦ ¼öÁ¤ÇÏ°í ½Í´Ù¸é - PORT_MASQ_BEGIN ¿Í PORT_MASQ_END °ªÀ» 32Kº¸´Ù ³ô°í 64Kº¸´Ù ³·Àº ¹üÀ§·Î ¼öÁ¤ÇÏ¸é µÈ´Ù.
- ¿ì¼± ¸¶À½À» °¡¶ó ¾ÉÈ÷½Ê½Ã¿ä. Â÷¸¦ ÇÑÀÜÇϵ簡, Ä¿Çdzª, À½·á¼ö¶óµç°¡. ±×¸®°í Á» ½¬½Ê½Ã¿ä. ÀÏ´Ü ¸¶À½ÀÌ ÁøÁ¤µÇ¾úÀ¸¸é, ¾Æ·¡¿¡ ÀÖ´Â Á¦¾È´ë·Î µû¶óÇϽʽÿä. ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵带 ¼³Á¤ÇÏ´Â °ÍÀº ¾î·ÆÁö ¾ÊÁö¸¸, ¸î°¡Áö »ý¼ÒÇÑ °³³äÀÌ ÀÖÀ» ¼ö ÀÖ½À´Ï´Ù.
- ÀÚ, ÀÌÁ¦ ´Ù½Ã
Testing
¼½¼Ç¿¡ ÀÖ´Â °Í´ë·Î µû¶óÇϽʽÿä. ¸¶½ºÄ¿·¹À̵带 óÀ½ »ç¿ëÇÏ´Â »ç¶÷µé Áß¿¡¼ ¹®Á¦°¡ ¹ß»ýÇÑ °æ¿ìÀÇ 99%´Â ±× ¼½¼ÇÀ» º¸Áö ¾Ê¾ÒÀ» °Ì´Ï´Ù.
-
IP Masquerade Mailing List Archives¸¦ È®ÀÎÇØ º¸½Ê½Ã¿ä. ¿©·¯ºÐÀÇ Áú¹®À̳ª ¹®Á¦µé Áß ´ëºÎºÐÀº º¸ÅëÀÇ Áú¹®µéÀÌ°í, °£´ÜÈ÷ Archive¸¦ °Ë»öÇØ º¸¸é ´äÀ» ãÀ» ¼ö ÀÖÀ» °Ì´Ï´Ù.
-
TrinityOS ¹®¼¸¦ È®ÀÎÇØ º¸½Ê½Ã¿ä. ±× ¹®¼´Â 2.0.x ¿Í 2.2.x Ä¿³Î¿¡¼ IP ¸¶½ºÄ¿·¹À̵ùÀ» »ç¿ëÇÏ´Â °Í¿¡ ´ëÇؼ ´Ù·ç°í ÀÖÀ¸¸ç, PPPd, DialD, DHCP, DNS, SendmailÀ̳ª ±×¿ÜÀÇ ÁÖÁ¦µéÀ» ´Ù·ç°í ÀÖ½À´Ï´Ù.
- Ȥ½Ã³ª ¿©·¯ºÐÀÌ ROUTED³ª GATED¸¦ ½ÇÇàÇÏ°í ÀÖÁö´Â ¾Ê´ÂÁö È®ÀÎÇϽʽÿä. È®ÀÎÇϱâ À§Çؼ´Â, "ps aux | grep -e routed -e gated"¶ó°í ¸í·ÉÇØ º¸½Ê½Ã¿ä.
- ¿©·¯ºÐÀÇ Áú¹®À» IP ¸¶½ºÄ¿·¹ÀÌµå ¸ÞÀϸµ ¸®½ºÆ®·Î º¸³»½Ê½Ã¿ä(ÀÚ¼¼ÇÑ °ÍÀº FAQÀÇ ´ÙÀ½ ¼½¼ÇÀ» ÂüÁ¶ÇϽʽÿä). ´Ü, Áú¹®¿¡ ´ëÇÑ ´äÀ» IP ¸¶½ºÄ¿·¹À̵ù Archive¿¡¼ ãÀ» ¾øÀ» ¶§¸¸ º¸³»½Ê½Ã¿ä. À̸ÞÀÏÀ» º¸³¾ ¶§´Â
Testing
¼½¼Ç¿¡ ÀÖ´Â ´ë·Î ½ÇÇàÇßÀ» ¶§ÀÇ °á°ú¸¦ ¹Ýµå½Ã Æ÷ÇÔ½ÃÅ°½Ê½Ã¿ä!!
- ¿©·¯ºÐÀÇ Áú¹®À» °ü·ÃµÈ ¸®´ª½º NNTP ´º½º±×·ìÀ¸·Î º¸³»½Ê½Ã¿ä.
-
ambrose@writeme.com°ú
dranch@trinnet.netÀ¸·Î À̸ÞÀÏÀ» º¸³»½Ê½Ã¿ä. ÇÏÁö¸¸, ¿ì¸®µé¿¡°Ô Áú¹®ÇÏ´Â °Íº¸´Ù IP ¸¶½ºÄ¿·¹À̵ù ¸ÞÀϸµ ¸®½ºÆ®¿¡¼ ¿øÇÏ´Â ´äÀ» ¾ò±â°¡ ½¬¿ï °Ì´Ï´Ù.
- ¿©·¯ºÐÀÇ ¼³Á¤À» ´Ù½Ã È®ÀÎÇϽʽÿä. :-)
¸®´ª½º IP ¸¶½ºÄ¿·¹À̵ù ¸ÞÀϸµ ¸®½ºÆ®¿¡ Âü°¡ÇÏ´Â ¹æ¹ý¿¡´Â µÎ°¡Áö°¡ ÀÖ½À´Ï´Ù. ù¹ø° ¹æ¹ýÀº
masq-request@indyramp.comÀ¸·Î ¸ÞÀÏÀ» º¸³»´Â °ÍÀÔ´Ï´Ù. ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵ù °³¹ßÀÚ ¸ÞÀϸµ ¸®½ºÆ®¿¡ Âü°¡Çϱâ À§Çؼ´Â,
masq-dev-request@indyramp.comÀ¸·Î ¸ÞÀÏÀ» º¸³»½Ê½Ã¿ä. ´õ ÀÚ¼¼ÇÑ »çÇ×Àº ¾Æ·¡ÀÇ ±â»ç¸¦ ÂüÁ¶ÇϽʽÿä.
µÎ¹ø° ¹æ¹ýÀº À¥ ºê¶ó¿ìÁ®¸¦ ÀÌ¿ëÇؼ °¡ÀÔÇÏ´Â °Ì´Ï´Ù. ¸¶½ºÄ¿·¹À̵å ÁÖ ¸®½ºÆ®¿¡ °¡ÀÔÇÏ·Á¸é
http://www.indyramp.com/masq-list/ÀÇ Çü½Ä¿¡ ¸ÂÃç¼ °¡ÀÔÇÏ°í, ¸¶½ºÄ¿·¹ÀÌµå °³¹ßÀÚ ¸®½ºÆ®¿¡ °¡ÀÔÇÏ·Á¸é
http://www.indyramp.com/masq-dev-list/¸¦ ÀÌ¿ëÇϽʽÿä.
ÀÏ´Ü °¡ÀÔµÇ°í ³ª¸é, °¡ÀÔµÈ ¸®½ºÆ®¿¡¼ À̸ÞÀÏÀ» ¹ÞÀ» °Ì´Ï´Ù. ¶Ç ÇÑ°¡Áö ¾Ë·ÁµÑ °ÍÀº ¸®½ºÆ®¿¡ °¡ÀÔÇÏµç °¡ÀÔÇÏÁö ¾Êµç, µÎ ¸®½ºÆ®ÀÇ archive¸¦ º¼ ¼ö ÀÖ½À´Ï´Ù. ÀÚ¼¼ÇÑ ¹æ¹ýÀº À§¿¡ ÀÖ´Â µÎ °³ÀÇ À¥ URLÀ» ÂüÁ¶ÇϽʽÿä.
¸¶Áö¸·À¸·Î ¾Ë·ÁµÑ °ÍÀº, ¸¶½ºÄ¿·¹ÀÌµå ¸®½ºÆ®¿¡ ±ÛÀ» ¿Ã¸®±â À§Çؼ´Â óÀ½¿¡ °¡ÀÔÇß´ø °èÁ¤°ú ÁÖ¼Ò¸¦ ÀÌ¿ëÇØ¾ß ÇÑ´Ù´Â °Ì´Ï´Ù.
¸ÞÀϸµ ¸®½ºÆ®³ª ¸ÞÀϸµ ¸®½ºÆ® archive¿¡ °ü·ÃÇÑ ¹®Á¦°¡ ¹ß»ýÇϸé,
Robert Novak¿¡°Ô ¿¬¶ôÇϽʽÿä.
Proxy: ÇÁ·Ï½Ã ¼¹ö´Â ´ÙÀ½ ȯ°æ¿¡¼ »ç¿ë°¡´É: Win95, NT, Linux, Solaris, ±âŸ.
ÀåÁ¡: + ÇÑ°³ÀÇ IP ÁÖ¼Ò ; Àú·ÅÇÔ
+ ´õ ³ªÀº ¼º´É(À¥ µî)À» À§Çؼ ¼±ÅÃÀûÀ¸·Î ij½¬ »ç¿ë
´ÜÁ¡: - ÇÁ·Ï½Ã ¼¹ö µÚ¿¡ ÀÖ´Â ¸ðµç ÀÀ¿ëÇÁ·Î±×·¥µéÀÌ
ÇÁ·Ï½Ã ¼ºñ½º(SOCKS)¸¦ Áö¿øÇØ¾ß ÇÏ°í ÇÁ·Ï½Ã ¼¹ö¸¦
»ç¿ëÇϵµ·Ï ¼³Á¤µÇ¾î¾ß ÇÑ´Ù
- À¥ Ä«¿îÅͳª À¥ Åë°è ÇÁ·Î±×·¥À» È¥¶õ½ÃŲ´Ù
ÇÁ·Ï½Ã ¼¹ö´Â, IP ¸¶½ºÄ¿·¹À̵å¿Í °°ÀÌ, ´Ü ÇÑ°³ÀÇ °ø½ÄÀûÀÎ IP ÁÖ¼Ò¸¦
»ç¿ëÇÏ°í, ³»ºÎ LAN¿¡ Àִ Ŭ¶óÀ̾ðÆ®µé(À¥ ºê¶ó¿ìÀú µîµî)¿¡°Ô ¹ø¿ªÀÚ
¿ªÇÒÀ» ÇÑ´Ù. ÀÌ ÇÁ·Ï½Ã ¼¹ö´Â ³»ºÎ ³×Æ®¿÷À¸·ÎºÎÅÍ ¿À´Â TELNET, FTP,
À¥°ú °°Àº Á¢¼ÓÀ» ÇÑ °³ÀÇ ÀÎÅÍÆäÀ̽º¸¦ ÅëÇؼ ¹Þ¾ÆµéÀδÙ. ±×¸®°í ³ª¼,
ÇÁ·Ï½Ã ¼¹ö ÀÚü¿¡¼ Á¢¼ÓÀ» ¿äûÇÑ °Íó·³ ¹Ù²Ù¾î¼ ¿ÜºÎ·Î º¸³½´Ù.
ÀÏ´Ü ¿ø°ÝÀÇ ÀÎÅÍ³Ý ¼¹ö°¡ ¿äûÇÑ Á¤º¸¸¦ º¸³»¿À¸é, ÇÁ·Ï½Ã ¼¹ö´Â
TCP/IP ÁÖ¼Ò¸¦ ³»ºÎÀÇ Å¬¶óÀ̾ðÆ®ÀÇ ÁÖ¼Ò·Î ´Ù½Ã º¯°æÇÏ°í ³»ºÎ¿¡¼
¿äûÇß´ø È£½ºÆ®·Î º¸³»ÁØ´Ù. ÀÌ·¯ÇÑ °ÍÀ» "ÇÁ·Ï½Ã(´ë¸®ÀÎ)" ¼¹ö¶ó°í
ºÎ¸¥´Ù.
ÁÖÀÇ : ³»ºÎÀÇ ¸Ó½Åµé¿¡¼ »ç¿ëÇÏ´Â ¸ðµç ÀÀ¿ëÇÁ·Î±×·¥Àº
*¹Ýµå½Ã* ÇÁ·Ï½Ã ¼¹ö »ç¿ëÀ» Áö¿øÇØ¾ß ÇÑ´Ù. ¿¹¸¦ µé¸é,
Netscape³ª ¸î¸î ÁÁÀº TELNETÀ̳ª FTP Ŭ¶óÀ̾ðÆ®µé.
ÇÁ·Ï½Ã ¼¹ö¸¦ Áö¿øÇÏÁö ¾Ê´Â Ŭ¶óÀ̾ðÆ®µéÀº µ¿ÀÛÇÏÁö
¾ÊÀ» °ÍÀÌ´Ù.
ÇÁ·Ï½Ã ¼¹öÀÇ ÁÁÀº Á¡ ¶Ç ÇÑ°¡Áö´Â ¾î¶² ¼¹öµéÀº ij½¬ ±â´Éµµ °®Ãß°í
ÀÖ´Ù´Â °ÍÀÌ´Ù(WWW¿¡ »ç¿ëÇÏ´Â Squid). ±×·³, 50°³ÀÇ ÇÁ·Ï½ÃµÇ´Â
È£½ºÆ®µéÀÌ ÀÖ°í, ¸ðµÎ ÇѲ¨¹ø¿¡ Netscape¸¦ ½ÇÇàÇÑ´Ù°í ÇÏÀÚ. ±×µéÀÌ
µðÆúÆ®·Î µÇ¾î Àִ ȨÆäÀÌÁö URL·Î ¼³Á¤µÇ¾ú´Ù¸é, 50°³ÀÇ µ¿ÀÏÇÑ Netcape
À¥ ÆäÀÌÁö¸¦ ¿ø°Ý¿¡¼ ¹Þ¾Æ¿Í¼ ÇØ´çÇÏ´Â ÄÄÇ»ÅÍ·Î º¸³»ÁÖ¾î¾ß ÇÑ´Ù.
ij½¬ ±â´ÉÀÌ ÀÖ´Â ÇÁ·Ï½Ã ¼¹ö¶ó¸é, ÇÁ·Ï½Ã ¼¹ö°¡ ¿ø°ÝÀ¸·ÎºÎÅÍ Çѹø¸¸
ÆäÀÌÁö¸¦ ·ÎµåÇÏ°í, ÇÁ·Ï½Ã ³»ºÎÀÇ ÄÄÇ»Å͵éÀº ij½¬·ÎºÎÅÍ ±× ÆäÀÌÁö¸¦
¹Þ¾Æº¼ °ÍÀÌ´Ù. ÀÌ·¸°Ô Çϸé, ¿ÜºÎ·ÎÀÇ ÀÎÅÍ³Ý Á¢¼Ó ´ë¿ªÆøÀ» Àý¾àÇÒ ¼ö
ÀÖÀ» »Ó ¾Æ´Ï¶ó, ÇÁ·Ï½Ã ³»ºÎÀÇ ¸Ó½ÅµéÀº ÆäÀÌÁö¸¦ Àд °ÍÀÌ ¾ÆÁÖ¾ÆÁÖ
¸¹ÀÌ ºü¸£°Ô ´À²¸Áú °ÍÀÌ´Ù.
MASQ: IP ¸¶½ºÄ¿·¹À̵å´Â ¸®´ª½º¿Í Zytel Prestige128, Cisco 770, NetGear ISDN
ȤÀº ¶ó¿ìÅÍ µîÀÇ ¸î¸î ¶ó¿ìÅÍ¿¡¼ »ç¿ë °¡´ÉÇÏ´Ù.
