
                     Linux IP Masquerade mini HOWTO 
                                       
: Ambrose Au, [1]ambrose@writeme.com;
David Ranch, [2]dranch@trinnet.net
: [3]־ΰ [4]cwhuang@linux.org.tw

   v1.50, 7 February 1999 : 17 March 1999
     _________________________________________________________________
   
   ļһ̨ Linux  IP Masquerade ܣûע
   · IP λַߵԾ Linux ·
     _________________________________________________________________
   
1. 

     * 1.1 
     * 1.2 ǰԣ & οѶ
     * 1.3 Ȩ & 
       
2. ֪ʶ

     * 2.1 ʲ IP Masquerade?
     * 2.2 ֿ
     * 2.3 ˭Դ IP Masquerade л?
     * 2.4 ˭Ҫ IP Masquerade?
     * 2.5 IP Masquerade ?
     * 2.6  Linux 2.2.x ʹ IP Masquerade 
     * 2.7  Linux 2.0.x ʹ IP Masquerade 
       
3. IP Masquerade 趨

     * 3.1 ļ IP Masquerade ֧Ԯ
     * 3.2 ָ˽· IP λַ
     * 3.3 
     * 3.4  IP ת(Forwarding)ķʽ
     * 3.5  IP Masquerade
       
4.  IP Masquerade ⼰֧Ԯ

     * 4.1 IP Masquerade 
     * 4.2 ϵͳķ(incoming services)
     * 4.3 ֧ԮĿͻԼ趨ע
     * 4.4 IP ǽ (ipfwadm) 
     * 4.5 IP ǽ (ipchains)
     * 4.6 IP Masquerade Լʽ(Demand-Dial-Up)
     * 4.7 IPautofw תͳʽ
     * 4.8 CU-SeeMe  Linux IP-Masquerade ļ˵
     * 4.9 Other Related Tools
       
5. 

     * 5.1 
     * 5.2 л
     * 5.3 ο
     _________________________________________________________________
   
1. 

1.1 

   ļһ̨ Linux  IP Masquerade ܣûע
   · IP λַߵԾ Linux ·Ļ
   ̫· Linux, Ҳ࣬ǲӵĵԵ(ppp) 
   ļǿ̫·ߵΪӦİ
   
     ļĿǸ 2.2.x  2.0.x ȶĵʹ߲οɰĺ
     1.2.x ڡ
     
1.2 ǰԣ & οѶ

   ҷڽµĺϣ 2.x ģ趨 IP Masguerade ʱǳ
   Ȼзݳʴ(FAQ) ʵб(mailing list)Ȼûһⷽ
   רļʵбЩһ˵ļ(HOWTO) 
   ԣҾ׫дΪһ㣬ϣשΪЩ
   ˽ʹ߽ļĻΪĲãҪң
   ܰøã
   
   ļܶԭ Ken Eves ĳʴԼ IP Masquerade ʵб
   аѶϢΪرл Mr. Matthew Driver ʵбеѶ
   Ϣ IP Masquerade Լ׫дļ
   
   ҵκѶ©κѶκλĵ
   [5]ambrose@writeme.com  [6]dranch@trinnet.net ޼ۻӰ
   ˵ļδ!
   
   ˵ļΪ IP Masquerade ʱĿָ
   ΪҲһλרңֱܻᷢļѶһ㼰
   ͹ۣ µϢԼѶά [7]IP Masquerade Resource 
   ҳҵ κι IP Masquerade ļ⣬ IP
   Masquerade ʵбĵʼңΪҵʱޣ IP
   Masquerade ķչǸش⣮
   
   ļµİ汾 [8]IP Masquerade Resource ҵҲ
   HTML Լ postscript İ汾:
     * [9]http://ipmasq.cjb.net/
     * [10]http://ipmasq2.cjb.net/
     * ο [11]IP Masquerade Resource ӳվ̨б ҵӳվ̨
       
       
1.3 Ȩ & 

   ļȨ Ambrose Au 1999, ѵļ GNU ͨ
   Ȩʽɢ
   
   ļеѶݶѾŬΣIP
   Masquerade ʵԵģҲܻ᷸ЩӦԼǲ
   ҪļеѶ
   
   û˻ΪʹļеѶɵĵ𻵻ʧҲ˵
   
   
     ߼ά߲ļݶɵ𺦸
     
   ԭ
   
   This document is copyright(c) 1996 Ambrose Au, and it's a free
   document. You can redistribute it under the terms of the GNU General
   Public License.
   
   The information and other contents in this document are to the best of
   my knowledge. However, ip_masq is experimental, and there is chance
   that I make mistakes as well; so you should determine if you want to
   follow the information in this document.
   
   Nobody is responsible for any damage on your computers and any other
   losses by using the information on this document. i.e.
   
     THE AUTHOR AND MAINTAINERS ARE NOT RESPONSIBLE FOR ANY DAMAGES
     INCURRED DUE TO ACTIONS TAKEN BASED ON THE INFORMATION IN THIS
     DOCUMENT.
     
2. ֪ʶ

2.1 ʲ IP Masquerade?

   IP Masquerade  Linux һ·ܣһ̨ Linux ʹ IP
   Masquerade ߵ·ϣĵԣͬһ
   ·ϻݻߣҲԽӴ·ʹûлʽָ
   IP λַ
   
   ʹһЩԿբ(gateway) ϵͳȡ·֣
   ֻϵͳʹ·ͻ趨õαװ(masquerade)ϵ
   ͳ֮ȫӦûͻõķʽǽ(packet filter firewall)
   øѣ֮жûд󣩣
   
2.2 ֿ

   IP Masquerade Ѿչ춳죬ʽ Linux 2.2.x ĺ
   С  1.3.x ĺĿʼѾڽ֧Ԯ˾ʹ
   Ľ
   
   ҳԼԶǩ(telnet)Ѿлرʾ IP Masquerade 
   (FTP)·̸(IRC) Լ Real Audio ڿĳЩģ
   ϣ·Ѷ (streaming audio)  True Speech Լ
   Internet Wave ҲһЩʵбеʹⷰԹѶ
   壮 Ping ½ȡõ·ѶϢЭ(ICMP)޲Ҳ
   
   
   ֧Ԯбο 4.3 ڣ
   
   IP Masquerade ֲͬҵϵͳƽ̨ 'ͻ˻' á 
   İʹ Unix, Windows95, Windows NT, Windows for Workgroup
   (with TCP/IP package), OS/2, Macintosh System's OS with Mac TCP, Mac
   Open Transport, DOS with NCSA Telnet package, VAX, Alpha with Linux, 
    Amiga with AmiTCP  AS225-stack ϵͳ бڲӵС
   ǣֻҪϵͳʹ TCP/IP ЭӦܺ IP Masquerade һ
   
   
2.3 ˭Դ IP Masquerade л?

     * ̨· Linux 
     * һЩִ TCP/IP ӵ Linux ĵ·ϣԼ/
       
     *  Linux һϵݻΪ PPP  SLIP ŷ
       ԣ
     * Щûʽָ IP λַЩ￪ʼͳΪ
       
     * ҵȻϣЩػķþ·
       :)
       
2.4 ˭Ҫ IP Masquerade?

