Linux IP Masquerade HOWTO
David Ranch, dranch@trinnet.net; Ambrose Au, ambrose@writeme.com
v1.79, 21 October 1999
ÀÌ ¹®¼´Â ¸®´ª½º È£½ºÆ®¿¡¼ IP ¸¶½ºÄ¿·¹À̵å¶ó´Â ±â´ÉÀ» »ç¿ëÇÏ´Â ¹æ¹ýÀ»
±â¼úÇÏ°í ÀÖ´Ù. IP ¸¶½ºÄ¿·¹À̵å´Â Network Address Translation(NAT)ÀÇ ÇÑ
ÇüÅ·Î, ¸®´ª½º box¿¡ ¿¬°áµÈ ÇÑ°³ÀÇ ÀÎÅÍ³Ý IP ÁÖ¼Ò¸¦ ÅëÇؼ µî·ÏµÈ IP
ÁÖ¼Ò°¡ ¾ø´Â ³»ºÎÀÇ ÄÄÇ»Å͵éÀÌ ÀÎÅͳÝÀ» ÀÌ¿ëÇϵµ·Ï ÇÏ´Â ±â´ÉÀÌ´Ù.
______________________________________________________________________
¸ñÂ÷
1. ¼Ò°³
1.1 IP Masquerading(ÁÙ¿©¼ IP MASQ) ¿¡ ´ëÇÑ ¼Ò°³
1.2 ¸Ó¸®¸», ÀÇ°ß ¹× °ø·Î
1.3 ÆDZǰú Æ÷±â
2. ¹è°æ Áö½Ä
2.1 IP ¸¶½ºÄ¿·¹À̵å¶õ ¹«¾ùÀΰ¡?
2.2 ÇöÀç »óȲ
2.3 ´©°¡ IP ¸¶½ºÄ¿·¹À̵带 »ç¿ëÇؼ À̵æÀ» ¾ò´Â°¡?
2.4 ´©±¸¿¡°Ô IP ¸¶½ºÄ¿·¹À̵尡 ÇÊ¿ä ¾ø´Â°¡?
2.5 IP ¸¶½ºÄ¿·¹À̵å´Â ¾î¶»°Ô µ¿ÀÛÇϴ°¡?
2.6 ¸®´ª½º 2.0.x ¹öÁ¯¿¡¼ IP Masqeurade¸¦ »ç¿ëÇϱâ À§ÇÑ ¿ä±¸»çÇ×µé
2.7 ¸®´ª½º 2.2.x ¹öÁ¯¿¡¼ IP Masqeurade¸¦ »ç¿ëÇϱâ À§ÇÑ ¿ä±¸»çÇ×µé
3. IP ¸¶½ºÄ¿·¹ÀÌµå ¼³Á¤
3.1 Ä¿³Î¿¡¼ IP ¸¶½ºÄ¿·¹À̵带 Áö¿øÇϵµ·Ï ÄÄÆÄÀÏ Çϱâ
3.1.1 ¸®´ª½º 2.0.x Ä¿³Î
3.1.2 ¸®´ª½º 2.2.x Ä¿³Î
3.2 ³»ºÎ LAN¿¡ ºñ°ø½ÄÀûÀÎ ³»ºÎ IP ÁÖ¼Ò¸¦ ÇÒ´çÇϱâ
3.3 IP Æ÷¿öµù Á¤Ã¥ ¼³Á¤Çϱâ
3.3.1 ¸®´ª½º 2.0.x Ä¿³Î
3.3.2 ¸®´ª½º 2.2.x Ä¿³Î
4. ¸¶½ºÄ¿·¹À̵ù ³»ºÎÀÇ ÄÄÇ»Å͵éÀ» ¼³Á¤Çϱâ
4.1 Microsoft Windows 95 ¼³Á¤
4.2 Windows NT ¼³Á¤
4.3 Windows¿¡¼ Workgroup 3.11 ¼³Á¤
4.4 UNIX ±â¹Ý ½Ã½ºÅÛÀÇ ¼³Á¤
4.5 NCSA ÅÚ³Ý ÆÐÅ°Áö¸¦ »ç¿ëÇÏ´Â DOSÀÇ ¼³Á¤
4.6 MacTCP¸¦ »ç¿ëÇÏ´Â MacOS ±â¹Ý ½Ã½ºÅÛÀÇ ¼³Á¤
4.7 Open Transport¸¦ »ç¿ëÇÏ´Â MacOS ±â¹Ý ½Ã½ºÅÛÀÇ ¼³Á¤
4.8 DNS¸¦ »ç¿ëÇÏ´Â Novell ³×Æ®¿÷ÀÇ ¼³Á¤
4.9 OS/2 WarpÀÇ ¼³Á¤
4.10 ±×¿Ü ´Ù¸¥ ½Ã½ºÅÛÀÇ ¼³Á¤
5. IP ¸¶½ºÄ¿·¹À̵åÀÇ ½ÃÇè
6. ±×¿ÜÀÇ IP ¸¶½ºÄ¿·¹ÀÌµå °ü·Ã »çÇ×°ú ¼ÒÇÁÆ®¿þ¾î Áö¿ø
6.1 IP ¸¶½ºÄ¿·¹À̵åÀÇ ¹®Á¦Á¡
6.2 ¿ÜºÎ·ÎºÎÅÍ µé¾î¿À´Â ¼ºñ½º
6.3 Áö¿øµÇ´Â Ŭ¶óÀ̾ðÆ® ¼ÒÇÁÆ®¿þ¾î¿Í ±×¿Ü ¼³Á¤¿¡ ´ëÇØ ¾Ë¾ÆµÑ Á¡
6.3.1 IP ¸¶½ºÄ¿·¹À̵å¿Í ÇÔ²² -µ¿ÀÛÇÏ´Â- ³×Æ®¿÷ Ŭ¶óÀ̾ðÆ®µé
6.3.2 µ¿ÀÛÇÏÁö ¾Ê´Â Ŭ¶óÀ̾ðÆ®:
6.4 º¸¾È °µµ°¡ º¸´Ù ³ôÀº IP ¹æȺ®(IPFWADM) Á¤Ã¥
6.5 º¸¾È °µµ°¡ º¸´Ù ³ôÀº IP ¹æȺ®(IPCHAINS) Á¤Ã¥
6.6 ¿©·¯°³ÀÇ ³»ºÎ ³×Æ®¿÷À» IP ¸¶½ºÄ¿·¹À̵ùÇÏ´Â ¹ý
6.7 IP ¸¶½ºÄ¿·¹À̵å¿Í ÀüÈ Á¢¼Ó
6.8 IPPORTFW, IPMASQADM, IPAUTOFW, REDIR, UDPRED µî°ú ±âŸÀÇ Æ÷Æ® Æ÷¿öµù µµ±¸µé
6.8.1 2.0.x Ä¿³Î¿¡¼ IPPORTFW »ç¿ë
6.8.2 2.2.x Ä¿³Î¿¡¼ IPPORTFW¿Í ÇÔ²² IPMASQADM »ç¿ë
6.9 CU-SeeMe¿Í ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵å
6.10 Mirabilis ICQ
6.11 °ÔÀÓ: LooseUDP ÆÐÄ¡
7. ÀÚÁÖ ¹¯´Â Áú¹®µé(FAQ)
7.1 IP ¸¶½ºÄ¿·¹À̵带 ¹Ù·Î »ç¿ëÇÒ ¼ö ÀÖ´Â ¸®´ª½º ¹èÆ÷º»Àº ¾î¶² °ÍÀԴϱî?
7.2 IP ¸¶½ºÄ¿·¹À̵尡 µ¿ÀÛÇϱâ À§ÇÑ ÃÖ¼ÒÇÑÀÇ Çϵå¿þ¾î »ç¾ç°ú Á¦ÇÑ»çÇ×Àº ¹«¾ùÀԴϱî? ¼º´ÉÀº ¾î´ÀÁ¤µµÀԴϱî?
7.3 ¸ðµç ¼³Á¤À» È®ÀÎÇßÁö¸¸, ¿©ÀüÈ÷ IP ¸¶½ºÄ¿·¹À̵尡 µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù. ¾î¶»°Ô ÇØ¾ß Çմϱî?
7.4 IP ¸¶½ºÄ¿·¹À̵峪 IP ¸¶½ºÄ¿·¹ÀÌµå °³¹ßÀÚ ¸ÞÀϸµ ¸®½ºÆ®¿¡ Âü°¡Çϰųª º¸±â À§Çؼ´Â ¾î¶»°Ô ÇØ¾ß Çմϱî?
7.5 IP ¸¶½ºÄ¿·¹À̵尡 ÇÁ·Ï½Ã(Proxy)³ª NAT ¼ºñ½º¿Í ´Ù¸¥ Á¡Àº ¹«¾ùÀԴϱî?
7.6 GUI ¹æ½ÄÀÇ ¹æȺ® »ý¼º/°ü¸® µµ±¸°¡ ÀÖ½À´Ï±î?
7.7 IP ¸¶½ºÄ¿·¹À̵尡 µ¿ÀûÀ¸·Î ÇÒ´ç¹ÞÀº IP Áּҿ͵µ µ¿ÀÛÇմϱî?
7.8 ÀÎÅͳݿ¡ ¿¬°áÇϱâ À§ÇØ ÄÉÀÌºí ¸ðµ©(¾ç¹æÇâ°ú ¸ðµ© ÀÀ´äÀ» »ç¿ëÇÏ´Â °Í ¸ðµÎ), DSL, À§¼º Á¢¼Ó µîÀÇ ¹æ¹ýÀ» »ç¿ëÇÏ¸é¼ IP ¸¶½ºÄ¿·¹À̵带 »ç¿ëÇÒ ¼ö ÀÖ½À´Ï±î?
7.9 Diald³ª PPPdÀÇ ÀüÈÁ¢¼Ó ±â´ÉÀ» IP ¸¶½ºÄ¿·¹À̵å¿Í ÇÔ²² »ç¿ëÇÒ ¼ö ÀÖ½À´Ï±î?
7.10 IP ¸¶½ºÄ¿·¹À̵å¿Í ÇÔ²² »ç¿ëÇÒ ¼ö ÀÖ´Â ÀÀ¿ëÇÁ·Î±×·¥Àº ¾î¶² °ÍµéÀԴϱî?
7.11 Redhat, Debian, Slackware³ª ±âŸÀÇ ¹èÆ÷º»¿¡¼´Â ¾î¶»°Ô IP ¸¶½ºÄ¿·¹À̵带 »ç¿ëÇմϱî?
7.12 TELNET Á¢¼ÓÀ» ÀÚÁÖ »ç¿ëÇÏÁö ¾ÊÀ¸¸é µ¿ÀÛÇÏÁö ¾Ê´Â °Í °°½À´Ï´Ù. ¿Ö ±×·¸½À´Ï±î?
7.13 ÀÎÅÍ³Ý Á¢¼ÓÀÌ Ã³À½ ÀÌ·ç¾îÁú ¶§´Â ¾Æ¹«°Íµµ µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù. ÇÏÁö¸¸, ´Ù½Ã ½ÃµµÇÏ¸é ¸ðµç °ÍÀÌ Àß µ¿ÀÛÇÕ´Ï´Ù. ¿Ö ±×·¸½À´Ï±î?
