  To RedHat Linux 6.x san Internet Gateway gia spitiko diktyo
  Paul Ramsey <pramsey@refractions.net>
  22 Ioynioy 2000

  Ena aplo didaktiko keimeno gia th ru8mish toy RedHat 6 kai paromoiwn
  ekdosewn, gia na doylecei san Internet gateway s' ena mikro diktyo sto
  spiti h sto grafeio. Ta 8emata poy kaluptontai, perilambanoyn to
  maskarisma (masquerading), to DNS, to DHCP, kai basikes apaithseis
  asfaleias.
  ______________________________________________________________________

  Table of Contents


  1. Eisagwgh

     1.1 Ekdoseis
     1.2 Copyright

  2. Kalwdiwnontas to susthma

     2.1 Me hub
     2.2 Xwris hub
     2.3 Me mono mia karta diktuoy

  3. Ry8mizontas th diktuwsh

     3.1 Ry8mizontas enan driver diktuoy
        3.1.1 Duo akribws idies kartes diktuoy
     3.2 Ry8mizontas to eswteriko meros toy diktuoy
        3.2.1 H syskeyh diktuoy
        3.2.2 O DHCP server
        3.2.3 Oi client H/Y
        3.2.4 O DNS server
        3.2.5 Testarontas to eswteriko diktyo
     3.3 Ry8mizontas to ejwteriko diktyo
        3.3.1 Me statikh dieu8ynsh IP
        3.3.2 Me to DHCP
        3.3.3 Parajenies kai anwmalies
           3.3.3.1 PPP epanw se Ethernet (PPPoE)
           3.3.3.2 Xaza kolpa me to DHCP
           3.3.3.3 H etairia Road Runner
        3.3.4 Koitazontas tis ry8miseis toy diktuoy
     3.4 Asfaleia

  4. Ry8miseis maskarismatos (masquerading)

  5. Problhmata

     5.1 To ICQ den doyleuei
     5.2 Exw Caldera 2.x, oxi RedHat 6.x
     5.3 8elw enas apo toys eswterikous H/Y moy na ginei o Web server moy


  ______________________________________________________________________

  1.  Eisagwgh

  Ayto to keimeno periexei aples syntages gia th ru8mish toy RedHat 6.x
  san Internet gateway gia ena spitiko diktyo, h diktyo enos mikrou
  grafeioy.  Oi odhgies einai oso ginetai aplopoihmenes : Den syzhtame
  gia eidikes periptwseis, kai 8a kanoyme merikes ypo8eseis, oson afora
  tis diey8unseis diktuoy poy 8a xrhsimopoih8oun, Oi shmantikoteres
  ypo8eseis mas einai :


    Oti dia8etete diarkh kalwdiakh h ADSL sundesh sto Internet.

    Oti mporeite na egkatasthsete me epityxia to RedHat 6.x se
     toylaxiston enan apo toys H/Y sas. Shmeiwste oti aytes oi odhgies
     isxuoyn kai gia ta paragwga toy RedHat, opws to Mandrake 6.x, poy
     dianemetai apo thn MacMillan Publishing katw apo mia poikilia
     emporikwn etiketwn.

    Oti o H/Y sas me to Linux exei duo kartes diktuoy egkatesthmenes
     mesa toy, kai einai symbates me to Linux kai oi duo.

    Oti dia8etete ena ethernet hub, an syndeete se diktyo perissoteroys
     apo enan ypologistes, h kalwdio cross-over, an syndeete monon enan
     H/Y.

    Oti gnwrizete pws na epejergazeste arxeia morfhs text se H/Y me
     Linux.

    Oti mporeite na mpeite ston H/Y ws root. Oti gnwrizete na
     egka8istate paketa RPM apo ta cd-roms toy Linux.

  An den plhreite aytes tis proupo8eseis, tote pi8anotata ayto to
  keimeno na mhn proorizetai gia sas.

  Den yparxei kati to asynh8isto, poy prepei na kanete kata th
  diadikasia egkatastashs. Apla, dialejte mia egkatastash poy sas
  tairiazei, kai jekinhste thn. Ayto to keimeno dinei odhgies gia na
  egkatasthsete o,tidhpote exei sxesh me thn prospa8eia diktuwshs poy
  jekinaei apo to mhden, gia n' apofugete tis tyfles ypo8eseis, ws pros
  to ti egkatasta8hke h ry8misthke kata th diarkeia ths egkatastashs
  ayths. Gia na bebaiw8eite pws to susthma doyleuei kai pws den yparxei
  sugxysh ws pros to ti-paei-pou, oles oi ry8miseis 8a ginoyne me
  katey8eian epembash sta arxeia ry8misewn, para me xrhsh twn ergaleiwn
  ry8misewn katw apo GUI's, ta opoia parexei to RedHat. Apo th mia
  pleyra, aytos o tropos einai ligaki dyskoloteros ap' o,ti prepei. Apo
  thn allh, omws, oi gnwseis sas 8a mporoun na efarmostoun polu eukola
  se diaforetikes dianomes toy Linux, h diaforetikes katastaseis.  (Px,
  se fash opoy ta X-Windows den doyleuoyn, h an sthnete enan headless
  server.)

  1.1.  Ekdoseis

  H teleytaia ekdosh aytou edw toy keimenoy panta brisketai sto
  http://www.coastnet.com/~pramsey/linux/homenet.html (se HTML), kai sto
  http://www.coastnet.com/~pramsey/linux/homenet.sgml (se SGML).


    21 Dekembrioy 1999 : Prwth ekdosh.

    2 Ianoyarioy 2000 : Perielaba ypodeijeis toy John Mellor, gia tis
     parajenies toy ejwterikou diktuoy.

    22 Ianoyarioy 2000 : Mikrh pros8hkh sxetika me tis kartes diktuoy
     poy einai akribws idies, kai plhrofories gia to IP aliasing apo ton
     Chris Lea.

    16 Martioy 2000 : Merikes plhrofories sxetikes me thn asfaleia toy
     name server kai sxetika me thn yposthrijh toy Caldera Linux, apo
     ton Nelson Gibbs.

    22 Ioynioy 2000 : Tekmhriwsh gia tis parajenies ths ru8mishs toy
     RedHat 6.2 . Perissoteres plhrofories gia to PPPoE (PPP over
     Ethernet), apo ton Kerr First.



  1.2.  Copyright

  Copyright  2000, Paul Ramsey.

  Ayto to keimeno mporei n' anaparax8ei oloklhro h kata tmhmata, xwris
  xrewsh, ypo toys parakatw oroys :


    H parapanw anafora sto copyright kai h anafora sthn adeia xrhshs
     prepei na diathrountai akeraies epanw se ola ta antigrafa, plhrh h
     tmhmatika.

    Ka8e metafrash h paragwgh ergasia prepei na egkri8oun graptws apo
     ton syggrafea, prin dianemh8oun.

    Ean dianeimete ena kommati aytou toy keimenoy, prepei na
     symperilabete odhgies gia to pws mporei kapoios na brei to plhres
     keimeno, ka8ws ki ena meson, gia na bre8ei to plhres keimeno.

    Mikra tmhmata aytou toy keimenoy mporoun n' anaparax8oun ws
     paradeigmata se entypa, h ws anafores se alles ergasies, xwris na
     periexoyn aythn edw thn adeia, ean yparxei h anafora toy arxikou
     keimenoy.