     * Ļǵһ̨(stand-alone) · Linux 
       ִ IP Masquerade ûʲ壬
     * ӵʽָ IP λַͲҪ IP
       Masquerade
     * ҵȻ㲻ϲʹ(free ride) Ļ
       
2.5 IP Masquerade ?

    Ken eves  IP Masquerade FAQ:
  Ǵ󲿷ּ򵥵趨ͼ:

     SLIP/PPP         +------------+                         +-------------+
     to provider      |  Linux     |       SLIP/PPP          | Anybox      |
    <---------- modem1|            |modem2 ----------- modem |             |
      111.222.333.444 |            |           192.168.1.100 |             |
                      +------------+                         +-------------+

          Ĳͼһ̨װִ ip_masquerading   Linux
      ʹ modem1  SLIP/or/PPP  ·һ
      ָ IP λַ 111.222.333.444趨 modem2 
      ǩ벢ʼ SLIP/or/PPP  ᣮ

          ڶϵͳִ Linux  ϵͳӽ Linux
      ʼ SLIP/or/PPP  ᣮ·ϲûָ
      IP  λַʹ 192.168.1.100

           ip_masquerade  ʵ(routing configured)
      Anybox  ̨Ը·ͬ
      ⣩

  ¼ Pauline Middelink:
      ᵽ ANYBOX Ӧð Linux  բ
      Ԥ·ֻǸ·ûϵ ANYBOX ܹ
      裬 Linux  ӦΪҪ͵λַλַ
      Э(proxy arp) 񣬵λַ趨ļ
      ġΧ

  ¼ comp.os.linux.networking һƪ沢Լӱ༭
  ô:

  Ҹ ANYBOX ̨ slip  linux  բ
  һ ANYBOX  linux  ʱָµԴ
    (source port number)Լ ip λַıͷ
    ԭģȻ SLIP/or/PPP  ޸Ĺķ
    ·
  һ· linux  ʱָ
    һȡԭĲԼ ip λַǷŻط
    ıͷҰѷ ANYBOX 
  ͳԶ֪еĲ

   һ IP Masquerading :
   
   ͼʾǵ͵:-

    +----------+
    |          |  Ethernet
    | abox     |::::::
    |          |2    :192.168.1.x
    +----------+     :
                     :   +----------+   PPP
    +----------+     :  1|  Linux   |   link
    |          |     ::::| masq-gate|:::::::::// Internet
    | bbox     |::::::   |          |
    |          |3    :   +----------+
    +----------+     :
                     :
    +----------+     :
    |          |     :
    | cbox     |::::::
    |          |4
    +----------+


    <-Internal Network->

   ǿ̨ϵͳңԶҷЩ㵽
   · IP ܹӣԼһЩԶһҳ·Ȥ
   ѶĶ  Linux ϵͳ masq-gate  abox, bbox, cbox ڲ·
   ·αװբ ڲ·ʹָ˽(private) ·λַ
    class C · 192.168.1.0, Linux ӵλַ 192.168.1.1
   ϵͳҲӵд·ϵλַ
   
   ̨ abox, bbox Լ cbox (ǿִκҵϵͳ  
   Windows 95, Macintosh MacTCP һ̨ Linux ֻҪ˽
   IP)ߵ·ϵȥȻαװϵͳբ masq-gate ת
   еЩ߿ԭαװբ masq-gate 
   ģһαװߴصתԭȵϵͳ  ڲ·ϵ
   ϵͳֱͨ·ĵ·Ҳ֪ǵϱαװ
   
2.6  Linux 2.2.x ʹ IP Masquerade 

     ** ο [12]IP Masquerade Resource ԻѶ**
     
     * 2.2.x ĵԭʼʽɴ [13]http://www.kernel.org/ ȡá
       (󲿷ִķ׼ Red Hat 5.2 - 䱸 2.0.36 ĺ - 
       ģ黯ĺģ IP Masquerade ѡѴ򿪡 
       ûбҪб롣ԼģӦעҪʲᣬ
       ļᵽ)
     * ĺģ飬 2.1.121 İ汾
     * 趨õ TCP/IP ·
       ļ [14]Linux NET-3 HOWTO  [15]Network Administrator's
       Guide
       Ҳο [16]Trinity OS Doc, һݷǳ Linux ·οָ
     *  Linux ·
       ļ [17]Linux ISP Hookup HOWTO, [18]Linux PPP HOWTO,
       [19]Linux DHCP mini-HOWTO  [20]Linux Cable Modem mini-HOWTO
     * IP Chains 1.3.8 µİ汾ɴ
       [21]http://www.rustcorp.com/linux/ipchains/ ȡá
       汾ĸѶҲ [22]Linux IP Firewalling Chains page.
     * Ѷ [23]Linux IP Masquerade Resource
       
2.7  Linux 2.0.x ʹ IP Masquerade 

     ** ο [24]IP Masquerade Resource ԻѶ**
     
     *
     *  2.0.x ԭʼʽԴȡ [25]http://www.kernel.org/
       (󲿷ִķ׼ Red Hat 5.2 - 䱸 2.0.36 ĺ - 
       ģ黯ĺģ IP Masquerade ѡѴ򿪡 
       ûбҪб롣ԼģӦעҪʲᣬ
       ļᵽ)
     * ģ飬 2.0.0 µİ汾Դȡ
       [26]http://www.pi.se/blox/modules/modules-2.0.0.tar.gz
       (Ҫ modules-1.3.57)
     * 趨õ TCP/IP ·
       ļ [27]Linux NET-3 HOWTO  [28]Network Administrator's
       Guide
       Ҳο [29]Trinity OS Doc, һݷǳ Linux ·οָ
     *  Linux ·
       ļ [30]Linux ISP Hookup HOWTO, [31]Linux PPP HOWTO,
       [32]Linux DHCP mini-HOWTO  [33]Linux Cable Modem mini-HOWTO
     * Ipfwadm 2.3 µİ汾Դȡ
       [34]ftp://ftp.xos.nl/pub/linux/ipfwadm/ipfwadm-2.3.tar.gz  Linux
       Ipfwadm ҳи춰汾Ѷ [35]Linux IPFWADM page
     * ѡԵؼһЩ IP Masquerade ޲ܣ 
       ȡĸѶ [36]IP Masquerade Resources (Щ޲
       е 2.0.x )
       
3. IP Masquerade 趨

     ˽·κҪѶʹ IP Masquerade ֮ǰ˼
     ܳΪͨ·բ֮ȻҲܳΪһߵ
     ˽·;
     
3.1 ļ IP Masquerade ֧Ԯ

      Linux ׼Ѿ潫ᵽԼģȥ
     (󲿷ģ黯ĺĶ)㲻Ҫ±ġ 
     ʮֽһ˽ڣΪõѶ
     
  Linux 2.2.x 
  
     * ȣҪ 2.2.x ĵԭʼʽ롣
     * һαģҪ¡ ʵϣǳ׶Һ
       [37]Linux Kernel HOWTO.
     * ָ: tar xvzf linux-2.2.x.tar.gz -C /usr/src ԭʼ
        /usr/src/,  x  2.2 ֮޲㼶(ȷһ linux Ŀ
       ¼).
     * ʵ޲Ϊµ޲ϳϸڲ 
       µѶο [38]IP Masquerade Resources.
     * йرĸһĽο Kernel HOWTO ԼԭʼʽĿ
       ¼ README 
     * Ҫȥѡ:
       ѡҪش YES:
       
  * Prompt for development and/or incomplete code/drivers
    CONFIG_EXPERIMENTAL
    - ⽫ѡʵԵ IP Masquerade ʽ뵽ȥ

  * Enable loadable module support
    CONFIG_MODULES
    - ܹ ipmasq ģ ip_masq_ftp.o

  * Networking support
    CONFIG_NET

  * Network firewalls
    CONFIG_FIREWALL

  * TCP/IP networking
    CONFIG_INET

  * IP: forwarding/gatewaying
    CONFIG_IP_FORWARD

  * IP: firewalling
    CONFIG_IP_FIREWALL

  * IP: masquerading
    CONFIG_IP_MASQUERADE

  * IP: ipportfw masq support
    CONFIG_IP_MASQUERADE_IPPORTFW
    - 

  * IP: ipautofw masquerade support
    CONFIG_IP_MASQUERADE_IPAUTOFW
    - ѡ

  * IP: ICMP masquerading
    CONFIG_IP_MASQUERADE_ICMP
    - ֧Ԯαװ ICMP 

  * IP: always defragment
    CONFIG_IP_ALWAYS_DEFRAG
    - ߶Ƚʹ

  * Dummy net driver support
    CONFIG_DUMMY
    - 

  * IP: ip fwmark masq-forwarding support
    CONFIG_IP_MASQUERADE_MFW
    - ѡ

       ע: ֻ IP Masquerade Ŀİ
       ѡ
     * ڱ֮ᣬҪ뼰װģ:
       
make modules; make modules_install

     * Ȼ漸мӵ /etc/rc.d/rc.local  (Ϊʵ
       )ԱÿؿʱԶλ /lib/modules/2.2.x/ipv4/ ģ
       :
       
        .
        .
        .
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
(Լģ ip_masq_cuseeme, ip_masq_vdolive,
мЩ޲Ļ)
        .
        .
        .