1´ë´Ù
NAT
ÀåÁ¡: + ¿ÀÁ÷ ÇÑ°³ÀÇ IP ÁÖ¼Ò¸¸ ÇÊ¿äÇÏ´Ù (Àú·ÅÇÔ)
+ ÀÀ¿ëÇÁ·Î±×·¥ÀÌ Æ¯º°ÇÑ °ÍÀ» Áö¿øÇÒ ÇÊ¿ä°¡ ¾ø´Ù
+ ³×Æ®¿÷ º¸¾ÈÀ» °ÈÇϱâ À§Çؼ ¹æȺ® ¼ÒÇÁÆ®¿þ¾î¸¦
»ç¿ëÇÑ´Ù.
´ÜÁ¡: - ¸®´ª½º È£½ºÆ®³ª Ưº°ÇÑ ISDN ¶ó¿ìÅ͸¦ ÇÊ¿ä·Î ÇÑ´Ù
(´Ù¸¥ Á¦Ç°µéµµ ÀÌ ±â´ÉÀ» °¡Áú ¼ö Àִµ¥µµ.. )
- ¿ÜºÎ·ÎºÎÅÍ µé¾î¿À´Â Á¤º¸µéÀº, ³»ºÎ LANÀÇ ÄÄÇ»ÅÍ¿¡¼
¿äûÇÑ °ÍÀÌ ¾Æ´Ï°Å³ª, ƯÁ¤ Æ÷Æ® Æ÷¿öµù ¼ÒÇÁÆ®¿þ¾î°¡
¼³Ä¡µÇ¾î ÀÖÁö ¾ÊÀ¸¸é ³»ºÎ LAN¿¡ Á¢±ÙÇÒ ¼ö ¾ø´Ù.
¸¹Àº NAT ¼¹öµéÀÌ ÀÌ·¯ÇÑ ±â´ÉÀ» Á¦°øÇÏÁö ¾Ê´Â´Ù.
- Ưº°ÇÑ ÇÁ·ÎÅäÄݵéÀº ¹æȺ® Àü´ÞÀÚ(redirector) µî¿¡
ÀÇÇØ °³º°ÀûÀ¸·Î 󸮵Ǿî¾ß ÇÑ´Ù. ¸®´ª½º´Â ÀÌ·¯ÇÑ
±â´É(FTP, IRC, ±âŸµîµî)À» ¿ÏÀüÈ÷ Áö¿øÇÏÁö¸¸ ¸¹Àº
¶ó¿ìÅ͵éÀÌ Áö¿øÇÏÁö ¾Ê´Â´Ù (NetGear´Â Áö¿øÇÑ´Ù).
¸¶½ºÄ¿·¹À̵峪 1´ë´Ù(Òý) NAT´Â, ¼¹ö°¡ IP ÁÖ¼Ò¸¦ ÀüȯÇؼ, ¸¶Ä¡ ³»ºÎ
¸Ó½ÅÀÌ ¾Æ´Ï¶ó ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö ÀÚü°¡ Á¢¼ÓÀ» ¿äûÇÑ °Íó·³(¿¹¸¦ µé¸é
À¥ Á¢¼Ó µî) ¿ø°Ý ¼¹ö¸¦ ¼ÓÀδٴ Á¡¿¡¼´Â, ÇÁ·Ï½Ã ¼¹ö¿Í À¯»çÇÏ´Ù.
¸¶½ºÄ¿·¹À̵å¿Í ÇÁ·Ï½Ã ¼¹öÀÇ ÁÖµÈ Â÷ÀÌÁ¡Àº, ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö´Â
Ŭ¶óÀ̾ðÆ® ¸Ó½Å(³»ºÎ ¸Ó½Å)¿¡°Ô ¾î¶°ÇÑ ¼³Á¤ÀÇ º¯°æµµ ¿ä±¸ÇÏÁö ¾Ê´Â´Ù´Â
°ÍÀÌ´Ù. ´Ü½Ã ³»ºÎ ¸Ó½ÅµéÀÌ ¸®´ª½º È£½ºÆ®¸¦ ±×µéÀÇ ±âº» °ÔÀÌÆ®¿þÀÌ·Î
»ç¿ëÇϵµ·Ï Çϱ⸸ ÇÏ¸é ¸ðµç °ÍÀÌ Àß µ¿ÀÛÇÒ °ÍÀÌ´Ù. (¸®¾ó¿Àµð¿À, FTP
µîÀÌ µ¿ÀÛÇϱâ À§Çؼ´Â ƯÁ¤ ¸®´ª½º ¸ðµâÀ» ¼³Ä¡ÇØ¾ß ÇÑ´Ù!)
¶ÇÇÑ, ¸¹Àº »ç¶÷µéÀÌ IP ¸¶½ºÄ¿·¹À̵带 TELNET, FTP µî¿¡ »ç¿ëÇϸé¼,
*µ¿½Ã¿¡* °°Àº ¸®´ª½º È£½ºÆ®¿¡ À¥ Á¢¼ÓÀ» À§ÇÑ Ä³½¬¿ë ÇÁ·Ï½Ã¸¦ ¼³Ä¡Çؼ
Ãß°¡ÀûÀÎ ¼º´É Çâ»óÀ» ¾ò±âµµ ÇÑ´Ù.
NAT: NAT ¼¹ö´Â Windows 95/NT, Linux, Solaris, ±×¸®°í ¸î¸î °í±ÞÀÇ ISDN
¶ó¿ìÅÍ(Ascend Á¦¿Ü)¿¡¼ »ç¿ëÇÒ ¼ö ÀÖ´Ù
ÀåÁ¡: + ¼³Á¤Çϱ⠸ſì ÁÁ´Ù
+ Ưº°ÇÑ ÀÀ¿ë ¼ÒÇÁÆ®¿þ¾î¸¦ ÇÊ¿ä·Î ÇÏÁö ¾Ê´Â´Ù
´ÜÁ¡: - ISP·ÎºÎÅÍ ¼ºê³ÝÀ» ÇÒ´ç¹Þ¾Æ¾ß ÇÑ´Ù (ºñ½Î´Ù)
Network Address Translation(³×Æ®¿÷ ÁÖ¼Ò Àüȯ)Àº, ÀÎÅͳÝ
ÀÎÅÍÆäÀ̽º¿¡, »ç¿ë °¡´ÉÇÑ IP ÁÖ¼Ò ¸ðÀ½À» °¡Áö°í Àִ ȣ½ºÆ®¸¦
ÁöĪÇÑ´Ù. ³»ºÎ ³×Æ®¿÷¿¡¼ ÀÎÅÍ³Ý Á¢¼ÓÀ» ÇÏ°íÀÚ ÇÒ ¶§, ±× È£½ºÆ®´Â
Á¢¼ÓÀ» ¿äûÇÑ ÄÄÇ»ÅÍÀÇ ¿ø·¡ ³»ºÎ IP ÁÖ¼Ò¿¡, ÀÎÅÍ³Ý ÀÎÅÍÆäÀ̽ºÀÇ
°ø½ÄÀûÀÎ IP ÁÖ¼Ò¸¦ ÇÒ´çÇÑ´Ù. ±× ÈÄ¿¡, ¸ðµç Á¤º¸ ±³È¯Àº NATÀÇ °ø½ÄÀûÀÎ
IP ÁÖ¼Ò¿¡¼ NAT ¾ÈÂÊÀÇ ³»ºÎ ÁÖ¼Ò·Î ÀüȯÇؼ ÀÌ·ç¾îÁø´Ù. ÀÌ¹Ì ÇÒ´çµÈ
°ø½ÄÀûÀÎ NATÀÇ ÁÖ¼Ò°¡ ¹Ì¸® Á¤ÇØÁø ¾ó¸¶°£ÀÇ ½Ã°£ µ¿¾È »ç¿ëµÇÁö ¾ÊÀ¸¸é,
±× °ø½ÄÀûÀÎ IP ÁÖ¼Ò´Â ´Ù½Ã »ç¿ë °¡´ÉÇÑ NAT ÁÖ¼Ò ¸ðÀ½À¸·Î µÇµ¹·Á Áø´Ù.
NAT°¡ °®´Â ÁÖµÈ ¹®Á¦Á¡Àº, ¸ðµç °ø½Ä IP ÁÖ¼ÒµéÀÌ »ç¿ëµÇ¸é, ³»ºÎÀÇ
»ç¿ëÀÚµéÀº »ç¿ë°¡´ÉÇÑ ÁÖ¼Ò°¡ »ý±æ ¶§±îÁö ÀÎÅͳݿ¡ Á¢¼ÓÀ» ÇÒ ¼ö
¾ø´Ù´Â °ÍÀÌ´Ù.
±×·¸½À´Ï´Ù! ±×µéÀº »ç¿ëÀÚ ÀÎÅÍÆäÀ̽º³ª º¹À⼺ µî¿¡ Â÷ÀÌ°¡ ÀÖ½À´Ï´Ù. ±×·¯³ª, Áö±Ý±îÁö´Â ´ëºÎºÐ IPFWADM¸¸ Áö¿øÇÏÁö¸¸ ²Ï ÈǸ¢ÇÕ´Ï´Ù. »ç¿ë ÇÒ ¼ö ÀÖ´Â µµ±¸µéÀ» ¾ËÆĺª ¼øÀ¸·Î °£´ÜÈ÷ ¸ñ·ÏÀ¸·Î ¸¸µé¾ú½À´Ï´Ù. ´Ù¸¥ µµ±¸µéÀ» ¾Ë°í Àְųª ¾î¶² °ÍÀÌ ÁÁ°í ³ª»Ú°í ±î´Ù·Î¿îÁö ÆòÇÏ°í ½Í´Ù¸é, Ambrose³ª David¿¡°Ô À̸ÞÀÏÀ» º¸³»Áֱ⠹ٶø´Ï´Ù.
¿¹, ISP·ÎºÎÅÍ PPP³ª DHCP/BOOTp ¼¹ö¸¦ ÅëÇؼ ÇÒ´ç¹ÞÀº µ¿Àû IP Áּҿ͵µ µ¿ÀÛÇÕ´Ï´Ù. °ø½ÄÀûÀÎ ÀÎÅÍ³Ý IP ÁÖ¼Ò°¡ Àֱ⸸ ÇÏ¸é ¹Ýµå½Ã µ¿ÀÛÇÒ °Ì´Ï´Ù. ¹°·Ð, Á¤Àû IPµµ µ¿ÀÛÇÕ´Ï´Ù. ÇÏÁö¸¸, ¿©·¯ºÐÀÌ °·ÂÇÑ IPFWADM/IPCHAINS Á¤Ã¥À» »ç¿ëÇÏ°íÀÚ ÇѴٰųª, Æ÷Æ® Æ÷¿ö´õ¸¦ »ç¿ëÇÏ°íÀÚ ÇÑ´Ù¸é, ¿©·¯ºÐÀÇ Á¤Ã¥Àº IP ÁÖ¼Ò°¡ ¹Ù²ð ¶§¸¶´Ù ´Ù½Ã ½ÇÇàµÇ¾î¾ß ÇÕ´Ï´Ù. °·ÂÇÑ ¹æȺ® Á¤Ã¥°ú µ¿Àû IP ÁÖ¼Ò¿¡ °üÇÑ Ãß°¡ÀûÀÎ µµ¿òÀº
TrinityOS - Section 10ÀÇ ¾ÕºÎºÐ¿¡¼ ãÀ» ¼ö ÀÖ½À´Ï´Ù.
¿¹, ¸®´ª½º°¡ ±× ³×Æ®¿÷ ÀÎÅÍÆäÀ̽º¸¦ Áö¿øÇϱ⸸ Çϸé, ¹Ýµå½Ã µ¿ÀÛÇÒ °Ì´Ï´Ù. µ¿ÀûÀÎ IP ÁÖ¼Ò¸¦ ÇÒ´ç¹Þ¾Ò´Ù¸é, À§ÀÇ FAQÀÇ "IP ¸¶½ºÄ¿·¹À̵尡 µ¿ÀûÀ¸·Î ÇÒ´ç¹ÞÀº IP Áּҿ͵µ µ¿ÀÛÇմϱî?" Ç׸ñ ¾Æ·¡¿¡ ÀÖ´Â URLÀ» º¸½Ê½Ã¿ä.
¹°·Ð °¡´ÉÇÕ´Ï´Ù! IP ¸¶½ºÄ¿·¹À̵ùÀº Diald³ª PPP¿Í´Â ¿ÏÀüÈ÷ Åõ¸íÇÑ °ü°è¿¡ ÀÖ½À´Ï´Ù(¿ªÀÚÁÖ: ¼·ÎÀÇ ¼¼ºÎÀûÀÎ ³»¿ë¿¡ ¾ô¸ÅÀÌÁö ¾ÊÀ½). ¹®Á¦°¡ µÉ¸¸ÇÑ À¯ÀÏÇÑ °æ¿ì´Â, ¿©·¯ºÐÀÌ µ¿Àû IP ÁÖ¼Ò¿Í ÇÔ²² °·ÂÇÑ ¹æȺ® Á¤Ã¥À» »ç¿ëÇÒ ¶§ÀÔ´Ï´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº À§ÀÇ FAQÀÇ "IP ¸¶½ºÄ¿·¹À̵尡 µ¿ÀûÀ¸·Î ÇÒ´ç¹ÞÀº IP Áּҿ͵µ µ¿ÀÛÇմϱî?" Ç׸ñÀ» º¸½Ê½Ã¿ä.
"µ¿ÀÛÇÏ´Â ÀÀ¿ëÇÁ·Î±×·¥"ÀÇ ¸ñ·ÏÀ» °è¼Ó ¸¸µå´Â °ÍÀº ¸Å¿ì ¾î·Á¿î ÀÛ¾÷ÀÔ´Ï´Ù. ÇÏÁö¸¸, À¥ ºê¶ó¿ì¡(Netscape, MSIE µî), FTP(WS_FTP°°Àº °Íµé), TELNET, SSH, ¸®¾ó ¿Àµð¿À, POP3(¸ÞÀÏ ¹Þ±â - Pine, Eudora, Outlook µî), SMTP(¸ÞÀÏ º¸³»±â), ±âŸ µîµîÀÇ Åë»óÀûÀÎ ÀÎÅÍ³Ý ÀÀ¿ëÇÁ·Î±×·¥Àº ´ëºÎºÐ Áö¿øµË´Ï´Ù. ¸¶½ºÄ¿·¹À̵å¿Í ÇÔ²² µ¿ÀÛÇϴ Ŭ¶óÀ̾ðÆ®µéÀÇ Á» ´õ ¿ÏÀüÇÑ ¸ñ·ÏÀº ÀÌ ÇÏ¿ìÅõÀÇ
Clients
¼½¼Ç¿¡¼ ãÀ» ¼ö ÀÖÀ» °Ì´Ï´Ù.
È»óȸÀÇ ¼ÒÇÁÆ®¿þ¾î¿Í °°ÀÌ, Á»´õ º¹ÀâÇÑ ÇÁ·ÎÅäÄÝÀ̳ª Ưº°ÇÑ Á¢¼Ó ¹æ½ÄÀ» »ç¿ëÇÏ´Â ÀÀ¿ëÇÁ·Î±×·¥µéÀº Ưº°ÇÑ µµ±¸¸¦ °°ÀÌ »ç¿ëÇØ¾ß ÇÕ´Ï´Ù.
´õ ÀÚ¼¼ÇÑ »çÇ×Àº,
Linux IP masquerading Applications ÆäÀÌÁö¸¦ º¸½Ê½Ã¿ä.