7.14 IP ¸¶½ºÄ¿·¹À̵尡 Àß µ¿ÀÛÇÏ´Â °Í °°Áö¸¸ ¸î¸î »çÀÌÆ®¿¡ ´ëÇؼ´Â µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù. ÁÖ·Î À¥°ú FTP¿¡¼ ±×·¸½À´Ï´Ù.
7.15 IP ¸¶½ºÄ¿·¹À̵ùÀÌ ´À¸° °Í °°½À´Ï´Ù.
7.16 ÀÌÁ¦ IP ¸¶½ºÄ¿·¹À̵ùÀº µ¿ÀÛÇÏÁö¸¸, SYSLOGÀÇ ·Î±× ÈÀÏ¿¡ °®°¡ÁöÀÇ ÀÌ»óÇÑ ¸Þ½ÃÁöµé°ú ¿¡·¯°¡ »ý±é´Ï´Ù. IPFWADM/IPCHAINS ¹æȺ®ÀÇ ¿¡·¯ ¸Þ½ÃÁöÀÇ Àǹ̵éÀ» ¾Ë ¼ö ÀÖÀ»±î¿ä?
7.17 ¿ÜºÎÀÇ ÀÎÅÍ³Ý »ç¿ëÀÚµéÀÌ ³»ºÎ¿¡ ¸¶½ºÄ¿·¹À̵åµÇ´Â ¼¹öµé¿¡ Á÷Á¢ Á¢¼ÓÇÒ ¼ö ÀÖµµ·Ï IP ¸¶½ºÄ¿·¹À̵带 ¼³Á¤ÇÒ ¼ö ÀÖ½À´Ï±î?
7.18 SYSLOG ÈÀÏ¿¡ "kernel: ip_masq_new(proto=UDP): no free ports."¶ó´Â ¸Þ½ÃÁö°¡ ³²½À´Ï´Ù. ¿Ö ±×·±°¡¿ä?
7.19 IPPORTFW¸¦ »ç¿ëÇÏ·Á°í Çϸé "ipfwadm: setsockopt failed: Protocol not available"¶ó´Â ¿¡·¯°¡ ³³´Ï´Ù!
7.20 Microsoft ÈÀÏ ÇÁ¸°Æ® °øÀ¯¿Í Microsoft µµ¸ÞÀΠŬ¶óÀ̾ðÆ®µé(SAMBA)ÀÌ IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù!
7.21 ¸¶½ºÄ¿·¹À̵åµÇ´Â IRC »ç¿ëÀÚµéÀº IRC¸¦ Á¦´ë·Î »ç¿ëÇÒ ¼ö ¾ø½À´Ï´Ù. ¿Ö ±×·±°¡¿ä?
7.22 mIRC°¡ DCC Àü¼ÛÀ» ÇÏÁö ¸øÇÕ´Ï´Ù.
7.23 ÇÑ°³ÀÇ ÀÌ´õ³Ý ³×Æ®¿÷ Ä«µå¸¸ À־ (IP AliasingÀ» ÅëÇؼ) IP ¸¶½ºÄ¿·¹À̵带 »ç¿ëÇÒ ¼ö ÀÖ½À´Ï±î?
7.24 ¸¶½ºÄ¿·¹À̵åµÇ´Â ¿¬°áµéÀ» º¸±âÀ§Çؼ NETSTAT ¸í·ÉÀ» »ç¿ëÇÏ·Á°í Çϴµ¥ µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù.
7.25 IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ Microsoft PPTP (GRE tunnels)À̳ª IPSEC (Linux SWAN) tunnels µîÀ» »ç¿ëÇÏ°í ½Í½À´Ï´Ù.
7.26 IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ XYZ ³×Æ®¿÷ °ÔÀÓÀ» ½ÇÇàÇÏ°í ½ÍÁö¸¸ µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù. µµ¿ÍÁÖ¼¼¿ä!
7.27 IP ¸¶½ºÄ¿·¹À̵尡 ¾ó¸¶°£Àº Àß µ¿ÀÛÇÏÁö¸¸ °©Àڱ⠸ØÃä´Ï´Ù. ÀçºÎÆÃÇÏ°í ³ª¸é Çѵ¿¾È ¶Ç Àß µ¿ÀÛÇÕ´Ï´Ù. ¿Ö ±×·±°¡¿ä?
7.28 ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»Å͵éÀÌ SMTP³ª POP-3 ¸ÞÀÏÀ» º¸³»Áö ¸øÇÕ´Ï´Ù!
7.29 ³»ºÎÀÇ ¼·Î ´Ù¸¥ ¸¶½ºÄ¿·¹ÀÌµå ³×Æ®¿÷Àº °¢°¢ÀÇ ¿ÜºÎ IP ÁÖ¼Ò¸¦ ÅëÇؼ ³ª°¡µµ·Ï ÇÏ°í ½Í½À´Ï´Ù. (IPROUTE2)
7.30 Why do the new 2.1.x and 2.2.x kernels use IPCHAINS instead of IPFWADM?
7.31 I've just upgraded to the 2.2.x kernels, why isn't IP Masquerade working?
7.32 I've just upgraded to a 2.0.36+ kernels later, why isn't IP Masquerade working?
7.33 I need help with EQL connections and IP Masq
7.34 I can't get IP Masquerade to work! What options do I have for Windows Platforms?
7.35 I want to help on IP Masquerade development. What can I do?
7.36 Where can I find more information on IP Masquerade?
7.37 I want to translate this HOWTO to another language, what should I do?
7.38 This HOWTO seems out of date, are you still maintaining it? Can you include more information on ...? Are there any plans for making this better?
7.39 I got IP Masquerade working, it's great! I want to thank you guys, what can I do?
8. ±âŸ »çÇ×µé
8.1 À¯¿ëÇÑ ÀÚ·áµé
8.2 Linux IP ¸¶½ºÄ¿·¹À̵å ÀÚ·á(Linux IP Masquerade Resource)
8.3 °¨»ç¸¦ µå·Á¾ß ÇÒ »ç¶÷µé..
8.4 Âü°íÇÑ ÀÚ·á
8.5 Changes
______________________________________________________________________
1. ¼Ò°³
1.1. IP Masquerading(ÁÙ¿©¼ IP MASQ) ¿¡ ´ëÇÑ ¼Ò°³
(¿ªÀÚÁÖ: [ masquerade ] n, °¡Àå ¹«µµÈ¸, °¡Àå, ±¸½Ç [ masquerade ] v,
°¡Àå ¹«µµ¸¦ ÇÏ´Ù, °¡ÀåÇÏ´Ù, üÇÏ´Ù)
ÀÌ ¹®¼´Â ¸®´ª½º È£½ºÆ®¿¡¼ IP ¸¶½ºÄ¿·¹À̵å¶ó´Â ±â´ÉÀ» »ç¿ëÇÏ´Â ¹æ¹ýÀ»
±â¼úÇÏ°í ÀÖ´Ù. IP ¸¶½ºÄ¿·¹À̵å´Â Network Address Translation(NAT)ÀÇ ÇÑ
ÇüÅ·Î, ¸®´ª½º box¿¡ ¿¬°áµÈ ÇÑ°³ÀÇ ÀÎÅÍ³Ý IP ÁÖ¼Ò¸¦ ÅëÇؼ µî·ÏµÈ IP
ÁÖ¼Ò°¡ ¾ø´Â ³»ºÎÀÇ ÄÄÇ»Å͵éÀÌ ÀÎÅͳÝÀ» ÀÌ¿ëÇϵµ·Ï ÇÏ´Â ±â´ÉÀÌ´Ù.
³»ºÎÀÇ ÄÄÇ»Å͵éÀº ÀÌ´õ³Ý(Ethernet), ÅäÅ« ¸µ(TokenRing), FDDI°°Àº LAN
¿¬°áÀ̳ª ´ÙÀ̾ó¾÷ PPP(¿ªÀÚÁÖ: À©µµ¿ìÁîÀÇ ÀüÈÁ¢¼Ó ³×Æ®¿öÅ·), ȤÀº SLIP
°°Àº ¹æ¹ýÀ» ÅëÇؼ ¸®´ª½º È£½ºÆ®¿¡ ¿¬°áÇÒ ¼ö ÀÖ´Ù. ÀÌ ¹®¼´Â
ÀÌ´õ³Ý(Ethernet)À» ÀÌ¿ëÇÏ´Â ¹æ¹ýÀ» ¿ì¼±ÀûÀ¸·Î ´Ù·é´Ù.
ÀÌ ¹®¼´Â IBM ȣȯ PC¿¡¼ 2.0.36ÀÌ»ó, 2.2.9ÀÌ»óÀÇ ¾ÈÁ¤
Ä¿³ÎÀ» »ç¿ëÇÏ´Â »ç¿ëÀÚµéÀ» À§Çؼ ¾²¿©Á³´Ù. 1.2.x ³ª 1.3.xÀÇ
¿À·¡µÈ Ä¿³ÎÀº ´Ù·çÁö ¾Ê°í, ¾î¶² ¹öÁ¯ÀÇ Ä¿³Î¿¡¼´Â À߸øµÈ
°á°ú¸¦ ³¾ ¼öµµ ÀÖ´Ù. IP ¸¶½ºÄ¿·¹À̵带 »ç¿ëÇϱâ ÀÌÀü¿¡
»õ·Î¿î ¾ÈÁ¤ Ä¿³Î·Î ¾÷±×·¹À̵åÇϱ⠹ٶõ´Ù.
IP ¸¶½ºÄ¿·¹À̵带 ¸ÅŲÅä½Ã¿¡¼ »ç¿ëÇÏ°íÀÚ ÇÑ´Ù¸é, Taro
Fukunaga, tarozax@earthlink.net ¿¡°Ô ¸ÞÀÏÀ» º¸³»¼ ÀÌ
HOWTOÀÇ °£·«ÇÑ MkLinux¿ë ¹öÁ¯À» ¾ò±æ ¹Ù¶õ´Ù..
1.2. ¸Ó¸®¸», ÀÇ°ß ¹× °ø·Î
»õ·Î¿î »ç¿ëÀڵ鿡°Ô´Â ¸®´ª½º Ä¿³Î(1.2.x ÀÌÀü ¹öÁ¯ Æ÷ÇÔ)¿¡¼ IP Masq¸¦
¼³Á¤ÇÏ´Â °ÍÀÌ ¸Å¿ì È¥µ¿½º·´´Ù. FAQ¿Í ¸ÞÀϸµ ¸®½ºÆ®°¡ ÀÖÁö¸¸, IP Masq¸¦
À§Çؼ ¾²¿©Áø ¹®¼´Â ¾ø¾ú´Ù. ±×¸®°í, ¸ÞÀϸµ ¸®½ºÆ®¿¡µµ IP Masq¸¦ À§ÇÑ
HOWTO¸¦ ¿äûÇÏ´Â ±ÛÀÌ ÀÖ¾ú´Ù. ±×·¡¼, »õ·Î¿î »ç¿ëÀÚµéÀÌ Ãâ¹ßÁ¡À¸·Î
»ïÀ» ¼ö ÀÖµµ·Ï ÀÌ HOWTO¸¦ ¾²±â·Î °áÁ¤Çß°í, ¼÷·ÃµÈ »ç¿ëÀÚµéÀÌ ÃßÈÄ¿¡ ´õ
Ãß°¡ÇÒ ¼ö ÀÖ±æ ¹Ù¶õ´Ù. ÀÌ ¹®¼¿¡ ´ëÇØ ¾î¶² Á¾·ùÀÇ ¾ÆÀ̵ð¾î³ª,
¼öÁ¤»çÇ׵鵵 ȯ¿µÇÑ´Ù. ±×·¡¼ ÀÌ ¹®¼°¡ ´õ ÁÁÀº ¹®¼°¡ µÇ±æ ¹Ù¶õ´Ù.