       Ҫ: IP ת͹ 2.2.x ԤǹرյģȷԴָ
       :
       echo "1" > /proc/sys/net/ipv4/ip_forwarding  Red Hat ʹ
       ˵԰ /etc/sysconfig/network е FORWARD_IPV4=false ĳ
       FORWARD_IPV4=true.
     *  Linux 
       
  Linux 2.0.x Kernels
  
     * ȣҪĵԭʼʽ(µ 2.0.36 ϵİ汾)
     * һαģҪ¡ ʵϣǳ׶Һ
       [39]Linux Kernel HOWTO.
     * ָ: tar xvzf linux-2.0.x.tar.gz -C /usr/src ԭʼ
        /usr/src/,  x  2.0 ֮޲㼶(ȷһ linux Ŀ
       ¼).
     * ʵ޲Ϊµ޲ϳϸڲ 
       µѶο [40]IP Masquerade Resources.
     * йرĸһĽο Kernel HOWTO ԼԭʼʽĿ
       ¼ README 
     * Ҫȥѡ:
       ѡҪش YES:
       
  * Prompt for development and/or incomplete code/drivers
    CONFIG_EXPERIMENTAL
    - ⽫ѡʵԵ IP Masquerade ʽ뵽ȥ

  * Enable loadable module support
    CONFIG_MODULES
    - ܹģ

  * Networking support
    CONFIG_NET

  * Network firewalls
    CONFIG_FIREWALL

  * TCP/IP networking
    CONFIG_INET

  * IP: forwarding/gatewaying
    CONFIG_IP_FORWARD

  * IP: firewalling
    CONFIG_IP_FIREWALL

  * IP: masquerading (EXPERIMENTAL)
    CONFIG_IP_MASQUERADE
    - ȻʵԵģȴ ** 

  * IP: ipautofw masquerade support (EXPERIMENTAL)
    CONFIG_IP_MASQUERADE_IPAUTOFW
    - 

  * IP: ICMP masquerading
    CONFIG_IP_MASQUERADE_ICMP
    - ֧Ԯαװ ICMP ѡ

  * IP: always defragment
    CONFIG_IP_ALWAYS_DEFRAG
    - ߶Ƚʹ

  * Dummy net driver support
    CONFIG_DUMMY
    - 

       ע: ֻ IP Masquerade Ŀİ
       ѡ
     * ڱ֮ᣬҪ뼰װģ:
       
make modules; make modules_install

     * Ȼ漸мӵ /etc/rc.d/rc.local  (Ϊʵ
       )ԱÿؿʱԶλ /lib/modules/2.0.x/ipv4/ ģ
       :
       
        .
        .
        .
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
(Լģ ip_masq_cuseeme, ip_masq_vdolive,
мЩ޲Ļ)
        .
        .
        .

       Ҫ: IP ת͹ 2.0.34 ֮ĺԤǹرյģȷԴָ
       :
       echo "1" > /proc/sys/net/ipv4/ip_forwarding  Red Hat ʹ
       ˵԰ /etc/sysconfig/network е FORWARD_IPV4=false ĳ
       FORWARD_IPV4=true.
     *  Linux 
       
3.2 ָ˽· IP λַ

   Ϊûʽָλַиȷķʽλַ
   Щ
   
    IP Masquerade FAQ:
   
   з RFC (#1597, ڿѹʱ) йûߵ·ʹʲ
   IP λַرΪĿĶģһʹõ
   192.168.1.n  192.168.255.n ֮ 255 Class-C ·
   
 RFC 1597:

: ˽λַռ

      ·λַָ(IANA: Internet Assigned Numbers Authority)
      Ѿ IP λַռ˽·:

                     10.0.0.0        -   10.255.255.255
                     172.16.0.0      -   172.31.255.255
                     192.168.0.0     -   192.168.255.255

      ǽƵһΪ "24λԪ"ڶΪ "20λԪ"
      Ϊ "16λԪ"ע⵽һֻǸ
      class A  ·룬ڶ 16  class B ·
      룬һ 255   class C ·룮

   ԣҪʹһ class C ·ĻĻӦ
   192.168.1.1, 192.168.1.2, 192.168.1.3, ..., 192.168.1.x ֮
   
   192.168.1.1 ͨբ̨ڴ˼· Linux ע
   192.168.1.0 Լ 192.168.1.255 ֱΪ·Լ㲥λַǱģ
   ĻʹЩλַ
   
3.3 

   Ϊÿ̨趨ʵ IP λַ֮⣬ҲӦ趨ʵբһ˵
   Ƿǳֱ˵ģֻ򵥵 Linux λַ(ͨ
   192.168.1.1)Ϊբλַ
   
   ƷԼκ DNS ϵͳܵӦ Linux ʹ
   һҲѡԵؼκβ(domain suffix) 
   
   Щ IP λַ֮ᣬǵʵķ¿
   
   áʹһ Class C · 192.168.1.1 Ϊ Linux
   λַע 192.168.1.0  192.168.1.255 Ǳģ
   
   Windows 95
  
    1. 㻹ûаװ·Լʽ
    2.  '̨/·' ȥ
    3. ·û 'TCP/IP Э' ӽȥ
    4. 'TCP/IP 'Уѡ'IP λַ'Ұ IP λַ趨Ϊ
       192.168.1.x,(1<x<255) Ұ·Ϊ 255.255.255.0
    5. 'ͨѶբ'м 192.168.1.x Ϊբ
    6. 'DNS '/'DNS ŷ'¼ Linux ʹõ DNS (ͨ
        /etc/resolv.conf ҵ)ѡԵؼʵβѰ˳
       
    7. Ҫԭȵ趨֪Լʲᣮ
    8. еĶԻа'ȷ'ϵͳ
    9. ·ߣPing  linux : 'ʼ/ִ' ping
       192.168.1.1
       (ֻ·߲ԣڻ ping 磮)
   10.  windows Ŀ¼ѡԵؽһ HOSTS ʹ
       ·Ļƣ windows Ŀ¼иΪ HOSTS.SAM ġ
       
   Windos for Workgroup 3.11
  
    1. 㻹ûаװ·Լʽ
    2. 㻹δװ TCP/IP 32b ׼Ļװɣ
    3.  'Main'/'Windows Setup'/'Network Setup',  'Drivers'
    4.  'Network Drivers'  'Microsoft TCP/IP-32 3.11b' ף
       'Setup'
    5. 趨 IP λַ 192.168.1.x (1 < x < 255), Ȼ趨 Subnet Mask Ϊ
       255.255.255.0 Լ Default Gateway Ϊ 192.168.1.1
    6. Ҫ 'Automatic DHCP Configuration'  'WINS Server' з
       ζһ Windows NT ж֪ʲᣮ
    7.  'DNS',  3.3.1 СвᵽѶȻᰴ
       'OK' ť
    8.  'Advanced', ʹ 3.3.1 Сڲʮᵽ
       ѡ 'Enable DNS for Windows Name Resolution'  'Enable LMHOSTS
       lookup'
    9. жԻа 'OK' ϵͳ
   10. Ping һ Linux Բ·:  'File/Run' : ping
       192.168.1.1
       (ֻ·Ӳԣ㻹 ping )
       
  Configuring Windows NT
  
    1. 㻹ûаװ·Լʽ
    2.  'Main'/'Control Panel'/'Network'
    3. 㻹ûװ TCP/IP Ļ 'Add Software' ѡм TCP/IP Э
       صĲݣ
    4.  'Network Software and Adapter Cards' ｫ 'Installed Network
       Software' ѡе 'TCP/IP Э' ף
    5.  'TCP/IP Configuration'ѡʵĽʽ磬[1]Novell
       NE2000 AdapterȻ趨 IP λַ 192.168.1.x (1 < x < 255)Ȼ
       趨 Subnet Mask Ϊ 255.255.255.0 Լ Default Gateway Ϊ
       192.168.1.1
    6. Ҫ 'Automatic DHCP Configuration'  'WINS Server' з
       ζһ Windows NT ж֪ʲᣮ
    7.  'DNS',  3.3.1 СвᵽѶȻᰴ
       'OK' ť
    8.  'Advanced', ʹ 3.3.1 Сڲʮᵽ
       ѡ 'Enable DNS for Windows Name Resolution'  'Enable LMHOSTS
       lookup'
    9. жԻа 'OK' ϵͳ
   10. Ping һ Linux Բ·:  'File/Run' : ping
       192.168.1.1
       (ֻ·Ӳԣ㻹 ping )
       
   UNIX ϵеϵͳ
  
    1. 㻹δװ·ʵĽʽ±ĺģ
       ھɣ
    2. װ TCP/IP · nettools ׼㻹ûװĻ
    3.  IPADDR Ϊ 192.168.1.x (1 < x < 255), ȻὫ NETMASK Ϊ
       255.255.255.0, GATEWAY Ϊ 192.168.1.1, Լ BROADCAST Ϊ
       192.168.1.255
       磬 Red Hat Linux ϵͳԱ༭
       /etc/sysconfig/network-scripts/ifcfg-eth0ֱӴ Control Panel
       