¿©·¯ºÐÀÌ ¾î¶°ÇÑ ¸®´ª½º ¹èÆ÷º»À» »ç¿ëÇÏ°í ÀÖµç, ÀÌ ÇÏ¿ìÅõ¿¡¼ ¼³¸íÇÑ IP ¸¶½ºÄ¿·¹ÀÌµå ¼³Á¤ ¹æ¹ýÀº ¿ª½Ã À¯È¿ÇÕ´Ï´Ù. ¾î¶² ¹èÆ÷º»Àº ¼³Á¤À» ½±°Ô ÇØ ÁÖ´Â GUI³ª Ưº°ÇÑ ¼³Á¤ ÈÀÏÀ» °¡Áö°í ÀÖÀ» °Ì´Ï´Ù. ¿ì¸®´Â ÀÌ ÇÏ¿ìÅõ¸¦ °¡´ÉÇϸé ÀϹÝÀûÀÎ »óȲ¿¡ ¸ðµÎ Àû¿ë °¡´ÉÇϵµ·Ï ÀÛ¼ºÇϱâ À§Çؼ ÃÖ¼±À» ´ÙÇß½À´Ï´Ù.
IP ¸¶½ºÄ¿·¹À̵å´Â, ±âº»ÀûÀ¸·Î, TCP ¼¼¼Ç°ú TCP FIN, UDP Åë½ÅµîÀÇ Á¦Çѽð£À» 15ºÐÀ¸·Î ¸ÂÃß¾î ³õ½À´Ï´Ù. ´ÙÀ½ÀÇ ¼³Á¤À»(ÀÌ ÇÏ¿ìÅõÀÇ /etc/rc.d/rc.firewall Á¤Ã¥ ÈÀÏ¿¡ ÀÌ¹Ì ³ª¿Í ÀÖÀ½) °¡´ÉÇÏ¸é ¸ðµç »ç¿ëÀڵ鿡 ´ëÇØ »ç¿ëÇÒ °ÍÀ» ±ÇÀåÇÕ´Ï´Ù:
IPFWADMÀ» »ç¿ëÇÏ´Â ¸®´ª½º 2.0.x:
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec firewall timeout in ICQ itself)
#
/sbin/ipfwadm -M -s 7200 10 60
IPCHAINS¸¦ »ç¿ëÇÏ´Â ¸®´ª½º 2.2.x:
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec firewall timeout in ICQ itself)
#
/ipchains -M -S 7200 10 60
±× ÀÌÀ¯´Â ¿©·¯ºÐÀÌ µ¿ÀûÀÎ IP ÁÖ¼Ò¸¦ °¡Áö°í ÀÖ°í, ÀÎÅÍ³Ý ¿¬°áÀÌ Ã³À½À¸·Î ÀÌ·ç¾îÁú ¶§´Â, IP ¸¶½ºÄ¿·¹À̵尡 IP ÁÖ¼Ò¸¦ ¾Ë ¼ö ¾ø±â ¶§¹®¿¡ ±×·¸½À´Ï´Ù. À̸¦ À§ÇÑ ÇØ°áÃ¥ÀÌ ÀÖ½À´Ï´Ù. ¿©·¯ºÐÀÇ /etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏ¿¡, ´ÙÀ½ ³»¿ëÀ» Ãß°¡ÇϽʽÿä:
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following
# option. This enables dynamic-ip address hacking in IP MASQ, making the life
# with Diald and similar programs much easier.
#
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
ÀÌ¿¡´Â, µÎ°¡Áö ÀÌÀ¯¸¦ »ý°¢ÇØ º¼ ¼ö ÀÖ½À´Ï´Ù. ù¹ø°´Â ¸Å¿ì ÀÚÁÖ ÀϾ´Â °ÍÀÌ°í, µÎ¹ø°´Â ¸Å¿ì µå¹® °æ¿ìÀÔ´Ï´Ù.
- 2.0.36°ú 2.2.9 ¸®´ª½º Ä¿³Î¿¡´Â ²Ï ã±â Èûµç ¹ö±×°¡ ¸¶½ºÄ¿·¹À̵å ÄÚµå ³»¿¡ ÀÖ¾î¼, DF ȤÀº "Don't Fragment(Á¶°¢³»Áö ¸»°Í)" ºñÆ®°¡ ¼³Á¤µÇ¾î ÀÖ´Â ÆÐŶ°ú´Â ¹®Á¦¸¦ ÀÏÀ¸Åµ´Ï´Ù. ±âº»ÀûÀ¸·Î, ¸¶½ºÄ¿·¹ÀÌµå ¹Ú½º°¡ 1500º¸´Ù ÀÛÀº °ªÀÇ MTU·Î ÀÎÅͳݿ¡ ¿¬°áµÉ ¶§, ¸î¸î ÆÐŶÀÌ DF Çʵ尡 ¼³Á¤µÉ ¼ö ÀÖ½À´Ï´Ù. ¸®´ª½º ¹Ú½º¿¡¼ MTU¸¦ 1500À¸·Î º¯°æÇÏ¸é ¹®Á¦°¡ ÇØ°áµÇ´Â µí Çϱä ÇÏÁö¸¸, ¹ö±×´Â ¿©ÀüÈ÷ ³²¾Æ ÀÖ½À´Ï´Ù. ¹®Á¦¶ó°í »ý°¢µÇ´Â °ÍÀº, ¸¶½ºÄ¿·¹À̵å Äڵ尡, ICMP 3 sub 4 Äڵ带 °®´Â ICMP ÆÐŶÀÌ µ¹¾Æ¿À¸é ¿ø·¡ÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»ÅÍ·Î °¡µµ·Ï Á¦´ë·Î ó¸®ÇÏÁö ¸øÇÑ´Ù´Â °ÍÀÔ´Ï´Ù. ÀÌ ¶§¹®¿¡, ÆÐŶÀÌ Áß°£¿¡ ´©¶ôµË´Ï´Ù. ¸¸¾à ¿©·¯ºÐÀÌ ³×Æ®¿÷ ÇÁ·Î±×·¡¸ÓÀÌ°í ÀÌ ¹®Á¦¸¦ °íÄ¥ ¼ö ÀÖ´Ù°í »ý°¢µÇ¸é.. µµÀüÇØ º¸½Ê½Ã¿ä!
ÇÏÁö¸¸ °ÆÁ¤ÇÒ °ÍÀº ¾ø½À´Ï´Ù. ¸Å¿ì ÈǸ¢ÇÑ º¸¿ÏÃ¥Àº ¿©·¯ºÐÀÇ ÀÎÅÍ³Ý Á¢¼ÓÀÇ MTU¸¦ 1500À¸·Î º¯°æÇÏ´Â °ÍÀÔ´Ï´Ù. ±×·¸°Ô µÇ¸é ¾î¶² »ç¿ëÀÚµéÀº ºÒÆòÇÏ°Ô µÉ °ÍÀε¥, ±×°Ç TELNETÀ̳ª °ÔÀÓµî ¸î¸î ÀáÀç´É·Â¿¡ ¹Î°¨ÇÑ ÇÁ·Î±×·¥µéÀÌ ¹®Á¦¸¦ ÀÏÀ¸Å°±â ¶§¹®ÀÔ´Ï´Ù. ÇÏÁö¸¸, ÇÇÇØ´Â ´ÜÁö Á¶±ÝÀÏ »ÓÀÔ´Ï´Ù. HTTP¿Í FTP ¼Óµµ´Â ´õ ÁÁ¾ÆÁú °ÍÀÔ´Ï´Ù!
ÀÌ ¹®Á¦¸¦ °íÄ¡±â À§Çؼ´Â, ¿ì¼± ¿©·¯ºÐÀÇ ÀÎÅÍ³Ý ¿¬°áÀÇ MTU°¡ ¾ó¸¶ÀÎÁö ÇöÀç ¾ó¸¶ÀÎÁö ¾Ë¾Æ¾ß ÇÕ´Ï´Ù. È®ÀÎÇÏ´Â ¹æ¹ýÀº, "/bin/ifconfig"¶ó°í ¸í·ÉÇÏ´Â °ÍÀÔ´Ï´Ù. ÀÌÁ¦ ¿©·¯ºÐÀÇ ÀÎÅÍ³Ý ¿¬°á¿¡ ÇØ´çÇÏ´Â ¶óÀεéÀ» »ìÆ캸°í MTU°¡ ¾ó¸¶ÀÎÁö È®ÀÎÇÕ´Ï´Ù. ÀÌ °ªÀº 1500À̾î¾ß ÇÕ´Ï´Ù. º¸Åë Ethernet(ÀÌ´õ³Ý) ¿¬°áÀº ±âº»ÀûÀ¸·Î ÀÌ °ªÀ¸·Î µÇ¾î ÀÖÀ» °ÍÀÌ°í, PPP´Â ±âº»ÀûÀ¸·Î 576À¸·Î µÇ¾î ÀÖÀ» °Ì´Ï´Ù.
- PPP Á¢¼Ó¿¡¼ MTU °ªÀ» °íÄ¡±â À§Çؼ´Â, /etc/ppp/options ÈÀÏÀ» ÆíÁýÇؼ ÀºÎºÐ¿¡ "mtu 1500"°ú "mru 1500"À̶ó´Â ¶óÀεéÀ» Ãß°¡ÇÕ´Ï´Ù. º¯°æ»çÇ×À» ÀúÀåÇÏ°í PPP¸¦ Àç½ÃÀÛÇÕ´Ï´Ù. À§¿¡¼¿Í °°Àº ¹æ¹ýÀ¸·Î PPP Á¢¼ÓÀÌ ÀÌÁ¦´Â Á¦´ë·Î µÈ MTU °ªÀ» °®´ÂÁö È®ÀÎÇÕ´Ï´Ù.
- ADSLÀ̳ª ÄÉÀÌºí ¸ðµ© µîÀÇ Ethernet ¿¬°á¿¡¼ MTU °ªÀ» °íÄ¡±â À§Çؼ´Â, ¿©·¯ºÐÀÇ ³×Æ®¿÷ ½ÃÀÛ ½ºÅ©¸³Æ®¸¦ ÆíÁýÇØ¾ß ÇÕ´Ï´Ù. ³×Æ®¿÷ ÃÖÀûÈ¿¡ °üÇؼ´Â
TrinityOS - Section 16 ¹®¼¸¦ º¸½Ê½Ã¿ä.
- ¸¶Áö¸·À¸·Î, º¸Åë ÀϾ´Â ¹®Á¦´Â ¾Æ´ÏÁö¸¸, ¾î¶² ¶§´Â ÀÌ·± ÇØ°áÃ¥ÀÌ ÇÊ¿äÇÑ °æ¿ì°¡ ÀÖ½À´Ï´Ù. PPP »ç¿ëÀÚÀÇ °æ¿ì¿¡, PPPd Äڵ尡 ¾î¶² Æ÷Æ®·Î Á¢¼ÓÇϴ°¡ ÇÏ´Â °ÍÀÔ´Ï´Ù. /dev/cua* Æ÷Æ®Àΰ¡, /dev/ttyS* Æ÷Æ®Àΰ¡ ÇÏ´Â °ÍÀÔ´Ï´Ù. /dev/ttyS* Æ÷Æ®¿©¾ß ÇÕ´Ï´Ù. cua ½ºÅ¸ÀÏÀº ¿¹Àü °ÍÀÌ°í, ¸Å¿ì ƯÀÌÇÑ ¹æ¹ýÀ¸·Î ¹®Á¦¸¦ ÀÏÀ¸Åµ´Ï´Ù.
ÀÌ°Í¿¡´Â ¸î°¡Áö ÀÌÀ¯°¡ ÀÖÀ» ¼ö ÀÖ½À´Ï´Ù:
- Ȥ½Ã³ª ¿©·¯ºÐÀÇ ³»ºÎ ³×Æ®¿÷°ú ¿ÜºÎ ³×Æ®¿÷ÀÌ IP Alias ±â´ÉÀ» ÅëÇؼ °°Àº ³×Æ®¿÷ Ä«µå¿¡¼ µ¿ÀÛÇÏ°í ÀÖÁö´Â ¾Ê´ÂÁö È®ÀÎÇϽʽÿä. ¸¸¾à ±×·¸´Ù¸é, ³×Æ®¿÷ Ä«µå Çϳª¸¦ ´õ ±¸Çؼ ³»ºÎ ³×Æ®¿÷°ú ¿ÜºÎ ³×Æ®¿÷ÀÌ ±×µé ÀÚ½ÅÀÇ ÀÎÅÍÆäÀ̽º¿¡¼ µ¿ÀÛÇϵµ·Ï ÇÒ °ÍÀ» °·ÂÀÌ ±ÇÀåÇÕ´Ï´Ù.
- ¸¸¾à ¿©·¯ºÐÀÌ ¿ÜÀå ¸ðµ©À» »ç¿ëÇÏ°í ÀÖ´Ù¸é, Ç°ÁúÀÌ ÁÁÀº Á÷·Ä ÄÉÀ̺íÀ» »ç¿ëÇÏ°í ÀÖ´ÂÁö È®ÀÎÇϽʽÿä. ¶ÇÇÑ, ¸¹Àº PCµéÀÌ ½Î±¸·ÁÀÇ ¸®º» ÄÉÀ̺í·Î ¸¶´õº¸µå³ª I/O Ä«µåÀÇ Á÷·Ä Æ÷Æ®¿Í ¿ÜºÎ Á÷·Ä Æ÷Æ® Á¢¼Ó ´ÜÀÚ¸¦ ¿¬°áÇÏ°í ÀÖ½À´Ï´Ù. ÀÌ·± °æ¿ì¿¡ ÇØ´çµÈ´Ù¸é, ÄÉÀ̺í°ú ´ÜÀÚÀÇ »óÅ°¡ ¾çÈ£ÇÑÁö È®ÀÎÇϽʽÿä. °³ÀÎÀûÀ¸·Î, ÇÊÀÚ´Â ¸ðµç ¸®º» ÄÉÀ̺í ÁÖÀ§¿¡ Æä¶óÀÌÆ® ÄÚÀÏ(£Àº ȸ»öÀÇ µÕ±Ù ±Ý¼Ó)À» °¨¾Æ³õ°í ÀÖ½À´Ï´Ù.
- ÀÌ ÇÏ¿ìÅõÀÇ À§ÂÊ FAQ¿¡¼ ¼³¸íÇÑ ´ë·Î MTU°¡ 1500À¸·Î µÇ¾î ÀÖ´ÂÁö È®ÀÎÇϽʽÿä.
- ½Ã¸®¾ó Æ÷Æ®°¡ 16550AÀ̰ųª ȤÀº ´õ ÁÁÀº UARTÀÎÁö È®ÀÎÇϽʽÿä. È®ÀÎÇϱâ À§Çؼ´Â "dmesg | more"¶ó°í ¸í·ÉÇϽʽÿä.
- PPP Á¢¼ÓÀ» À§ÇÑ ½Ã¸®¾ó Æ÷Æ®°¡ 115200À¸·Î µ¿ÀÛÇÏ´ÂÁö È®ÀÎÇϽʽÿä(¸ðµ©°ú ½Ã¸®¾ó Æ÷Æ®°¡ ó¸®ÇÒ ¼ö ÀÖ´Ù¸é ´õ ºü¸¥ °ª.. À̸¦ Å׸é ISDN Å͹̳Π¾î´ðÅÍ(TA).
