Linux (gateway) Internet

, kaf@terem.perm.su


Linux Internet

1.

2. (gateway)

3. Linux

4.

5.

1

IP- - Internet.

1.2.8 - 1.2.13 1.3.... (Mobile-IP, IP-masquarading ) .

- Slackware v 3.0.0. (RED HAT, CALDERA ) ( - /etc/rc.d/...), TCP/IP .

2 (gateway)

Internet :

3 Linux

3.1

Linux , router ( ) , (firewall) . .

, gateway.

( K Slackware v 3.0.0, D Slackware).

/usr/src/linux

make config

General Setup , IDE Drivers . y

Networking support (CONFIG_NET)
. Loadable module support y, ( , , ), n, .

3.2 , (screening router) IP- (account)

Networking options :

TCP/IP networking (CONFIG_INET) [y]
IP forwarding/gatewaying (CONFIG_IP_FORWARD) [y]
IP multicasting (CONFIG_IP_MULTICAST) [y]
IP firewalling (CONFIG_IP_FIREWALL) [y]
IP accounting (CONFIG_IP_ACCT) [y]
.

3.3

Network device support y

Network device support? (CONFIG_NETDEVICES)
. (. ) , n. insmod /etc/rc.d/rc.inet1. ( NE2000). , , /usr/src/linux/drivers/net,
#ifdef MODULE
, .

, () .

:

3.4

:

make dep
make clean
make zImage

, :

make modules
make modules_install
/lib/modules/<_>.

(: linuxroute) :

mv arch/i386/boot/zImage /linuxroute
( /etc/lilo.conf) lilo (. lilo).

. - .

4

4.1

( , Ethernet ) ( ) .

, /etc/rc/rc.inet1.

rc.inet1. ():

/sbin/insmod /lib/modules/<_>/net/<_'__>

IP-. ( ) IP-. ifconfig.

rc.inet1 :

lo

rc.inet1 TCP/IP. :

/sbin/ifconfig lo 127.0.0.1
IP- IP- .

, TCP/IP, :

ping 127.0.0.1

IP- IP- : 127.0.0.1. , ftp-,

ftp  127.0.0.1

Ethernet (eth0)

Ethernet. , (. ), :

insmod <_'__>

Ethernet eth0, eth1 . .

:

rc.inet1 . :
IPADDR="194.220.22.1"   # REPLACE with YOUR IP address!
NETMASK="255.255.255.0" # REPLACE with YOUR netmask!
BROADCAST="194.220.22.255" # REPLACE with YOUR broadcast address, if you
                           # have one. If not, leave blank and edit below.
/sbin/ifconfig eth0 ${IPADDR} broadcast ${BROADCAST} netmask ${NETMASK}

- SLIP/CSLIP (sl0) PPP (ppp0)

SLIP (Serial Line Interface Protocol) CSLIP (Compressed Serial Line Interface Protocol), PPP (Point To Point) .

PPP- ( pppd) - , IP- .

SLIP/CSLIP - .

SLIP/CSLIP .

SLIP/CSLIP dip (DialUpIP). , IP-, . .

dip , . dip, , shell:

#!/bin/sh

while :;
do
    /sbin/dip __dip
    sleep 5
done
rc.inet1.

, , IP- . . :

#   IP-
get $local 193.124.190.229

#   IP-
get $remote 193.124.190.230
#      
port ttyS0
speed 38400


#     
# maximal transfere unit
get $mtu 576

#      
#  ,   IP-   
#      

done:
  print CONNECTED $locip ---> $rmtip
  default
  mode CSLIP
  exit
dip .

4.2 routing'

routing' ( ) ( ), .

, , ( Ethernet SLIP ). routing' routed gated.

route.

routing' rc.inet1. routing :

IP- 127.0.0.1 . 127.... :

/sbin/route add -net 127.0.0.1

Ethernet ( 255.255.255.0), routing' :

NETMASK=255.255.255.0
/sbin/route add -net ${NETWORK} netmast ${NETMASK}
, route .

routing' SLIP/CSLIP dip, ifconfig route.

4.3 nameserver'

( ) IP-, /etc/resolv.conf nameserver' :

nameserver <>
/etc/host.conf
order hosts, bind
/etc/hosts. , Internet' , IP- .

4.4

:

Screening routing

Linux (forwarding) . (make config - .) :

IP forwarding/gatewaying (CONFIG_IP_FORWARD) [y]
IP firewalling (CONFIG_IP_FIREWALL) [y]

, (gateway Internet') , .

ipfwadm.

90% TCP- c 1- 1024 TCP- 5000 65535 X-, 1025-4999 - . Internet (ftp,http ) ( ), (. /etc/service).

( /etc/rc.d/rc.firewall) /etc/rc.d.rc.inet1.

:

#!/bin/sh

NET=198.223.25
LOCALNET=198.223.25.0

/sbin/ipfwadm -B -f     # 

#     
/sbin/ipfwadm -B -a accept -S ${LOCALNET}/24 -D ${LOCALNET}/24

#   TCP-   
/sbin/ipfwadm -B -P tcp -a deny -S 255.255.255.255/0 -D ${LOCALNET}/24 0:1024

#   X-server'  
/sbin/ipfwadm -B -P tcp -a deny -S 255.255.255.255/0 -D ${LOCALNET}/24 5000:64575

#   TCP- 1025  4999    / Internet
#     (  )     


#   UDP-  
/sbin/ipfwadm -B -P udp -a deny -S 255.255.255.255/0 -D ${LOCALNET}/24 0:1024


# gateway  Internet
GateWayIP=194.126.198.229/32

/sbin/ipfwadm -B -P tcp -a deny -S 255.255.255.255/0 -D ${GateWayIP} 0:20
#    21-23 - ftp -
/sbin/ipfwadm -B -P tcp -a deny -S 255.255.255.255/0 -D ${GateWayIP} 24:79
#  80 - http - 
/sbin/ipfwadm -B -P tcp -a deny -S 255.255.255.255/0 -D ${GateWayIP} 81:1024
/sbin/ipfwadm -B -P tcp -a deny -S 255.255.255.255/0 -D ${GateWayIP} 5000:64575
/sbin/ipfwadm -B -P udp -a deny -S 255.255.255.255/0 -D ${GateWayIP} 0:1024
#     ftp  www    


#     Internet'a
#       32-255   Internet
# 32-63
/sbin/ipfwadm -B -a deny -S 255.255.255.255/0 -D ${NET}.32/27
# 64-128
/sbin/ipfwadm -B -a deny -S 255.255.255.255/0 -D ${NET}.64/26
# 128-255
/sbin/ipfwadm -B -a deny -S 255.255.255.255/0 -D ${NET}.128/25

( UNIX-) ( telnetd) /etc/inetd.conf . firewall

, , TCP-wrapper (. ).

Wrapping

Linux TCP- inetd , tcpd, (. /etc/inetd.conf). tcpd IP- /etc/hosts.allow /etc/hosts.deny. /etc/hosts.allow - , /etc/hosts.deny, . , telnetd /etc/hosts.deny :

in.telnetd:ALL EXCEPT 194.128.18.25

5

:

man <_>
HOWTO:

LINUX_ETHETNET_HOWTO

LINUX_NET-2/3-HOWTO

FIREWALLING_AND_PROXY_SERVER_HOWTO

THE_LINUX_KERNEL_HOWTO