kaf@terem.perm.suIP- - Internet.
1.2.8 - 1.2.13 1.3.... (Mobile-IP, IP-masquarading ) .
- Slackware v 3.0.0. (RED HAT, CALDERA ) ( - /etc/rc.d/...), TCP/IP .
Internet :
Linux , router ( ) , (firewall) . .
, gateway.
( K Slackware v 3.0.0, D Slackware).
/usr/src/linux
make config
General Setup
,
IDE Drivers
.
y
Networking support (CONFIG_NET)
y,
( , ,
),
n,
.
Networking options :
TCP/IP networking (CONFIG_INET) [y]
IP forwarding/gatewaying (CONFIG_IP_FORWARD) [y]
IP multicasting (CONFIG_IP_MULTICAST) [y]
IP firewalling (CONFIG_IP_FIREWALL) [y]
IP accounting (CONFIG_IP_ACCT) [y]
Network device support
y
Network device support? (CONFIG_NETDEVICES)
n.
insmod
/etc/rc.d/rc.inet1.
(
NE2000). ,
,
/usr/src/linux/drivers/net,
#ifdef MODULE
, () .
:
Do you want to be offered ALPHA test drivers (CONFIG_NET_ALPHA)
Other ISA cards (CONFIG_NET_ISA).
:
make dep
make clean
make zImage
, :
make modules
make modules_install
(: linuxroute) :
mv arch/i386/boot/zImage /linuxroute
. - .
( , Ethernet ) ( ) .
, /etc/rc/rc.inet1.
rc.inet1. ():
/sbin/insmod /lib/modules/<_>/net/<_'__>
IP-. ( ) IP-. ifconfig.
rc.inet1 :
rc.inet1 TCP/IP. :
/sbin/ifconfig lo 127.0.0.1
, TCP/IP, :
ping 127.0.0.1
IP- IP- : 127.0.0.1. , ftp-,
ftp 127.0.0.1
Ethernet. , (. ), :
insmod <_'__>
Ethernet eth0, eth1 . .
:
IPADDR="194.220.22.1" # REPLACE with YOUR IP address!
NETMASK="255.255.255.0" # REPLACE with YOUR netmask!
BROADCAST="194.220.22.255" # REPLACE with YOUR broadcast address, if you
# have one. If not, leave blank and edit below.
/sbin/ifconfig eth0 ${IPADDR} broadcast ${BROADCAST} netmask ${NETMASK}
SLIP (Serial Line Interface Protocol) CSLIP (Compressed Serial Line Interface Protocol), PPP (Point To Point) .
PPP- ( pppd) - , IP- .
SLIP/CSLIP - .
SLIP/CSLIP .
SLIP/CSLIP dip (DialUpIP). , IP-, . .
dip , . dip, , shell:
#!/bin/sh
while :;
do
/sbin/dip __dip
sleep 5
done
, , IP- . . :
# IP-
get $local 193.124.190.229
# IP-
get $remote 193.124.190.230
#
port ttyS0
speed 38400
#
# maximal transfere unit
get $mtu 576
#
# , IP-
#
done:
print CONNECTED $locip ---> $rmtip
default
mode CSLIP
exit
routing' ( ) ( ), .
, , ( Ethernet SLIP ). routing' routed gated.
route.
routing' rc.inet1. routing :
IP- 127.0.0.1 . 127.... :
/sbin/route add -net 127.0.0.1
Ethernet ( 255.255.255.0), routing' :
NETMASK=255.255.255.0
/sbin/route add -net ${NETWORK} netmast ${NETMASK}
routing' SLIP/CSLIP dip, ifconfig route.
( ) IP-, /etc/resolv.conf nameserver' :
nameserver <>
order hosts, bind
:
Linux (forwarding) . (make config - .) :
IP forwarding/gatewaying (CONFIG_IP_FORWARD) [y]
IP firewalling (CONFIG_IP_FIREWALL) [y]
, (gateway Internet') , .
ipfwadm.
90% TCP- c 1- 1024 TCP- 5000 65535 X-, 1025-4999 - . Internet (ftp,http ) ( ), (. /etc/service).
( /etc/rc.d/rc.firewall) /etc/rc.d.rc.inet1.
:
#!/bin/sh
NET=198.223.25
LOCALNET=198.223.25.0
/sbin/ipfwadm -B -f #
#
/sbin/ipfwadm -B -a accept -S ${LOCALNET}/24 -D ${LOCALNET}/24
# TCP-
/sbin/ipfwadm -B -P tcp -a deny -S 255.255.255.255/0 -D ${LOCALNET}/24 0:1024
# X-server'
/sbin/ipfwadm -B -P tcp -a deny -S 255.255.255.255/0 -D ${LOCALNET}/24 5000:64575
# TCP- 1025 4999 / Internet
# ( )
# UDP-
/sbin/ipfwadm -B -P udp -a deny -S 255.255.255.255/0 -D ${LOCALNET}/24 0:1024
# gateway Internet
GateWayIP=194.126.198.229/32
/sbin/ipfwadm -B -P tcp -a deny -S 255.255.255.255/0 -D ${GateWayIP} 0:20
# 21-23 - ftp -
/sbin/ipfwadm -B -P tcp -a deny -S 255.255.255.255/0 -D ${GateWayIP} 24:79
# 80 - http -
/sbin/ipfwadm -B -P tcp -a deny -S 255.255.255.255/0 -D ${GateWayIP} 81:1024
/sbin/ipfwadm -B -P tcp -a deny -S 255.255.255.255/0 -D ${GateWayIP} 5000:64575
/sbin/ipfwadm -B -P udp -a deny -S 255.255.255.255/0 -D ${GateWayIP} 0:1024
# ftp www
# Internet'a
# 32-255 Internet
# 32-63
/sbin/ipfwadm -B -a deny -S 255.255.255.255/0 -D ${NET}.32/27
# 64-128
/sbin/ipfwadm -B -a deny -S 255.255.255.255/0 -D ${NET}.64/26
# 128-255
/sbin/ipfwadm -B -a deny -S 255.255.255.255/0 -D ${NET}.128/25
( UNIX-) ( telnetd) /etc/inetd.conf . firewall
, , TCP-wrapper (. ).
Linux TCP- inetd , tcpd, (. /etc/inetd.conf). tcpd IP- /etc/hosts.allow /etc/hosts.deny. /etc/hosts.allow - , /etc/hosts.deny, . , telnetd /etc/hosts.deny :
in.telnetd:ALL EXCEPT 194.128.18.25
:
man <_>