  Gia akadhmaikous skopous, mporoun na ginoyn ejaireseis sta parapanw :
  Gracte ston syggrafea kai zhthste to. Aytoi oi periorismoi yparxoyn
  edw, gia na prostateuoyn emas, ws syggrafeis, oxi gia na periorizoyn
  esas, ws ekpaideytes h ma8htes.

  2.  Kalwdiwnontas to susthma

  Analoga me to an xrhsimopoieite hub h oxi, h diktyakh sas topologia 8a
  diaferei ligaki. Edw kaluptw monaxa thn sundesh me kalwdio RJ45 (ayto
  poy moiazei me thlefwniko kalwdio poy paxyne, epeidh phre anabolika),
  kai oxi thn sundesh me lepto omoajoniko. Me to lepto omoajoniko
  mporeite na syndesete pollous H/Y xwris na xreiastei hub, alla prepei
  na prosexete ton termatismo twn syndesewn, klp. An hdh gnwrizete apo
  diktuwsh, oi odhgies aytes 8a sas fanoun se megalo ba8mo perittes.

  2.1.  Me hub

  An dia8etete hub, to diktyo sas 8a moiazei m' ayto  edw
  <http://www.coastnet.com/~pramsey/linux/w_hub.gif>.

  Syndeste thn karta diktuoy eth0 toy H/Y sas me to kalwdiako (cable)
  modem, h to koyti ths sundeshs ADSL, xrhsimopoiwntas to kalwdio poy
  sas edwse o texnikos ths sundeshs kata thn egkatastash poy ekane. (H,
  ena kalwdio poy gnwrizete oti 8a doylecei m' ayth th sundesh.) Ayto to
  bhma xreiazetai prosoxh, epeidh merikes fores sta cable modems aresei
  h sundesh me crossover, kai merikes fores h katey8eian sundesh me
  kalwdio.  To kalwdio poy sas dinei h etairia sundeshs, einai ayto
  akribws poy xreiazeste.

  Syndeste thn karta diktuoy eth1 toy H/Y sas me to hub, katey8eian me
  kalwdio. Kante to idio kai gia toys alloys H/Y sas.

  2.2.  Xwris hub

  Akomh ki an den exete hub, panta mporeite na syndesete enan H/Y epanw
  ston H/Y sas poy exei Linux, me kalwdio crossover. H topologia sas 8a
  moiazei me aythn edw
  <http://www.coastnet.com/~pramsey/linux/wo_hub.gif>.

  Syndeste thn karta diktuoy eth0 me to cable modem, h to koyti ths
  sundeshs ADSL, xrhsimopoiwntas to kalwdio ths syskeyasias twn
  syndesewn. Syndeste thn karta diktuoy eth1 me ton allon H/Y,
  xrhsimopoiwntas kalwdio crossover.

  2.3.  Me mono mia karta diktuoy

  Ayto to sthsimo den to synistw. M' ayton ton tropo, to eswteriko kai
  to ejwteriko sas diktyo briskontai epanw sto idio kommati diktuoy, kai
  ara einai pio epidektika se cracking ( = zhmies apo kakoboyloys
  hackers). Sthn pragmatikothta, o kindynos aytos einai pi8anotata
  ashmantos, alla yparktos. Analoga ti 8a sas tuxei.

  O pyrhnas toy Linux perilambanei yposthrijh gia to "IP aliasing", h
  opoia epitrepei se mia karta diktuoy tupoy ethernet na yposthrizei duo
  diey8unseis IP taytoxrona. (Ayto to xarakthristiko einai sumfyto stoys
  pyrhnes poy briskontai stis dianomes ths RedHat kai ths Mandrake.) Gia
  na ry8misete mia gateway me mono mia karta ethernet, antikatasthste se
  ola ta efejhs paradeigmata to eth1 me to eth0:0.

  Se susthma monhs kartas diktuoy, den synistatai na trejete enan DHCP
  server.

  Syndeste oloys toys H/Y sas kai to cable modem sas (h to koyti ths
  sundeshs ADSL) sto hub. Stayrwste ta daxtyla sas, kai synexizoyme.

  3.  Ry8mizontas th diktuwsh

  Entajei loipon, mexri twra exete egkatasthsei to Linux ston H/Y, poy
  apotelei thn gateway sas. Mporei akomh kai na 'xete ry8misei mia apo
  tis kartes diktuoy sas, kai th sundesh me to Internet. Wstoso, 8'
  arxisoyme apo to mhden, kai 8a kanoyme sa na mhn egine kammia ru8mish.

  Kante login ws root. Oles oi odhgies aytou toy keimenoy proupo8etoyn
  oti exete kanei login ws root.

  O pyrhnas toy Linux anaferetai stis duo ethernet kartes sas ws eth0
  kai eth1, ara me ton idio tropo 8' anaferomai ki egw s' aytes eis to
  ejhs. To problhma, omws, einai oti den jeroyme poia einai poia. Oriste
  enas "aplos" tropos na to broume, poy doyleuei eggyhmena toylaxiston
  sto 50% twn periptwsewn : Balte ton H/Y sas epanw sto grafeio me th
  motherboard se orizontia 8esh, kai na blepete to pisw meros. (Sa na
  eprokeito na ton anoijete, kai na kanete kapoia ergasia sto eswteriko
  toy.) H eth0 karta einai h pio aristera - isws na 8elete na shmeiwsete
  th 8esh ths me mia etiketa. Twra, shmeiwste s' ena fullo xarti th
  marka kai to montelo kai ths eth0, kai ths eth1.

  Entajei, as doume twra an kai thn eth0 kai thn eth1 tis anagnwrizei
  aytomata o pyrhnas. Dwste : ifconfig eth0 kai : ifconfig eth1. Kai
  stis duo periptwseis, an o pyrhnas anagnwrizei thn antistoixh karta,
  prepei na deite ena mhnyma san to parakatw (me ta noumera kai ta
  ypoloipa, bebaia, na einai diaforetika) :


   eth0   Link encap: Ethernet   HWaddr 00:60:67:4A:02:0A
          inet addr:0.0.0.0  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:466 errors:0 dropped:0 overruns:0 frame:0
          TX packets:448 errors:0 dropped:0 overruns:0 carrier:0
          collisions:85 txqueuelen:100
          Interrupt:10 Base address:0xe400




  An o pyrhnas den anagnwrizei thn karta diktuoy sas, 8a deite ena
  mhnyma san to parakatw :


   eth0: error fetching interface information: Device not found.




  3.1.  Ry8mizontas enan driver diktuoy

  An to Linux brei kai tis duo kartes sas, pate thn epomenh enothta.
  Alliws, diabaste aythn edw.

  As poume oti o pyrhnas den anagnwrizei th mia karta, h kai tis duo.
  Ayto den einai kanena spoydaio problhma. O,ti prepei na kanoyme, einai
  na ejhghsoyme ston pyrhna pws na brei tis kartes. Yparxoyn polla kolpa
  edw, alla den 8a t' anaferw ola. Monaxa 8ymh8eite pws, otan ta
  pragmata dyskoleuoyn, yparxei kai to Ethernet HOWTO. Idou, omws,
  merikes symboyles se syntomia :


    Dia8etete mia PCI karta diktuoy. Kai pi8anotata exete jenoiasei,
     ypo8etontas pws den einai toso kainourgia, wste na mhn yparxoyn
     ka8oloy drivers gi' aythn. Syxna, omws, mporeite na breite para
     polles plhrofories gia tis kartes diktuoy sas (ka8ws kai gi' alla
     pragmata), diabazontas to /proc/pci kai shmeiwnontas markes kai
     montela.