       ( SunOS, BSDi, Slackware Linux, жͬ...)
    4. ŷѰβӵ /etc/resolv.conf
    5. 趨Ҫ /etc/networks 
    6. ʵķ񣬻򵥵¿
    7.  ping ָ: ping 192.168.1.1 ԲԵ gateway 
       
       (ֻ·Ӳԣ㻹 ping )
       
  ʹ NCSA Telnet ׼ DOS 
  
    1. 㻹ûаװ·
    2. ʵķʽ NE2000 ˵Ŀ趨Ϊ IRQ
       10 Ӳλַ 0x300 nwpd 0x60 10 0x300
    3. һĿ¼Ȼ⿪ NCSA Telnet ׼: pkunzip tel2308b.zip
    4. ʹֱ༭ config.tel 
    5. 趨 myip=192.168.1.x (1 < x < 255), Լ netmask=255.255.255.0
    6. ڱУӦ趨 hardware=packet, interrupt=10, ioaddr=60
    7. ҪһĻ趨Ϊ gatewayҲ Linux :
       
name=default
host=yourlinuxhostname
hostip=192.168.1.1
gateway=1

    8. ҪһָƷ:
       
name=dns.domain.com ; hostip=123.123.123.123; nameserver=1

       ע:  Linux ʹõ DNS ʵѶȡ
    9.  config.tel 
   10. Telnet  Linux Բ·: telnet 192.168.1.1
       
  ִ MacTCP  MacOS 
  
    1. 㻹ûΪ̫·תװʵʽھ
    2.  MacTCP control panelѡʵ·ʽ(Ethernet, 
       EtherTalk)  'More...' ť
    3.  'Obtain Address:',  'Manually'
    4.  'IP Address:' £ӵѡѡ class CԶԻе
       ݣ
    5.  'Domain Name Server Information:' ʵѶ
    6.  'Gateway Address:' У 192.168.1.1
    7.  'OK' Դ趨 MacTCP control panel ӴУ 'IP
       Address:'  Mac  IP λַ (192.168.1.x, 1 < x < 255)
    8. ر MacTCP control panel. еĵӴ¿Ǿ
       
    9.  ping һ Linux ·ߣ MacTCP
       Watcher ѳʽ 'Ping' ťȻڵĶԻм
       Linux ĵַ(192.168.1.1)(ֻ·Ӳԣ㻹
        ping 磮)
   10. ѡԵ System Folder нһ Hosts Աʹ
       ·ƣ Ѿ System Folder
       ӦûһЩ(ע)ĿԸҪ
       ģ
       
  ִ Open Transport  MacOS ϵͳ
  
    1. 㻹ûΪ̫·תװʵʽھ
    2.  TCP/IP Control Panel Ȼ Edit ѡѡ 'User Mode ...'
       ȷʹģʽ 'Advanced' Ȼᰴ 'OK' ť
    3.  File ѡѡ 'Configurations...'ѡ 'Default' ò
       'Duplicate...' ť 'Duplicate Configuration' Իм 'IP
       Masq' (֪Ǹõ)ܻ˵
       'Deafault copy' ʲģȻᰴ 'OK' ťԼ 'Make Active' ť
    4.  'Connect via:' ʽѡѡ 'Ethernet'
    5.  'Configure:' ʽѡѡʵĿ㲻֪Ӧѡʲᣬ
       Ӧѡ 'Default' Ȼ뿪õ 'Manually'
       
    6.  'IP Address:'  Mac  IP λַ (192.168.1.x, 1 < x <
       255)
    7.  'Subnet mask:'  255.255.255.0
    8.  'Router address:'  192.168.1.1 
    9.  'Name server addr.:' ŷ IP λַ
   10.  'Implicit Search Path:'  'Starting domain name' 
       ·( 'microsoft.com')
   11. ĲѡԵģȷֵܵصĴΪ㲻
       ȷ¿հףҪѡҪĻȥЩλеκ
       ѶĿǰ֪ûа취 TCP/IP ԻӴиϵͳҪʹǰѡ
       һ "Hosts" ֪ĻҺȤ˽⣮·
       Ҫ 802.3 ܵĻ͹ѡ '802.3'
   12.  'Options...' ȷ TCP/IP ãʹ 'Load only when
       needed' ѡִв TCP/IP Ӧóʽζδ
       Ļ㽫ֲѡ 'Load only when needed' /ļ
       ЧܣѡĿʹ TCP/IP ЭǱʹã
       ѡˣTCP/IP ЭԶҪʱ벢ڲҪʱͷţͷŵĹ
       ̿ʹļѣ
   13.  ping һ Linux ·ߣ MacTCP
       Watcher ѳʽ 'Ping' ťȻڵĶԻм
       Linux ĵַ(192.168.1.1)(ֻ·Ӳԣ㻹
        ping 磮)
   14.  System Folder нһ Hosts Աʹ·
       ƣѾδ System Folder 
       еĻӦûһЩ(ע)ĿԸ
       Ҫ޸ģûеĻԴһ MacTCP ϵͳȡ
       Լһ(ѭ Unix  /etc/hosts ʽ RFC 952 
       )һ㽨 TCP/IP control panel 'Select
       Hosts File...' ťȻ Hosts 
   15. رնԻл File ѡѡ 'Close'  'Quit' Ȼᰴ 'Save' 
       ĸı䣮
   16. ЩıЧ¿Ҳ޺
       
  ʹ DNS  Novell ·
  
    1. 㻹ûΪ̫·תװʵʽھ
    2.  [41]ftp.novell.com/pub/updates/unixconn/lwp5 ȡ tcpip16.exe
    3.
༭ c:\nwclient\startnet.bat
       : (here is a copy of mine)
SET NWLANGUAGE=ENGLISH
LH LSL.COM
LH KTC2000.COM
LH IPXODI.COM
LH tcpip
LH VLM.EXE
F:
    4.
༭ c:\nwclient\net.cfg
       : (ʽΪģ i.e. NE2000)
Link Driver KTC2000
        Protocol IPX 0 ETHERNET_802.3
        Frame ETHERNET_802.3
        Frame Ethernet_II
        FRAME Ethernet_802.2

NetWare DOS Requester
           FIRST NETWORK DRIVE = F
           USE DEFAULTS = OFF
           VLM = CONN.VLM
           VLM = IPXNCP.VLM
           VLM = TRAN.VLM
           VLM = SECURITY.VLM
           VLM = NDS.VLM
           VLM = BIND.VLM
           VLM = NWP.VLM
           VLM = FIO.VLM
           VLM = GENERAL.VLM
           VLM = REDIR.VLM
           VLM = PRINT.VLM
           VLM = NETX.VLM

Link Support
        Buffers 8 1500
        MemPool 4096

Protocol TCPIP
        PATH SCRIPT     C:\NET\SCRIPT
        PATH PROFILE    C:\NET\PROFILE
        PATH LWP_CFG    C:\NET\HSTACC
        PATH TCP_CFG    C:\NET\TCP
        ip_address      xxx.xxx.xxx.xxx
        ip_router       xxx.xxx.xxx.xxx
    5. Ὠ
c:\bin\resolv.cfg
       :
SEARCH DNS HOSTS SEQUENTIAL
NAMESERVER 207.103.0.2
NAMESERVER 207.103.11.9
    6. ϣЩĳЩʹ Novell ·аУ Netware 3.1x
        4.x ã
       
   OS/2 Warp
  
    1. 㻹ûΪ̫·תװʵʽھ
    2. 㻹ûװ TCP/IP ͨѶЭĻھװ
    3.  Programms/TCP/IP (LAN) / TCP/IP 趨
    4.  'Network' λ TCP/IP λַ趨 netmask
       (255.255.255.0)
    5.  'Routing' λ 'Add'.  Type λ趨Ϊ 'default' 
       'Router Address' λм Linux  IP λַ
       (192.168.1.1).
    6.  'Hosts' λ趨 Linux ʹͬ DNS (ŷ)λַ
       
    7. ر TCP/IP ̨ڽлش yes.
    8. ϵͳ
    9.  ping  Linux Բ·ã 'OS/2 Ӵ' ϼ
        'ping 192.168.1.1'. յ ping һоû⣮
       
  ϵͳ
  
   ͬ߼Ӧƽ̨Сڵ˵ Ȥ
   дҵϵͳã ϸĽָ
   [42]ambrose@writeme.com  [43]dranch@trinnet.net.
   