- 2.0.x Ä¿³Î: 2.0.x Ä¿³ÎÀº Á» ±«»óÇÑ ¸éÀÌ ÀÖ¾î¼ Ä¿³Î¿¡°Ô ½Ã¸®¾ó Æ÷Æ® ¼Óµµ¸¦ 115200À¸·Î ¸ÂÃßµµ·Ï Á÷Á¢ ¸í·ÉÇÒ ¼ö ¾ø½À´Ï´Ù. ±×·¡¼, /etc/rc.d/rc.localÀ̳ª /etc/rc.d/rc.serial °°Àº Ãʱ⠽ºÅ©¸³Æ®¿¡¼, ´ÙÀ½ ¸í·ÉÀ» ½ÇÇàÇϵµ·Ï ÇÕ´Ï´Ù(¸ðµ©À» COM2¿¡¼ »ç¿ëÇÒ ¶§):
- setserial /dev/ttyS1 spd_vhi
- PPPd ½ºÅ©¸³Æ®¿¡¼, ½ÇÁ¦ pppd¸¦ ½ÇÇàÇÏ´Â °÷À» ¼Óµµ°¡ "38400"ÀÌ µÇµµ·Ï °íĨ´Ï´Ù(pppdÀÇ man page ÂüÁ¶).
- 2.2.x Ä¿³Î: 2.0.x Ä¿³Î°ú ´Ù¸£°Ô, 2.1.x¿Í 2.2.x Ä¿³ÎÀº ÀÌ·± "spd_vhi" ¹®Á¦°¡ ¾ø½À´Ï´Ù.
- ±×·¡¼, PPPd ½ºÅ©¸³Æ®¿¡¼, ½ÇÁ¦ pppd¸¦ ½ÇÇàÇÏ´Â °÷À» ¼Óµµ°¡ "115200"ÀÌ µÇµµ·Ï °íÄ¡±â¸¸ ÇÕ´Ï´Ù(pppdÀÇ man page ÂüÁ¶).
- TCP Sliding window¸¦ ÃÖ¼ÒÇÑ 8192°¡ µÇµµ·Ï ¼³Á¤ÇÕ´Ï´Ù.
- ÀÌ ³»¿ëÀº ÀÌ ¹®¼ÀÇ ¹üÀ§¸¦ ¿ÏÀüÈ÷ ¹þ¾î³ªÁö¸¸, ÀÌ·¸°Ô ÇÏ¸é ³»Àå/¿ÜÀå PPP, Ethernet, TokenRing µî ¾î¶°ÇÑ ³×Æ®¿÷ ±¸¼ºÀ» °®°í ÀÖµç ¸¹Àº µµ¿òÀÌ µÉ °ÍÀÔ´Ï´Ù. ´õ ÀÚ¼¼ÇÑ »çÇ×Àº,
TrinityOS - Section 16ÀÇ ³×Æ®¿÷ ÃÖÀûÈ ¼½¼ÇÀ» º¸½Ê½Ã¿ä.
- ½Ã¸®¾ó Æ÷Æ®¿¡ IRQ-TuneÀ» ¼³Á¤
- ´ëºÎºÐÀÇ PC Çϵå¿þ¾î¿¡¼, Craig EsteyÀÇ
IRQTUNE µµ±¸¸¦ »ç¿ëÇÏ¸é ½Ã¸®¾ó Æ÷Æ®ÀÇ ¼º´ÉÀÌ SLIP°ú PPP¸¦ Æ÷ÇÔÇؼ ȹ±âÀûÀ¸·Î Çâ»óµÉ °Ì´Ï´Ù.
¿©·¯ºÐÀÌ º¸Åë º¸°Ô µÉ ¸Þ½ÃÁö´Â ¾Æ¸¶µµ ´ÙÀ½ µÎ°¡ÁöÀÏ °Ì´Ï´Ù:
- MASQ: Failed TCP Checksum error: ÀÌ ¿¡·¯°¡ º¸ÀÌ´Â °æ¿ì´Â, ÀÎÅͳݿ¡¼ ¿À´Â ÆÐŶÀÌ µ¥ÀÌŸ ¼½¼Ç¿¡ ¹®Á¦°¡ ÀÖÁö¸¸ ³ª¸ÓÁö´Â ±¦Âú¾Æ "º¸ÀÏ" ¶§ÀÔ´Ï´Ù. ¸®´ª½º ¹Ú½º°¡ÀÌ ÀÌ·± ÆÐŶÀ» ¹ÞÀ¸¸é, ÆÐŶÀÇ CRC¸¦ °è»êÇؼ ÆÐŶ¿¡ ¹®Á¦°¡ ÀÖ´Ù´Â °ÍÀ» ÆÇ´ÜÇÕ´Ï´Ù. Microsoft Windows¿Í °°Àº OS¸¦ ¿î¿µÇÏ´Â ´ëºÎºÐÀÇ ¸Ó½ÅµéÀº, ÀÌ·± ÆÐŶÀ» ±×³É Á¶¿ëÈ÷ ¹«½ÃÇÏÁö¸¸ ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵å´Â ±×°ÍÀ» SYSLOG¿¡ º¸°íÇÕ´Ï´Ù. ¸¸¾à PPP Á¢¼Ó¿¡¼ ÀÌ·± ¸Þ½ÃÁö¸¦ "¾ÆÁÖ ¸¹ÀÌ" Á¢ÇÏ°Ô µÈ´Ù¸é, À§ÀÇ FAQ Ç׸ñ Áß "¸¶½ºÄ¿·¹À̵尡 ´À¸³´Ï´Ù"¸¦ º¸½Ã±â ¹Ù¶ø´Ï´Ù.
- ±× Ç׸ñÀÇ ³»¿ëÀÌ µµ¿òÀÌ ¾È µÉ ¶§´Â, /etc/ppp/options ÈÀÏ¿¡ "-vj"¶ó´Â ÁÙÀ» Ãß°¡ÇÏ°í PPPd¸¦ Àç½ÃÀÛÇØ º¸½Ã±â ¹Ù¶ø´Ï´Ù.
- Firewall hits: ÀÎÅͳÝÀ» »ç¿ëÇÏ¸é¼ °ü´ëÇÑ(¾ö°ÝÇÏÁö ¾ÊÀº) ¹æȺ®À» ¿î¿µÇÑ´Ù¸é, ¾ó¸¶³ª ¸¹Àº »ç¶÷µéÀÌ ¿©·¯ºÐÀÇ ¸®´ª½º ¹Ú½º¿¡ ħÀÔÇÏ·Á°í ÇÏ´ÂÁö¸¦ º¸°í¼ ³î¶ó°Ô µÉ °Ì´Ï´Ù! ±×·³ ÀÌ·± ¹æȺ®ÀÇ ·Î±×µéÀÌ ÀǹÌÇÏ´Â °Ç ¹»±î¿ä?
TrinityOS - Section 10 ¹®¼¿¡¼:
¾Æ·¡ÀÇ Á¤Ã¥¿¡¼, ¾î¶² Æ®·¡ÇÈÀ» °ÅÀý ¶Ç´Â °ÅºÎÇÏ´Â ¶óÀεéÀº "-o"
¿É¼ÇÀ» °¡Áö°í ÀÖ¾î¼ ¹æȺ®¿¡ÀÇ Á¢±Ù ±â·ÏÀ» ´ÙÀ½ÀÇ À§Ä¡¿¡ ÀÖ´Â
SYSLOG ¸Þ½ÃÁö ÈÀÏ¿¡ ³²±é´Ï´Ù:
Redhat: /var/log
Slackware: /var/adm
ÀÌ ¹æȺ® ·Î±×µéÀ» »ìÆ캸¸é, ´ÙÀ½ÀÇ °Íµé°ú °°Àº °ÍÀ» º¸°Ô µÉ °Ì´Ï´Ù:
---------------------------------------------------------------------
IPFWADM:
Feb 23 07:37:01 Roadrunner kernel: IP fw-in rej eth0 TCP 12.75.147.174:1633
100.200.0.212:23 L=44 S=0x00 I=54054 F=0x0040 T=254
IPCHAINS:
Packet log: input DENY eth0 PROTO=17 12.75.147.174:1633 100.200.0.212:23
L=44 S=0x00 I=54054 F=0x0040 T=254
---------------------------------------------------------------------
ÀÌ ´Ü ÇÑ ÁÙ¿¡´Â ¾ÆÁÖ ¸¹Àº Á¤º¸°¡ ÀÖ½À´Ï´Ù. ÀÌ ¿¹¸¦ ºÐ¼®ÇØ º¸¸é¼ ¿©·¯ºÐÀÌ
º¸°ÔµÇ´Â ¹æȺ® Á¢±Ù ±â·ÏÀ» È®ÀÎÇØ º¾½Ã´Ù. ÀÌ ¿¹´Â IPFWADMÀ» ¼³¸íÇÏ°í ÀÖÁö¸¸
IPCHAINS »ç¿ëÀڵ鵵 ¹Ù·Î ¹«¾ðÁö ¾Ë ¼ö ÀÖÀ» °Ì´Ï´Ù.
--------------
- ÀÌ ¹æȺ® "Á¢±Ù"Àº "Feb 23 07:37:01"¿¡ ¹ß»ýÇß½À´Ï´Ù.
- ÀÌ Á¢±ÙÀº "RoadRunner"¶ó´Â ÄÄÇ»ÅÍ¿¡ ´ëÇÑ °ÍÀÔ´Ï´Ù.
- ÀÌ Á¢±ÙÀº "IP" ȤÀº TCP/IP ÇÁ·ÎÅäÄÝÀ» ÅëÇÑ °ÍÀÔ´Ï´Ù.
- ÀÌ Á¢±ÙÀº ¹æȺ®À¸·Î "µé¾î¿À´Â"("fw-in") °ÍÀÔ´Ï´Ù.
* ´Ù¸¥ ·Î±×µéÀº "³ª°¡´Â" °Í¿¡ ´ëÇؼ "fw-out" ȤÀº FORWARDÇÏ´Â
°Í¿¡ ´ëÇؼ´Â "fw-fwd"¶ó°í ÇÒ °ÍÀÔ´Ï´Ù.
- ÀÌ Á¢±ÙÀº "°ÅºÎµÇ¾ú½À´Ï´Ù(rejECTED)".
* ´Ù¸¥ ·Î±×µéÀº "deny" ȤÀº "accept"¶ó°í ÇÒ ¼öµµ ÀÖ½À´Ï´Ù.
- ÀÌ ¹æȺ® Á¢±Ù "eth0" ÀÎÅÍÆäÀ̽º(ÀÎÅÍ³Ý ¿¬°á)¿¡¼ ÀϾ½À´Ï´Ù.
- ÀÌ Á¢±ÙÀº "TCP" ÆÐŶÀ̾ú½À´Ï´Ù.
- ÀÌ Á¢±ÙÀº "12.75.147.174"fksms IP ÁּҷκÎÅÍ ¿Â °ÍÀÌ°í "1633"¹ø
Æ÷Æ®·Î µ¹·ÁÁ³½À´Ï´Ù.
- ÀÌ Á¢±ÙÀº "100.200.0.212"¶ó´Â ÁÖ¼Ò¿¡ "23"¹ø Æ÷Æ® ȤÀº TELNETÀ¸·Î
¿¬°áÇϱâ À§ÇÑ °ÍÀ̾ú½À´Ï´Ù.
* 23¹ø Æ÷Æ®°¡ TELNETÀ» À§ÇÑ °ÍÀÎÁö Àß ¸ð¸£°Ú´Ù¸é,
/etc/services ÈÀÏ¿¡¼ Æ÷Æ®¸¦ È®ÀÎÇϽʽÿä.
- ÀÌ ÆÐŶÀº Å©±â°¡ "44" ¹ÙÀÌÆ®¿´½À´Ï´Ù.
- ÀÌ ÆÐŶÀº "Type of Service(¼ºñ½º Á¾·ù)"°¡ ¼³Á¤µÅ ÀÖÁö ¾Ê¾Ò½À´Ï´Ù.
--ÀÌ ¸»À» ÀÌÇØÇÏÁö ¸øÇÏ´õ¶ó°í °ÆÁ¤ÇÏÁö ¸¶½Ê½Ã¿ä.. ¾Ë ÇÊ¿ä
¾ø½À´Ï´Ù.
* ipchains »ç¿ëÀÚÀÇ °æ¿ì ÀÌ °ªÀ» 4·Î ³ª´©¸é ¼ºñ½º Á¾·ù°¡
µË´Ï´Ù.
- ÀÌ ÆÐŶÀº "IP ID" ¹øÈ£°¡ "18" À̾ú½À´Ï´Ù.
--ÀÌ ¸»À» ÀÌÇØÇÏÁö ¸øÇÏ´õ¶ó°í °ÆÁ¤ÇÏÁö ¸¶½Ê½Ã¿ä.. ¾Ë ÇÊ¿ä
¾ø½À´Ï´Ù.
- ÀÌ ÆÐŶÀº 16ºñÆ®ÀÇ Á¶°¢ À§Ä¡¸¦ °¡Áö°í ÀÖ°í TCP/IP ÆÐŶ Ç÷¡±×´Â
"0x0000"À̾ú½À´Ï´Ù.
--ÀÌ ¸»À» ÀÌÇØÇÏÁö ¸øÇÏ´õ¶ó°í °ÆÁ¤ÇÏÁö ¸¶½Ê½Ã¿ä.. ¾Ë ÇÊ¿ä
¾ø½À´Ï´Ù.
* "0x2..."³ª "0x3..."·Î ½ÃÀÛÇÏ´Â °ªÀº "´õ ¸¹Àº Á¶°¢" ºñÆ®°¡
µÇ¾î¼ ´õ¸¹Àº Á¶°¢³ ÆÐŶµéÀÌ µµÂøÇؾßÁö ÀÌ "Å«" ÆÐŶÀÌ
¿Ï¼ºµÉ °ÍÀ̶ó´Â °ÍÀ» ÀǹÌÇÕ´Ï´Ù.
* "0x4..."³ª "0x5..."·Î ½ÃÀÛÇÏ´Â °ªÀº "Á¶°¢³»±â ±ÝÁö" ºñÆ®°¡
¼³Á¤µÇ¾î ÀÖ´Ù´Â °ÍÀ» ÀǹÌÇÕ´Ï´Ù.
* ´Ù¸¥ °ªµéÀº Á¶°¢ À§Ä¡ (8·Î ³ª¿ì¾úÀ» ¶§) °ªµéÀÌ°í ³ªÁß¿¡ ¿ø·¡ÀÇ
Å« ÆÐŶÀ¸·Î Á¶ÇÕÇÒ ¶§ »ç¿ëµË´Ï´Ù.
- ÀÌ ÆÐŶÀº Áö¼Ó½Ã°£(TimeToLive) (TTL)ÀÌ 20À̾ú½À´Ï´Ù.
* ÀÎÅͳݻ󿡼ÀÇ ¸Å µµ¾à ¶§ ¸¶´Ù ÀÌ °ªÀº 1¾¿ °¨¼ÒÇÕ´Ï´Ù. º¸Åë,
ÆÐŶµéÀº Ãâ¹ßÇÒ ¶§ 255ÀÇ °ªÀ» °®°í ¸¸¾à ÀÌ ¼ýÀÚ°¡ °á±¹ 0ÀÌ
µÇ¸é, ÆÐŶÀº ¾ø¾îÁø °ÍÀ̶ó¼ Áö¿öÁö°Ô µÉ °Ì´Ï´Ù.
¿¹! IPPORTFW¸¦ »ç¿ëÇϸé, ¸ðµç, ȤÀº ¼±ÅÃµÈ ¸î¸î ÀÎÅÍ³Ý È£½ºÆ®µéÀÌ ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»Å͵鿡 Á¢¼ÓÇÒ ¼ö ÀÖµµ·Ï ÇÒ ¼ö ÀÖ½À´Ï´Ù. ÀÌ ÁÖÁ¦¿¡ ´ëÇؼ´Â
Forwarders
¼½¼Ç¿¡¼ »ó¼¼È÷ ´Ù·ç°í ÀÖ½À´Ï´Ù.