    Dia8etete mia ISA karta diktuoy. Einai pi8ano na xreiastei na
     ma8ete th basikh dieu8ynsh IO kai thn IRQ ths kartas. H karta exei
     ena egxeiridio, swsta; An den exei, prepei na pate sto site toy
     kataskeyasth ths, kai na deite an exei on-line tipote keimena
     anaforas. H, an h karta exei mia disketa ry8misewn sto DOS,
     jekinhste me thn disketa ayth kai koitajte an exei programma
     ry8misewn (to opoio 8a diabasei kai 8a ry8misei th dieu8ynsh kai
     thn IRQ).

    Dia8etete mia ISA Plug'n'Play karta diktuoy. Prwta prepei na ma8ete
     pws na th ry8mizete - diabaste to Plug'n'Play HOWTO. Eytyxws, afou
     ry8misete mia fora thn karta sas, 8a gnwrizete akribws poies einai
     h basikh dieu8ynsh IO kai h IRQ ths.

  Twra, mia poy jerete tis markes - montela twn eth0 kai eth1, mporeite
  na pate sth selida symbatothtas toy Ethernet HOWTO, kai na cajete gia
  tis kartes sas. Shmeiwste ton synistwmeno driver, ka8ws kai ka8e
  plhroforia gia eidikes ry8miseis, poy tyxon apaitoun oi kartes sas.

  Eftase h stigmh na epemboyme s' ena arxeio ry8misewn! To arxeio poy 8a
  dior8wsoyme, einai to /etc/conf.modules. Anoijte to me ton text editor
  ths epiloghs sas. Epeidh yparxoyn polles epiloges kai syndyasmoi, poy
  mporoun na proste8oun sto sygkekrimeno arxeio, 8a sas dwsw san
  paradeigma tis ry8miseis gia th dikh moy gateway. Exw mia PCI karta
  twn 10/100 Mbps, poy basizetai sto oloklhrwmeno VIA Rhine, ki enan
  typikotato ISA klwno toy protupoy NE2000, sta 10 Mbps. Xrhsimopoiw thn
  karta twn 100 Mbps gia to eswteriko diktyo, kai thn 10ara gia th
  sundesh me to ejwteriko diktyo. To diko moy /etc/conf.modules arxeio
  einai kapws etsi :


   alias parport_lowlevel parport_pc
   alias eth0 ne
   options ne io=0x300 irq=10
   alias eth1 via-rhine




  H ejhghsh twn grammwn toy conf.modules arxeioy moy einai h ejhs :

    H prwth grammh ka8orizei oti h parallhlh 8ura moy einai gia
     ektypwseis. Pi8anotata exete ki eseis mia tetoia grammh, thn opoia
     afhste thn ws exei.

    H deuterh grammh (alias eth0 ne) leei ston pyrhna na xrhsimopoihsei
     ton ne driver gia th syskeyh eth0.

    H trith grammh (options ne io=0x300 irq=10) leei ston ne driver se
     poia dieu8ynsh IO kai se poia IRQ 8a brei thn ISA karta.  An exete
     kai seis karta ISA, pi8anotata prepei na gracete mia paromoia
     grammh sto arxeio. Apla, antikatasthste ton driver kai tis IO kai
     irq me ta antistoixa gia thn karta sas.

    H tetarth grammh (alias eth1 via-rhine) leei ston pyrhna na
     xrhsimopoihsei sthn karta eth1 ton driver gia oloklhrwmena via-
     rhine. Epeidh, twra, h eth1 karta moy einai PCI, den xreiazetai na
     gracw odhgies gia tis io kai irq : To yposusthma PCI ry8mizei thn
     karta aytomata.

  Prepei na bebaiw8eite oti yparxoyn grammes alias kai gia tis dyo
  kartes sas sto arxeio conf.modules , kai na balete tis swstes grammes
  epilogwn gia oles tis ISA kartes sas. Mporei kai na yparxoyn hdh
  grammes sto conf.modules, gia ka8e karta ethernet poy ry8misate kata
  thn egkatastash

  Otan teleiwsete th dior8wsh toy conf.modules, janadokimaste tis
  entoles ifconfig eth0 kai ifconfig eth1. Isws sas xreiastei na kanete
  kamposes dokimes, an skalizete tis diey8unseis IO kai tis IRQs, xwris
  na koitazete to egxeiridio toy kataskeyasth.

  3.1.1.  Duo akribws idies kartes diktuoy

  Eseis o jupnios, poy agorasate duo akribws idies kartes diktuoy, twra
  den mporeite na tis balete na doylecoyn mazi; Mhn anhsyxeite, to n'
  anagkastoun na symbiwsoyn einai apla 8ema swsths suntajhs twn grammwn
  toy arxeioy /etc/conf.modules. Sto paradeigma mas, oi ari8moi IO
  diey8unsewn kai IRQ's einai apla ths fantasias mas, alla 8a ypo8esw
  oti agorasate ena tairiasmeno zeygari klwnwn toy protupoy NE2000
  (pragma poy einai mia synh8ismenh epilogh). To diko sas arxeio
  /etc/conf.modules logika moiazei kapws etsi :


   alias eth0 ne
   alias eth1 ne
   options ne io=0x330,0x360 irq=7,9




  Oi parametroi diey8ynsiodothshs didontai oles sthn idia grammh, kai o
  prwtos ari8mos se ka8e parametro anaferetai sthn eth0. O deuteros sthn
  eth1.

  3.2.  Ry8mizontas to eswteriko meros toy diktuoy

  To "eswteriko" diktyo einai ayto, me to opoio epikoinwnoun oloi oi H/Y
  mas sto spiti h sto grafeio. To "ejwteriko" diktyo einai to megalo,
  tromaktiko Internet, sthn allh pleyra toy gateway H/Y mas.  Gia ton
  perissotero xrono, to eswteriko diktyo 8a einai plhrws apomonwmeno apo
  to ejwteriko me th boh8eia toy gateway H/Y, o opoios 8a energei ws
  firewall metrias isxuos.

  3.2.1.  H syskeyh diktuoy

  Mia poy oi drivers sas doyleuoyne twra, kai mporeite na deite kai thn
  eth0 kai thn eth1 me to ifconfig, hr8e h stigmh na ry8misoyme to
  eswteriko diktyo. Ypo8etw oti 8a balete to eswteriko sas diktyo sthn
  eth1, kai to ejwteriko diktyo sthn eth0.

  To eswteriko sas diktyo 8a einai idiwtikhs xrhshs, kai ara prepei na
  to kanoyme diktyo tetoias morfhs : 192.168.1.0. Ayto epishma legetai
  "idiwtiko diktyo Tajhs C", se periptwsh poy 8elete na entypwsiasete
  toys filoys sas.

  Prwta, prepei na bebaiw8oume oti exei energopoih8ei h diktuwsh.
  Allajte to arxeio /etc/sysconfig/network, kai bebaiw8eite pws periexei
  tis ejhs grammes :


   NETWORKING=yes
   FORWARD_IPV4=yes




  H prwth grammh leei sto Linux pws epi8ymoume h diktuwsh na
  energopoieitai katey8eian me thn ekkinhsh toy H/Y. H deuterh grammh
  leei sto Linux na energopoihsei thn prow8hsh ari8mwn IP (IP
  forwarding). Ayth apaiteitai gia th ru8mish toy maskarismatos
  (masquerading), poy 8a poume sthn enothta 4 toy HowTo.

