: Linux Real IP Forward/Firewall Machine ϱ Mini-HOWTO

ۼ: ȭ(jhjung@wyzsoft.com)

ۼ: Sun Jan 16 02:45:41 KST 2000

:  ͳ IP ο Ʈũ 󿡼   ȭ  ִ
      е.

: ѱ 

1.  ռ

 Linux ߼ Ʈũȯ濡 Ǹϰ ۵ϴ   ϰ 
    ˰ ְ  ڷḦ ƹ ãƺ ӽĿ
 ̿ ȭ   ۸  ̹   IP  
Ʈ ȭ   ӽ ϴ Ϳ ؼ ڷᰡ Ͽ 
̷ Mini-HOWTO   Ǿ.

2. 䱸
 -  Ʈũ (routing , netmask , forwarding , etc.)
 -  Router Ǿ ְų Wan ī尡   ӽ
 - (ڴ ݶ)


3.    ȯ
 - Router: CISCO 4500M + 1 Fastethernet module  + 4 serial module 
 - CSU :  Ӵ 
 - Linux1: Intel pentium III 500 + 128M ram + 9G HDD 
 - NIC: 3com 905  , 905b  
 - HUB: Intel 405T standalone switch HUB * 3
 - IP뿪: 211.50.38.0/25      (255.255.255.128)
 -  Ѻ +  
 - Network Bandwidth: T1


4.  

 켱 ڽ ͳ ī忡 ´ ũν ̺ . ũν ̺ 
 𸣴  ϴ  ų ͳݿ ˻غ. ƴϸ ̳
ũ븶Ʈ  ũν    ũν ִ   ȴ.
߿Ѱ ̹ ִ Ʈ  ڽ ߰μ ȭ 
 ϴ°̱   Ϳ  Ǵ  ߰ 
ä߸ Ѵ. ׸ غڴ.

      Cross Line(Ư  Direct ᵵ )
+---+       +---+ ------------  PC          
|   |-------|   | ------------  PC
|   |       |   | ------------  PC                    
+---+       +---+ ------------  PC
Router      Hub

[׸.1]  

      Cross        
+---+       +---+    +---+ ------------ PC           
|   |-------|   |--- |   | ------------ PC 
|   |       |   |    |   | ------------ PC         
+---+       +---+    +---+ ------------ PC
Router      Box      Hub
 

[׸.2] Linux Box ߰  

׷ ߰ ä⸸ ϸ Ǵ?  ɸ ̴ :) 켱 
ڽ ú غ. Ǹ    IP ϰڴ.  ٶ
. ߿Ѱ  ڽ ī ̻ پ ־ Ѵٴ ̴. ׸
 ŷڼ ӵ   ͸ ߵǴ 100Mbps PCI ī带 
ϱ⸦ Ѵ. 3Com̳ Intel 100Mbps ī  ̴. ⼭ 
3Com 3c905 905b Ѵ. ϵ غ  Ŀ  Ѵ.
Ʈ κп  IP_FORWARDING ؾ Ѵ. ipchains   IP_FIRE
WALL ϴ°͵  . ̷  Ŀη  ī尡 νĵ
ٸ  ణ ۾ ʿϴ. 켱 Ϳ ٷ  ī ̽
˾ƾ Ѵ( eth1).  Ͱ ߿ѵ    
 ڸ  IP  Ϳ  ī IP private IP - 
 ÿ  ʴ 缳 IP -  ؾ Ѵٴ ̴.
 Router 10.0.0.1 eth1 10.0.0.2 ߴ.  IP Ϳ
ī忡  Ұ쿡  ٽ   Ʈ ( 211.50.
38.0/128 ٽ   ʴ ̻) Ϳ   ټ  
  ġ    缳 IP Ѱ̴.  ̷ 
 ISP ø(Ͱ  IP) netmask 255.255.255.252 Ѵ.
IP    ״ ߿Ѱ .     ϴ 
Ʈ  ġ ʰ   ִ°̱   ī忡
  Ͱ  IP(Ϲ Ʈ IP) Ѵ. 

Network: 211.50.38.0/25

      Cross          +---------+
+---+                |+--+ +--+|           +---+ ------------ PC  211.50.38.2
|   |-----------------|  | |  |------------|   | ------------ PC  211.50.38.3
|   |                ||  | |  ||           |   | ------------ PC  211.50.38.4  
+---+                |+--+ +--+|           +---+ ------------ PC
                     +---------+
serial:              NIC0:                 HUB
211.50.1.202/30      10.0.0.2
ip:                  NIC1:
10.0.0.1                   211.50.38.1

ϴ ̷  Ǹ IP_FORWARDING ˾Ƽ ̷  ʿ 
PC ܺη  Ʈ   츮    ӽ
 ȴ.    ӽ ipchains ̿  ȭ 
  ִ. ȸ ο ð ä   irc Ʈ  
Ʈ  ̰ ,  Ȱȭ Ʈ  ִ :)

Ƿʸ     ̰ڴ.

-  

[root@unixian /root]# ztelnet 10.0.0.1
Trying 10.0.0.1...
Connected to 10.0.0.1.
Escape character is '^]'.
WyzSoft Research & Development Lab. Access-control Router

User Access Verification

Password: 
router>en
Password: 
router#show running-config
Building configuration...