³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ¸Ó½Å Áß Çϳª°¡ ÀÎÅͳÝÀ¸·Î ³ª°¡´Â ÆÐŶÀ» ºñÁ¤»óÀûÀ¸·Î ¸¹ÀÌ ¸¸µé°í Àֱ⠶§¹®ÀÔ´Ï´Ù. IP ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö´Â ¸¶½ºÄ¿·¹À̵å Å×À̺íÀ» ¸¸µé°í ÀÌ ÆÐŶµéÀ» ÀÎÅͳÝÀ¸·Î ³»º¸³»´Âµ¥, ÀÌ Å×À̺íÀÌ ³Ê¹« »¡¸® ä¿öÁö´Â °Ì´Ï´Ù. ÀÏ´Ü Å×À̺íÀÌ ²Ë Â÷°Ô µÇ¸é, ÀÌ¿Í °°Àº ¿¡·¯¸¦ ³»°Ô µË´Ï´Ù.
ÀÌ·¯ÇÑ »óȲÀ» ¸¸µé¾î ³»´Â ÀÀ¿ëÇÁ·Î±×·¥À¸·Î¼ Á¦°¡ ¾Ë°í ÀÖ´Â À¯ÀÏÇÑ °ÍÀº "GameSpy"¶ó´Â °ÔÀÓ ÇÁ·Î±×·¥ÀÔ´Ï´Ù. ÀÌÀ¯´Â, Gamespy¶ó´Â °ÔÀÓÀº ¼¹öÀÇ ¸®½ºÆ®¸¦ ¸¸µé°í, ±× ¸®½ºÆ®¿¡ ÀÖ´Â ¼öõ°³ÀÇ ¸ðµç °ÔÀÓ ¼¹ö¿¡ pingÀ» Çϱ⠶§¹®ÀÔ´Ï´Ù. ÀÌ·¸°Ô pingÀ» ÇÔÀ¸·Î½á, ¸Å¿ì ªÀº ½Ã°£µ¿¾È ¼ö¸¸°³ÀÇ ºü¸¥ Á¢¼ÓÀ» ¿ä±¸ÇÕ´Ï´Ù. À̵éÀÌ IP ¸¶½ºÄ¿·¹À̵åÀÇ ½Ã°£Á¦ÇÑ¿¡ °É·Á¼ ³¡³¯ ¶§±îÁö, ¸¶½ºÄ¿·¹À̵å Å×À̺íÀ» "²Ë" Â÷°Ô µË´Ï´Ù.
±×·³ ¾î¶»°Ô Çϳª¿ä? ÀÌ»óÀûÀ¸·Î ¸»ÇÑ´Ù¸é, ±×·± ÇÁ·Î±×·¥Àº ¾²Áö ¸¶½Ê½Ã¿ä. ·Î±× ÈÀÏ¿¡ ±×·± ¿¡·¯µéÀÌ ½×Àδٸé, ¾î¶² ÇÁ·Î±×·¥ÀÎÁö ã¾Æ³»¼ »ç¿ëÀ» ÁßÁöÇϽʽÿä. ÇÏÁö¸¸, ¿©·¯ºÐÀÌ GameSpy°°Àº °ÔÀÓÀ» Á¤¸»·Î ÁÁ¾ÆÇÑ´Ù¸é, ¼¹ö ¸ñ·ÏÀ» °»½ÅÇÏ´Â °ÍÀ» ¸¹ÀÌ ÇÏÁö ¸¶½Ê½Ã¿ä. ¾î·µç, ±×·± ÇÁ·Î±×·¥µéÀ» »ç¿ëÇÏÁö ¾Ê´Â´Ù¸é, ¸¶½ºÄ¿·¹À̵尡 ³»º¸³»´ø ±× ¿¡·¯µéÀº ´õ ÀÌ»ó ³ªÅ¸³ªÁö ¾ÊÀ» °Ì´Ï´Ù.
"ipfwadm: setsockopt failed: Protocol not available"¶ó´Â ¿¡·¯ ¸Þ½ÃÁö¸¦ ¸¸³´Ù¸é, »õ·Ó°Ô ÄÄÆÄÀÏÇÑ Ä¿³ÎÀ» »ç¿ëÇÏ°í ÀÖÁö ¾ÊÀº °ÍÀÔ´Ï´Ù. »õ Ä¿³ÎÀ» Á¦ À§Ä¡¿¡ ¿Å±â°í, LILO¸¦ ´Ù½Ã ½ÇÇàÇÏ°í, ´Ù½Ã ÀçºÎÆÃÇØ º¸½Ê½Ã¿ä.
ÀÚ¼¼ÇÑ »çÇ×Àº
Forwarders
¼½¼ÇÀÇ ¸¶Áö¸· ºÎºÐÀ» º¸½Ê½Ã¿ä.
MicrosoftÀÇ SMB ÇÁ·ÎÅäÄÝÀ» Á¦´ë·Î Áö¿øÇϱâ À§Çؼ´Â ±×¸¦ À§ÇÑ ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀÌ ÀÖ¾î¾ß ÇÏÁö¸¸, ÇöÀç·Î¼´Â ¼¼°¡ÁöÀÇ ¿ìȸÀûÀÎ ¹æ¹ýÀÌ ÀÖ½À´Ï´Ù.
ÀÚ¼¼ÇÑ »çÇ×Àº,
this Microsoft KnowledgeBase articleÀ» º¸½Ê½Ã¿ä.
ù¹ø° ¿ìȸ¹æ¹ýÀº, IPPORTFW¸¦
Forwarders
¼½¼Ç¿¡ ³ª¿Â ´ë·Î ¼³Á¤ÇÏ°í, TCP Æ÷Æ® 137, 138, 139¸¦ ³»ºÎÀÇ À©µµ¿ìÁî ¸Ó½ÅÀÇ IP ÁÖ¼Ò·Î Æ÷¿öµåÇÏ´Â °ÍÀÔ´Ï´Ù. ÀÌ·¸°Ô ÇÏ¸é µ¿ÀÛÇϱä ÇÏÁö¸¸, ¿ÀÁ÷ ÇÑ °³ÀÇ ³»ºÎ ¸Ó½Å¿¡ ´ëÇؼ¸¸ µ¿ÀÛÇÒ °ÍÀÔ´Ï´Ù.
µÎ¹øÀç ¹æ¹ýÀº, ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö¿¡
Samba¸¦ ¼³Ä¡ÇÏ´Â °ÍÀÔ´Ï´Ù. Samba°¡ ½ÇÇàÇϸé, ³»ºÎÀÇ À©µµ¿ìÁîÀÇ ÈÀÏ ÇÁ¸°Æ® °øÀ¯¸¦ Samba ¼¹ö¿¡¼ º¸ÀÌ°Ô ÇÒ ¼ö ÀÖ½À´Ï´Ù. ±×·¯¸é, ¿ÜºÎÀÇ ¸ðµç Ŭ¶óÀ̾ðÆ®¿¡¼ ÀÌ °øÀ¯µé¿¡ Á¢±ÙÇÒ ¼ö ÀÖ°Ô µË´Ï´Ù. Samba¸¦ ¼³Á¤ÇÏ´Â ¹æ¹ýÀº ¸®´ª½º ¹®¼ ÇÁ·ÎÁ§Æ®ÀÇ HOWTO¿¡¼ ãÀ» ¼ö ÀÖ°í, TrinityOS ¹®¼¿¡¼µµ ¿ª½Ã ãÀ» ¼ö ÀÖÀ» °ÍÀÔ´Ï´Ù.
¼¼¹ø° ¹æ¹ýÀº, µÎ ¿Þµµ¿ìÁî ¸Ó½Å »çÀÌ¿¡, ȤÀº µÎ ³×Æ®¿÷ »çÀÌ¿¡ VPN(°¡»ó °³ÀÎ ³×Æ®¿÷)À» ¼³Á¤ÇÏ´Â °ÍÀÔ´Ï´Ù. ÀÌ°ÍÀº PPTP³ª IPSEC VPN ¼Ö·ç¼ÇÀ» »ç¿ëÇؼ ¼³Á¤ÇÒ ¼ö ÀÖ½À´Ï´Ù. ¸®´ª½º¿ëÀÇ
PPTP
ÆÐÄ¡µµ ÀÖ°í, 2.0.x¿Í 2.2.x Ä¿³Î¿¡¼ »ç¿ëÇÒ ¼ö ÀÖ´Â ¿ÏÀüÇÑ IPSECµµ ±¸ÇöµÇ¾î ÀÖ½À´Ï´Ù. ÀÌ ¹æ¹ýÀº ¼¼°¡Áö ¹æ¹ý Áß¿¡¼ °¡Àå ¾ÈÁ¤ÀûÀÌ°í ¾ÈÀüÇÑ ¹æ¹ýÀÔ´Ï´Ù.
ÀÌ ¹æ¹ýµéÀº ÀÌ HOWTO¿¡¼ ´Ù·çÁö´Â ¾Ê½À´Ï´Ù. IPSEC¿¡ ´ëÇؼ´Â TrinityOS ¹®¼¿¡¼ µµ¿òÀ» ¹ÞÀ» ¼ö ÀÖÀ» °ÍÀÌ°í, ±× ÀÌ»óÀÇ Á¤º¸´Â JJohn HardinÀÇ PPTP ÆäÀÌÁö¸¦ º¼ °ÍÀ» ±ÇÀåÇÕ´Ï´Ù.
¶ÇÇÑ ¾Ë¾Æ µÑ °ÍÀº, MicrosoftÀÇ SMB ÇÁ·ÎÅäÄÝÀº º¸¾È¿¡ ¸Å¿ì Ãë¾àÇÏ´Ù´Â °ÍÀÔ´Ï´Ù. ÀÌ ¶§¹®¿¡, ÀÎÅͳÝÀ» ÅëÇؼ ¾ÏÈ£È ¾øÀÌ Microsoft ÈÀÏ ÇÁ¸°Æ® °øÀ¯³ª ¿Þµµ¿ìÁî µµ¸ÞÀÎ ·Î±äÀ» »ç¿ëÇÏ´Â °ÍÀº ¸Å¿ì ÁÁÁö ¾Ê½À´Ï´Ù.
ÁÖµÈ ¿øÀÎÀ¸·Î »ý°¢ÇÒ ¼ö ÀÖ´Â °ÍÀº, ´ëºÎºÐÀÇ ¸®´ª½º ¹èÆ÷º»µéÀÇ IDENT³ª "ÀÎÁõ" ¼¹ö´Â IP ¸¶½ºÄ¿·¹À̵åµÇ´Â ¿¬°áÀ» ó¸®ÇÏÁö ¸ø ÇÑ´Ù´Â °Ì´Ï´Ù. ÇÏÁö¸¸ °ÆÁ¤ÇÒ °ÍÀº ¾ø½À´Ï´Ù. Á¦´ë·Î µ¿ÀÛÇÏ´Â IDENTµéÀÌ ÀÖÀ¸´Ï±î¿ä.
ÀÌ ¼ÒÇÁÆ®¿þ¾î¸¦ ¼³Ä¡ÇÏ´Â °ÍÀº ÀÌ HOWTOÀÇ ³»¿ëÀ» ¹þ¾î³ª´Â °ÍÀÔ´Ï´Ù. °¢°¢ÀÇ µµ±¸µéÀº °¢°¢ ¹®¼µéÀ» °¡Áö°í ÀÖ½À´Ï´Ù. ¿©±â¿¡ ¸î°³ÀÇ URLµéÀ» Àû½À´Ï´Ù:
¾î¶² ÀÎÅÍ³Ý IRC ¼¹öµéÀº ¿©ÀüÈ÷ °°Àº È£½ºÆ®¿¡¼ ¿©·¯°³ÀÇ Á¢¼ÓÀ» ÇÏ´Â °ÍÀ» Çã¿ëÇÏÁö ¾Ê°í ÀÖ½À´Ï´Ù. ÀÎÁõ Á¤º¸¸¦ ÅëÇؼ »ç¿ëÀÚµéÀÌ ¼·Î ´Ù¸£´Ù´Â °ÍÀ» ¾Ë ¼ö ÀÖ´õ¶óµµ ¸»ÀÔ´Ï´Ù. ±× ¶§´Â ±× ¼¹öÀÇ °ü¸®ÀÚ¿¡°Ô Ç×ÀÇÇϽʽÿä. :)
ÀÌ°ÍÀº mIRCÀÇ ¼³Á¤ ¹®Á¦ÀÔ´Ï´Ù. °íÄ¡±â À§Çؼ´Â, ¿ì¼± mIRC¸¦ IRC ¼¹ö·ÎºÎÅÍ Á¢¼ÓÀ» ²÷½À´Ï´Ù. ±×¸®°í, mIRC¿¡¼ ÈÀÏ --> ¼³Á¤À¸·Î °¡¼ "IRC servers tab"À» Ŭ¸¯ÇÕ´Ï´Ù. Æ÷Æ®°¡ 6667·Î ¼³Á¤µÇ¾î ÀÖ´ÂÁö È®ÀÎÇÕ´Ï´Ù. ´Ù¸¥ Æ÷Æ®¸¦ »ç¿ëÇØ¾ß ÇÑ´Ù¸é, ÀÌ ¾Æ·¡¿¡ ÀÖ´Â ³»¿ëÀ» º¸½Ê½Ã¿ä. ´ÙÀ½À¸·Î, ÈÀÏ --> ¼³Á¤ --> Áö¿ª Á¤º¸·Î °¡¼ Áö¿ª È£½ºÆ®(ÀÚ½ÅÀÇ È£½ºÆ®)¿¡ ÇØ´çÇÏ´Â ºÎºÐ°ú IP ÁÖ¼Ò¸¦ Áö¿ó´Ï´Ù. "LOCAL HOST"¿Í "IP address"(IP address´Â üũµÇ¾úÁö¸¸ »ç¿ëºÒ°¡·Î µÉ ¼ö ÀÖ½À´Ï´Ù)ÀÇ Ã¼Å©¹Ú½º¸¦ ¼±ÅÃÇÕ´Ï´Ù. ´ÙÀ½À¸·Î, "Lookup Method(°Ë»ö¹æ¹ý)"À» "normal(º¸Åë)"À¸·Î ¼³Á¤ÇÕ´Ï´Ù. ¸¸¾à¿¡ "servers"°¡ ¼±ÅõǾî ÀÖÀ¸¸é µ¿ÀÛÇÏÁö ¾ÊÀ» °Ì´Ï´Ù. ÀÚ ³¡³µ½À´Ï´Ù. IRC ¼¹ö¿¡ ´Ù½Ã Á¢¼ÓÇØ º¸½Ê½Ã¿ä.
IRC ¼¹öÀÇ Æ÷Æ®¸¦ 6667ÀÌ ¾Æ´Ñ °ÍÀ» »ç¿ëÇØ¾ß ÇÑ´Ù¸é, (¿¹¸¦ µé¾î 6969) IRC ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀ» ·ÎµåÇÏ´Â /etc/rc.c/rc.firewall ÈÀÏÀ» ÆíÁýÇØ¾ß ÇÕ´Ï´Ù. ÀÌ ÈÀÏ¿¡¼ "modprobe ip_masq_irc"¶ó´Â ÁÙÀÌ ÀÖ´Â °÷À» ÆíÁýÇؼ "ports=6667,6969"¸¦ ±¸°¡ÇÕ´Ï´Ù. ´Ù¸¥ Æ÷Æ®µéµµ ÄÞ¸¶·Î ±¸ºÐÇؼ Ãß°¡ÇÒ ¼ö ÀÖ½À´Ï´Ù.