ÀÌ ¹®¼´Â Ken EvesÀÇ FAQ¿Í IP ¸¶½ºÄ¿·¹ÀÌµå ¸ÞÀϸµ ¸®½ºÆ®ÀÇ ¼ö¸¹Àº
¸Þ½ÃÁöµéÀ» Âü°íÇÏ¿© ¸¸µé¾îÁ³´Ù. ³»°¡ IP Masq¸¦ ¼³Á¤Çϴµ¥ µµ¿òÀ» ÁÖ°í,
¸¶Ä§³»´Â ÀÌ ¹®¼¸¦ ¾²´Âµ¥ ¿µ°¨À» ÁØ Mr. Matthew Driver ¿¡°Ô Ưº°ÇÑ
°¨»ç¸¦ Ç¥ÇÑ´Ù. ÃÖ±Ù¿¡´Â David Ranch°¡ HOWTO¸¦ ÀçÀÛ¼ºÇßÀ¸¸ç ,HOWOT¿¡
¸¹Àº sectionµéÀ» Ãß°¡ÇÏ¿© ÀÌ ¹®¼°¡ ´õ¿í ¿Ïº®ÇØ Áöµµ·Ï Çß´Ù.
¼öÁ¤ÇØ¾ß ÇÒ Á¡À̳ª, Á¤º¸, URL, ±âŸÀÇ ¾î¶°ÇÑ ÀÇ°ßÀÌ¶óµµ ±âź¾øÀÌ
ambrose@writeme.com °ú dranch@trinnet.net·Î º¸³»Áֱ⠹ٶõ´Ù. ¿©·¯ºÐÀÇ
Âü¿©°¡ ÀÌ HOWTO¿¡ ¸¹Àº µµ¿òÀ» ÁÙ °ÍÀÌ´Ù.
ÀÌ HOWTO´Â ¿©·¯ºÐÀÌ °¡´ÉÇÑ ºü¸¥ ½Ã°£¾È¿¡ ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵å
³×Æ®¿÷À» ÀÛµ¿Çϵµ·Ï Çϴµ¥ µµ¿òÀ» ÁÙ Àǵµ·Î ¾²¿©Á³´Ù. Ambrose³ª
David°¡ Á÷¾÷ÀûÀÎ ÀúÀÚ°¡ ¾Æ´Ï±â ¶§¹®¿¡, ¿©·¯ºÐÀº ÀÌ ¹®¼¿¡¼ ÀϹÝÀûÀÌÁö
¾Ê°Å³ª ¾ÖÃÊÀÇ ¸ñÀûÀÌ ¸ÂÁö ¾Ê´Â ³»¿ëÀ» ¹ß°ß ÇÒ ¼ö ÀÖÀ» °ÍÀÌ´Ù. ÀÌ
HOWTO¿¡ °üÇÑ ÃֽŠÁ¤º¸³ª ±âŸ IP ¸¶½ºÄ¿·¹À̵忡 °üÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº
¿ì¸®°¡ ÀÇ¿åÀûÀ¸·Î °ü¸®ÇÏ°í ÀÖ´Â web page IP Masquerade Resource
¿¡¼ ¾òÀ» ¼ö ÀÖ´Ù. ¿©·¯ºÐÀÌ IP ¸¶½ºÄ¿·¹À̵忡
´ëÇؼ ±â¼úÀûÀÎ Àǹ®»çÇ×ÀÌ ÀÖ´Ù¸é, Amrose³ª David¿¡°Ô ¸ÞÀÏÀ» º¸³»´Â
´ë½Å¿¡ IP ¸¶½ºÄ¿·¹ÀÌµå ¸ÞÀϸµ ¸®½ºÆ®¿¡ Âü°¡Çϱ⠹ٶõ´Ù. IP
¸¶½ºÄ¿·¹À̵忡 °üÇÑ ¸ðµç ¹®Á¦Á¡Àº ´ëºÎºÐÀÇ À¯Àúµé¿¡°Ô °øÅëµÈ °ÍÀÌ°í,
¸ÞÀϸµ ¸®½ºÆ®ÀÇ ´©±º°¡¿¡°Ô¼ °£´ÜÇÑ ´äÀ» ¾òÀ» ¼öµµ ÀÖÀ» °ÍÀÌ´Ù.
µ¡ºÙ¿©¼, Ambrose³ª David·ÎºÎÅÍ ´äÀåÀ» ¹Þ´Â ½Ã°£º¸´Ù ¸ÞÀϸµ
¸®½ºÆ®·ÎºÎÅÍ ´äÀ» ¾ò´Â ½Ã°£ÀÌ ÈξÀ Àû°Ô °É¸± °ÍÀÌ´Ù.
ÀÌ ¹®¼ÀÇ ÃֽŠ¹öÁ¯Àº ´ÙÀ½ »çÀÌÆ®¿¡¼ ¾òÀ» ¼ö ÀÖ°í, ±×°÷¿¡¼ HTMLÀ̳ª
postscript¹öÁ¯ÀÇ ¹®¼µµ ¾òÀ» ¼ö ÀÖ´Ù.
o http://ipmasq.cjb.net/: The IP Masquerade Resources
o http://ipmasq2.cjb.net/: The IP Masquerade Resources MIRROR
o The Linux Documentation Project
o Dranch's Linux page
o IP Masquerade Resource Mirror Sites Listing
¿¡¼ ¹Ì·¯ »çÀÌÆ®¸¦ È®ÀÎÇÒ
¼ö ÀÖ´Ù.
1.3. ÆDZǰú Æ÷±â
ÀÌ ¹®¼´Â Ambrose Au¿Í David Ranch¿¡°Ô ÆDZÇÀÌ ÀÖ°í, ÀÚÀ¯·Ó°Ô ÀÌ¿ë
°¡´ÉÇÑ ¹®¼ÀÌ´Ù. ÀÌ ¹®¼´Â GNU General Public License¿¡ ÀÇÇؼ Àç
¹èÆ÷ÇÒ ¼ö ÀÖ´Ù.
This document is copyright(c) 1999 Ambrose Au and David Ranch and it
is a FREE document. You may redistribute it under the terms of the GNU
General Public License.
ÀÌ ¹®¼´Â Ambrose¿Í David°¡ ÃÖ¼±À» ´ÙÇÑ ¹®¼·Î¼, ¿Ç¹Ù¸¥ ³»¿ëÀ» ´ã°í
ÀÖ´Ù. ±×·¯³ª, ¸®´ª½º IP ¸¶½ºÄ¿·¹ÀÌµå ±â´ÉÀº »ç¶÷¿¡ ÀÇÇؼ °³¹ßµÈ
°ÍÀ̹ǷÎ, ¶§¶§·Î ½Ç¼ö³ª ¹ö±×µîÀÌ ÀÖÀ» ¼ö ÀÖ´Ù.
ÀÌ ¹®¼¿¡ ¾²¿©Áø Á¤º¸¸¦ »ç¿ëÇؼ »ý±â´Â, ¿©·¯ºÐÀÇ ÄÄÇ»ÅÍÀÇ ¼Õ»óÀ̳ª
¾î¶°ÇÑ ¼Õ½Ç¿¡ ´ëÇؼµµ ¾Æ¹«µµ Ã¥ÀÓÀ» ÁöÁö ¾Ê´Â´Ù.
ÀÌ ¹®¼ÀÇ Á¤º¸¿¡ ÀÇÇØ ÇàÇØÁø ÇàÀ§ ¶§¹®¿¡ ¹ß»ýµÈ ¾î¶² ¼Õ»óµµ
ÀúÀڴ åÀÓÁöÁö ¾Ê´Â´Ù.
No person, group, or other body is responsible for any damage on your
computer(s) and any other losses by using the information on this
document. i.e.
THE AUTHORS AND ALL MAINTAINERS ARE NOT RESPONSIBLE FOR ANY
DAMAGES INCURRED DUE TO ACTIONS TAKEN BASED ON THE INFORMA
TION IN THIS DOCUMENT.
ÀÚ, ÀÌ »óÀÇ ³»¿ëÀ» ¼÷ÁöÇÏ°í... ½ÃÀÛÇØ º¸µµ·Ï ÇÏÀÚ..
2. ¹è°æ Áö½Ä
2.1. IP ¸¶½ºÄ¿·¹À̵å¶õ ¹«¾ùÀΰ¡?
IP ¸¶½ºÄ¿·¹À̵å´Â ¸®´ª½ºÀÇ ³×Æ®¿öÅ· ±â´ÉÀ¸·Î, »ó¿ë
¹æȺ®(firewall)À̳ª ³×Æ®¿÷ ¶ó¿ìÅÍ(network router)¿¡¼ ÈçÈ÷ º¼ ¼ö ÀÖ´Â
1 ´ë ´Ù(one-to-many) ¹æ½ÄÀÇ NAT(Network Address Translation: ³×Æ®¿÷
ÁÖ¼Ò Çؼ®)¿Í À¯»çÇÏ´Ù. ¿¹À» µé¾î¼, ¾î¶² ¸®´ª½º È£½ºÆ®°¡ PPP(¿ªÀÚÁÖ:
À©µµ¿ìÁîÀÇ ÀüÈÁ¢¼Ó ³×Æ®¿öÅ·¿¡ ÇØ´çÇÔ), ÀÌ´õ³Ý(Ethernet), ±âŸµîµîÀÇ
¹æ¹ýÀ¸·Î ÀÎÅͳݿ¡ ¿¬°áµÇ¾î ÀÖ´Ù¸é, ÀÌ ¸®´ª½º ¹Ú½º¿¡ ¿¬°áµÈ(PPP,
Ethernet, ±âŸµîµî) ³»ºÎÀÇ ÄÄÇ»Å͵鵵 IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ
ÀÎÅͳݿ¡ ¿¬°áÇÒ ¼ö ÀÖ´Ù. ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵带 ÅëÇϸé, ³»ºÎÀÇ
ÄÄÇ»Å͵éÀÌ °ø½ÄÀûÀ¸·Î ÇÒ´çµÈ IP ÁÖ¼Ò°¡ ¾ø´õ¶óµµ °¡´ÉÇÏ´Ù.
