To RedHat Linux 6.x san Internet Gateway gia spitiko diktyo: Ry8miseis maskarismatos (masquerading)

4. Ry8miseis maskarismatos (masquerading)

Ola kala! Ta prokatarktika teleiwsane, ki edw akribws arxizei h mageia. To maskarisma IP einai mia apo tis pragmatika magikes eykolies toy Linux. Yparxoyn emporika proionta gia ta Windows, poy kanoyne to idio pragma, alla oxi toso apotelesmatika. Enas arxaios 386 mporei mia xara na kanei maskarisma IP gia ena oloklhro grafeio mesaioy mege8oys, alla den mporei kan na trejei Windows 95 - as afhsoyme kata meros to programma maskarismatos gia Windows. (San ysterografo, diabasa se prosfates eidhseis oti ta Windows 2000 8a yposthrizoyn "koinh xrhsh syndesewn" xwris epipros8eto software. Fainetai oti oi etairies poy poylousan programmata koinhs xrhshs syndesewn, "agkaliasthkan apo kai platynan me th boh8eia ths" MicroSoft. Wstoso, den 8a synistousa na dokimasete Windows 2000 epanw se 386.)

To Linux dia8etei mia tromera eyelikth ikanothta firewalling, thn opoia kai 8a xrhsimopoihsoyme edw me ton pleon aplo kai xondroeidh tropo. An epi8ymeite na kanete firewalling san eidikos sto 8ema, prepei na diabasete to Firewalling HOWTO gia katanohsh ths 8ewrias, kai to IPChains HOWTO gia odhgies epanw sto neo ergaleio firewalling, to ipchains, poy paei mazi me ton pyrhna 2.2.x toy Linux (kai, kat' epektash, toy RedHat 6.x). Epishs, einai dia8esimo shmera kai to polu kalo IP Masquerading HOWTO, poy kaluptei me perissoteres leptomereies ta kolpa toy maskarismatos.

Einai para polu eukolo to na ry8misoyme ena aplo maskarisma, apo th stigmh poy 8a doyleuoyn kai to eswteriko kai to ejwteriko diktyo. Dior8wnoyme to arxeio /etc/rc.d/rc.local, kai pros8etoyme tis ejhs grammes sto telos toy :

 # 1) Adeiazoyme toys pinakes kanonwn.
 /sbin/ipchains -F input
 /sbin/ipchains -F forward
 /sbin/ipchains -F output
 # 2) Orizoyme toys xronismous MASQ kai epitrepoyme na mpoyn paketa gia
 # ru8mish toy DHCP.
 /sbin/ipchains -M -S 7200 10 60
 /sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 68 -d 0/0 67 -p udp
 # 3) Arnoumaste thn prow8hsh olwn twn paketwn, ektos oswn einai toy
 # topikou diktuoy. Ayta ta maskaroyme.
 /sbin/ipchains -P forward DENY
 /sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
 # 4) Fortwnoyme modules prow8hshs gia eidikous skopous.
 /sbin/modprobe ip_masq_ftp
 /sbin/modprobe ip_masq_raudio

Oi teleytaies duo grammes eisagoyn modules toy pyrhna, poy epitrepoyn na doyleuoyn to FTP kai to RealAudio stoys H/Y toy eswterikou diktuoy. Yparxoyn ki alla modules gia eidikes yphresies, poy mporeite na ta skalisete, an ta xreiasteite pote :

CUSeeMe (/sbin/modprobe ip_masq_cuseeme)
Internet Relay Chat (/sbin/modprobe ip_masq_irc)
Quake (/sbin/modprobe ip_masq_quake)
VDOLive (/sbin/modprobe ip_masq_vdolive)

Twra eisaste etoimoi na dokimasete to maskarisma! Trejte to rc.local script me thn entolh /etc/rc.d/rc.local, kai fugate! Ka8iste se kapoion allon H/Y sas, kai dokimaste ligo serfarisma sto Internet. Me ligh tuxh, ola twra einai kyrile!

Next Previous Contents