  Shmeiwsh gia to RedHat : To RedHat 6.2 apaitei allages sto arxeio
  /etc/sysctl.conf, gia na yposthrijei swsta to IP forwarding kai to
  masquerading. Bebaiw8eite oti yparxoyn ki exoyn tis swstes times
  parametrwn oi akoloy8es grammes :


   net.ipv4.ip_forward = 1
   net.ipv4.ip_always_defrag = 1




  Oles oi ry8miseis diktuoy gia to RedHat kai tis paragwges dianomes toy
  RedHat periexontai se arxeia, sto directory /etc/sysconfig/network-
  scripts directory. Kante cd s' ayto to directory, kai ftiajte ena neo
  arxeio, to ifcfg-eth1. Mesa s' ayto gracte ta ejhs :


   DEVICE=eth1
   IPADDR=192.168.1.1
   ONBOOT=yes




  Aytos o kwdikas leei sta scripts diktuoy na ry8misoyn thn eth1 kata
  thn ekkinhsh, kai na ths dwsoyn mia sygkekrimenh dieu8ynsh IP.
  Energopoieiste tis nees ry8miseis sto diktyo sas me thn akoloy8h
  entolh : /etc/rc.d/init.d/network restart

  3.2.2.  O DHCP server

  Enas DHCP server apodidei aytomata diey8unseis IP stoys H/Y poy
  briskontai syndedemenoi sto spitiko sas diktyo. Einai polu xrhsimos,
  otan exoyme forhtous H/Y : Mporoume apla na syndesoyme toys forhtous
  H/Y sto diktyo, kai amesws na diktyw8oun swsta. An den 8elete DHCP
  server sto eswteriko sas diktyo, na proxwrhsete sthn epomenh enothta.

  Prwta prepei na bebaiw8eite oti o DHCP server einai egkatesthmenos.
  Kante mount to CD toy Linux sas, kai egkatasthste to paketo dhcp RPM.
  Twra, allajte to arxeio /etc/dhcpd.conf, kai pros8este ta ejhs (kai
  monon ayta) :


   subnet 192.168.1.0 netmask 255.255.255.0 {
   range 192.168.1.2 192.168.1.60;
   default-lease-time 86400;
   max-lease-time 86400;
   option routers 192.168.1.1;
   option ip-forwarding off;
   option broadcast-address 192.168.1.255;
   option subnet-mask 255.255.255.0;
   }




  An prokeitai na sthsete ton Linux H/Y sas san caching domain name
  server, dwste thn akoloy8h epilogh :


   option domain-name-servers 192.168.1.1;




  Ean gnwrizete thn ejwterikh DNS dieu8ynsh sas, kai den prokeitai na
  xrhsimopoihsete ton Linux H/Y gia DNS, dwste thn akoloy8h epilogh
  (opoy x.x.x.x kai y.y.y.y einai ari8moi IP twn DNS servers) :


   option domain-name-servers x.x.x.x, y.y.y.y;




  Ean prokeitai na balete thn koinh xrhsh arxeiwn me to protypo Samba
  ston Linux H/Y sas (gia xarh twn H/Y sas me Windows), pros8este tis
  akoloy8es grammes, wste o Linux H/Y na ginei o ej orismou WINS kai
  browsing server :


   option netbios-name-servers 192.168.1.1;
   option netbios-dd-server 192.168.1.1;
   option netbios-node-type 8;
   option netbios-scope "";




  Oi ry8miseis twn Samba kai WINS briskontai polu ejw apo ta oria toy
  parontos keimenoy. An xreiazeste kapoies ypodeijeis, jekinhste me to
  SMB HOWTO, kai synexiste apo ekei.

  Yparxoyn akomh liga bhmata. Twra, anoijte to arxeio
  /etc/rc.d/init.d/dhcpd, kai cajte na breite thn ejhs grammh :


   /sbin/route add -host 255.255.255.255 dev eth1




  Oi DHCP clients me Windows apaitoun ekpomph mias sygkekrimenhs
  dieu8ynshs stis apokriseis DHCP, kai h parapanw entolh anagkazei ton
  TCP/IP stack toy Linux na thn paragei. Ean den mporeite na breite ayth
  th grammh sto arxeio ayto, pros8este thn. An breite mia paromoia
  grammh, bebaiw8eite oti h syskeyh sthn opoia anaferetai, einai h eth1.

  To epomeno bhma einai n' allajoyme to arxeio /etc/rc.d/init.d/dhcpd,
  wste na dexetai san default th syskeyh eth1. Antikatasthste th grammh
  :


   daemon /usr/sbin/dhcpd




  me :


   daemon /usr/sbin/dhcpd eth1




  Twra eimaste etoimoi na jekinhsoyme to DHCP. Prwta jekiname ton DHCP
  server, me thn entolh : /etc/rc.d/init.d/dhcpd start.

  Telika, prepei na bebaiw8oume oti o DHCP server 8a jekinhsei kata thn
  epanekkinhsh. Merika paketa RPM toy DHCP server den periexoyn entoles,
  poy na sigoyreuoyn oti o server 8a jekinaei ka8e fora, ara prepei na
  bebaiw8oume emeis oti jekinaei, dinontas thn entolh : chkconfig dhcpd
  on.

  Ayth h entolh kanei to RedHat na pros8esei to script ekkinhshs toy
  dhcp sta diafora directories twn runlevels, katw apo to /etc/rc.d. O
  DHCP server jekinaei sta runlevels 3 kai 5 (multiuser konsola kai
  multiuser X). Sta runlevels 0, 1 kai 6 (shutdown, monoxrhsia kai
  reboot), o DHCP server stamataei.

  3.2.3.  Oi client H/Y

  An exete hdh ry8misei to DHCP, einai polu eukolo na ry8misete kai toys
  client H/Y sas : Apla energopoieiste th ru8mish toy DHCP. Gia H/Y me
  Windows, ayto shmainei n' anoijete ton Pinaka Ry8misewn ("Control
  Panel"), kai meta thn epilogh diktuwshs ("Networking"). Breite to
  prwtokollo "TCP/IP", kai balte Ru8mish ("Configure"). Kante tsekarisma
  sto koytaki, poy leei na ry8misoyme aytomata th dieu8ynsh TCP/IP
  ("Configure TCP/IP address automatically"), efarmoste tis allages sas,
  kai epanekkinhste.

  Prin epanekkinhsete, omws, ton server, mporeite na dwsete kai thn ejhs
  entolh : tail -f /var/log/messages. Ayth parakoloy8ei synexws ta logs
  sto Linux. An ola pane kala, me thn epanekkinhsh twn Windows H/Y sas
  8a deite na zhtane dieu8ynsh IP, kai o DHCP server n' antapokrinetai.
  (H entolh tail -f termatizetai, an pathsoyme Control-C.)