MASQ¸¦ »ç¿ëÇϸé, MASQ °ÔÀÌÆ®¿þÀÌ(gateway: Åë·Î°¡ µÇ´Â ÄÄÇ»ÅÍ)¸¦ ÅëÇؼ
¸î´ëÀÇ ÄÄÇ»Å͵éÀÌ ¼û¾î¼ ÀÎÅͳÝÀ» »ç¿ëÇÒ ¼ö ÀÖ´Ù. Áï, ÀÎÅͳݿ¡ ÀÖ´Â
´Ù¸¥ ÄÄÇ»Å͵鿡°Ô´Â, IP MASQ¸¦ ÅëÇؼ ¹Ù±ùÀ¸·Î ³ª¿À´Â Á¤º¸µéÀº IP MASQ
Linux ¼¹ö ÀÚü°¡ º¸³»´Â °Íó·³ º¸ÀδÙ. ÀÌ·¯ÇÑ ±â´É¿¡ µ¡ºÙ¿©¼, IP
¸¶½ºÄ¿·¹À̵å´Â ´ë´ÜÈ÷ ¾ÈÀüÇÑ ³×Æ®¿÷ ȯ°æÀ» Á¦°øÇÑ´Ù. Àß ±¸¼ºµÈ
¸¶½ºÄ¿·¹À̵ù ½Ã½ºÅÛ°ú ³»ºÎ LANÀÇ º¸¾ÈÀ» ±ú´Â °ÍÀº, Àß ±¸¼ºµÈ ¹æȺ®ÀÇ
º¸¾ÈÀ» ±ú´Â °Í ¸¸ÅÀ̳ª ¾î·Æ´Ù.
2.2. ÇöÀç »óȲ
IP ¸¶½ºÄ¿·¹À̵å´Â óÀ½ °³¹ßµÈÁö ¼ö³âÀÌ Áö³µ°í, ¸®´ª½º Ä¿³ÎÀÌ 2.2.x ·Î
µé¾î¼¸é¼ ¸Å¿ì ¼º¼÷ÇØÁ³´Ù. ¸®´ª½º Ä¿³ÎÀº 1.3.x ¹öÁ¯ºÎÅÍ MASQ ±â´ÉÀ»
ÀÚü Áö¿øÇß´Ù. ÇöÀç´Â ¼ö¸¹Àº °³ÀÎ, ¶Ç´Â »ó¾÷ ±â°üµéÀÌ ÈǸ¢ÇÏ°Ô
»ç¿ëÇÏ°í ÀÖ´Ù.
À¥ ÆäÀÌÁö º¸±â, TELNET Á¢¼Ó, FTP, PING, TRACEROUTE, ±âŸµîµîÀÇ
Åë»óÀûÀÎ ³×Æ®¿÷ ±â´ÉÀº IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ Àß ÀÛµ¿ÇÑ´Ù. FTP,
IRC¿Í Real Audio¿Í °°Àº °Íµµ, ÀûÀýÇÑ IP MASQ ¸ðµâÀ» ÀûÀçÇϸé Àß
ÀÛµ¿ÇÑ´Ù. MP3³ª Æ®·ç ½ºÇÇÄ¡(True Speech)µîÀÇ ½ºÆ®¸®¹Ö ¿Àµð¿À(streaming
audio)¿Í °°Àº ³×Æ®¿÷ °ü·Ã ÇÁ·Î±×·¥µéµµ ¿ª½Ã ÀÛµ¿ÇÑ´Ù. ¸ÞÀϸµ ¸®½ºÆ®ÀÇ
¾î¶² µ¿·á »ç¿ëÀÚµéÀº È»óȸÀÇ ¼ÒÇÁÆ®¿þ¾î¿¡¼±îÁö ÁÁÀº °á°ú¸¦ ¾òÀº ¹Ù
ÀÖ´Ù.
Áö¿øµÇ´Â Àüü ¼ÒÇÁÆ® ¿þ¾î ¸ñ·ÏÀº ``'' section¿¡¼ È®ÀÎÇϱ⠹ٶõ´Ù.
IP ¸¶½ºÄ¿·¹À̵å´Â ¿©·¯°¡Áö ´Ù¸¥ OS¿Í Çϵå¿þ¾î Ç÷§ÆûÀ» »ç¿ëÇÏ´Â »ç¿ëÀÚ
ÄÄÇ»Å͵é(client machines)¿¡°Ôµµ ¼¹ö·Î¼ Àß µ¿ÀÛÇÑ´Ù. MASQ ³»ºÎ¿¡¼
¼º°øÀûÀ¸·Î µ¿ÀÛÇÑ ½Ã½ºÅÛµéÀº ´ÙÀ½°ú °°´Ù :
o Unix: Sun Solaris, *BSD, Linux, Digital UNIX, ±âŸµîµî
o Microsoft Windows 95/98, Windows NT¿Í Windows for Workgroups
(TCP/IP ÆÐÅ°Áö°¡ ¼³Ä¡µÈ »óÅÂ)
o IBM OS/2
o MacTCP or Open Transport¸¦ »ç¿ëÇÏ´Â Apple Macintosh MacOS machineµé
o packet µå¶óÀ̹ö¿Í NCSA Telnet ÆÐÅ°Áö¸¦ »ç¿ëÇÏ´Â DOS ±â¹Ý ½Ã½ºÅÛ
o VAXen
o ¸®´ª½º³ª NT¸¦ »ç¿ëÇÏ´Â Compaq/Digital Alpha ½Ã½ºÅÛ
o AmiTCP ³ª AS225-stackÀ» »ç¿ëÇÏ´Â Amiga ÄÄÇ»ÅͱîÁö..
¸®½ºÆ®´Â ´õ °è¼ÓµÉ ¼ö ÀÖÁö¸¸ ¿äÁ¡Àº ´ÙÀ½°ú °°´Ù. TCP/IP·Î Åë½ÅÇÒ ¼ö
ÀÖ´Â OS¸¦ »ç¿ëÇÑ´Ù¸é ¹Ýµå½Ã IP ¸¶½ºÄ¿·¹À̵å¿Í ÇÔ²² µ¿ÀÛÇÒ ¼ö ÀÖ¾î¾ß
ÇÑ´Ù!
2.3. ´©°¡ IP ¸¶½ºÄ¿·¹À̵带 »ç¿ëÇؼ À̵æÀ» ¾ò´Â°¡?
o ´ç½ÅÀÌ ÀÎÅͳݿ¡ ¿¬°áµÈ ¸®´ª½º È£½ºÆ®¸¦ °¡Áö°í ÀÖ°í,
o TCP/IP°¡ ¼³Ä¡µÇ¾î ÀÖ°í ·ÎÄà ¼ºê³Ý(local subnet)À» ÅëÇؼ ¸®´ª½º
È£½ºÆ®¿¡ ¿¬°áµÈ ÄÄÇ»ÅÍ ¸î´ë¸¦ °¡Áö°í Àְųª,
o ´ç½ÅÀÇ ¸®´ª½º È£½ºÆ®°¡ µÎ°³ ÀÌ»óÀÇ ¸ðµ©À» °¡Áö°í PPP³ª SLIP¼¹ö·Î
µ¿ÀÛÇÏ¸é ³»ºÎÀÇ ´Ù¸¥ ÄÄÇ»Å͵é°ú ¿¬°áµÇ¾î ÀÖ°í,
o ±× ´Ù¸¥ ÄÄÇ»Å͵éÀÌ °ø½ÄÀûÀÎ IP ÁÖ¼Ò¸¦ ÇÒ´ç¹ÞÁö ¾Ê¾Ò´Ù¸é,
o ±×¸®°í ¹°·Ð, ISP·ÎºÎÅÍ °ø½ÄÀûÀÎ IP ÁÖ¼Ò¸¦ ÇÒ´ç¹Þ°í ¸®´ª½º¸¦
¶ó¿ìÅÍ(router)·Î ¼³Á¤Çϰųª ¿ÜºÎ ¶ó¿ìÅ͸¦ ±¸ÀÔÇϴµîÀÇ Ãß°¡ºñ¿ëÀ»
µéÀÌÁö ¾Ê°í ±× ´Ù¸¥ ÄÄÇ»Å͵éÀÌ ÀÎÅͳÝÀ» »ç¿ëÇϵµ·Ï ÇÏ°í ½Í´Ù¸é.
2.4. ´©±¸¿¡°Ô IP ¸¶½ºÄ¿·¹À̵尡 ÇÊ¿ä ¾ø´Â°¡?
o ´ç½ÅÀÇ ÄÄÇ»ÅÍ°¡ ´Üµ¶À¸·Î ¼³Ä¡µÇ¾î ÀÖ°í ÀÎÅͳݿ¡ ¿¬°áµÇ¾î Àְųª
(±×·¯³ª ´Üµ¶À¸·Î Á¸ÀçÇÏ´õ¶óµµ ¹æȺ®À» ¼³Á¤ÇÏ´Â °ÍÀº ÁÁÀº »ý°¢ÀÏ ¼ö
ÀÖ´Ù),
o ´Ù¸¥ ÄÄÇ»Å͵éÀ» À§Çؼ ÇÒ´çµÈ ¿©·¯°³ÀÇ IP ÁÖ¼Ò¸¦ °¡Áö°í ÀÖ´Ù¸é,
o ±×¸®°í ¹°·Ð, ´ç½ÅÀÌ ¸®´ª½ºÀ» »ç¿ëÇÏ´Â '¹«ÀÓ ½ÂÂ÷'¶ó´Â °ÍÀ» ÁÁ¾ÆÇÏÁö
¾Ê°í, ¿ÀÈ÷·Á °°Àº ÀÏÀ» Çϱâ À§ÇØ ºñ½Ñ ´ë°¡¸¦ ÁöºÒÇÏ´Â °ÍÀ» ´õ
ÆíÇÏ°Ô »ý°¢ÇÑ´Ù¸é.
2.5. IP ¸¶½ºÄ¿·¹À̵å´Â ¾î¶»°Ô µ¿ÀÛÇϴ°¡?
>Ken EvesÀÇ IP ¸¶½ºÄ¿·¹À̵å FAQ·ÎºÎÅÍ :
°¡Àå °£´ÜÇÑ ¼³Ä¡ÀÇ ¿¹´Â ´ÙÀ½ ±×¸²°ú °°´Ù:
SLIP/PPP +------------+ +-------------+
ISP Á¦°øÀÚ·Î | Linux | SLIP/PPP | ´Ù¸¥ ÄÄÇ»ÅÍ |
<---------- modem1| #1 |modem2 ----------- modem3| |
111.222.333.444 | | 192.168.0.100 | |
+------------+ +-------------+
À§ÀÇ ±×¸²¿¡¼, IP_MASQUERADINGÀÌ ¼³Ä¡µÈ ¸®´ª½º box°¡ Linux #1À¸·Î ¼³Á¤µÇ¾î
ÀÖ°í modem1À» ÅëÇÑ SLIP ȤÀº PPP·Î ÀÎÅͳݿ¡ ¿¬°áµÇ¾î ÀÖ´Ù. Linux #1Àº
111.222.333.444¶ó´Â IP ÁÖ¼Ò°¡ ÇÒ´çµÇ¾î ÀÖ´Ù. Linux #1Àº modom2¸¦ ÅëÇؼ ´Ù¸¥
ÄÄÇ»ÅÍ°¡ SLIP ȤÀº PPP·Î Á¢¼ÓÇÒ ¼ö ÀÖµµ·Ï µÇ¾î ÀÖ´Ù.