¸¶Áö¸·À¸·Î, ¸¶½ºÄ¿·¹À̵åµÇ´Â ¸Ó½ÅµéÀÇ IRC Ŭ¶óÀ̾ðÆ®µéÀ» Á¾·áÇÏ°í IRC ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀ» ´Ù½Ã ·ÎµåÇÕ´Ï´Ù:
/sbin/rmmod ip_masq_irc
/etc/rc.d/rc.firewall
±×·¸±âµµ ÇÏ°í ¾Æ´Ï±âµµ ÇÕ´Ï´Ù. "IP Alias"¶ó´Â Ä¿³ÎÀÇ ±â´ÉÀ» ÅëÇؼ, »ç¿ëÀÚ´Â eth0:1, eth0:2 µî°ú °°ÀÌ ¿©·¯°³ÀÇ ÀÎÅÍÆäÀ̽º¸¦ ¼³Á¤ÇÒ ¼ö ÀÖ½À´Ï´Ù. ÇÏÁö¸¸, IP ¸¶½ºÄ¿·¹À̵忡 aliasµÈ ÀÎÅÍÆäÀ̽º¸¦ »ç¿ëÇÏ´Â °ÍÀº ÃßõÇÏÁö ¾Ê½À´Ï´Ù. ¿Ö³Ä±¸¿ä? ÇÑ °³ÀÇ ³×Æ®¿÷ Ä«µå¸¦ ÅëÇؼ´Â ¾ÈÀüÇÑ ¹æȺ®À» ±¸¼ºÇÏ´Â °ÍÀÌ ´ë´ÜÈ÷ ¾î·Æ½À´Ï´Ù. ¶ÇÇÑ, ÆÐŶµéÀÌ µé¾î¿À¸é ¶Ç µ¿½Ã¿¡ ³»º¸³»Áö±â ¶§¹®¿¡ »ó´ç·®ÀÇ ¿¡·¯µéÀÌ ³¯ °ÍÀÔ´Ï´Ù. ÀÌ·± ÀÌÀ¯µµ ÀÖ°í ¶Ç ¿äÁòÀº ³×Æ®¿÷ Ä«µå°¡ Àú·ÅÇϱ⠶§¹®¿¡, Àú´Â ¿©·¯ºÐ¿¡°Ô ³×Æ®¿÷ Ä«µå¸¦ ´õ ±¸ÀÔÇÒ °ÍÀ» °·ÂÈ÷ ±ÇÀåÇÕ´Ï´Ù.
¿©·¯ºÐÀÌ ¶Ç ¾Ë¾ÆµÖ¾ß ÇÒ °ÍÀº, IP ¸¶½ºÄ¿·¹À̵ùÀº eth0, eth1 µî°ú °°Àº ¹°¸®ÀûÀÎ ÀÎÅÍÆäÀ̽º¿¡¼¸¸ Á¦´ë·Î µ¿ÀÛÇÑ´Ù´Â °Ì´Ï´Ù. "eth0:1, eth1:1 µî°ú °°ÀÌ" alias µÈ ÀÎÅÍÆäÀ̽º¿¡¼ ¸¶½ºÄ¿·¹À̵ùÀº Á¦´ë·Î µ¿ÀÛÇÏÁö ¾ÊÀ» °Ì´Ï´Ù. ¸»ÇÏÀÚ¸é, ´ÙÀ½°ú °°Àº °æ¿ì´Â µ¿ÀÛÇÏÁö ¾ÊÀ» °Ì´Ï´Ù:
- /sbin/ipfwadm -F -a m -W eth0:1 -S 192.168.0.0/24 -D 0.0.0.0/0
- /sbin/ipchains -A forward -i eth0:1 -s 192.168.0.0/24 -j MASQ"
ÇÏÁö¸¸ ¿©ÀüÈ÷ alias µÈ ÀÎÅÍÆäÀ̽º¸¦ »ç¿ëÇÏ°í ½Í´Ù¸é, Ä¿³Î¿¡¼ "IP Alias" ±â´ÉÀ» ÄÑ¾ß ÇÕ´Ï´Ù. ±×¸®°í Ä¿³ÎÀ» ´Ù½Ã ÄÄÆÄÀÏÇÏ°í ÀçºÎÆÃÇØ¾ß ÇÕ´Ï´Ù. »õ·Î¿î Ä¿³Î·Î ºÎÆÃÇÏ°í ³ª¸é, ¸®´ª½º°¡ »õ·Î¿î ÀÎÅÍÆäÀ̽º(¿¹¸¦ µé¸é /dev/eth0:1 µî)¸¦ »ç¿ëÇϵµ·Ï ¼³Á¤ÇØ Áà¾ß ÇÕ´Ï´Ù. ±×¸®°í ³ª¸é, ¾Õ¼ ¸»ÇÑ °Í°ú °°Àº Á¦¾àÀº ÀÖÁö¸¸ ±×°ÍµéÀ» º¸ÅëÀÇ ÀÌ´õ³Ý ÀÎÅÍÆäÀ̽ºÃ³·³ »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù.
"netstat" ÇÁ·Î±×·¥¿¡´Â ¹®Á¦°¡ ÀÖ½À´Ï´Ù. ¸®´ª½º ºÎÆ®µÈ Á÷ÈÄ¿¡, "netstat -M"¶ó°í ¸í·ÉÇϸé Àß µ¿ÀÛÇÏÁö¸¸, ¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»ÅÍ°¡ pingÀ̳ª traceroute °°Àº ICMP Åë½ÅÀ» ¼öÇàÇÏ°í ³ª¼´Â ´ÙÀ½°ú °°Àº °ÍÀ» º¸°Ô µÉ °Ì´Ï´Ù:
masq_info.c: Internal Error `ip_masquerade unknown type'.
À̸¦ À§ÇÑ ´Ù¸¥ ¹æ¹ýÀº "/sbin/ipfwadm -M -l"¶ó´Â ¸í·ÉÀ» »ç¿ëÇÏ´Â °Ì´Ï´Ù. ¶ÇÇÑ ¿°ÅµÈ ICMP ¸¶½ºÄ¿·¹À̵å Ç׸ñµéÀÌ ³¡³ª°í ³ª¸é, "netstat"°¡ ´Ù½Ã Àß µ¿ÀÛÇÏ´Â °É º¸°Ô µÉ °Ì´Ï´Ù.
°¡´ÉÇÕ´Ï´Ù. ÇÏÁö¸¸ ÀÌ ¹®¼ÀÇ ¹üÁÖ¸¦ ¹þ¾î³ª´Â °ÍÀ̹ǷÎ, ÀÚ¼¼ÇÑ Á¤º¸´Â John HardinÀÇ
PPTP Masq¸¦ º¸½Ã±â ¹Ù¶ø´Ï´Ù.
¿ì¼±,
Steve Grevemeyer's MASQ Applications page¸¦ »ìÆ캸½Ê½Ã¿ä. °Å±â¿¡ ÇØ°áÃ¥ÀÌ ¾ø´Ù¸é, À§ÀÇ
LooseUDP
¼½¼Ç¿¡ ÀÖ´Â Glenn LambÀÇ
LooseUDP ÆÐÄ¡·Î ¸®´ª½º Ä¿³ÎÀ» ÆÐÄ¡ÇØ º¸½Ê½Ã¿ä. ´õ ÀÚ¼¼ÇÑ Á¤º¸´Â Dan KegelÀÇ
NAT Page¸¦ »ìÆ캸½Ê½Ã¿ä.
¿©·¯ºÐÀÌ ±â¼úÀûÀÎ ´É·ÂÀÌ ÀÖ´Ù¸é, "tcpdump" ÇÁ·Î±×·¥À» »ç¿ëÇؼ ¿©·¯ºÐÀÇ ³×Æ®¿÷À» sniff ÇØ º¸½Ê½Ã¿ä. ±× XYZ °ÔÀÓÀÌ »ç¿ëÇÏ°í ÀÖ´Â ÇÁ·ÎÅäÄÝ°ú Æ÷Æ® ¹øÈ£¸¦ ¾Ë¾Æ³»´Â °Ì´Ï´Ù. ÀÌ Á¤º¸µéÀ» ¾Ë¾Æ³»¸é,
IP Masq email list¿¡ °¡ÀÔÇÏ°í ¿©·¯ºÐÀÇ °á°ú¸¦ ÀÌ ¸ÞÀÏ·Î º¸³»°í µµ¿òÀ» ¿äûÇϽʽÿä.
Á¦°¡ »ý°¢Çϱ⿡ ¿©·¯ºÐÀº IPAUTOFWÀ» »ç¿ëÇÏ°í Àְųª Ä¿³Î¿¡ Æ÷ÇÔ½ÃÄ×À» °Ì´Ï´Ù. ¸Â³ª¿ä?? ÀÌ°Ç IPAUTOFWÀÇ Àß ¾Ë·ÁÁø ¹®Á¦Á¡ÀÔ´Ï´Ù. ¸®´ª½º Ä¿³Î¿¡ IPAUTOFW ±â´ÉÀ» Æ÷ÇÔ½ÃÅ°Áö ¸»°í, ´ë½Å IPPORTFW ¿É¼ÇÀ» »ç¿ëÇϽʽÿä. ÀÌ ¹®Á¦µéÀº
Forwarders
¼½¼Ç¿¡¼ ÀÚ¼¼È÷ ´Ù·ç°í ÀÖ½À´Ï´Ù.
ÀÌ°ÍÀÌ ¸¶½ºÄ¿·¹À̵ù¿¡ °ü·ÃµÈ »çÇ×Àº ¾ÆÁö¸¸, ¸¹Àº »ç¶÷µé¿¡ °ü°èµÈ °ÍÀ̱⠶§¹®¿¡ ¿©±â¿¡ ¾ð±ÞÇÕ´Ï´Ù.
SMTP: ¿©·¯ºÐÀº ¾Æ¸¶µµ ¸®´ª½º ¹Ú½º¸¦ SMTP Áß°è±â(relay)·Î »ç¿ëÇÏ·Á°í ÇÏ°í ´ÙÀ½°ú °°Àº ¿¡·¯°¡ ³¯ °Ì´Ï´Ù:
"error from mail server: we do not relay"
SendmailÀÇ »õ ¹öÁ¯À̳ª ´Ù¸¥ ¸ÞÀÏ Àü¼Û ÇÁ·Î±×·¥(MTA)µéÀº ±âº»ÀûÀ¸·Î Á߰踦 ÇÏÁö ¾Ê½À´Ï´Ù(ÀÌ°ÍÀÌ ¹Ù¶÷Á÷ÇÑ °Ì´Ï´Ù). ÀÌ ¹®Á¦¸¦ °íÄ¡·Á¸é ´ÙÀ½°ú °°ÀÌ ÇÕ´Ï´Ù:
- Sendmail: /etc/sendmail.cw ÈÀÏÀ» ÆíÁýÇؼ ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ¸Ó½Åµé¿¡ ´ëÇÑ Æ¯Á¤ Á߰踦 Çã¿ëÇÏ°í, ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ¸Ó½ÅÀÇ È£½ºÆ®¸í°ú µµ¸ÞÀÎ ¸íÀ» Ãß°¡ÇÕ´Ï´Ù. ¶ÇÇÑ /etc/hosts ÈÀÏ¿¡ IP ÁÖ¼Òµé°ú ¿ÏÀüÈ÷ ±â¼úµÈ µµ¸ÞÀÎ ¸í(Fully Qualified Domain Name: FQDN)ÀÌ ¼³Á¤µÇ¾î ÀÖ´ÂÁö È®ÀÎÇÕ´Ï´Ù. ÀÌ°ÍÀÌ ÀÏ´Ü µÇ¾úÀ¸¸é, SendmailÀ» Àç½ÃÀÛÇؼ ¼³Á¤ÈÀÏÀ» ´Ù½Ã ÀоîµéÀ̵µ·Ï ÇÕ´Ï´Ù. ÀÌ ³»¿ëÀº
TrinityOS - Section 25¿¡¼ ´Ù·ç°í ÀÖ½À´Ï´Ù.
POP-3: ¾î¶² »ç¿ëÀÚµéÀº ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»ÅÍÀÇ POP-3 Ŭ¶óÀ̾ðÆ®µéÀÌ ¿ÜºÎÀÇ SMTP ¼¹ö¿¡ Á¢¼ÓÇϵµ·Ï ¼³Á¤ÇÕ´Ï´Ù. ÀÌ°Ç ±¦ÂúÁö¸¸, ¸¹Àº SMTP ¼¹öµéÀº Æ÷Æ® 113À¸·Î ¿©·¯ºÐÀÇ ¿¬°áÀ» ÀÎÁõ(IDENT)ÇÏ°íÀÚ ÇÒ °ÍÀÔ´Ï´Ù. ¹®Á¦°¡ ¹ß»ýÇÏ´Â °ÍÀº, ´ëºÎºÐ ¿©·¯ºÐÀÇ ±âº» ¸¶½ºÄ¿·¹À̵å Á¤Ã¥ÀÌ DENYÀÎ °Í°ú °ü·ÃµÅ ÀÖ½À´Ï´Ù. ÀÌ°Ç ¹Ù¶÷Á÷ÇÏÁö ¾Ê½À´Ï´Ù. ÀÌ°ÍÀ» REJECT·Î ¼³Á¤ÇÏ°í rc.firewall Á¤Ã¥À» ´Ù½Ã ½ÇÇàÇϽʽÿä.
¿©·¯ºÐÀÌ ´ÙÀ½°ú °°Àº ¹®Á¦¸¦ °¡Áö°í ÀÖ´Ù°í ÇսôÙ:
³»ºÎ LAN -----> °ø½Ä IP
192.168.1.x --> 123.123.123.11
192.168.2.x --> 123.123.123.12
¿©·¯ºÐÀº ¿ì¼±, IPFWADM°ú IPCHAINS´Â ¶ó¿ìÆà ½Ã½ºÅÛÀÌ ÆÐŶÀ» ¾îµð·Î º¸³¾ °ÍÀΰ¡¸¦ °áÁ¤ÇÑ *ÈÄ¿¡* ½ÇÇàµÈ´Ù´Â »ç½ÇÀ» ÀÌÇØÇØ¾ß ÇÕ´Ï´Ù. ÀÌ »ç½ÇÀº ¸ðµç IPFWADM/IPCHAINS/IPMASQ ¹®¼¿¡ Ä¿´Ù¸¥ ºÓÀº ±Û¾¾·Î µµÀåÀ» Âï¾î³ö¾ß ¸¶¶¥ÇÕ´Ï´Ù. ¿ì¼± ¶ó¿ìÆÃÀÌ Á¦´ë·Î µÇµµ·Ï ÇÏ°í ³ª¼ IPFWADM/IPCHAINS³ª ¸¶½ºÄ¿·¹À̵ùÀ» Ãß°¡ÇØ¾ß ÇÏ´Â °Ì´Ï´Ù.
À§ÀÇ °æ¿ì¿¡¼´Â, ¿ì¼± ¶ó¿ìÆà ½Ã½ºÅÛÀÌ 192.168.1.x·ÎºÎÅÍÀÇ ÆÐŶÀ» 123.123.123.11·Î, 192.168.2.x·ÎºÎÅÍÀÇ ÆÐŶÀ» 123.123.123.12·Î º¸³»µµ·Ï ¼³Á¤ÇØ¾ß ÇÕ´Ï´Ù. ÀÌ ÀÛ¾÷ÀÌ ¾î·Á¿î ÀÛ¾÷ÀÌ°í, ±× À§¿¡ ¸¶½ºÄ¿·¹À̵带 ¼³Á¤ÇÏ´Â °ÍÀº ½±½À´Ï´Ù.
