GNU/Linux Bridge  ̿ Firewall ϱ Mini-HOWTO

ۼ: ȭ(jhjung@wyzsoft.com) 
ۼ: 2000 6 19 17 50

:  Ʈũ ȯ濡    ä ȭ 
 е

 : Firewall HOWTO , Linux Real IP Forward/Firewall Machine 

0. ۱ GPL .


1.  ռ

    Linux Real IP Forward/Firewall Machine  
  ۵
 Ϳ    䱸ϴ κ ־ Ϳ  
̴   Ͻô е   ϴ  긮
 ̿ (transparent)  Firewall Ұϱ⿡ ̸ :)

2. 䱸 - Linux Real IP Forward/Firewall Machine   -
׷ ۾ٴ ణ  κ    Ѱ  ߰

3.    ȯ
 - Router: CISCO 4500M + 1 Fastethernet module  + 2 serial module -
 Linux1: Intel pentium III 600 + 256M ram + 12G HDD - NIC: 3com 905  ,
 905b - HUB: Intel 405T standalone switch HUB * 3 - IP뿪: 211.50.38.0/25
 (255.255.255.128) -  Ѻ + Ƽ ( Ҿ. 
  ں ȯ) - Network Bandwidth: T1 - GNU/Linux kernel 2.2.5(Ŀ
    ) - Redhat linux 6.2

4.   

   ξ ũν ̺  ʿ . ̹ 
 ߵǴϱ

      Cross        
+---+       +---+    +---+ ------------ PC
|   |-------|   |--- |   | ------------ PC
|   |       |   |    |   | ------------ PC
+---+       +---+    +---+ ------------ PC
Router      Linux      Hub
            box
[׸.1] Linux Box ߰ 

http://ac2i.tzo.com/bridge_filter/  긮 ͸ ٿ 
Ŀο ġѴ. 2.2.5 ̱    ġϷ ۾
ʿ ̴.  Ƽ Ŀ 2.2.5 ߾ :))) Ŀ 
ɼǿ Ʈũ õ ɼ  ؾߵȴ. ׸ 
*BRIDGE* κ  enableŲ.    ϰ  
 ipchains -L  ĺ bridgein ̶ Chain ϳ   
  ִ.  Ŀο bridgein, input, forward, output װ ⺻
ü Ȱ̴. ׸  ȭ õ 꼳 bridgein
۵Ѵ.  긮  NIC IP ο ʴ° Ģ
ܺο  츦 ؼ IP   ִ. ߿   NIC
ؼ promisc arp 带 Ѵ ̴. promisc 带  
긮 ۵ ʴ´ arp arp_proxy ؼ Ѵ ̴.

ex) ifconfig ethx promisc arp

׸ 긮 ü ϱ ؼ bridge config  ޾ƾ Ѵ.
ftp.tux.org/people/alan-cox/BRCFG.tgz ޾Ƽ  Ѵ.

  brcfg   ī (/usr/sbin )  
Ѵ.  brcfg -ena brcfg -port 1 -ena brcfg -port 2 -ena

긮  ۵ϴ°  ̴.  ʹ  긮
۵ϱ  ipchains  bridgein  길 ϸ ȭμ
  Ѵ.  bridgein  ؼ  REJECT  
 . DENY ACCEPT ϴ.  ġ   δ. 
arp  ˾Ƴ 찡 µ /proc/sys/net/ipv4/conf/all/proxy_arp
  1 ٲ㼭 arp_proxy  ۵ϰ ϸ    ̴.

5. 

-Ŀ ġ(bridge filter) -Ŀ (bridge option 'Y') -ifconfig
ethx promisc arp -brcfg -ena -brcfg -port 1 -ena -brcfg -port 2 -ena
-tcpdump  ۵ Ȯ *긮 ü  ũ ۵ϱ
  ̾  Ͼ  ʴ´.  TCP/IP/ICMP
 ̿ܿ  ɷ¿Ͽ  ٸ    
ִ. ̰   д е  .

6. ı 

 IP   ͸ ̻ Ű澵ʿ䰡
.   ̴!!!!  ȭ ٲٽñ ٵ.

6.  ǰ

ȭ(jhjung@wyzsoft.com) Ʈ   3/
ȭ/ȱ 

7.   ̹ ȥ -_-;