µÎ¹ø° ½Ã½ºÅÛ(´Ù¸¥ ÄÄÇ»ÅÍ: ¹Ýµå½Ã ¸®´ª½º¸¦ »ç¿ëÇÒ ÇÊ¿ä´Â ¾ø´Ù) Linux #1À¸·Î
SLIP ȤÀº PPP Á¢¼ÓÀ» ÇÑ´Ù. ´Ù¸¥ ÄÄÇ»ÅÍ´Â °ø½ÄÀûÀ¸·Î ÇÒ´çµÈ IP ÁÖ¼Ò¸¦ °¡Áö°í
ÀÖÁö ¾Ê´Ù. ±×·¡¼ ³»ºÎ ÁÖ¼ÒÀÎ 192.168.0.100À̶ó´Â ÁÖ¼Ò°¡ ÇÒ´çµÇ¾î ÀÖ´Ù.
(¾Æ·¡ ÂüÁ¶)
¶ó¿ìÆà Á¤º¸°¡ Á¦´ë·Î ¼³Á¤µÇ¾î ÀÖÀ¸¸é IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ "´Ù¸¥ ÄÄÇ»ÅÍ"´Â
¸¶Ä¡ ÀÎÅͳݿ¡ Á÷Á¢ ¿¬°áµÇ¾î ÀÖ´Â °Íó·³(¸î°¡Áö¸¦ Á¦¿ÜÇÏ°í) ÀÎÅͳÝÀ» »ç¿ë
ÇÒ ¼ö ÀÖ´Ù.
Pauline Middelink¿¡ ÀÇÇϸé:
"´Ù¸¥ ÄÄÇ»ÅÍ"´Â Linux #1À» °ÔÀÌÆ®¿þÀÌ(gateway)·Î ¼³Á¤ÇØ¾ß ÇÑ´Ù´Â »ç½ÇÀ» ÀØÁö
¸»¾Æ¾ß ÇÑ´Ù(±âº» ¶ó¿ìÅÍ(default route)Àΰ¡ ´ÜÁö ¼ºê³Ý(subnet)Àΰ¡´Â »ó°ü¾ø´Ù.)
¸¸¾à "´Ù¸¥ ÄÄÇ»ÅÍ"°¡ Linux #1À» °ÔÀÌÆ®¿þÀÌ·Î ¼³Á¤ÇÏÁö ¾Ê´Â´Ù¸é, Linux #1Àº
proxy arp¸¦ Áö¿øÇϵµ·Ï ¼³Á¤µÇ¾î¾ß Çϴµ¥, proxy arp¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼ÀÇ
¹üÁÖ¸¦ ¹þ¾î³ª´Â ³»¿ëÀÌ´Ù.
´ÙÀ½Àº comp.os.linux.networking¿¡ Æ÷½ºÆÃµÈ ±Û¿¡¼ ¹ßÃéÇÑ °ÍÀ¸·Î À§ÀÇ ¿¹¿¡¼ÀÇ
À̸§¿¡ ¸Âµµ·Ï ¼öÁ¤µÈ °ÍÀÌ´Ù:
o ³ª´Â "´Ù¸¥ ÄÄÇ»ÅÍ"°¡ PPPȤÀº SLIPÀ¸·Î ¿¬°áµÈ ³ªÀÇ Linux #1À» gateway·Î ÀνÄ
Çϵµ·Ï ÇÏ¿´´Ù.
o "´Ù¸¥ ÄÄÇ»ÅÍ"·ÎºÎÅÍ Linux #1À¸·Î ÆÐŶÀÌ Àü´ÞµÉ ¶§, Linux #1Àº ±× ÆÐŶ¿¡
»õ·Î¿î ¹ß½ÅÆ÷Æ®¹øÈ£(source port number)¸¦ ÇÒ´çÇÏ°í ¿ø·¡ÀÇ ÁÖ¼Ò´Â µû·Î
ÀúÀåÇØ µÐ´Ù. MASQ¼¹ö´Â ¼öÁ¤µÈ ÆÐŶÀ» SLIP/PPP¸¦ ÅëÇؼ ÀÎÅͳÝÀ¸·Î
Àü¼ÛÇÑ´Ù.
o ÀÎÅͳÝÀ¸·ÎºÎÅÍ Linux #1À¸·Î ÆÐŶÀÌ µÇµ¹¾Æ¿Ã ¶§, Linux #1Àº Æ÷Æ®¹øÈ£(port
number)¸¦ °Ë»çÇؼ "´Ù¸¥ ÄÄÇ»ÅÍ"·ÎºÎÅÍ ¿äûµÇ¾ú´ø °ÍÀÎÁö È®ÀÎÇÑ´Ù. ¸Â´Ù¸é,
MASQ ¼¹ö´Â ÀúÀåÇص״ø ¿ø·¡ÀÇ Æ÷Æ®¹øÈ£¿Í IP ÁÖ¼Ò¸¦ ÀÎÅͳÝÀ¸·ÎºÎÅÍ ¿Â
ÆÐŶ¿¡ ´Ù½Ã ÇÒ´çÇÏ°í "´Ù¸¥ ÄÄÇ»ÅÍ"·Î º¸³»ÁØ´Ù.
o ÀÎÅͳݿ¡¼ ÆÐŶÀ» º¸³½ È£½ºÆ®´Â ÀÌ·± ÀÏÀÌ ÀϾ´Â °ÍÀ» ÀüÇô ¾Ë ¼ö ¾ø´Ù.
IP MasqueradingÀÇ ¶Ç´Ù¸¥ ¿¹:
¾Æ·¡ ±×¸²¿¡ ÀüÇüÀûÀÎ ¿¹°¡ ÀÖ´Ù:
+----------+
| | Ethernet
| A-box |::::::
| |.2 : 192.168.0.x
+----------+ :
: +----------+
+----------+ : .1 | Linux | PPP Á¢¼Ó
| | :::::::| Masq-Gate|:::::::::::::::::::// Internet
| B-box |:::::: | | 111.222.333.444
| |.3 : +----------+
+----------+ :
:
+----------+ :
| | :
| C-box |::::::
| |.4
+----------+
| | |
| <----³»ºÎ ³×Æ®¿÷----> | | <------¿ÜºÎ ³×Æ®¿÷------>
| | |
ÀÌ ¿¹¿¡¼´Â ¸ðµÎ ³×°³ÀÇ ÄÄÇ»ÅÍ°¡ ÀÖ´Ù. ÀÌ °æ¿ì¿¡µµ ¸¶Âù°¡Áö·Î ¿À¸¥ÂÊ
³¡¿¡´Â PPPÁ¢¼ÓÀ» ÇÒ ¼ö ÀÖ´Â ¼¹ö°¡ ÀÖ°í, ´õ ¿À¸¥Á·¿¡´Â Á¤º¸¸¦
±³È¯ÇÏ°íÀÚ ÇÏ´Â ÀÎÅͳݻóÀÇ È£½ºÆ®µéÀÌ ÀÖ´Ù°í °¡Á¤ÇÑ´Ù. ¸®´ª½º ½Ã½ºÅÛÀÎ
Masq-Gate°¡ ³»ºÎ ³×Æ®¿÷ÀÇ A-box, B-box, C-box¸¦ ¿ÜºÎÀÇ ÀÎÅͳÝÀ¸·Î
¿¬°áÇϵµ·Ï ÇØÁÖ´Â IP Masquerading °ÔÀÌÆ®¿þÀÌÀÌ´Ù. ³»ºÎ ³×Æ®¿÷Àº
RFC-1918¿¡ Á¤ÇØÁø ¸î°¡Áö ³»ºÎ ³×Æ®¿÷ ÁÖ¼ÒÁß ÇÑ°¡Áö¸¦ »ç¿ë´Âµ¥, ÀÌ
°æ¿ì¿¡´Â C Ŭ·¡½º ³×Æ®¿÷ÀÎ 192.168.0.0ÀÌ´Ù. ¸®´ª½º ¹Ú½º°¡
192.168.0.1ÀÇ IP ÁÖ¼Ò¸¦ »ç¿ëÇϸç, ´Ù¸¥ ½Ã½ºÅÛµéÀº ´ÙÀ½°ú °°Àº ÁÖ¼Ò¸¦
°®´Â´Ù:
o A-Box: 192.168.0.2
o B-Box: 192.168.0.3
o C-Box: 192.168.0.4
¼¼ °³ÀÇ ÄÄÇ»ÅÍ, A-box, B-box and C-box´Â TCP/IP¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù¸é
¾î¶² OS¸¦ »ç¿ëÇÏ°í ÀÖ´õ¶óµµ »ó°ü ¾ø´Ù. À©µµ¿ìÁî 95, ¸ÅŲÅä½Ã MacTCP
¶Ç´Â OpenTransport³ª ´Ù¸¥ ¸®´ª½º ¹Ú½º¶óµµ IP MASQ¸¦ ÅëÇؼ ÀÎÅͳݿ¡
¿¬°áµÉ ¼ö ÀÖ´Ù. ¿¬°áµÇ´Â µ¿¾È, ¸¶½ºÄ¿·¹À̵ùÀ» ÇÏ´Â ½Ã½ºÅÛ, ȤÀº MASQ-
gate´Â ³»ºÎ·ÎºÎÅÍÀÇ ¿¬°áÀ» ¸ðµÎ MASQ-gate ÀÚü¿¡¼ º¸³»´Â °Íó·³
ÀüȯÇÏ°Ô µÈ´Ù. MASQ´Â ¿ÜºÎ·ÎºÎÅÍ ½ÅÈ£(¶Ç´Â Á¤º¸)°¡ ¿À¸é, ³»ºÎ¿¡ ÀÖ´Â
¿ø·¡ÀÇ ÄÄÇ»ÅÍ·Î °¡µµ·Ï ÀçÁ¤·ÄÇÑ´Ù. ±×·¡¼ ³»ºÎ ³×Æ®¿÷¿¡°Ô´Â ¸¶Ä¡
ÀÎÅͳݿ¡ Á÷Á¢ ¿¬°áµÇ¾î ÀÖ´Â °Íó·³ º¸¿©Áö°í, ¸¶½ºÄ¿·¹À̵ùÀ» »ç¿ëÇÏ°í
ÀÖ´ÂÁö ¾Æ´ÑÁö¸¦ ±¸º°ÇÒ ¼ö ¾ø°Ô µÈ´Ù. ÀÌ°ÍÀ» "Åõ¸íÇÑ" ¿¬°áÀ̶ó ÇÑ´Ù.
NOTE: ´ÙÀ½ »çÇ׿¡ ´ëÇÑ ÀÚ¼¼ÇÑ °ÍÀº ``''¸¦ ÂüÁ¶Çϱ⠹ٶ÷:
o NAT, MASQ, proxy ¼¹ö°£ÀÇ Â÷ÀÌÁ¡.
o ÆÐŶ ¹æȺ®ÀÌ µ¿ÀÛÇÏ´Â ¹æ¹ý.
2.6. ¸®´ª½º 2.0.x ¹öÁ¯¿¡¼ IP Masqeurade¸¦ »ç¿ëÇϱâ À§ÇÑ ¿ä±¸»çÇ×µé
** °¡Àå ÃÖ±ÙÀÇ Á¤º¸´Â IP Masquerade Resource
¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù. **
o °¡´ÉÇÑ Çϵå¿þ¾î»ç¾ç. ÀÚ¼¼ÇÑ »çÇ×Àº ``''ÂüÁ¶.
o Ä¿³Î 2.0.x ¼Ò½º´Â http://www.kernel.org/¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Ù.