ÀÌ ÀÛ¾÷À» À§Çؼ IPROUTE2¸¦ »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù.
Primary FTP site is:
NOTE: The following instructions are given below ONLY because currently there is very little documentation to the IPROUTE2 tool available. Check out
http://www.compendium.com.ar/policy-routing.txt for the beginnings of a IPROUTE2 howto.
The "iprule" and "iproute" commands are the same as "ip rule" and "ip route" commands (I prefer the former since it is easier to search for.) All the commands below are completely untested, if they do not work, please contact the author of IPROUTE2.. not David Ranch, Ambrose Au, or anyone on the Masq email list as it has NOTHING to do with IP Masquerading.
The first few commands only need to be done once at boot, say in /etc/rc.d/rc.local file.
# Allow internal LANs to route to each other, no masq.
/sbin/iprule add from 192.168.0.0/16 to 192.168.0.0/16 table main pref 100
# All other traffic from 192.168.1.x is external, handle by table 101
/sbin/iprule add from 192.168.1.0/24 to 0/0 table 101 pref 102
# All other traffic from 192.168.2.x is external, handle by table 102
/sbin/iprule add from 192.168.2.0/24 to 0/0 table 102 pref 102
These commands need to be issued when eth0 is configured, perhaps in
/etc/sysconfig/network-scripts/ifup-post (for Redhat systems). Be sure to
do them by hand first to make sure they work.
# Table 101 forces all assigned packets out via 123.123.123.11
/sbin/iproute add table 101 via 62123.123.123.11
# Table 102 forces all assigned packets out via 123.123.123.12
/sbin/iproute add table 102 via 62123.123.123.12
At this stage, you should find that packets from 192.168.1.x to the
outside world are being routed via 123.123.123.11, packets from
192.168.2.x are routed via 123.123.123.12.
Once routing is correct, now you can add any IPFWADM or IPCHAINS rules.
The following examples are for IPCHAINS:
/sbin/ipchains -A forward -i ppp+ -j MASQ
If everything hangs together, the masq code will see packets being
routed out on 123.123.123.11 and 123.123.123.12 and will use those addresses
as the masq source address.
IPCHAINS supports the following features that IPFWADM doesn't:
- "Quality of Service" (QoS support)
- A TREE style chains system vs. LINEAR system like IPFWADM (Eg. this allows something like
"if it is ppp0, jump to this chain (which contains its own difference set of rules)"
- IPCHAINS is more flexible with configuration. For example, it has the "replace" command (in addition to "insert" and "add"). You can also negate rules (e.g. "discard any outbound packets that don't come from my registered IP" so that you aren't the source of spoofed attacks).
- IPCHAINS can filter any IP protocol explicitly, not just TCP, UDP, ICMP
There are several things you should check assuming your Linux IP Masq box already have proper connection to the Internet and your LAN:
- Make sure you have the necessary features and modules are compiled and loaded. See earlier sections for detail.
- Check
/usr/src/linux/Documentation/Changes
and make sure you have the minimal requirement for the network tools installed.
- Make sure you followed all the tests in the
Testing
section of the HOWTO.
- You should use
ipchains to manipulate IP Masq and firewalling rules.
- The standard IPAUTOFW and IPPORTFW port forwarders have been replaced by
IPMASQADM. You'll need to apply these patches to the kernel, re-compile the kernel, compile the new IPMASQADM tool and then convert your old IPAUTOFW/IPPORTFW firewall rulesets to the new syntax. This is completely covered in the
Forwarders
section.
- Go through all setup and configuration again! A lot of time it's just a typo or a simple mistake you are overlooking.
There are several things you should check assuming your Linux IP Masq box already have proper connection to the Internet and your LAN:
- Make sure you have the necessary features and modules are compiled and loaded. See earlier sections for detail.
- Check
/usr/src/linux/Documentation/Changes
and make sure you have the minimal requirement for the network tools installed.
- Make sure you followed all the tests in the
Testing
section of the HOWTO.
- You should use
ipfwadm to manipulate IP Masq and firewalling rules. If you want to use IPCHAINS, you'll need to apply a patch the 2.0.x kernels.
- Go through all setup and configuration again! A lot of time it's just a typo or a simple mistake you overlooked.
EQL has nothing to do with IP Masq though they are commonly teamed up on Linux boxes. Because of this, I recommend to check out the NEW version of
Robert Novak's EQL HOWTO for all your EQL needs.
Giving up a free, reliable, high performance solution that works on minimal hardware and pay a fortune for something that needs more hardware, lower performance and less reliable? (IMHO. And yes, I have real life experience with these ;-)
Okay, it's your call. If you want a Windows NAT and/or proxy solution, here is a decent listing. I have no preference of these tools since I haven't used them before.
- Firesock (from the makers of Trumpet Winsock)
- Iproute
- Microsoft Proxy
- NAT32
- SyGate
- Wingate
- Winroute
Lastly, do a web search on "MS Proxy Server", "Wingate", "WinProxy", or goto
www.winfiles.com. And definitely DON'T tell anyone that we sent you.
Join the Linux IP Masquerading DEVELOPERS list and ask the developers there what you can help with. For more details on joining the lists, check out the
Masq-List
FAQ section.
Please DON'T ask NON-IP-Masquerade development related questions there!!!!
You can find more information on IP Masquerade at the
Linux IP Masquerade Resource that both David Ranch and Ambrose Au maintain.
You can also find more information at
Dranch's Linux page where the TrinityOS and other Linux documents are kept.
You may also find more information at
The Semi-Original Linux IP Masquerading Web Site maintained by Indyramp Consulting, who also provides the IP Masq mailing lists.
Lastly, you can look for specific questions in the IP MASQ and IP MASQ DEV email archives or ask a specific question on these lists. Check out the
Masq-List
FAQ item for more details.
Make sure the language you want to translate to is not already covered by someone else. But, most of the translated HOWTOs are now OLD and need to be updated. A list of available HOWTO translations are available at the
Linux IP Masquerade Resource.
If a copy of a current IP MASQ HOWTO isn't in your proposed language, please download the newest copy of the IP-MASQ HOWTO SGML code from the
Linux IP Masquerade Resource. From there, begin your work while maintaining good SGML coding. For more help on SGML, check out
www.sgmltools.org
Yes, this HOWTO is still being maintained. In the past, we've been guilty of being too busy working on two jobs and don't have much time to work on this, my apology. As of v1.50, David Ranch has begun to revamp the document and get it current again.
If you think of a topic that could be included in the HOWTO, please send email to
ambrose@writeme.com and
dranch@trinnet.net. It will be even better if you can provide that information. We will then include the information into the HOWTO once it is both found appropriate and tested. Many thanks for your contributions!
We have a lot of new ideas and plans for improving the HOWTO, such as case studies that will cover different network setup involving IP Masquerade, more on security via strong IPFWADM/IPCHAINS firewall rulesets, IPCHAINS usage, more FAQ entries, etc. If you think you can help, please do! Thanks.
- Can you translate the newer version of the HOWTO to another language?
- Thank the developers and appreciate the time and effort they spent on this.
- Join the IP Masquerade email list and support new MASQ users
- Send an email to us and let us know how happy you are
- Introduce other people to Linux and help them when they have problems.
-
IP Masquerade Resource page¿¡¼ 2.0.x, 2.2.x, ½ÉÁö¾î ¿À·¡µÈ 1.2 Ä¿³Î¿¡¼ IP ¸¶½ºÄ¿·¹À̵带 ¼³Á¤Çϱâ À§ÇÑ ÇöÀçÀÇ Á¤º¸µéÀ» Á¦°øÇÑ´Ù.
-
IP Masquerade mailing list Archives¿¡¼ ¸ÞÀϸµ ¸®½ºÆ®¿¡ º¸³»Áø ÃÖ±ÙÀÇ ¸Þ½ÃÁöµéÀ» Á¦°øÇÑ´Ù.
-
David Ranch's Linux page including the TrinityOS Linux document and current versions of the IP-MASQ-HOWTO.. IP ¸¶½ºÄ¿·¹À̵å, °·ÂÇÑ IPFWADM/IPCHAINS Á¤Ã¥µé, PPP, Diald, ÄÉÀÌºí ¸ðµ©, DNS, Sendmail, Samba, NFS, º¸¾È, ±âŸ µîµî¿¡ °üÇÑ Á¤º¸µéÀ» ´Ù·é´Ù.
-
IP Masquerading Applications page: Linux IP ¸¶½ºÄ¿·¹À̵ù ¼¹ö¸¦ ÅëÇؼ µ¿ÀÛÇϰųª ȤÀº µ¿ÀÛÇϵµ·Ï Á¶Á¤µÉ ¼ö ÀÖ´Â ÀÀ¿ëÇÁ·Î±×·¥µéÀÇ ¸ñ·Ï.
- MkLinux¿¡¼ IP ¸¶½ºÄ¿·¹À̵带 ¼³Á¤Çϱ⠿øÇÏ´Â »ç¶÷µéÀº, Taro Fukunaga¿¡°Ô
tarozax@earthlink.net·Î À̸ÞÀÏÀ» º¸³»¼ ÀÌ ÇÏ¿ìÅõ¿Í ºñ½ÁÇÑ ³»¿ëÀÇ °£´ÜÇÑ ¹®¼¸¦ ¾òÀ» ¼ö ÀÖ´Ù.
-
IP masquerade FAQ¿¡¼ ¸î°¡Áö ÀϹÝÀûÀÎ Á¤º¸µéÀ» Á¦°øÇÑ´Ù.
- Paul RusselÀÇ
http://www.rustcorp.com/linux/ipchains/ÀÇ ¹®¼µé°ú ȤÀº ±× ¹é¾÷º»À»
Linux IPCHAINS HOWTO¿¡¼ ¾òÀ» ¼ö ÀÖ´Ù. ÀÌ ÇÏ¿ìÅõ´Â IPCHAINS¸¦ »ç¿ëÇÏ´Â µ¥ °ü·ÃÇÑ ¸¹Àº Á¤º¸µéÀ» ´ã°í ÀÖÀ¸¸ç, ipchains µµ±¸ÀÇ ¼Ò½º¿Í ½ÇÇàÈÀϵµ ¾òÀ» ¼ö ÀÖ´Ù.
-
X/OS Ipfwadm page¿¡¼
ipfwadm
ÆÐÅ°Áö¿¡ °üÇÑ Á¤º¸µé°ú ±× ¼Ò½º, ½ÇÇàÈÀÏ, ¹®¼µéÀ» ¾òÀ» ¼ö ÀÖ´Ù.
- °·ÂÇÑ ¹æȺ® Á¤Ã¥¿¡ °üÇÑ ¾öû³ ¾çÀÇ ÀÚ·áµéÀ»
GreatCircle's Firewall mailing list¿¡¼ ¾òÀ» ¼ö ÀÖ´Ù.
-
LDP Network Administrator's Guide´Â ³×Æ®¿÷À» ¼³Á¤ÇÏ°íÀÚ ÇÏ´Â Ãʺ¸ Linux °ü¸®ÀÚµéÀ» À§ÇÑ °ÍÀÌ´Ù.
-
Linux NET-3 HOWTOµµ Linux ³×Æ®¿öÅ·À» ¼³Á¤ÇÏ°í ±¸¼ºÇÏ´Â °Í¿¡ °üÇÑ Ãæ½ÇÇÑ ¹®¼ÀÌ´Ù.
-
Linux ISP Hookup HOWTO¿Í
Linux PPP HOWTO¿¡¼ Linux È£½ºÆ®¸¦ ÀÎÅͳݿ¡ ¿¬°áÇÏ´Â °Í¿¡ °üÇÑ Á¤º¸µéÀ» ¾òÀ» ¼ö ÀÖ´Ù.
-
Linux Ethernet-Howto´Â Ethernet(ÀÌ´õ³Ý)À» ÅëÇؼ LANÀ» ±¸¼ºÇÏ´Â ¹æ¹ý¿¡ °üÇÑ ÁÁÀº Á¤º¸µéÀ» Á¦°øÇÑ´Ù.
-
Linux Firewalling and Proxy Server HOWTO¿¡¼µµ Èï¹Ì ÀÖ´Â Á¤º¸¸¦ ¾òÀ» ¼ö ÀÖ´Ù.
-
Linux Kernel HOWTO°¡ Ä¿³Î ÄÄÆÄÀÏ °úÁ¤¿¡ ´ëÇÑ ¾È³»°¡ µÉ °ÍÀÌ´Ù.
-
Linux HOWTOs. Ä¿³Î ÇÏ¿ìÅõ¿Í °°Àº ±âŸÀÇ ÇÏ¿ìÅõ ¹®¼µé.
- À¯Áî³Ý ´º½º±×·ìÀ¸·Îµµ Æ÷½ºÆÃÀ» ÇÒ ¼ö ÀÖ´Ù:
comp.os.linux.networking
Linux IP Masquerade Resource Àº David Ranch¿Í Ambrose Au°¡ °ü¸®ÇÏ°í Linux IP ¸¶½ºÄ¿·¹À̵忡 °ü·ÃÇÑ Á¤º¸¸¦ Á¦°øÇÏ´Â À¥»çÀÌÆ®ÀÌ´Ù. IP ¸¶½ºÄ¿·¹À̵忡 °üÇöÇÑ °¡Àå ÃÖ½ÅÀÇ Á¤º¸¸¦ Á¦°øÇϸç, ÇÏ¿ìÅõ¿¡ Æ÷ÇÔµÇÁö ¾ÊÀº Á¤º¸µéµµ Á¦°øÇÑ´Ù.
´ÙÀ½ÀÇ À§Ä¡¿¡¼ Linux IP ¸¶½ºÄ¿·¹À̵å ÀÚ·á(Linux IP Masquerade Resource)¸¦ ãÀ» ¼ö ÀÖÀ» °ÍÀÌ´Ù:
¾ËÆĺª ¼ø:
- Gabriel Beitler, gabrielb@voicenet.com
¼½¼Ç 3.3.8 (Novell ¼³Á¤) ÀÛ¼º.
- Juan Jose Ciarlante, irriga@impsat1.com.ar
IPMASQADM Æ÷Æ® Æ÷¿öµù µµ±¸ ÀÛ¼º¿¡ ±â¿©, 2.1.x¿Í 2.2.x Ä¿³Î ÄÚµå¿Í ¿ø·¡ÀÇ LooseUDP ÆÐÄ¡ ÀÛ¼º¿¡ ±â¿©, ±âŸ µîµî.
- Steven Clarke, steven@monmouth.demon.co.uk
IPPORTFW IP Æ÷¿öµù µµ±¸ ÀÛ¼º.
- Andrew Deryabin, djsf@usa.net
ICQ ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâ ÀÛ¼º.
- Ed Doolittle, dolittle@math.toronto.edu
ipfwadm
¸í·É¿¡¼ º¸¾ÈÀ» ³ôÀ̱â À§ÇØ -V
¿É¼ÇÀ» »ç¿ëÇÒ °ÍÀ» Á¦¾È.
- Matthew Driver, mdriver@cfmeu.asn.au
ÀÌ ÇÏ¿ìÅõ¿¡ ´ëÇÑ È¹±âÀûÀÎ µµ¿ò, ¼½¼Ç 3.3.1 (Windows 95 ¼³Á¤) ÀÛ¼º.
- Ken Eves, ken@eves.com
ÀÌ ÇÏ¿ìÅõ¿¡ °ªÀ¸·Î µûÁú ¼ö ¾ø´Â Á¤º¸¸¦ Á¦°øÇÑ FAQ ÀÛ¼º.