  An den exete ry8misei to DHCP, h ru8mish ejakoloy8ei na paramenei
  eukolh. 3ananoijte th Diktuwsh ("Networking") toy Pinaka Ry8misewn
  ("Control Panel"), kai epilejte th ru8mish toy prwtokolloy TCP/IP.
  Mporeite na dwsete stoys client H/Y sas opoiadhpote dieu8ynsh toy
  diktuoy 192.168.1.0 , ektos ths 192.168.1.0 (dhl. ths dieu8ynshs toy
  idioy toy diktuoy), ths 192.168.1.255 (dhl. ths dieu8ynshs broadcast),
  h ths 192.168.1.1 (ths dieu8ynshs toy Linux server H/Y). Pote mh
  dwsete thn idia dieu8ynsh IP se duo H/Y. Kante th dieu8ynsh "Gateway"
  192.168.1.1, wste h kykloforia pros to ejw diktyo na pernaei apo ton
  gateway H/Y.

  To IP Masquerading HOWTO exei leptomereis plhrofories gia tis
  ry8miseis twn clients, sto kefalaio twn ry8misewn.

  Genika, gia na ry8misoyme enan client H/Y, eite energopoioume th
  ru8mish DHCP, eite ths dinoyme me to xeri mia dieu8ynsh sthn perioxh
  192.168.1.x, me gateway 192.168.1.1 . O DNS server prepei na einai
  eite o 192.168.1.1, an trexete enan caching DNS server (des parakatw),
  h na katey8unei to DNS stis diey8unseis poy sas edwse o Internet
  Provider sas.

  3.2.4.  O DNS server

  Ry8mizontas ton Linux H/Y sas san caching DNS server, 8a kalytereusei
  (elafra) thn taxuthta serfarismatos, epeidh oi syxnhs xrhshs
  diey8unseis DNS 8a kasaristoun mesa sto diktyo sas, kai den 8a tis
  pairnete ka8e fora ap' ejw.

  Ean endiafereste na ylopoihsete ena plhres DNS, yparxoyn polla sun8eta
  pragmata poy prepei na ma8ete. Yparxei ena DNS HOWTO dia8esimo, kai to
  biblio DNS and BIND apotelei mia kalh (kai polu katanohth) grapth phgh
  anaforas.

  Gia na ekmetalleytoun ton caching server oi client H/Y sas, prepei na
  ry8mistoun, wste na xrhsimopoihsoyn th Linux gateway ws ton prwteuonta
  DNS server toys. Ena tropos gia na ginei ayto, einai oi katey8ynthries
  entoles gia to DHCP, poy didontai sthn enothta 3.2.2 . An ry8mizete me
  to xeri toys client H/Y sas, mporeite n' allajete tis ry8miseis toy
  DNS me ton idio tropo poy xrhsimopoihsate gia na gracete th dieu8ynsh
  IP.

  Gia na egkatasthsete ton DNS server, prwta egkatasthste to paketo bind
  RPM, kai meta to caching-nameserver RPM. S' ayto to shmeio, exoyme
  sxedon teleiwsei.

  O caching server 8a doylecei mia xara me ton tropo poy ton
  egkatasthsame. Wstoso, an gnwrizete tis diey8unseis IP twn DNS servers
  toy Internet Provider sas (sto ejhs "ISP" - s.t.m.), mporeite n'
  ayjhsete akomh ligo thn apodosh, allazontas to arxeio /etc/named.conf,
  kai pros8etontas thn ejhs grammh meta th grammh directory (opoy
  x.x.x.x kai y.y.y.y einai antistoixa o prwteuwn kai o deytereuwn DNS
  servers) :


   forwarders { x.x.x.x; y.y.y.y; };




  Ayth h allagh kanei ton DNS server prwta na rwtaei toys DNS servers
  toy ISP, prin diasxisei to Internet caxnontas gia mia sygkekrimenh
  dieu8ynsh.  Oi servers toy ISP synh8ws exoyne para polles diey8unseis
  kasarismenes, kai epomenws mporoun na dwsoyn taxuterh apanthsh ap'
  o,ti 8a mporouse o dikos sas server.

  O daemon named eixe kapoia problhmata asfaleias to prohgoumeno 12mhno,
  ara einai polu shmantiko to na exete thn pleon prosfath ekdosh, kai na
  kanete kapoies allages stis ej orismou ry8miseis, wste n' ayjhsete thn
  asfaleia toy systhmatos.


  1. Elegjte thn ekdosh toy bind sas, kai bebaiw8eite oti einai
     toylaxiston h 8.2.2. Phgainete sto site Ananewseis toy RedHat, h
     sto Ananewseis toy Mandrake, wste na cajete gia thn pio prosfath
     ekdosh.

  2. Perioriste thn prosbash ston name server sas, wste na thn exei mono
     to topiko diktyo. Pros8este th grammh allow-query { 192.168.1/24;
     127.0.0.1/32; }; sto arxeio /etc/named.conf, meta th grammh
     forwarders.
  3. Apofugete na trexete ton name server sas ws root. Ean o server
     trexei ws root, ena xakema toy server 8a dwsei ston xaker ta
     pronomia toy root. An trexete ton server ws xrhsths xwris polla
     dikaiwmata, px san nobody, 8a xamhlwsete to epipedo kindunoy
     xakematos toy name server. Gia na trejete ton name server ws
     nobody, dior8wste to arxeio /etc/rc.d/init.d/named, kai allajte th
     grammh daemon named se daemon named -u nobody -g nobody.

  Bebaiw8eite oti o DNS server sas 8a energopoih8ei me to bootarisma :
  chkconfig named on. Pali, ayto sigoyreuei oti o server 8a jekinhsei
  sta synh8ismena runlevels (3 kai 5) kata to bootarisma.

  Entajei, twra mporeite na jekinhsete ton DNS server sas :
  /etc/rc.d/init.d/named start

  3.2.5.  Testarontas to eswteriko diktyo

  To DNS den 8a doylecei mexri na ry8misoyme to ejwteriko diktyo, (mia
  poy prepei na epikoinwnhsei me alloys DNS servers epanw sto Internet),
  alla me to programma ping mporoume na testaroyme thn basikh eswterikh
  sundesh.

  Anoijte ena para8yro termatikou (MS-DOS) s' enan apo toys client H/Y
  sas, kai dwste : ping 192.168.1.1. Ayth h entolh 8a stelnei se taktika
  xronika diasthmata paketa pros ton Linux H/Y sas, ki aytos 8a ta
  janastelnei pisw. An ola doyleuoyn swsta, 8a blepete ena sunolo xronwn
  epistrofhs twn paketwn.

  3.3.  Ry8mizontas to ejwteriko diktyo

  Twra eimaste etoimoi na ry8misoyme to ejwteriko diktyo. Merikes fores
  ayto 8a einai duskolo, analoga me to poso kala yposthrizei to Linux o
  ISP sas. An exete dyskolies, yparxei to ADSL mini-HOWTO, poy kaluptei
  ta 8emata ths sundeshs ADSL arketa leptomereiaka. Ean brw kai kanena
  Cable Modem HOWTO, 8a balw link kai gi' ayto.

  To kurio problhma me tis perissoteres ejwterikes syndeseis einai to na
  pareis mia dieu8ynsh IP. Merikoi ISPs dinoyn statikes diey8unseis IP
  se syndromhtes me sundesh cable (kalwdiako) modem h ADSL, kai s' ayth
  thn periptwsh h ru8mish einai eukolh. Wstoso, oi perissoteroi ISPs
  exoyne pleon prosanatolistei se dynamikh sundesh mesw (swsta
  mantecate!) DHCP.  Ayto shmainei oti o Linux H/Y sas 8a einai DHCP
  server sthn karta diktuoy eth1 interface, kai DHCP client sthn karta
  diktuoy eth0.