(·¹µåÇÞ 5.2¿Í °°Àº ÃÖ±ÙÀÇ ¸®´ª½º ``''¿¡¼´Â IP ¸¶½ºÄ¿·¹ÀÌµå ¸ðµÎ
¸ðµâ·Î Áö¿øµÇµµ·Ï ÄÄÆÄÀϵǾî ÀÖ´Â Ä¿³ÎÀ» Á¦°øÇÑ´Ù. ±×·± °æ¿ì¿¡´Â
Ä¿³ÎÀ» »õ·Î ÄÄÆÄÀÏÇÒ ÇÊ¿ä°¡ ¾ø´Ù. ¸¸¾à ÇöÀç »ç¿ëÇÏ´Â Ä¿³ÎÀ»
¾÷±×·¹À̵å ÇÏ·Á ÇÑ´Ù¸é, °ü·ÃµÈ ´Ù¸¥ ÇÁ·Î±×·¥µéµµ ¾÷±×·¹À̵åÇؾß
ÇÑ´Ù.(ÃßÈÄ¿¡ ¾ð±ÞµÊ)
o ÀûÀç°¡´ÉÇÑ Ä¿³Î ¸ðµâµé, 2.1.85ÀÌ»ó ±ÇÀå.
http://www.pi.se/blox/modules/¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Ù.
(modules-1.3.57°¡ ÃÖÀú ¿ä±¸»çÇ×ÀÌ´Ù)
o TCP/IP ³×Æ®¿÷À̳ª LAN ±¸¼ºÀº Linux NET-3 HOWTO
¿Í Network
Administrator's Guide
¿¡¼ ´Ù·ç°í ÀÖ´Ù.
TrinityOS
µµ È®ÀÎÇØ
º¸±â ¹Ù¶õ´Ù. TrinityOS´Â ¸®´ª½º»ó¿¡¼ÀÇ ³×Æ®¿öÅ·¿¡ ´ëÇÑ ¾ÆÁÖ ÁÁÀº
¾È³»¼À̸ç, IP MASQ, security, DNS, DHCP, Sendmail, PPP, Diald,
NFS, IPSEC±â¹ÝÀÇ VPNs, ±×¸®°í °¢°¢ÀÇ ¼º´É¿¡ °üÇÑ °ÍµéÀ» ´Ù·ç°í
ÀÖ´Ù. ¾à 50°³ °¡·®ÀÇ ¼½¼ÇµéÀÌ ÀÖ´Ù!!
o ¸®´ª½º È£½ºÆ®¸¦ ÀÎÅͳݿ¡ ¿¬°áÇÏ´Â °Í¿¡ °üÇÑ ³»¿ëÀº Linux ISP Hookup
HOWTO ,
Linux PPP HOWTO ,
TrinityOS
, Linux
DHCP mini-HOWTO ,
Linux Cable Modem mini-HOWTO
¿¡¼ È®ÀÎÇÒ
¼ö ÀÖ´Ù.
o Ipfwadm 2.3 ȤÀº ±× ÀÌ»óÀÇ ¹öÁ¯Àº
ftp://ftp.xos.nl/pub/linux/ipfwadm/ipfwadm-2.3.tar.gz¿¡¼ ±¸ÇÒ ¼ö
ÀÖ´Ù.
°¢ ÇÁ·Î±×·¥ÀÇ ¹öÁ¯ ¿ä±¸»çÇ׿¡ ´ëÇÑ Ãß°¡Á¤º¸´Â Linux IPFWADM page
¿¡¼ È®ÀÎÇÒ ¼ö ÀÖ´Ù.
o 2.0.36ÀÌ»óÀÇ Ä¿³Î¿¡¼ IPCHAINS¸¦ »ç¿ëÇÏ·Á ÇÑ´Ù¸é Willy Tarreau's
IPCHAINS enabler for 2.0.36 À̳ª Rusty's IPCHAINS for
2.0.x kernels¸¦ Âü°íÇ϶ó.
o »õ·Î¿î Ä¿³ÎÀÇ ¼³Á¤, ÄÄÆÄÀÏ, ¼³Ä¡ÇÏ´Â °ÍÀº Linux Kernel HOWTO
¿¡¼ È®ÀÎÇÒ ¼ö
ÀÖ´Ù.
o ´ÙÀ½¿¡ ¾ð±ÞµÈ ¿©·¯°¡Áö ÆÐÄ¡¸¦ »ç¿ëÇؼ IP ¸¶½ºÄ¿·¹À̵忡 ´Ù¸¥
±â´ÉµéÀ» Ãß°¡ÇÒ ¼öµµ ÀÖ´Ù:
o TCP/IP port-forwarders ¶Ç´Â re-directors: ÀÌ ÅøµéÀ» »ç¿ëÇؼ,
´ë°³´Â MASQ¿Í °°ÀÌ µ¿ÀÛÇÏÁö ¾Ê´Â ÇÁ·Î±×·¥µéÀ» ÀÛµ¿Çϵµ·Ï ÇÒ ¼ö
ÀÖ´Ù. ÀÌ ¿Ü¿¡µµ, ¿ÜºÎÀÇ ÀÎÅÍ³Ý »ç¿ëÀÚµéÀÌ ³»ºÎÀÇ WWW, TELNET,
SMTP, FTP(ÆÐÄ¡ ÇÊ¿ä) µîµîÀÇ ¼¹ö¿¡ ¿¬°áÇϵµ·Ï MASQ¼¹ö¸¦ ¼³Á¤ÇÒ
¼öµµ ÀÖ´Ù. ´õ ÀÚ¼¼ÇÑ »çÇ×Àº ÀÌ HOWTOÀÇ ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
2.0.x Ä¿³ÎÀ» À§ÇÑ IP Masquerading ÆÐÄ¡ ¸®½ºÆ®:
o Steven ClarkeÀÌ ¸¸µç IP PortForwarding (IPPORTFW) - ÃßõÇÔ
o IP AutoForward¿Í a mirror
(IPAUTOFW)
- ÃßõÇÏÁö ¾ÊÀ½
o TCP¿¡ °üÇؼ REDIR
(REDIR) - ÃßõÇÏÁö ¾ÊÀ½
o UDP redirector (UDPRED) - ÃßõÇÏÁö ¾ÊÀ½
PORTFWed FTP:
o ¿ÜºÎ·ÎºÎÅÍÀÇ FTPÁ¢¼ÓÀ» ³»ºÎÀÇ FTP ¼¹ö·Î ¿¬°áÇÏ°í ½Í´Ù¸é Fred
Viles's FTP server patch¸¦ ³»·Á¹Þ¾Æ »ç¿ëÇ϶ó. ÀÌ¿¡ °üÇÑ ÀÚ¼¼ÇÑ
»çÇ×Àº ÀÌ HOWTOÀÇ ``'' ¼½¼Ç¿¡¼ È®ÀÎÇÒ ¼ö ÀÖ´Ù.
X-Windows¿¡¼ÀÇ display ¿¬°á(forwarders):
o X-windows forwarding (DXCP)
MASQ¸¦ ÅëÇÑ ICQ¸¦ »ç¿ëÇϱâ À§ÇÑ ¸ðµâ
o Andrew Deryabin's ICQ MASQ module
PPTP (GRE)¿Í SWAN (IPSEC) VPNsÀÇ Åͳθµ ¿¬°á(tunneling forwarders):
o John Hardin's VPN Masquerade forwarders, ȤÀº ¿À·¡µÈ ÆÐÄ¡·Î¼ PPTP
Support .
°ÔÀÓ °ü·Ã ÆÐÄ¡µé:
o Glenn LambÀÇ LooseUDP for 2.0.36+
ÆÐÄ¡.
WWW ºê¶ó¿ìÀú¿¡ µû¶ó¼, .gz È®ÀåÀÚÀÇ ÈÀÏÀ» ÀÚµ¿À¸·Î ¿¼öµµ ÀÖ´Ù.
´Ù¿î·Îµå¸¸ Çϱâ À§Çؼ´Â SHIFTÅ°¸¦ ´©¸¥»óÅ¿¡¼ À§ÀÇ URLÀ»
Ŭ¸¯Ç϶ó.
´õ ÀÚ¼¼ÇÑ »çÇ×À» ¾Ë·Á¸é Dan KegelÀÇ NAT Page
À» È®ÀÎÇϱâ
¹Ù¶õ´Ù. ``'' ¼½¼Ç°ú ``'' ¼½¼Ç¿¡¼ ´Ù¸¥ Á¤º¸µµ È®ÀÎÇÒ ¼ö ÀÖ´Ù.
À§ÀÇ ÆÐÄ¡µé¿¡ ´ëÇÑ ´õ ¸¹Àº Á¤º¸¿Í ±×¿ÜÀÇ ´Ù¸¥ Á¤º¸µéÀ» IP
Masquerade Resource ¿¡¼ È®ÀÎÇÒ ¼ö ÀÖ´Ù.
2.7. ¸®´ª½º 2.2.x ¹öÁ¯¿¡¼ IP Masqeurade¸¦ »ç¿ëÇϱâ À§ÇÑ ¿ä±¸»çÇ×µé
** °¡Àå ÃÖ±ÙÀÇ Á¤º¸´Â IP Masquerade Resource
¸¦ Âü°íÇϱ⠹ٶõ´Ù. **
o Ä¿³Î 2.2.xÀÇ ¼Ò½º´Â http://www.kernel.org/¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Ù.
NOTE #1: ¸®´ª½º 2.2.x ¹öÁ¯Áß¿¡¼ 2.2.11 ÀÌÇÏÀÇ ¹öÁ¯Àº IPCHAINS
fragmentation bug¸¦ °¡Áö°í ÀÖ´Ù. ÀÌ·± ÀÌÀ¯·Î, °·ÂÇÑ IPCHAINS
rulesetµéÀ» ÁöÁ¤ÇÏ¸é °ø°Ý¿¡ ³ëÃâµÇ°Ô µÈ´Ù. Ä¿³ÎÀ» ¾÷±×·¹À̵åÇÏ¿©
¹®Á¦¸¦ ÇØ°áÇϱ⠹ٶõ´Ù.
NOTE #2: Redhat 5.2¿Í °°Àº ÃÖ±ÙÀÇ ``''Àº 2.2.x Ä¿³ÎÀ» »ç¿ëÇÒ ¼ö
¾øÀ»Áöµµ ¸ð¸¥´Ù. DHCP, NetUtils¿Í °°Àº ÅøµéÀ» ¾÷±×·¹À̵åÇØ¾ß ÇÒ
°ÍÀÌ´Ù. ´õ ÀÚ¼¼ÇÑ »çÇ×Àº ÀÌ HOWTO¿¡¼ ¾ð±ÞµÉ °ÍÀÌ´Ù.
o ÀûÀç°¡´ÉÇÑ Ä¿³Î ¸ðµâµé, 2.1.121 ÀÌ»ó ±ÇÀå.
http://www.pi.se/blox/modules/¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Ù.
o TCP/IP ³×Æ®¿÷À̳ª LAN ±¸¼ºÀº Linux NET-3 HOWTO
¿Í Network
Administrator's Guide
¿¡¼ ´Ù·ç°í ÀÖ´Ù.
o ¸®´ª½º È£½ºÆ®¸¦ ÀÎÅͳݿ¡ ¿¬°áÇÏ´Â °Í¿¡ °üÇÑ ³»¿ëÀº Linux ISP Hookup
HOWTO ,
Linux PPP HOWTO ,
TrinityOS
, Linux
DHCP mini-HOWTO ,
Linux Cable Modem mini-HOWTO
¿¡¼ È®ÀÎÇÒ
¼ö ÀÖ´Ù.
o IP Chains 1.3.9 ȤÀº ±× ÀÌ»óÀÇ ¹öÁ¯Àº
http://www.rustcorp.com/linux/ipchains/¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Ù.