3.4  IP ת(Forwarding)ķʽ

   ĿǰΪֹӦѾװúԼҪ׼Ҳģ飮
   ͬʱ IP λַբԼDNS Ҳȫ趨ɣ
   
   ڣΨһʣҪʹ IP ǽתʵķʵĻ
   :
   
     ** ಻ͬķʽɣеĽӶ˵ã
     вͬ⣬ڲο 4.4 ڼ ipchains(2.2.x) /
     ipfwadm(2.0.x) ֲᣮ **
     
     ** ڽṩ㽨 IP αװٹһЩȫĿδ
     ȥ ǿҽ㻨һЩʱȥоʵķǽǿȫԡ
     **
     
  Linux 2.2.x 
  
   Ipfwadm Ѿ޷ 2.2.x ĺд IP αװ
   ipchains.
   
ipchains -P forward DENY
ipchains -A forward -s yyy.yyy.yyy.yyy/x -j MASQ

    x ·Ϊ֮һ yyy.yyy.yyy.yyy 
   ·λַ
   
netmask         | x  | Subnet
~~~~~~~~~~~~~~~~|~~~~|~~~~~~~~~~~~~~~
255.0.0.0       | 8  | Class A
255.255.0.0     | 16 | Class B
255.255.255.0   | 24 | Class C
255.255.255.255 | 32 | Point-to-point

   Ҳʹָʽ yyy.yyy.yyy.yyy/xxx.xxx.xxx.xxx, 
   xxx.xxx.xxx.xxx ָ·֣ 255.255.255.0.
   
   磬һ class C ·ϣҵ:
   
ipchains -P forward DENY
ipchains -A forward -s 192.168.1.0/24 -j MASQ

   
   
ipchains -P forward DENY
ipchains -A forward -s 192.168.1.0/255.255.255.0 -j MASQ

   ҲԷֱÿ̨趨 磬 192.168.1.2 
   192.168.1.8 ܹȡ·ʹõĻҵ:
   
ipchains -P forward DENY
ipchains -A forward -s 192.168.1.2/32 -j MASQ
ipchains -A forward -s 192.168.1.8/32 -j MASQ

   ҪԤ跽ʽ(policy)Ϊαװ(masquerading)  Բٿǵ
   ·(routing) ˽ֱܹӴ(tunnel)բԴαװǵ
   !
   
   ͬأ԰Щ /etc/rc.local κһȽϲ rc 
   ÿҪ IP Masquerade ʱִֶ֮
   
    ipchains ϸʹ÷ο [44]Linux IPCHAINS HOWTO
   
  Linux 2.0.x 
  
ipfwadm -F -p deny
ipfwadm -F -a m -S yyy.yyy.yyy.yyy/x -D 0.0.0.0/0

   
   
ipfwadm -F -p deny
ipfwadm -F -a masquerade -S yyy.yyy.yyy.yyy/x -D 0.0.0.0/0

    x ·Ϊ֮һ yyy.yyy.yyy.yyy 
   ·λַ
   
netmask         | x  | Subnet
~~~~~~~~~~~~~~~~|~~~~|~~~~~~~~~~~~~~~
255.0.0.0       | 8  | Class A
255.255.0.0     | 16 | Class B
255.255.255.0   | 24 | Class C
255.255.255.255 | 32 | Point-to-point

   Ҳʹָʽ yyy.yyy.yyy.yyy/xxx.xxx.xxx.xxx, 
   xxx.xxx.xxx.xxx ָ·֣ 255.255.255.0.
   
   磬һ class C ·ϣҵ:
   
ipfwadm -F -p deny
ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0

   Ϊ bootp ûкϷ IP's ͻ˲֪λַα
   װ/ǽִ bootp ŷ˱ deny ֮ǰִָ:
   
ipfwadm -I -a accept -S 0/0 68 -D 0/0 67 -W bootp_clients_net_if_name -P udp

   ҲԷֱÿ̨趨 磬 192.168.1.2 
   192.168.1.8 ܹȡ·ʹõĻҵ:
   
ipfwadm -F -p deny
ipfwadm -F -a m -S 192.168.1.2/32 -D 0.0.0.0/0
ipfwadm -F -a m -S 192.168.1.8/32 -D 0.0.0.0/0

   Ĵĵһָ this
ipfwadm -F -p masquerade

   ҪԤ跽ʽ(policy)Ϊαװ(masquerading)  Բٿǵ
   ·(routing) ˽ֱܹӴ(tunnel)բԴαװǵ
   !
   
   ͬأ԰Щ /etc/rc.local κһȽϲ rc 
   ÿҪ IP Masquerade ʱִֶ֮
   
   Ķ 4.4 й Ipfwadm ϸָ
   
3.5  IP Masquerade

   ЩᣬԿʱˣȷ Linux ·
   ͨģ
   
   һЩ'·!!!' ϵҳǷܼ
   һγʱʹ IP λַҪƣΪ DNS 趨пܲ
   ȷ
   
   For example, you can access the Linux Documentation Project site
   http://metalab .unc.edu/mdw/linux.html with an entry of
   [45]http://152.19.254.81/mdw/linux.html
   
   磬ʹ [46]http://152.19.254.81/mdw/linux.html ȡ Linux
   ļƻҳ http://metalab.unc.edu/mdw/linux.html
   
   㿴 The Linux Documentation Project ṧϲ! 
   ! ʹԿȻ telnet, ftp, RealAudio, True
   SpeechԼκ IP Masquerade ֧ԮĶ
   
   ĿǰΪֹһ趨Ϸ⣬Щʱ
   ȫͬЩ趨
   
4.  IP Masquerade ⼰֧Ԯ

4.1 IP Masquerade 

   ĳЩЭ޷ masquerading ʹãΪǲǼйزŵһЩ
   飬λַŵ  ЩЭҪ
   masquerading ʽｨضĴʽʹ
   
4.2 ϵͳķ(incoming services)

   Masquerading ȫܴķ (incoming services) ֻм
   ǣȫ masquerading ޹أʵǱ׼ķǽ
   ʽ
   
   㲢Ҫ߶ȵİȫԼ򵥵ص(redirect)Щ м
   ͬķ  ʹһֻ޸Ĺ redir ʽ(ϣֻʽ
   ܴܿ sunsite  mirrors ȡ) ϣܹϵͳ
   ĳ̶ֳȵ(authorisation)  redir Ķ
   (0.7 or above) ʹ TCP wrappers  Xinetd ض IP λַͨ
   ʹĹߣTIS ǽ߼Ѱҹ߼Ѷĺõط
   
   ڿ [47]IP Masquerade Resource ҵ
   
   һСڸתͷĵѶ
   
4.3 ֧ԮĿͻԼ趨ע

     ** бٱάˣɾ Linux IP masquerading Ӧ
     ʽο [48]  [49]IP Masquerade Resource ȡýһϸ
      **
     
   һ˵ʹôЭ(TCP) ʹ߶Э (UDP)Ӧóʽ
   Ӧö κιӦóʽ IP Masquerade ݵĽ飬
   ʾ⣬ݷ Lee Nevo ά [50] Linux IP masquerading 
   Ӧóʽ ҳ
   
  ʹõĿͻ
  
   һͻ
   
   HTTP
          ֧Ԯƽ̨ҳ
          
   POP & SMTP
          ֧Ԯƽ̨ʼ
          
   Telnet
          ֧Ԯƽ̨Զǩҵ
          
   FTP
          ֧Ԯƽ̨ ip_masq_ftp.o ģ(վ̨ϸ
          ֿͻ壻ĳЩʹ ws_ftp32 վ̨ȴʹ
          netscape )
          
   Archie
          ֧Ԯƽ̨Ѱ( archie ͻ嶼֧
          Ԯ)
          