  Epipleon, polloi ISPs parexoyn tis yphresies toys me ejeidikeymeno
  tropo, poy proupo8etei oti oi pelates toys xrhsimopoioun Windows.
  Merikes ap' aytes tis periptwseis 8a syzhth8oun sto telos ths enothtas
  3.3.2. .

  3.3.1.  Me statikh dieu8ynsh IP

  Ean o ISP sas sas edwse statikh dieu8ynsh IP, exete jenoiasei. Ftiajte
  ena neo arxeio ry8misewn ths sundeshs, to /etc/sysconfig/network-
  scripts/ifcfg-eth0, kai balte ta ejhs mesa toy :


   DEVICE=eth0
   IPADDR=x.x.x.x
   NETMASK=y.y.y.y
   ONBOOT=yes





  Apla antikatasthste ta x.x.x.x kai y.y.y.y me tis times poy sas edwse
  o ISP. Twra, dior8wste to arxeio /etc/resolv.conf, kai gracte tis
  akoloy8es grammes :


   search provider_domain_here
   nameserver n.n.n.n
   nameserver m.m.m.m




  To provider_domain prepei kanonika na sas to dwsei o ISP sas. Epishs,
  balte toys prwteuonta kai deytereuonta DNS servers stis grammes
  n.n.n.n kai m.m.m.m . An exete ry8misei ton Linux H/Y san DNS server,
  pros8este mia grammh prin tis grammes gia toys alloys nameservers :
  nameserver 127.0.0.1. Ayth 8a kanei ton Linux server na xrhsimopoihsei
  ton caching server, prin zhthsei apo toys ejwterikous servers
  plhrofories gia DNS.

  3.3.2.  Me to DHCP

  An o ISP sas exei ry8mistei ws DHCP, prepei na ftiajete ena neo arxeio
  ry8misewn ths sundeshs, to /etc/sysconfig/network-scripts/ifcfg-eth0,
  kai pros8este toy ta ejhs :


   DEVICE=eth0
   BOOTPROTO=dhcp
   ONBOOT=yes




  Twra, bebaiw8eite oti o dhcpcd client daemon einai egkatesthmenos sto
  susthma sas. Phgainete sta Linux CD sas, ki egkatasthste to paketo
  dhcpcd RPM.

  Eftase loipon h stigmh na dokimasoyme tis ry8miseis toy neoy mas
  diktuoy. Apla dinoyme thn entolh /etc/rc.d/init.d/network restart.
  Meta, me ping kanoyme dokimh ths ejwterikhs sundeshs. Kanoyme ping s'
  enan H/Y sto Internet, san ton www.yahoo.com, kai perimenoyme mhpws
  epistrecei kapoio paketo.

  3.3.3.  Parajenies kai anwmalies

  H katastash me to diktyo sas mporei na einai diaforetikh apo ta apla
  paradeigmata poy perigrafontai parapanw. Idou merikes suntomes
  parathrhseis epanw stis diafores dyskolies, kai links kai diey8unseis
  pros perissotero egkyres phges. Eyxaristw ton John Mellor, poy moy
  edwse ta links kai thn w8hsh na pros8esw aythn thn enothta.

  3.3.3.1.  PPP epanw se Ethernet (PPPoE)

  Merikoi ADSL providers (px h Bell Atlantic) epimenoyn teleytaia na
  syndeontai oi neoi toys pelates mesw toy prwtokolloy "PPP over
  Ethernet" (PPPoE). Gia ton skopo ayto, dinoyne stoys neoys syndromhtes
  ena client programma gia Windows : kati oxi idiaitera xrhsimo se
  xrhstes Linux.  Eytyxws, omws, to PPPoE einai ena aplo prwtokollo, kai
  ginontai hdh polles prospa8eies na yposthrix8ei kai apo to Linux.


    O anagnwsths Kerr First synista en8erma to Roaring Penguin PPPoE
     Client.


    Yparxei kai to PPPoE on Linux for Bell Sympatico,

    kai ta General Info kai Linux Info.

  3.3.3.2.  Xaza kolpa me to DHCP

  Ena apo ta agaphmena kolpa twn ISPs einai to na se syndeoyn m' ena kai
  monadiko host name, h akomh kai me mia kai monadikh karta prosbashs
  sto diktyo. Ayto ypo8etika ginetai gia na s' empodisei na bazeis
  pollous H/Y sto diktyo soy, me th xrhsh hub. (Fysika, me xrhsh Linux
  kai masquerading exoyme to idio apotelesma me kaluterh asfaleia, kai o
  ISP den dia8etei tropo na gnwrizei an egine ayto!!)

  Ean o ISP sas edwse ena host name, kai epemeine na dwsete ston Windows
  H/Y sas ayto to onoma, wste na sas afhsei na xrhsimopoihsete th
  sundesh, tote prepei na sigoyreyteite oti o Linux H/Y sas stelnei
  prwta ayto to host name, otan zhtaei mia dieu8ynsh apo ton DHCP
  server.

  Otan bazete dhcp sto BOOTPROTO, sto arxeio ry8misewn ths sundeshs,
  kaleitai men o RedHat DHCP client, alla xwris n' anaferetai se kapoio
  host name. Gia na kaleite to programma me host name sto RedHat 6.1,
  dior8wste to arxeio /etc/sysconfig/network, kai allajte th grammh :

  HOSTNAME=

  wste na grafei :

  HOSTNAME=your_isp_assigned_name

  Ayto mporei na mh doylecei se merikes parallages toy RedHat. An den
  doylecei, elegjte to /sbin/ifup script kai koitajte an oi klhseis twn
  dhcpcd kai pump perilambanoyn mia parametro -h $HOSTNAME. An oxi,
  pros8este thn, wste oi klhseis na ginoyn kapws etsi : /sbin/dhcpcd -i
  $DEVICE -h $HOSTNAME kai /sbin/pump -i $DEVICE -h $HOSTNAME.

  3.3.3.3.  H etairia Road Runner

  H etairia kalwdiakwn syndesewn Road Runner exei mia eidikh diadikasia
  login, poy prepei na trejei prin xrhsimopoih8ei o server. Eytyxws,
  yparxei ena leptomeres Linux Road Runner HOWTO.

  3.3.4.  Koitazontas tis ry8miseis toy diktuoy

  Twra, mporeite na 8aymasete to ergo sas. Dwste ifconfig, gia na deite
  oles tis ry8mismenes syskeyes sas. Ston diko moy gateway H/Y, pairnw
  ta ejhs :



















   eth0  Link encap:Ethernet  HWaddr 00:60:67:4A:02:0A
         inet addr:24.65.182.43  Bcast:24.65.182.255  Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500 Metric:1
         RX packets:487167 errors:0 dropped:0 overruns:0 frame:0
         TX packets:467064 errors:0 dropped:0 overruns:0 carrier:0
         collisions:89 txqueuelen:100
         Interrupt:10 Base address:0xe400
   eth1  Link encap:Ethernet  HWaddr 00:80:C8:D3:30:2C
         inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500 Metric:1
         RX packets:284112 errors:0 dropped:0 overruns:0 frame:1
         TX packets:311533 errors:0 dropped:0 overruns:0 carrier:0
         collisions:37938 txqueuelen:100
         Interrupt:5 Base address:0xe800
   lo    Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         UP LOOPBACK RUNNING  MTU:3924  Metric:1
         RX packets:12598 errors:0 dropped:0 overruns:0 frame:0
         TX packets:12598 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0




  Shmeiwste oti h karta eth0 exei mia entypwsiakh ejwterikh dieu8ynsh
  IP, kai h karta eth1 mia idiwtikh eswterikh dieu8ynsh.