°¢ ÇÁ·Î±×·¥ÀÇ ¹öÁ¯ ¿ä±¸»çÇ׿¡ ´ëÇÑ Ãß°¡Á¤º¸´Â Linux IP Firewalling
Chains page ¿¡¼ È®ÀÎÇÒ ¼ö
ÀÖ´Ù.
o »õ·Î¿î Ä¿³ÎÀ» ¼³Á¤, ÄÄÆÄÀÏ, ¼³Ä¡ÇÏ´Â °ÍÀº Linux Kernel HOWTO
¿¡¼ È®ÀÎÇÒ ¼ö
ÀÖ´Ù.
o ´ÙÀ½¿¡ ¾ð±ÞµÈ ¿©·¯°¡Áö ÆÐÄ¡¸¦ »ç¿ëÇؼ IP ¸¶½ºÄ¿·¹À̵忡 ´Ù¸¥
±â´ÉµéÀ» Ãß°¡ÇÒ ¼öµµ ÀÖ´Ù:
o TCP/IP port-forwarders ¶Ç´Â re-directors:
o IP PortForwarding (IPMASQADM) - ̵̧
¶Ç´Â ¿¹Àü ÆäÀÌÁö mirror.
o ICQ MASQ module
o Andrew Deryabin's ICQ MASQ module
À§ÀÇ ÆÐÄ¡µé¿¡ ´ëÇÑ ´õ ¸¹Àº Á¤º¸¿Í ±×¿ÜÀÇ ´Ù¸¥ Á¤º¸µéÀ» IP Masquerade
Resource ¿¡¼ È®ÀÎÇÒ ¼ö ÀÖ´Ù.
3. IP ¸¶½ºÄ¿·¹ÀÌµå ¼³Á¤
¸¸¾à ´ç½ÅÀÇ ³×Æ®¿÷¿¡ Áß¿äÇÑ Á¤º¸°¡ ÀÖ´Ù¸é, IP ¸¶½ºÄ¿·¹À̵带
±¸ÇöÇϱâ ÀÌÀü¿¡ "º¸¾È"À̶ó´Â °ÍÀ» »ý°¢ÇØ º¸±æ ¹Ù¶õ´Ù.
±âº»ÀûÀ¸·Î, IP MASQ´Â ´ç½ÅÀÌ ÀÎÅͳݿ¡ ¿¬°áÇÒ ¼ö ÀÖµµ·Ï ÇÏ´Â
Åë·ÎÀÌÁö¸¸, ÀÎÅͳݻóÀÇ ´©±º°¡°¡ ´ç½ÅÀÇ ³»ºÎ ³×Æ®¿÷À¸·Î
µé¾î¿À´Â Åë·Î°¡ µÉ ¼öµµ ÀÖ´Ù.
ÀÏ´Ü IP MASQ°¡ µ¿ÀÛÇÏ°Ô µÇ¸é, IPFWADM/IPCHAINS ¹æȺ®¿¡ ¸Å¿ì
°·ÂÇÑ Á¤Ã¥(ruleset)À» »ç¿ëÇÒ °ÍÀ» °·ÂÈ÷ ±Ç°íÇÑ´Ù. ´õ
ÀÚ¼¼ÇÑ Á¤º¸´Â ``'' °ú ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
3.1. Ä¿³Î¿¡¼ IP ¸¶½ºÄ¿·¹À̵带 Áö¿øÇϵµ·Ï ÄÄÆÄÀÏ Çϱâ
¸¸¾à ´ç½ÅÀÇ ¸®´ª½º ¹èÆ÷º»ÀÌ ´ÙÀ½Ç׸ñµéÀ» Áö¿øÇϵµ·Ï ÄÄÆÄÀÏ
µÇ¾îÁ® ÀÖ°í ¸¶½ºÄ¿·¹À̵忡 °ü°èµÈ ¸ðµâµéÀÌ ÄÄÆÄÀϵǾî¼
Á¦°øµÇ°í ÀÖ´Ù¸é Ä¿³Î ÄÄÆÄÀÏÀ» ÇÒ ÇÊ¿ä°¡ ¾ø´Ù(´ëºÎºÐÀÇ
¹èÆ÷º»¿¡ Æ÷ÇԵǾî ÀÖÀ» °ÍÀÌ´Ù.):
o IPFWADM/IPCHAINS
o IP forwarding
o IP masquerading
o IP Firewalling
o ±âŸ µîµî
´ç½ÅÀÇ ¹èÆ÷º»ÀÌ ¸¶½ºÄ¿·¹À̵带 Áö¿øÇÏ´ÂÁö È®½ÇÇÏÁö
¾Ê´Ù¸é, ``'' ¼½¼ÇÀ̳ª IP Masquerade Resource
¿¡¼ ÀÚ¼¼ÇÑ »çÇ×À» È®ÀÎÇÒ ¼ö
ÀÖ´Ù. ´ç½ÅÀÇ ÆÐÆ÷º»ÀÌ IP ¸¶½ºÄ¿·¹À̵ùÀ» Áö¿øÇÏ´ÂÁö ¾Ë
¼ö°¡ ¾ø´Ù¸é, Áö¿øÇÏÁö ¾Ê´Â´Ù°í »ý°¢ÇÏ°í ´ÙÀ½ ´Ü°è·Î
³Ñ¾î°¡¶ó.
Áö¿øÇϵµ·Ï µÇ¾î ÀÖµçÁö ¾Æ´ÏµçÁö »ó°ü¾øÀÌ, ÀÌ ¼½¼Ç¿¡´Â ´Ù¸¥
À¯¿ëÇÑ Á¤º¸µéÀÌ ¸¹ÀÌ ÀÖÀ¸¹Ç·Î ÀоîµÎ±â¸¦ ±ÇÀåÇÑ´Ù.
3.1.1. ¸®´ª½º 2.0.x Ä¿³Î
ÇÊ¿äÇÑ ¼ÒÇÁÆ®¿þ¾î¿Í ÆÐÄ¡ µîÀº ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
o ¿ì¼±, Ä¿³Î ¼Ò½º°¡ ÇÊ¿äÇÏ´Ù.(°¡Àå ÃÖ±Ù ¹öÁ¯ÀÎ 2.0.36À̳ª ±× ÀÌ»ó
¹öÁ¯)
o ¸¸¾à Ä¿³Î ÄÄÆÄÀÏÀÌ Ã³À½ÀÌ¶óµµ °Ì¸ÔÁö ¸»±â ¹Ù¶õ´Ù. ½ÇÁ¦·Î ÇØ º¸¸é,
±×´ÙÁö ¾î·ÆÁö ¾Ê°í ``'' ¼½¼Ç¿¡ ³ª¿À´Â ¸î¸î URL¿¡¼ ÄÄÆÄÀÏ ¹æ¹ý¿¡
´ëÇØ ¼³¸íÇÏ°í ÀÖ´Ù.
o tar xvzf linux-2.0.x.tar.gz -C /usr/src ¶ó°í ¸í·ÉÇÏ¿© Ä¿³ÎÀ»
/usr/src/ ¿¡ Ǭ´Ù.(2.0.x´Â Ä¿³Î ¹öÁ¯) ¾ÐÃàÀ» Ǭ ´ÙÀ½¿¡,
/usr/src/linux/ ¶ó´Â µð·ºÅ丮³ª ½Éº¼¸¯ ¸µÅ©°¡ ÀÖ´ÂÁö È®ÀÎÇÑ´Ù.
o ÆÐÄ¡¸¦ °¡ÇÒ °ÍÀÌ ÀÖÀ¸¸é ¾ÐÃàÀ» Ǭ Ä¿³Î ¼Ò½º¿¡ ÆÐÄ¡¸¦ °¡ÇÑ´Ù. 2.0.36
ÀÌ»ó ¹öÁ¯¿¡¼´Â, IP ¸¶½ºÄ¿·¹À̵ùÀ» Çϱâ À§ÇØ Æ¯º°ÇÑ ÆÐÄ¡°¡
ÇÊ¿äÇÏÁö´Â ¾Ê´Ù. IPPORTFW, PPTP, Xwindows forwarders ¿Í °°Àº
±â´ÉµéÀº ²À ÇÊ¿äÇÏÁö´Â ¾ÊÀº ¼±ÅûçÇ×µéÀÌ´Ù. URLµéÀº ``'' ¼½¼ÇÀ»
ÂüÁ¶ÇÏ°í, ÃֽŠÁ¤º¸¿Í ±×¿ÜÀÇ ÆÐÄ¡¿¡ °ü·ÃµÈ URLµéÀº IP Masquerade
Resources À» ÂüÁ¶ÇÏ±æ ¹Ù¶õ´Ù.
o ¾Æ·¡¿¡ Ä¿³Î¿¡ Æ÷ÇԵǾî¾ß ÇÏ´Â ÃÖ¼ÒÇÑÀÇ ¿É¼ÇµéÀÇ ¸ñ·ÏÀÌ ÀÖ´Ù. ÇöÀç
¼³Ä¡µÇ¾î ÀÖ´Â ³×Æ®¿÷ ÀÎÅÍÆäÀ̽º(LAN Ä«µå, ¸ðµ© µîµî)¸¦ »ç¿ëÇÒ ¼ö
ÀÖµµ·Ï ¼³Á¤ÇÏ´Â °Íµµ ÀØÁö ¸»¾Æ¾ß ÇÑ´Ù. Ä¿³ÎÀ» ÄÄÆÄÀÏÇÏ´Â ´õ ÀÚ¼¼ÇÑ
¹æ¹ý¿¡ ´ëÇؼ´Â Linux Kernel HOWTO
¿Í Ä¿³Î ¼Ò½º
µð·ºÅ丮 ³»ÀÇ README ÈÀÏÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
´ÙÀ½ÀÇ ¿É¼Çµé¿¡¼ YESÀΰ¡ ¶Ç´Â NOÀΰ¡¸¦ È®ÀÎÇϱ⠹ٶõ´Ù. ÀÌ
HOWTO¿¡¼ ³ªÁß¿¡ ¼³¸íÇÏ´Â ÀûÀýÇÑ ÆÐÄ¡¸¦ °¡ÇÏÁö ¾Ê´Â´Ù¸é ¾Æ·¡ÀÇ
¿É¼ÇµéÀÌ ¸ðµÎ º¸ÀÌÁö ¾ÊÀ» ¼öµµ ÀÖ´Ù:
* Prompt for development and/or incomplete code/drivers (CONFIG_EXPERIMENTAL) [Y/n/?]
- YES: ÀÌ·¸°Ô ÇØ¾ß ³ªÁß¿¡ IP ¸¶½ºÄ¿·¹ÀÌµå ±â´ÉÀ» ¼±ÅÃÇÒ ¼ö ÀÖ´Ù.
* Enable loadable module support (CONFIG_MODULES) [Y/n/?]
- YES: IP ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâµéÀ» ÀûÀçÇÒ ¼ö ÀÖµµ·Ï ÇÑ´Ù.