   NNTP (USENET)
          ֧Ԯƽ̨·
          
   VRML
          Windows (֧Ԯƽ̨)ʵ
          
   traceroute
          Ҫ UNIX ϵеƽ̨ĳЩֿ޷
          
   ping
          ƽ̨ ICMP ޲
          
   anything based on IRC
          ֧Ԯƽ̨ ip_masq_irc.o ģ
          
   Gopher client
          ֧Ԯƽ̨
          
   WAIS client
          ֧Ԯƽ̨
          
   ýͻ
   
   Real Audio Player
          Windows, ·Ѷ ip_masq_raudio ģ
          
   True Speech Player 1.1b
          Windows, ·Ѷ
          
   Internet Wave Player
          Windows, ·Ѷ
          
   Worlds Chat 0.9a
          Windows, ͻŷ彻̸(3D chat) ʽ
          
   Alpha Worlds
          Windows, Windows, ͻŷ彻̸(3D chat) ʽ
          
   Powwow
          Windows, ԵװͨѶбˣǿ㽻
          ̸ǲܺ㣮
          
   CU-SeeMe
          ֧Ԯƽ̨ cuseeme ģ飬ϸϸ  [51]IP
          Masquerade Resource
          
   VDOLive
          Windows,  vdolive ޲
          
   ע: ʹбˣʹ ipautofw ׼ĳЩͻ
   IPhone Լ Powwow ܻǿ( 4.6 )
   
   ͻ
   
   NCSA Telnet 2.3.08
          DOS,  telnet, ftp, ping ȵȵһ׼
          
   PC-anywhere for windows 2.0
          MS-Windows,  TCP/IP Զң PC ֻΪͻ˶
          ²
          
   Socket Watch
          ʹ ntp  ·ʱЭ
          
   Linux net-acct package
          Linux, ·ʺŹ׼
          
  ޷ʹõĿͻ
  
   Intel Internet Phone Beta 2
          ϵֻܵ()
          
   Intel Streaming Media Viewer Beta 1
          ޷ŷ
          
   Netscape CoolTalk
          ޷ӶԷ
          
   talk,ntalk
          ⽫  Ҫ׫дһݺĴʽ
          
   WebPhone
          Ŀǰ޷(˲Ϸλַ)
          
   X
          ûвԹ˽һ X ʽ޷
           masquerading ʽ֮һⲿʽһķʽ
          ʹ ssh ΪᲢʹڲ X ִ!
          
  ѲԹΪƽ̨/ҵϵͳ
  
     * Linux
     * Solaris
     * Windows 95
     * Windows NT (both workstation and server)
     * Windows For Workgroup 3.11 (with TCP/IP package)
     * Windows 3.1 (with Chameleon package)
     * Novel 4.01 Server
     * OS/2 (including Warp v3)
     * Macintosh OS (with MacTCP or Open Transport)
     * DOS (with NCSA Telnet package, DOS Trumpet works partially)
     * Amiga (with AmiTCP or AS225-stack)
     * VAX Stations 3520 and 3100 with UCX (TCP/IP stack for VMS)
     * Alpha/AXP with Linux/Redhat
     * SCO Openserver (v3.2.4.2 and 5)
     * IBM RS/6000 running AIX
       
   ϣ֧Ԯ TCP/IP ָϻ/·(gateway/router)
   ҵϵͳӦܺ IP Masquerade һ
   
4.4 IP ǽ (ipfwadm)

   һṩ ipfwadm ʹָ
   
   һڹ̶ PPP λַ֮ PPP ķǽ/αװϵͳʹõ趨
   (trusted) Ϊ 192.168.255.1, PPP Ѿ޸ĹԱⷸ :) 
   ֱгÿһ(incoming)Լͳ(outgoing)ץ·
   (stuffed routing) Լ/αװ(masquerading)ȵЩ IP spoofing
   ɣͬʱκûȷĶǽֹ!
   
#!/bin/sh
#
# /etc/rc.d/rc.firewall,  ǽã rc.local ִУ
#

PATH=/sbin:/bin:/usr/sbin:/usr/bin

# ãȴһʱȻеķǽ
# ϣǽʮ֮Զرվȡмеע⣮
# (sleep 600; \
# ipfwadm -I -f; \
# ipfwadm -I -p accept; \
# ipfwadm -O -f; \
# ipfwadm -O -p accept; \
# ipfwadm -F -f; \
# ipfwadm -F -p accept; \
# ) &

# αװբ趨Լ趨ܾĲ(policy)ʵ
# ԤĲûʲϵΪԭȾϣܾԼ¼й
ipfwadm -I -f
ipfwadm -I -p deny
# αװբı(local) 棬·Ļκ
# ط
ipfwadm -I -a accept -V 192.168.255.1 -S 192.168.0.0/16 -D 0.0.0.0/0
# αװբԶ(remote)棬·ĻIP spoofing
# ܾ
ipfwadm -I -a deny -V your.static.PPP.address -S 192.168.0.0/16 -D 0.0.0.0/0 -o
# αװբԶ˽棬κԴ̶ (permanent) PPP
# λַ
ipfwadm -I -a accept -V your.static.PPP.address -S 0.0.0.0/0 -D your.static.PPP
.address/32
# (loopback)
ipfwadm -I -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0
# ׽йκĽ뷽ʽᱻܾ¼ϧû
# ¼õѡԴ
ipfwadm -I -a deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o

# ͳαװբ趨Լ趨ܾĲ(policy)ʵ
# ԤĲûʲϵΪԭȾϣܾԼ¼й
ipfwadm -O -f
ipfwadm -O -p deny
# ؽ棬κԴͳ·
ipfwadm -O -a accept -V 192.168.255.1 -S 0.0.0.0/0 -D 192.168.0.0/16
# Զ˽ͳ·stuffed routing ܾ
ipfwadm -O -a deny -V your.static.PPP.address -S 0.0.0.0/0 -D 192.168.0.0/16 -o
# ·ĻԶ˽ͳstuffed masqueradingܾ
ipfwadm -O -a deny -V your.static.PPP.address -S 192.168.0.0/16 -D 0.0.0.0/0 -o
# ·ĻԶ˽ͳstuffed masqueradingܾ
ipfwadm -O -a deny -V your.static.PPP.address -S 0.0.0.0/0 -D 192.168.0.0/16 -o
# κԶ˽ͳĶ
ipfwadm -O -a accept -V your.static.PPP.address -S your.static.PPP.address/32 -
D 0.0.0.0/0
# (loopback)
ipfwadm -O -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0
# ׽йκͳʽᱻܾ¼ϧû
# ¼õѡԴ
ipfwadm -O -a deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o

# αװբת趨Լ趨ܾĲ(policy)ʵ
# ԤĲûʲϵΪԭȾϣܾԼ¼й
ipfwadm -F -f
ipfwadm -F -p deny
# αװ·Ļӱؽͳκεط
ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/16 -D 0.0.0.0/0
# ׽йκתͷʽᱻܾ¼ϧû
# ¼õѡԴ
ipfwadm -F -a deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o

   ʹ -I, -O  -F ƵĳضڵǵЩ
   ɨĶ -a "(append)"ĿǰеĹκƱ
   ȫ(global)֮ǰ֣(ûԹ) :-
   
   ʹ -I 򣮿ٶĵֹֻ·Ļǽ
   ȻԴȡ"ֹ"Ľڵ㣮Ȼϣ
   
... start of -I rules ...
# ܾ¼ؽ棬·Ļͨ 204.50.10.13
ipfwadm -I -a reject -V 192.168.255.1 -S 192.168.0.0/16 -D 204.50.10.13/32 -o
# ؽ棬·Ļͨκεط
ipfwadm -I -a accept -V 192.168.255.1 -S 192.168.0.0/16 -D 0.0.0.0/0
... end of -I rules ...

   ʹ -O ΪȾαװֹǽȡֹ
   ڵ㣮
   
... start of -O rules ...
# ܾ¼ͳ 204.50.10.13 
ipfwadm -O -a reject -V your.static.PPP.address -S your.static.PPP.address/32 -
D 204.50.10.13/32 -o
# κԶ˽ͳĶ
ipfwadm -O -a accept -V your.static.PPP.address -S your.static.PPP.address/32 -
D 0.0.0.0/0
... end of -O rules ...

   ʹ -F 򣮿ܱ -I ȻֹֻαװĻ(ڲĻ)
   ǽȻȡýֹĽڵ㣮
   
... start of -F rules ...
# ܾ¼ PPP  ͳ· 204.50.10.13 ϣ
ipfwadm -F -a reject -W ppp0 -S 192.168.0.0/16 -D 204.50.10.13/32 -o
# αװؽ·ͳκεطϣ
ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/16 -D 0.0.0.0/0
... end of -F rules ...