- John Hardin, jhardin@wolfenet.com
PPTP¿Í IPSEC Æ÷¿öµù µµ±¸.
- Glenn Lamb, mumford@netcom.com
LooseUDP ÆÐÄ¡.
- Ed. Lott, edlott@neosoft.com
½ÃÇèµÈ ½Ã½ºÅÛ°ú ¼ÒÇÁÆ®¿þ¾îµéÀÇ ¸ñ·Ï.
- Nigel Metheringham, Nigel.Metheringham@theplanet.net
±× ÀÚ½ÅÀÇ IP ÆÐŶ ÇÊÅ͸µ°ú IP ¸¶½ºÄ¿·¹À̵ù ÇÏ¿ìÅõ ÀÛ¼º, ÀÌ ¹®¼·Î ÀÎÇؼ ÀÌ ÇÏ¿ìÅõ°¡ ´õ ÁÁÀº ÇÏ¿ìÅõ°¡ µÇ·Î·Ï ÇßÀ¸¸ç ±â¼úÀûÀ¸·Î ½Éµµ ÀÖµµ·Ï Çß´Ù.
¼½¼Ç 4.1, 4.2¿Í ±×¿Ü ´Ù¸¥ ºÎºÐµé ÀÛ¼º.
- Keith Owens, kaos@ocs.com.au
¼½¼Ç 4.2¿¡¼ ipfwadm¿¡ ´ëÇÑ ÈǸ¢ÇÑ ¾È³»¸¦ Á¦°ø.
ipfwadm -deny
¿É¼ÇÀÌ º¸¾È ±¸¸ÛÀ» ¸·À» ¼ö ÀÖ°í IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ ping
À» ÇÒ ¶§ ¸í·áÇÑ °á°ú¸¦ ¾òÀ» ¼ö ÀÖÀ½À» ÁöÀû.
- Michael Owings, mikey@swampgas.com
CU-SeeMe¿¡ °üÇÑ ¼½¼Ç°ú Linux IP ¸¶½ºÄ¿·¹À̵å Teeny ÇÏ¿ìÅõ ÀÛ¼º
- Rob Pelkey, rpelkey@abacus.bates.edu
¼½¼Ç 3.3.6°ú 3.3.7 (MacTCP¿Í Open Transport ¼³Á¤) ÀÛ¼º
- Harish Pillay, h.pillay@ieee.org
¼½¼Ç 4.5 (Diald¸¦ ÀÌ¿ëÇÑ ÀüÈ Á¢¼Ó) ÀÛ¼º
- Mark Purcell, purcell@rmcs.cranfield.ac.uk
¼½¼Ç 4.6 (IPautofw) ÀÛ¼º
- David Ranch, dranch@trinnet.net
ÀÌ ÇÏ¿ìÅõ¿Í Linux ¸¶½ºÄ¿·¹À̵å ÀÚ·á(Linux IP Masquerade Resource), ±×¸®°í TrinityOS ¹®¼¸¦ ¾÷µ¥ÀÌÆ®ÇÏ°í À¯ÁöÇÏ´Â °ÍÀ» µµ¿ò
, ..., ¿©±â¿¡ ¿°ÅÇÒ ¼ö ¾øÀ» ¸¸Å ¸¹Àº µµ¿òÀ» ÁÜ :-)
- Paul Russell, rusty@rustcorp.com.au
IP CHAINS, IP ¸¶½ºÄ¿·¹À̵å Ä¿³Î ÆÐÄ¡¿Í ±×¿ÜÀÇ ¸ðµç ±â¿©
- Ueli Rutishauser, rutish@ibm.net
¼½¼Ç 3.3.9 (OS/2 Warp ¼³Á¤) ÀÛ¼º
- Steve Grevemeyer, seg@cylexsys.com
Lee Nevo·ÎºÎÅÍÀÇ IP ¸¶½ºÄ¿·¹À̵å ÀÀ¿ëÇÁ·Î±×·¥ ÆäÀÌÁö¸¦ ³Ñ°Ü¹Þ¾Æ¼ dzºÎÇÑ µ¥ÀÌÅͺ£À̽º·Î ¸¸µê.
- Fred Viles, fv@episupport.com
Á¦´ë·Î µÈ FTPÀÇ Æ÷Æ® Æ÷¿öµùÀ» À§ÇÑ ÆÐÄ¡µé.
- John B. (Brent) Williams, forerunner@mercury.net
¼½¼Ç 3.3.7 (Open Transport ¼³Á¤) ÀÛ¼º
- Enrique Pessoa Xavier, enrique@labma.ufrj.br
BOOTp ¼³Á¤¿¡ ´ëÇÑ Á¦¾È
- IP ¸¶½ºÄ¿·¹ÀÌµå ¸ÞÀϸµ ¸®½ºÆ®ÀÇ ¸ðµç »ç¶÷µé, masq@tiffany.indyramp.com
»õ·Î¿î Linux ¸¶½ºÄ¿·¹ÀÌµå »ç¿ëÀÚµéÀ» µ½°í Áö¿øÇØ ÁØ °Í.
- ±×¿Ü ´Ù¸¥ IP ¸¶½ºÄ¿·¹À̵åÀÇ ÄÚµå¿Í ¹®¼ ÀÛ¾÷ÀÚµéÀÌ ¸¸µç ÀÌ ¾öû³ ÀÛ¾÷¿¡ ´ëÇؼ °¨»ç
- Delian Delchev, delian@wfpa.acad.bg
- David DeSimone (FuzzyFox), fox@dallas.net
- Jeanette Pauline Middelink, middelin@polyware.iaf.nl
- Miquel van Smoorenburg, miquels@q.cistron.nl
- Jos Vos, jos@xos.nl
- ±×¸®°í ±×¿Ü¿¡ ½Ç¼ö·Î ºüÆ®·ÈÀ» ¸¹Àº »ç¶÷µé (¾Ë·ÁÁֱ⠹ٶø´Ï´Ù)
- ¸ÞÀϸµ ¸®½ºÆ®·Î ÀÇ°ßÀ» º¸³»ÁØ ¸ðµç »ç¿ëÀÚµé, ƯÈ÷ ¹®¼¿¡¼ Ʋ¸° Á¡À» ÁöÀûÇØ ÁØ ºÐµé°ú ¾î¶² Ŭ¶óÀ̾ðÆ®°¡ Áö¿øÀÌ µÇ´ÂÁö ¾È µÇ´ÂÁö ¾Ë·ÁÁØ ºÐµé
- ¿ì¸®°¡ Áß¿äÇÑ À̸§µéÀ» ºüÆ®·È°Å³ª, ¶Ç´Â µ¿·á »ç¿ëÀÚµéÀÌ º¸³»ÁØ Á¤º¸¸¦ ¾ÆÁ÷ Æ÷ÇÔ½ÃÅ°Áö ¾Ê¾Ò´Ù¸é Á˼ÛÇÕ´Ï´Ù. ¿ì¸®¿¡°Ô º¸³»Á® ¿Â ¾ÆÁÖ ¸¹Àº ¾çÀÇ Á¦¾È°ú ¾ÆÀ̵ð¾î°¡ ÀÖÁö¸¸ À̰͵éÀ» °ËÁõÇÏ°í º¯°æ »çÇ×À» À籸¼ºÇÒ ½Ã°£ÀÌ ºÎÁ·ÇÕ´Ï´Ù. º¸ÀçÁ® ¿Â ¸ðµç Á¤º¸µéÀ» ÀÌ ÇÏ¿ìÅõ¿¡ Æ÷ÇÔ½ÃÅ°±â À§Çؼ Ambrose Au¿Í David Ranch ¸ðµÎ ÃÖ¼±À» ´ÙÇÏ°í ÀÖ½À´Ï´Ù. ¿©·¯ºÐÀÇ ³ë·Â¿¡ °¨»çµå¸®°í, ¿©·¯ºÐÀÌ ¿ì¸®ÀÇ ÀÔÀåÀ» ÀÌÇØÇØ ÁÖ¼ÌÀ¸¸é ÇÕ´Ï´Ù.
- Ken Eves°¡ ¸¸µç ¿ø·¡ÀÇ IP ¸¶½ºÄ¿·¹À̵å FAQ
- Indyramp ConsultingÀÌ ¸¸µç IP ¸¶½ºÄ¿·¹ÀÌµå ¸ÞÀϸµ ¸®½ºÆ® archive
- Ambrose Au°¡ ¸¸µç IP ¸¶½ºÄ¿·¹À̵å À¥ »çÀÌÆ®
- X/OS°¡ ¸¸µç Ipfwadm ÆäÀÌÁö
- ±×¿Ü ³×Æ®¿÷¿¡ °ü·ÃµÈ ¿©·¯°¡Áö Linux ÇÏ¿ìÅõµé
- David Ranch°¡ ¸¸µç TrinityOS¿¡¼ ¾ð±ÞµÈ ¸î°¡Áö ÁÖÁ¦µé
- TO do - HOWTO:
- Add the scripted IPMASQADM example to the Forwarders section. Also confirm the syntax.
- Add a little section on having multiple subnets behind a MASQ server
- Confirm the IPCHAINS ruleset and make sure it is consistant with the IPFWADM ruleset
TO DO - WWW page:
- Update all PPTP urls from lowrent to ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html
- Update the PPTP patch on the masq site
- Update the portfw FTP patch
Changes from 1.78 to 1.79 - 10/21/99
- Updated the HOWTO name to reflect that it isn't a MINI anymore!
Changes from 1.77 to 1.78 - 8/24/99
- Fixed a typeo in "Section 6.6 - Multiple Internal Networks" where the -a policy was ommited.
- Deleted the 2.2.x kernel configure option "Drop source routed frames" since it is now enabled by default and the kernel compile option was removed.
- Updated the 2.2.x and all other IPCHAINS sections to notify users of the IPCHAINS fragmentation bug.
- Updated all the URLs point at Lee Nevo's old IP Masq Applications page to Seg's new page.
Changes from 1.76 to 1.77 - 7/26/99
- Fixed a typo in the Port fowarding section that used "ipmasqadm ipportfw -C" instead of "ipmasqadm portfw -f"
Changes from 1.75 to 1.76 - 7/19/99
- Updated the "ipfwadm: setsockopt failed: Protocol not available" message in the FAQ to be more clear instead of making the user hunt for the answer in the Forwarders section.
- Fixed incorrect syntax in section 6.7 for IPMASQADM and "portfw"
Changes from 1.72 to 1.75 - 6/19/99
- Fixed the quake module port setup order for the weak IPFWADM & IPCHAINS ruleset and the strong IPFWADM ruleset as well.
- Added a user report about port forwarding ICQ 4000 directly in and using ICQ's default settings WITHOUT enabling the "Non-Sock" proxy setup.
- Updated the URLs for the IPMASQADM tool
- Added references to Taro Fukunaga, tarozax@earthlink.net for his MkLinux port of the HOWTO
- Updated the blurb about Sonny Parlin's FWCONFIG tool to note new IPCHAINS support
- Noted that Fred Vile's patch for portfw'ed FTP access is ONLY available for the 2.0.x kernels
- Updated the 2.2.x kernel step with a few clarifications on the Experiemental tag
- Added Glen Lamb's name to the credits for the LooseUDP patch
- Added a clarification on installing the LooseUDP patch that it should use "cat" for non-compressed patches.
- Fixed a typo in the IPAUTO FAQ section
- I had the DHCP client port numbers reversed for the IPFWADM and IPCHAINS rulesets. The order I had was if your Linux server was a DHCP SERVER.
- Added explict /sbin path to all weak and strong ruleset examples.
- Made some clarifications in the strong IPFWADM section regarding Dynamic IP addresses for PPP and DHCP users. I also noted that the strong rulesets should be re-run when PPP comes up or when a DHCP lease is renewed.
- Added reference in the 2.2.x requirements, updated the ICQ FAQ section, and added Andrew Deryabin to credits section for his ICQ MASQ module.
- Added some clarifcation in the FAQ section why the 2.1.x and 2.2.x kernels went to IPCHAINS.
- Added a little FAQ section on Microsoft File/Print/Domain services (Samba) through a MASQ server. I also added a URL to a Microsoft Knowledge base document for more details.
- Added clarification in the FAQ section that NO Debian distribution supports IP masq out of the box.
- Updated the supported MASQ distributions in the FAQ section.
- Added to the Aliased NIC section of the FAQ that you CANNOT masq out of an aliased interface.
- Wow.. never caught this before but the "ppp-ip" variable in the strong ruleset section is an invalid variable name! It has been renamed to "ppp_ip"
- In both the IPFWADM and IPCHAINS simple ruleset setup areas, I had a commented out section on enabling DHCP traffic. Problem is, it was below the final reject line! Doh! I moved both up a section.
- In the simple IPCHAINS setup, the #ed out line for DHCP users, I was using the IPFWADM "-W" command instead of IPCHAINS's "-i" parameter.
- Added a little blurb to the Forwarders section the resolution to the famous "ipfwadm: setsockopt failed: Protocol not available" error. This also includes a little /proc test to let people confirm if IPPORTFW is enabled in the kernel. I also added this error to a FAQ section for simple searching.
- Added a Strong IPCHAINS ruleset to the HOWTO
- Added a FAQ section explaining the "kernel: ip_masq_new(proto=UDP): no free ports." error.
- Added an example of scripting IPMASQADM PORTFW rules
- Updated a few of the Linux Documentation Project (LDP) URLs
- Added Quake III support in the module loading sections of all the rc.firewall rulesets.
- Fixed the IPMASQADM forwards for ICQ
- 1.72 - 4/14/99 - Dranch: Added a large list of Windows NAT/Proxy alternatives with rough pricing and URLs to the FAQ.
- 1.71 - 4/13/99 - Dranch: Added IPCHAINS setups for multiple internal MASQed networks. Changed the ICQ setup to use ICQ's default 60 second timeout and change IPFWADM/IPCHAINS timeout to 160 seconds. Updated the MASQ and MASQ-DEV email list and archive subscription instructions.
- 1.70 - 3/30/99 - Dranch: Added two new FAQ sections that cover SMTP/POP-3 timeout problems and how to masquerade multiple internal networks out different external IP addresses with IPROUTE2.
- 1.65 - 3/29/99 - Dranch: Typo fixes, clarifications of required 2.2.x kernel options, added dynamic PPP IP address support to the strong firewall section, additional quake II module ports, noted that the LooseUDP patch is built into later 2.2.x kernels and its from Glenn Lamb and not Dan Kegel, added more game info in the compatibility section.
- 1.62 - Dranch: Make the final first-draft changes to the doc and now announce it the the MASQ email list.
- 1.61 - Dranch: Make editorial changes, cleaned things up and fixed some errors in the Windows95 and NT setups.
- 1.58 - Dranch: Addition of the port forwarding sections; LooseUDP setup; Ident servers for IRC users, how to read firewall logs, deleted the CuSeeme Mini-HOWTO since it is rarely used.
- 1.55 - Dranch: Complete overhaul, feature and FAQ addition, and editing sweep of the v1.50 HOWTO. Completed the 2.2.x kernel and IPCHAINS configurations. Did a conversion from IPAUTOFW to IPPORTFW for the examples that applied. Added many URLs to various other documentation and utility sites. There are so many changes.. I hope everyone likes it. Final publishing of this new rev of the HOWTO to the LDP project won't happen until the doc is looked over and approved by the IP MASQ email list (then v2.00).
- 1.50 - Ambrose: A serious update to the HOWTO and the initial addition of the 2.2.0 and IPCHAINS configurations.
- 1.20 - Ambrose: One of the more recent HOWTO versions that solely dealt with < 2.0.x kernels and IPFWADM.