Current configuration:
!
version 11.2
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname router
!
enable secret 5 ******************************
!
ip subnet-zero
ip domain-name wyzlab.com
ip name-server 210.205.2.52
!
interface Serial0
 ip address 211.50.1.202 255.255.255.252
!


interface Serial1
 no ip address
 shutdown
!
interface Serial2
 no ip address
 shutdown
!
interface Serial3
 no ip address
 shutdown
!
interface FastEthernet0
 ip address 10.0.0.1 255.0.0.0
!
no ip classless
ip route 0.0.0.0 0.0.0.0 211.50.1.201
ip route 211.50.38.0 255.255.255.128 10.0.0.2
logging buffered informational
logging console informational
logging monitor informational
logging 211.50.38.2
snmp-server community wyzlab RO
snmp-server trap-authentication

banner motd ^CWyzSoft Research & Development Lab. Access-control Router^C
!
line con 0
line aux 0
line vty 0 4
 password *******************
 login
!
end

router#

- ȭ  ڽ 

[root@bluebird jhjung]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
211.50.38.1     *               255.255.255.255 UH    0      0        0 eth0
10.0.0.2        *               255.255.255.255 UH    0      0        0 eth1
10.0.0.0        *               255.255.255.252 U     0      0        0 eth1
211.50.38.0     *               255.255.255.128 U     0      0        0 eth0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         10.0.0.1        0.0.0.0         UG    0      0        0 eth1


- Ϲ PC (Linux )

[root@unixian /root]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
211.50.38.38    *               255.255.255.255 UH    0      0        0 eth1
211.50.38.0     *               255.255.255.128 U     0      0        0 eth1
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         211.50.38.1     0.0.0.0         UG    0      0        0 eth1
[root@unixian /root]# 

- Ϲ PC traceroute 
[root@unixian /root]# traceroute linux.sarang.net
traceroute to linux.sarang.net (210.122.59.30), 30 hops max, 38 byte packets
 1  211.50.38.1 (211.50.38.1)  0.241 ms  0.192 ms  0.149 ms
 2  10.0.0.1 (10.0.0.1)  2.350 ms  0.884 ms  0.777 ms
 3  211.50.1.201 (211.50.1.201)  4.102 ms  3.571 ms  3.443 ms
 4  anybbb185-fe4-1-0.rt.bora.net (210.120.252.102)  4.060 ms  3.680 ms  3.895 ms
 5  anyg4-ge2-0.rt.bora.net (210.120.193.145)  3.775 ms  3.728 ms  3.692 ms
 6  selg2-pos8-0.rt.bora.net (210.120.192.117)  4.423 ms  3.924 ms  3.943 ms
 7  ysng12kix4-ge5-0.rt.bora.net (210.120.192.69)  4.049 ms  4.053 ms  4.061 ms
 8  210.107.53.66 (210.107.53.66)  4.911 ms  5.091 ms  5.216 ms
 9  203.255.117.248 (203.255.117.248)  5.077 ms  5.759 ms  5.190 ms
10  10.241.1.178 (10.241.1.178)  12.136 ms  11.571 ms  11.424 ms
11  linux.sarang.net (210.122.59.30)  11.841 ms  10.977 ms  10.900 ms

- ܺ Ʈ traceroute 
[jhjung@www jhjung]$ /usr/sbin/traceroute 211.50.38.38
traceroute to 211.50.38.38 (211.50.38.38), 30 hops max, 40 byte packets
 1  210.118.74.1 (210.118.74.1)  2.944 ms  2.871 ms  2.908 ms
 2  210.118.73.1 (210.118.73.1)  0.914 ms  0.905 ms  0.877 ms
 3  210.118.49.97 (210.118.49.97)  3.146 ms  3.460 ms  2.889 ms
 4  dacomkix-sds-s2-0.rt.bora.net (203.233.37.221)  5.048 ms  5.653 ms  4.491 ms
 5  selg2-ge5-0.rt.bora.net (210.120.192.65)  4.608 ms  5.121 ms  4.654 ms
 6  anyg4-pos8-0.rt.bora.net (210.120.192.118)  5.543 ms  5.481 ms  4.817 ms
 7  anybbb185-ge1-0-0.rt.bora.net (210.120.193.147)  5.259 ms  69.667 ms  5.210 ms
 8  anyaba74-fe1-0-0.rt.bora.net (210.120.252.74)  5.457 ms  6.135 ms  5.139 ms
 9  211.50.1.202 (211.50.1.202)  9.027 ms  9.660 ms  8.556 ms
10  10.0.0.2 (10.0.0.2)  8.838 ms  9.265 ms  8.908 ms
11  211.50.38.38 (211.50.38.38)  17.076 ms  8.672 ms  8.902 ms


 
5. ı
ܺ Ʈ T1̱   ָ     /
ȭ ӽδ ̱  Ŷ ν    ۵Ѵ. 
 üδ ǹ̰  ȭ      ֱ  
޴ ڰ   ̴.  ӽ Ʈũ м (
IPtraf , ntop )  Ʈ   ֱ⶧  Ѱ .
 ذ  ִٸ  ӽ ü ܺ Ʈ  
 . ٸ PC   IP   Ǳ⶧  
  ӽ ⺻ IP 10.0.0.2   ܺη     
ΰ . IP tunneling  ϰ ü Ģ  ū
 ƴϱ  ׾  ӽ Ʈ ߰ڴٴ  IP tunnell-ing
   ٶ.  IPchains   ִ  http://www.fre
shmeat.net  ipchains ˻ غ ٶ.      gtk
front-end gfcc̴. ׷   ̸ Դϴ.


6.  
- Դٰ  û   躴()(redhands@linux.sarang.net)
    .( ֱ )
-     ֽ ä(äø) Կ 帳ϴ.
-  ϰ  ڹ() , () , 迵(Ŀڹ) 
   .