   ҪиضĹ 192.168.0.0/16 ͨ 204.50.11.0, ⺭ȫ
   У
   
   һϵķԶԽ趨ʹ -W eth0 ȡ -V
   192.168.255.1ʹ -W ppp0 ȡ -V your.static.PPP.address
   ѡҪ
   
4.5 IP ǽ (ipchains)

   ҪǸ 2.2.x ʹõķǽ(һ޲Ҳ
   2.0.x ).
   
   ǻᾡ´˽ڣһЩʹ ipchains ġ
   
   ϸο [52]Linux IP Firewalling Chains page Լ [53]Linux
   IPCHAINS HOWTO.
   
4.6 IP Masquerade Լʽ(Demand-Dial-Up)

    1. ·趨Զ· diald demand ׼
       ǺܰĹߣ
    2. Ҫ趨 diald, 鿴 [54]Setting Up Diald for Linux Page ҳ
    3. һ diald Լ IP masq 趨ɣκοͻ˻
       web, telnet  ftp ߣ
    4. Diald ⵽ϵͳȻᲦӵ ISP ߣ
    5. һ߽ᷢʱ(timeout) Σʹʽݻ
       ޿ɱģ ݻԼ PPP ѵʱ佫ʹ
       ͻ岻ͣ ʹ ISDN ǿԱģֻ
       ͻеĳɣ
       
4.7 IPautofw תͳʽ

   [55]IPautofw һ Linux masquerading ʹõһ TCP  UDP תͳ
   ʽһʹҪ UDP ׼ʱҪض ip_masq ģ
   ip_masq_raudio, ip_masq_cuseeme,... Ipautofw Ըһ㻯ķʽ
   תͰЩӦóʽضģ鶼ת͵κ̬û
   ȷعɰȫϵ©
   
4.8 CU-SeeMe  Linux IP-Masquerade ļ˵

    [56]Michael Owings ṩ
   
  
  
     ڽ CU-SeeMe ( Cornell  White Pine 汾)  Linux 
     IP αװһķ
     
   CU-SeeMe һѶ壬 Windows  Macintosh ֿͻˡ
   һѵİ汾ɴ [57]Cornell University ȡáҵļǿɴ
   [58]White Pine Software ȡá
   
   IP αװһಿ·ϵĹվ"αװ"һӵ·
   Linux ֮ᡣ ·ڵĹվԼ͸ͨȡ·ʹû
   кϷ IP ַ Linux дڲ··ͷʹ
   Ǵⲿ Linux һ ͽĻӦҲдת
   ڲ·ȷվϡ ʹ·Ӧóʽ͸ͨ
   شڲ·ĹվִС ȻĳЩӦóʽ˵( CU-SeeMe),
   Linux αװʽҪһЩСɵĸʹ÷ת͵ȷ Щ
   ͨĳЩĺĿģ顣  IP-Masquerading ĸ
   Ѷο [59]The Linux IP Masquerading Website.
   
  
  
   ҪʵúġӦü IP-Masquerading  IP
   AutoForwarding ֧ԮIP Autoforwarding  2.0.30 ĺ
   ѡ -- ĺҪ޲ μ [60]Linux IP Masquerade Resource
    IP-Autoforwarding Ѷָ
   
   Ҫȡ°汾 ip_masq_cuseeme.c. ɾ FTP 
   [61]ftp://ftp.swampgas.com/pub/cuseeme/ip_masq_cuseeme.c. ȡá 
   ģҲѾ 2.0.31 ĺ֮Сµİ汾ȡеİ汾
    ip_masq_cuseeme.c ͨλ Linux ԭʼ net/ipv4 Ŀ¼С 
   벢װģ顣
   
   뽨 UDP  7648-7649 Զת:
   
ipautofw -A -r udp 7648 7649 -c udp 7648 -u

   
   
ipautofw -A -r udp 7648 7649 -h www.xxx.yyy.zzz

   һʽò 7648 (Ҫ cu-seeme )վ ڶ
   ʹ ipautofw ķʽʼ cu-seeme  www.xxx.yyy.zzz. ҽϲǰ
   ʽΪеԶûбҪָһرĹվ IP. Ȼ
   ʽҪһվյǰͳС
   
   עַʽͻ˻ UDP  7648-7649 Ÿ -- Ȼ
   صİȫΣգ㻹ӦرСġ
   
   ᣬ·µ ip_masq_cuseeme ģ:
   
modprobe ip_masq_cuseeme

   Դ·һαװĻִ CU-SeeMe ӵԶ˵
   Ӧ(reflector)ϣһ CU-SeeMe ʹߡ ӦҲյ
   עĺ߱ʹ Linux ϻ IP, Ǳαװվ
   IP.
   
  /
  
  뱣ĻӦ
  
   Ŀǰûκΰ취ʹá White Pine ʹԴ IP (ɿͻ˳ʽ)ڴ
   ǰ뱣 ΪǸдλַӦʹôԴ IP 룬
   ˵õȷ롣  White Pine ıĲ(Ѿ
   )Ը⿪ĹʽԱܼӵ
   ip_masq_cuseeme. һ취ĿԺСҷǳ
    White Pine 粢ǲǰһ Ϊҳ൱
   ߵģһܷ㹻ĵʼʹܽ White Pine 
   ȴС
   
   л Thomas Griwenka ¡
   
  ִлӦ
  
   㲻ܳ ip_masq_cuseeme  ipautoforwarding  7648 ͬ
   ϴлӦ(reflector). ûãΪ߶Ҫò 7648. 
   һֱ·ִУִлӦǰж CU-SeeMe 
   ͻ֧Ԯ
   
   CU-SeeMe ʹ
  
   㲻һжλ CU-SeeMe ʹͬʱһ·档
   
   You cannnot have multiple simultaneous CU-SeeMe users on the LAN at
   this time. This is due largely to CU-SeeMe's stubborn insistence on
   always sending to port 7648, which can only be redirected (easily) to
   one LAN workstation at a time.
   
   Using the -c (control port) invocation of ipautofw above, you can
   avoid to having to specify a fixed workstation address allowed to use
   CU-SeeMe -- the first workstation to send anything out on control port
   7648 will be designated to receive traffic on 7648-7649. 5 minutes or
   so after this workstation has been inactive on port 7648, another
   workstation can come along and use CU-SeeMe.
   
  Э趨 CU-SeeMe
  
   κۻдŵ [62]mikey@swampgas.com. ԸĻ
    [63]͸ CU-SeeMe ҡ
   
4.9 Other Related Tools

   ǻᾡ´˽ڼϸαװصĹ ipportfw Լ
   masqadmin.
   
5. 

5.1 

     ** 벻Ҫ͵ʼ IP Masquerade ⣮춸˹ĸ
     ޷֤ظз website ص⣮ 뽫͵
     [64]IP Masquerade mailing list (ѵԴ)ܱǸ
     Ҳȼڲյţ **
     
     * [65]IP Masquerade Resource page Ӧ㹻Ѷ趨 IP Masquerade
       
     *  IP masquerade ʵб()
       ҪĵĻķΪ "subscribe" ()ʼ
       [66]masq-request@indyramp.com
       ҪȡĵĻķΪ "unsubscribe" ()ʼ
       [67]masq-request@indyramp.com
       ҪʹʵбЭ˵ĻķΪ "archive help" 
       "archive dir" ()ʼ [68]masq-request@indyramp.com
     * [69]IP masquerade ʵб йȥ͵ʵбѶϢ
     * ļ [70]Linux IP Masquerade mini HOWTO for kernel 2.x (ʹ
        1.3.x or 2.x ĺ)
     * [71]IP Masquerade HOWTO for kernel 1.2.x ʹñȽϾɵĺ
     * [72]IP masquerade FAQ ЩһԵѶ
     * [73]X/OS Ipfwadm page  ipfwadm ׼ԭʼʽ룬ִе
       ԼѶ
     *  Lee Nevo άҳ [74] Linux IP masquerading Ӧ
       ʽ ṩʾ뼼ʹӦóʽ IP Masquerade 
     * [75]LDP Network Administrator's Guide ֳ趨·ıҪ
       Ѷ
     * [76]Linux NET-2 HOWTO Ҳ Linux ·õѶ
     * [77]Linux ISP Hookup HOWTO Լ [78]Linux PPP HOWTO ΰ
       Linux ·Ѷ
     * [79]Linux Ethernet-Howto й趨ִ̫··ܰѶ
       Դ
     * Ҳܶ [80]Linux Firewalling and Proxy Server HOWTO Ȥ
     * [81]Linux Kernel HOWTO ָĵĹ
     *  [82]Linux HOWTOs  Kernel HOWTO
     *  USENET Ⱥ: [83]comp.os.linux.networking
       