  Mporeite na deite ta routes toy diktuoy, dinontas thn entolh route.
  Ston gateway H/Y moy, pairnw ena mhnyma san ayto :


    Kernel IP routing table
    Destination     Gateway      Genmask         Flags Metric Ref Use Iface
    255.255.255.255 *            255.255.255.255 UH    0      0     0 eth1
    192.168.1.0     *            255.255.255.0   U     0      0     0 eth1
    24.65.182.0     *            255.255.255.0   U     0      0     0 eth0
    127.0.0.0       *            255.0.0.0       U     0      0     0 lo
    default         24.65.182.1  0.0.0.0         UG    0      0     0 eth0




  Edw mporoume na doume oti to ejwteriko diktyo einai ry8mismeno, to
  eswteriko diktyo einai ry8mismeno, h topikh syskeyh epishs, h eidikh
  dieu8ynsh broadcast 255.255.255.255 epishs, kai to default route einai
  ry8mismeno na deixnei thn gateway toy ISP. Teleio!

  Twra exoyme kai ta ejw, kai ta mesa. Apomenei n' anoijoyme thn porta
  metaju toys. Wstoso, prwta prepei na bebaiw8oume oti den mporoun na
  mpoyn mesa tipote terata ap' ejw.

  3.4.  Asfaleia

  Ena apo ta meionekthmata ths monimhs sundeshs sto Internet mesw ADSL h
  kalwdiakou modem, einai pws o H/Y mas einai ekte8eimenos se pi8anes
  apeiles ths asfaleias toy 24 wres th mera, 7 meres thn ebdomada.  H
  xrhsh toy Linux ws gateway periorizei to risko, epeidh krubei oloys
  toys ypoloipoys H/Y sto diktyo sas : Oson afora to ypoloipo Internet,
  syndedemenos einai monon o Linux H/Y sas. Ayto shmainei oti to diktyo
  sas mporei na einai toso sigoyro, oso o Linux H/Y sas, epomenws s'
  ayto to shmeio 8a sas dwsw merikes basikes symboyles, gia na ton
  kanete asfalestero.

  Prwta, prepei na kleisete ejw oloys toys kakous. Gia na ginei ayto,
  dior8wste to arxeio /etc/hosts.deny, kai bebaiw8eite oti egine akribws
  opws parakatw :
   #
   # hosts.deny  Ayto to arxeio perigrafei ta onomata twn host H/Y, poy
   #             *den* epitrepetai na xrhsimopoioun tis topikes yphresies
   #             INET, opws ka8orizetai apo ton "/usr/sbin/tcpd" server.
   #
   #             H grammh gia ton portmap einai peritth, alla afhnetai gia
   #             na sas 8ymizei oti o neos asfalhs portmap xrhsimopoiei to
   #             hosts.deny kai to hosts.allow . Eidikotera, 8a eprepe na
   #             gnwrizete oti to NFS xrhsimopoiei ton portmap!
   ALL: ALL




  Ta parapanw lene stoys "TCP wrappers" (oi opoioi elegxoyn to 95% twn
  eiserxomenwn syndesewn) na arnh8oun ka8e sundesh apo ka8e host H/Y.
  Ayth einai arketa kalh apagoreysh! Alla epishs 8a sas empodisei kai na
  synde8eite me ton Linux H/Y sas apo to eswteriko spitiko sas diktyo,
  pragma enoxlhtiko. Epomenws, 8a kanoyme mia ejairesh. Dior8wnoyme to
  arxeio /etc/hosts.allow, kai to kanoyme akribws etsi :


   #
   # hosts.allow  Ayto to arxeio perigrafei ta onomata twn host H/Y, poy
   #              toys epitrepetai na xrhsimopoioun tis topikes yphresies
   #              INET, opws ka8orizetai apo ton "/usr/sbin/tcpd" server.
   #
   ALL: 127.0.0.1
   ALL: 192.168.1.




  Ta parapanw lene stoys "TCP wrappers" oti mporoun na epitrecoyn
  syndeseis pros oles tis yphresies ths topikhs syskeyhs (local device,
  127.0.0.1), kai pros to spitiko diktyo (192.168.1.) .

  Twra exete kleidwsei ta terata ejw, me isxyro loyketo. An 8elete na
  balete mpares kai synagermous, prepei na exete polu perissoteres
  gnwseis.  To Security HOWTO einai ena kalo meros gia n' arxisete to
  diabasma, an 8elete na ma8ete perissotera gia to pws n' asfalizete ton
  Linux H/Y sas.

  4.  Ry8miseis maskarismatos (masquerading)

  Ola kala! Ta prokatarktika teleiwsane, ki edw akribws arxizei h
  mageia.  To maskarisma IP einai mia apo tis pragmatika magikes
  eykolies toy Linux.  Yparxoyn emporika proionta gia ta Windows, poy
  kanoyne to idio pragma, alla oxi toso apotelesmatika. Enas arxaios 386
  mporei mia xara na kanei maskarisma IP gia ena oloklhro grafeio
  mesaioy mege8oys, alla den mporei kan na trejei Windows 95 - as
  afhsoyme kata meros to programma maskarismatos gia Windows. (San
  ysterografo, diabasa se prosfates eidhseis oti ta Windows 2000 8a
  yposthrizoyn "koinh xrhsh syndesewn" xwris epipros8eto software.
  Fainetai oti oi etairies poy poylousan programmata koinhs xrhshs
  syndesewn, "agkaliasthkan apo kai platynan me th boh8eia ths"
  MicroSoft. Wstoso, den 8a synistousa na dokimasete Windows 2000 epanw
  se 386.)

  To Linux dia8etei mia tromera eyelikth ikanothta firewalling, thn
  opoia kai 8a xrhsimopoihsoyme edw me ton pleon aplo kai xondroeidh
  tropo. An epi8ymeite na kanete firewalling san eidikos sto 8ema,
  prepei na diabasete to Firewalling HOWTO gia katanohsh ths 8ewrias,
  kai to IPChains HOWTO gia odhgies epanw sto neo ergaleio firewalling,
  to ipchains, poy paei mazi me ton pyrhna 2.2.x toy Linux (kai, kat'
  epektash, toy RedHat 6.x). Epishs, einai dia8esimo shmera kai to polu
  kalo IP Masquerading HOWTO, poy kaluptei me perissoteres leptomereies
  ta kolpa toy maskarismatos.