5.2 л

     * Gabriel Beitler, gbeitler@aciscorp.com
       on providing section 3.3.8 (setting up Novel)
     * Ed Doolittle, dolittle@math.toronto.edu
       on suggestion to -V option in ipfwadm command for improved
       security
     * Matthew Driver, mdriver@cfmeu.asn.au
       on helping extensively on this HOWTO, and providing section 3.3.1
       (setting up Windows 95)
     * Ken Eves, ken@eves.com
       on the FAQ that provides invaluable information for this HOWTO
     * Ed. Lott, edlott@neosoft.com
       for a long list of tested system and software
     * Nigel Metheringham, Nigel.Metheringham@theplanet.net
       on contributing his version of IP Packet Filtering and IP
       Masquerading HOWTO, which make this HOWTO a better and technical
       in-depth document
       section 4.1, 4.2, and others
     * Keith Owens, kaos@ocs.com.au
       on providing an excellent guide on ipfwadm section 4.2
       on correction to ipfwadm -deny option which avoids a security
       hole, and clarified the status of ping over IP Masquerade
     * Rob Pelkey, rpelkey@abacus.bates.edu
       on providing section 3.3.6 and 3.3.7 (setting up MacTCP and Open
       Transport)
     * Harish Pillay, h.pillay@ieee.org
       on providing section 4.5 (dial-on-demand using diald)
     * Mark Purcell, purcell@rmcs.cranfield.ac.uk
       on providing section 4.6 (IPautofw)
     * Ueli Rutishauser, rutish@ibm.net
       on providing section 3.3.9 (setting up OS/2 Warp)
     * John B. (Brent) Williams, forerunner@mercury.net
       on providing section 3.3.7 (setting up Open Transport)
     * Enrique Pessoa Xavier, enrique@labma.ufrj.br
       on the bootp setup suggestion
     * developers of IP Masquerade for this great feature
       
          + Delian Delchev, delian@wfpa.acad.bg
          + Nigel Metheringham, Nigel.Metheringham@theplanet.net
          + Keith Owens, kaos@ocs.com.au
          + Jeanette Pauline Middelink, middelin@polyware.iaf.nl
          + David A. Ranch, trinity@value.net
          + Miquel van Smoorenburg, miquels@q.cistron.nl
          + Jos Vos, jos@xos.nl
          + (֪)
            
     * ͻ鵽ʵбϵʹߣرЩļϵĴ
       ֧Ԯδ֧ԮĿͻ˵ģ
     * ûаĳЩʹ͸ҵѶҸеǸ˶Ľ
       ͵ֻû㹻ʱȥȷҲСĶˣ 
       Ŭ͸ҵѶļлͣҲ
       ϣ½ҵ
       
5.3 ο

     * Ken Eves  IP masquerade ʴ
     * Indyramp Consulting ֮ IP masquerade ʵб
     * X/OS  Ipfwadm ҳ
     * · Linux HOWTOs

References

   1. mailto:ambrose@writeme.com
   2. mailto:dranch@trinnet.net
   3. http://www.phys.ntu.edu.tw/~cwhuang/pub/
   4. mailto:cwhuang@linux.org.tw
   5. mailto:ambrose@writeme.com
   6. mailto:dranch@trinnet.net
   7. http://ipmasq.cjb.net/
   8. http://ipmasq.cjb.net/
   9. http://ipmasq.cjb.net/
  10. http://ipmasq2.cjb.net/
  11. http://ipmasq.cjb.net/index.html#mirror
  12. http://ipmasq.cjb.net/
  13. http://www.kernel.org/
  14. http://metalab.unc.edu/mdw/HOWTO/NET-3-HOWTO.html
  15. http://metalab.unc.edu/mdw/LDP/nag/nag.html
  16. http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri
  17. http://metalab.unc.edu/mdw/HOWTO/ISP-Hookup-HOWTO.html
  18. http://metalab.unc.edu/mdw/HOWTO/PPP-HOWTO.html
  19. http://metalab.unc.edu/mdw/HOWTO/mini/DHCP.html
  20. http://metalab.unc.edu/mdw/HOWTO/mini/Cable-Modem.html
  21. http://www.rustcorp.com/linux/ipchains/
  22. http://www.rustcorp.com/linux/ipchains/
  23. http://ipmasq.cjb.net/
  24. http://ipmasq.cjb.net/
  25. http://www.kernel.org/
  26. http://www.pi.se/blox/modules/modules-2.0.0.tar.gz
  27. http://metalab.unc.edu/mdw/HOWTO/NET-3-HOWTO.html
  28. http://metalab.unc.edu/mdw/LDP/nag/nag.html
  29. http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri
  30. http://metalab.unc.edu/mdw/HOWTO/ISP-Hookup-HOWTO.html
  31. http://metalab.unc.edu/mdw/HOWTO/PPP-HOWTO.html
  32. http://metalab.unc.edu/mdw/HOWTO/mini/DHCP.html
  33. http://metalab.unc.edu/mdw/HOWTO/mini/Cable-Modem.html
  34. ftp://ftp.xos.nl/pub/linux/ipfwadm/ipfwadm-2.3.0.tar.gz
  35. http://www.xos.nl/linux/ipfwadm/
  36. http://ipmasq.cjb.net/
  37. file://localhost/tmp/Kernel-HOWTO.html
  38. http://ipmasq.cjb.net/
  39. file://localhost/tmp/Kernel-HOWTO.html
  40. http://ipmasq.cjb.net/
  41. file://localhost/tmp/bg5sgmltools.9207/ftp.novell.com/pub/updates/unixconn/lwp5
  42. mailto:ambrose@writeme.com
  43. mailto:dranch@trinnet.net
  44. http://metalab.unc.edu/mdw/HOWTO/IPCHAINS-HOWTO.html
  45. http://152.19.254.81/mdw/linux.html
  46. http://152.19.254.81/mdw/linux.html
  47. http://ipmasq.cjb.net/
  48. http://dijon.nais.com/~nevo/masq/
  49. http://ipmasq.cjb.net/
  50. http://dijon.nais.com/~nevo/masq/
  51. http://ipmasq.cjb.net/
  52. http://www.rustcorp.com/linux/ipchains/
  53. http://metalab.unc.edu/mdw/HOWTO/IPCHAINS-HOWTO.html
  54. http://home.pacific.net.sg/~harish/diald.config.html
  55. ftp://ftp.netis.com/pub/members/rlynch/ipautofw.tar.gz
  56. mailto:mikey@swampgas.com
  57. http://cu-seeme.cornell.edu/
  58. http://www.wpine.com/
  59. http://www.indyramp.com/masq/
  60. http://ipmasq.cjb.net/
  61. ftp://ftp.swampgas.com/pub/cuseeme/ip_masq_cuseeme.c
  62. mailto:mikey@swampgas.com
  63. http://www.swampgas.com/vc/vc.htm
  64. http://ipmasq.home.ml.org/index.html
  65. http://ipmasq.home.ml.org/
  66. mailto:masq-request@indyramp.com
  67. mailto:masq-request@indyramp.com
  68. mailto:masq-request@indyramp.com
  69. http://www.indyramp.com/masq/list/
  70. http://ipmasq.home.ml.org/ipmasq-HOWTO.html
  71. http://ipmasq.home.ml.org/ipmasq-HOWTO-1.2.x.txt
  72. http://www.indyramp.com/masq/ip_masquerade.txt
  73. http://www.xos.nl/linux/ipfwadm/
  74. http://masqapps.home.ml.org/
  75. http://linuxwww.db.erau.edu/NAG/
  76. http://www.caldera.com/LDP/HOWTO/NET-2-HOWTO.html
  77. http://www.caldera.com/LDP/HOWTO/ISP-Hookup-HOWTO.html
  78. http://www.caldera.com/LDP/HOWTO/PPP-HOWTO.html
  79. http://www.caldera.com/LDP/HOWTO/Ethernet-HOWTO.html
  80. http://www.caldera.com/LDP/HOWTO/Firewall-HOWTO.html
  81. file://localhost/tmp/Kernel-HOWTO.html
  82. http://www.caldera.com/LDP/HOWTO/HOWTO-INDEX-3.html
  83. news:comp.os.linux.networking