  Einai para polu eukolo to na ry8misoyme ena aplo maskarisma, apo th
  stigmh poy 8a doyleuoyn kai to eswteriko kai to ejwteriko diktyo.
  Dior8wnoyme to arxeio /etc/rc.d/rc.local, kai pros8etoyme tis ejhs
  grammes sto telos toy :


   # 1) Adeiazoyme toys pinakes kanonwn.
   /sbin/ipchains -F input
   /sbin/ipchains -F forward
   /sbin/ipchains -F output
   # 2) Orizoyme toys xronismous MASQ kai epitrepoyme na mpoyn paketa gia
   # ru8mish toy DHCP.
   /sbin/ipchains -M -S 7200 10 60
   /sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 68 -d 0/0 67 -p udp
   # 3) Arnoumaste thn prow8hsh olwn twn paketwn, ektos oswn einai toy
   # topikou diktuoy. Ayta ta maskaroyme.
   /sbin/ipchains -P forward DENY
   /sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
   # 4) Fortwnoyme modules prow8hshs gia eidikous skopous.
   /sbin/modprobe ip_masq_ftp
   /sbin/modprobe ip_masq_raudio




  Oi teleytaies duo grammes eisagoyn modules toy pyrhna, poy epitrepoyn
  na doyleuoyn to FTP kai to RealAudio stoys H/Y toy eswterikou diktuoy.
  Yparxoyn ki alla modules gia eidikes yphresies, poy mporeite na ta
  skalisete, an ta xreiasteite pote :


    CUSeeMe (/sbin/modprobe ip_masq_cuseeme)

    Internet Relay Chat (/sbin/modprobe ip_masq_irc)

    Quake (/sbin/modprobe ip_masq_quake)

    VDOLive (/sbin/modprobe ip_masq_vdolive)

  Twra eisaste etoimoi na dokimasete to maskarisma! Trejte to rc.local
  script me thn entolh /etc/rc.d/rc.local, kai fugate! Ka8iste se
  kapoion allon H/Y sas, kai dokimaste ligo serfarisma sto Internet. Me
  ligh tuxh, ola twra einai kyrile!

  5.  Problhmata

  Yparxoyn ena swro pragmata poy mporei na mhn pane kala me thn efarmogh
  twn odhgiwn enos aplou keimenoy san ayto edw, epeidh yparxoyn polles
  eidikes periptwseis. H pleiochfia twn pi8anwn problhmatwn estiazetai
  sth ru8mish toy eswterikou kai toy ejwterikou diktuoy. 8a prospa8hsw
  n' apantw se anagnwstes me problhmata, na katanow to ti den phge kala,
  kai na pros8etw links edw sto telos, wste osoi exoyne eidikhs morfhs
  problhmata, na mporoun na broyn boh8eia. Epikoinwnhste eleu8era mazi
  moy sto pramsey@refractions.net.

  5.1.  To ICQ den doyleuei

  Merika kommatia toy ICQ doyleuoyn mia xara me to maskarisma. Kapoia
  alla den doyleuoyn ka8oloy kala. Wstoso, yparxei ena beta quality ICQ
  module ypo anaptyjh, poy asxoleitai me merikes (alla oxi oles) apo tis
  elleiceis ths leitoyrgias toy ICQ mazi me maskarisma. To arxeio README
  mesa ston kwdika source, perigrafei pws na kanete compile to module.
  Afou to kanete compile kai to egkatasthsete, kaleste to :
  /sbin/modprobe ip_masq_icq.

  5.2.  Exw Caldera 2.x, oxi RedHat 6.x

  Loipon, prwta ta sygxarhthria moy poy th spate sth moda! Deuteron, o
  Nelson Gibbs (ngibbs@pacbell.net) stelnei kala nea, epeidh oi
  perissoteres apo tis odhgies efarmozontai kai sto diko sas Linux.
  Wstoso, yparxoyn merikes shmantikes allages poy prepei na kanete :


  1. Mia dhlwsh GATEWAY=xxx.xxx.xxx.xxx sto arxeio
     /etc/sysconfig/network-scripts/ifcfg-eth0 & eth1 gia th sundesh (h
     topikh sundesh xrhsimopoiei th dieu8ynsh IP ths makrinhs sundeshs,
     kai h makrinh sundesh xrhsimopoiei to IP ths gateway toy ISP).

  2. Bebaiw8eite oti to /etc/sysconfig/daemons/dhcpd script deixnei to
     ROUTE_DEVICE ws eth1, oxi eth0.

  3. To /etc/dhcpd.conf apaitei mia dhlwsh ypodiktuoy (subnet) kai gia
     tis duo kartes. Den jerw akribws to giati, ka8ws ekana th deuterh
     dhlwsh : subnet 216.102.154.201 netmask 255.255.255.255 { } xwris
     alles parametroys, kai o DHCP server akouei kai stelnei stis eth0
     kai eth1, ka8ws kai sthn epistrofh (fallback).  O DHCP server
     bgazei mhnyma sfalmatos, ean orisoyme mono to ena ypodiktyo.

  4. Mhn pros8esete host route 255.255.255.255, to
     /etc/rc.d/init.d/dhcpd script poy xrhsimopoiei h Caldera dior8wnei
     to problhma apo mono toy. Bebaiw8eite pws allajate oles tis
     anafores sto eth0 toy script se eth1.

  5.3.  8elw enas apo toys eswterikous H/Y moy na ginei o Web server moy

  Paneukolo! Wstoso, prepei na exete statikh dieu8ynsh IP, gia na exoyn
  apotelesma aytes oi aples odhgies. Ean exete dynamikh dieu8ynsh IP, 8a
  xreiasteite akomh kamposh doyleia sta scripts, gia na sigoyrecete to
  oti h IP dieu8ynsh sas ananewnetai me tis entoles prow8hshs paketwn,
  otan h dieu8ynsh allazei.

  Na 8ymaste oti h prow8hsh mias ejwterikhs 8uras pros enan eswteriko
  H/Y metatrepei ton "eswteriko" H/Y se ligotero "eswteriko" ap' o,ti
  prin, alla mporei na ginei diafanws kai me elaxisth ptwsh ths
  apodoshs. Ena apo ta pleonekthmata toy kwdika maskarismatos mesa ston
  pyrhna toy Linux, einai h ikanothta na kanoyme merika entypwsiaka
  pragmata me ta paketa poy ftanoyne sto epipedo toy diktuoy, kai h
  utility ipmasqadm grafthke gia na ekmetalleytei akribws ayta.

  Gia kapoio logo, h ipmasqadm den symperilambanetai se oles tis
  parallages toy RedHat kai toy Mandrake, ara mallon prepei na thn
  paroyme apo to web site toy programmatisth ths - yparxei ena paketo
  RPM dia8esimo ekei, ka8ws kai o source kwdikas.

  Afou parete to RPM, egkatasthste to, kai meta pros8este tis ejhs
  grammes sto /etc/rc.d/rc.local arxeio sas :


   /usr/sbin/ipmasqadm portfw -f
   /usr/sbin/ipmasqadm portfw -a -P tcp -L x.x.x.x 80 -R 192.168.1.x 80




  H prwth entolh adeiazei toys kanones prow8hshs 8uras (port forwarding
  rules), kai h deuterh pros8etei mia prow8hsh apo th 8ura 80 ths
  ejwterikhs sundeshs pros th 8ura 80 toy eswterikou H/Y. Shmeiwste oti
  h ejwterikh statikh dieu8ynsh IP paei sth 8esh toy x.x.x.x , kai h
  dieu8ynsh IP toy eswterikou H/Y paei sth 8esh toy 192.168.1.x .
  Twra, oi ejwterikes aithseis gia th 8ura 80 8a staloun diafanws sth
  8ura 80 toy eswterikou mhxanhmatos. Shmeiwste oti den mporeite na to
  testarete ayto me telnet, h me sundesh sth 8ura 80 ths gateway sas apo
  enan apo toys eswterikous H/Y sas : O prow8hths 8uras apokrinetai mono
  se eiserxomenes aithseis pros thn ejwterikh sundesh.





























