* Networking support (CONFIG_NET) [Y/n/?]
- YES: ³×Æ®¿÷À» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù.
* Network firewalls (CONFIG_FIREWALL) [Y/n/?]
- YES: IPFWADM ¹æȺ®À» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù.
* TCP/IP networking (CONFIG_INET)
- YES: TCP/IP ÇÁ·ÎÅäÄÝÀ» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù.
* IP: forwarding/gatewaying (CONFIG_IP_FORWARD)
- YES: ¸®´ª½º ³×Æ®¿÷ ÆÐŶ Æ÷¿öµù°ú ¶ó¿ìÆÃÀ» °¡´ÉÇÏ°Ô ÇÑ´Ù.
- IPFWADM ¿¡ ÀÇÇؼ Á¦¾îµÈ´Ù.
* IP: syn cookies (CONFIG_SYN_COOKIES) [Y/n/?]
- YES: ±âº»ÀûÀÎ ³×Æ®¿÷ º¸¾ÈÀ» À§Çؼ °·ÂÈ÷ ±ÇÀåÇÑ´Ù.
* IP: firewalling (CONFIG_IP_FIREWALL) [Y/n/?]
- YES: ¹æȺ® ±â´ÉÀ» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù.
* IP: firewall packet logging (CONFIG_IP_FIREWALL_VERBOSE) [Y/n/?]
- YES: (²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸ °·ÂÈ÷ ±ÇÀå): ¹æȺ®ÀÇ Á¢±Ù ±â·ÏÀ» ³²±æ ¼ö
ÀÖµµ·Ï ÇÑ´Ù.
* IP: masquerading (CONFIG_IP_MASQUERADE [Y/n/?]
- YES: IP ¸¶½ºÄ¿·¹À̵ù ±â´ÉÀ» »ç¿ëÇÏ¿© ³»ºÎ ³×Æ®¿÷ÀÇ Æ¯Á¤ ÁּҷκÎÅÍÀÇ
ÆÐŶÀ» ÁÖ¼Ò¸¦ º¯°æÇÏ¿© ¿ÜºÎÀÇ TCP/IP³×Æ®¿÷À¸·Î ³»º¸³»°Ô ÇÑ´Ù.
* IP: ipautofw masquerade support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_IPAUTOFW) [Y/n/?]
- NO: IPautofw Àº TCP/IP Æ÷Å並 Æ÷¿öµùÇÏ´Â ±¸½Ã´ëÀûÀÎ ¹æ¹ýÀÌ´Ù. ¹°·Ð
ÀÛµ¿Çϱâ´Â ÇÏÁö¸¸, IPPORTFW °¡ ´õ ³ªÀº ¹æ¹ýÀÌ´Ù. ±×·¯¹Ç·Î IPAUTOFWÀº
ÃßõÇÏÁö ¾Ê´Â´Ù.
* IP: ipportfw masq support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_IPPORTFW) [Y/n/?]
- YES: ÀÌ ¿É¼ÇÀ» 2.0.x Ä¿³Î¿¡¼ »ç¿ëÇϱâ À§Çؼ´Â ÆÐÄ¡¸¦ ÇØ¾ß ÇÑ´Ù.
ÀÌ ¿É¼ÇÀ» ¼³Á¤Çϸé, ÀÎÅͳݿ¡ ÀÖ´Â ¿ÜºÎ ÄÄÇ»ÅÍ°¡ ¸¶½ºÄ¿·¹À̵åµÈ
³»ºÎÀÇ Æ¯Á¤ ÄÄÇ»ÅÍ·Î Á÷Á¢ ¿¬°áÇÒ ¼ö ÀÖ°Ô µÈ´Ù. ÀÌ ±â´ÉÀº Åë»óÀûÀ¸·Î
³»ºÎÀÇ SMTP, TELNET, WWW ¼¹ö¿¡ Á¢±ÙÇÏ´Â µ¥ »ç¿ëµÈ´Ù. FTP Æ÷Æ®
Æ÷¿öµùÀ» Çϱâ À§Çؼ´Â FAQ¼½¼Ç¿¡ ¾ð±ÞµÇ¾î ÀÖ´Â Ãß°¡ÀûÀÎ ÆÐÄ¡¸¦ Àû¿ë
ÇØ¾ß ÇÑ´Ù. Æ÷Æ® Æ÷¿öµù¿¡ ´ëÇÑ Ãß°¡ÀûÀÎ Á¤º¸´Â ÀÌ HOWTOÀÇ
Forwards ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
* IP: ICMP masquerading (CONFIG_IP_MASQUERADE_ICMP) [Y/n/?]
- YES: ICMP ÆÐŶÀ» ¸¶½ºÄ¿·¹À̵ùÇÒ ¼ö ÀÖµµ·Ï ÇÑ´Ù. ²À ÇÊ¿äÇÏÁö ¾ÊÀ» ¼öµµ
ÀÖÀ¸³ª, ICMP Áö¿ø ¾øÀÌ´Â ¸¹Àº ÇÁ·Î±×·¥µéÀÌ Á¦´ë·Î µ¿ÀÛÇÏÁö ¾ÊÀ»
¼ö ÀÖ´Ù.
* IP: loose UDP port managing (EXPERIMENTAL) (CONFIG_IP_MASQ_LOOSE_UDP) [Y/n/?]
- YES: ÀÌ ¿É¼ÇÀ» 2.0.x Ä¿³Î¿¡¼ »ç¿ëÇϱâ À§Çؼ´Â ÆÐÄ¡¸¦ ÇØ¾ß ÇÑ´Ù.
ÀÌ ¿É¼ÇÀ» ÅëÇؼ, ³»ºÎÀÇ ÄÄÇ»Å͵鿡¼ NAT¿Í °°Àº ½ÄÀ¸·Î ÀÛµ¿ÇÏ´Â
³×Æ®¿÷ °ÔÀÓµéÀ» ÀÎÅͳÝÀ» ÅëÇØ Áñ±æ ¼ö ÀÖ´Ù. ´õ ÀÚ¼¼ÇÑ »çÇ×Àº
ÀÌ HOWTOÀÇ FAQ¼½¼Ç¿¡¼ È®ÀÎÇÒ ¼ö ÀÖ´Ù.
* IP: always defragment (CONFIG_IP_ALWAYS_DEFRAG) [Y/n/?]
- YES: ÀÌ ±â´ÉÀº IP ¸¶½ºÄ¿·¹À̵ù Á¢¼ÓÀ» ÃÖÀûÈ ÁØ´Ù. - °·ÂÈ÷ Ãßõ
* IP: optimize as router not host (CONFIG_IP_ROUTER) [Y/n/?]
- YES: ÀÌ ±â´ÉÀº Ä¿³ÎÀÇ ³×Æ®¿÷ ±â´ÉÀ» ÃÖÀûÈ ÁØ´Ù.
* IP: Drop source routed frames (CONFIG_IP_NOSR) [Y/n/?]
- YES: ±âº»ÀûÀÎ ³×Æ®¿÷ º¸¾ÈÀ» À§Çؼ °·ÂÈ÷ ÃßõÇÑ´Ù.
* Dummy net driver support (CONFIG_DUMMY) [M/n/y/?]
- YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ÀÌ ¿É¼ÇÀº ¹®Á¦°¡ ¹ß»ýÇؼ µð¹ö±ëÀ» ÇÒ ¶§
µµ¿òÀ» ÁÙ °ÍÀÌ´Ù.
* /proc filesystem support (CONFIG_PROC_FS) [Y/n/?]
- YES: ¸®´ª½º ³×Æ®¿÷ Æ÷¿öµùÀ» »ç¿ëÇϱâ À§Çؼ ÇÊ¿äÇÏ´Ù.
NOTE: ÀÌ ¿É¼ÇµéÀº ´ÜÁö IP ¸¶½ºÄ¿·¹µùÀÌ µ¿ÀÛÇϱâ À§ÇÑ ¿ä¼ÒµéÀÌ´Ù.
ƯÁ¤ÇÑ ³×Æ®¿÷°ú ƯÁ¤ Çϵå¿þ¾î¸¦ ¼³Á¤Çϱâ À§Çؼ´Â ÇÊ¿äÇÑ ´Ù¸¥ ¿É¼ÇµéÀ»
´õ ¼±ÅÃÇØ¾ß ÇÑ´Ù.
o Ä¿³Î ÀÚü¸¦ ÄÄÆÄÀÏÇÏ°í ³ª¼´Â, ´ÙÀ½°ú °°Àº ¸í·ÉÀ¸·Î Ä¿³ÎÀÇ IP
¸¶½ºÄ¿·¹µù °ü·Ã ¸ðµâµéÀ» ÄÄÆÄÀÏÇÏ°í ¼³Ä¡ÇØ¾ß ÇÑ´Ù:
make modules; make modules_install
o ´ÙÀ½¿¡´Â, /etc/rc.d/rc.local ÈÀÏ¿¡ ´ÙÀ½°ú °°ÀÌ ¸îÁÙÀ» Ãß°¡Çؼ IP
¸¶½ºÄ¿·¹À̵带 »ç¿ëÇϱâ À§ÇÑ ½ºÅ©¸³Æ®¸¦ loadÇϵµ·Ï ÇØ¾ß ÇÑ´Ù.
ÀÌ·¸°Ô ÇÏ¸é ¸®ºÎÆÃÀ» ÇÒ ¶§¸¶´Ù ÀÚµ¿ÀûÀ¸·Î IP ¸¶½ºÄ¿·¹À̵ù ±â´ÉÀ»
»ç¿ëÇÒ ¼ö ÀÖ´Ù:
.
.
.
#rc.firewall script - Start IPMASQ and the firewall
/etc/rc.d/rc.firewall
.
.
.
3.1.2. ¸®´ª½º 2.2.x Ä¿³Î
ÇÊ¿äÇÑ ¼ÒÇÁÆ®¿þ¾î¿Í ÆÐÄ¡ µîÀº ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
o ¿ì¼±, 2.2.x ¹öÁ¯ÀÇ Ä¿³Î ¼Ò½º°¡ ÇÊ¿äÇÏ´Ù. (ÃÖ±Ù ¹öÁ¯ÀÎ 2.2.11À̳ª ±×
ÀÌ»óÀÇ ¹öÁ¯)
NOTE #1: ¸®´ª½º 2.2.x ¹öÁ¯Áß¿¡¼ 2.2.11 ÀÌÇÏÀÇ ¹öÁ¯Àº IPCHAINS
fragmentation bug¸¦ °¡Áö°í ÀÖ´Ù. ÀÌ·± ÀÌÀ¯·Î, °·ÂÇÑ IPCHAINS
rulesetµéÀ» ÁöÁ¤ÇÏ¸é °ø°Ý¿¡ ³ëÃâµÇ°Ô µÈ´Ù. Ä¿³ÎÀ» ¾÷±×·¹À̵åÇÏ¿©
¹®Á¦¸¦ ÇØ°áÇϱ⠹ٶõ´Ù.
o ¸¸¾à Ä¿³Î ÄÄÆÄÀÏÀÌ Ã³À½ÀÌ¶óµµ °Ì¸ÔÁö ¸»±â ¹Ù¶õ´Ù. ½ÇÁ¦·Î ÇØ º¸¸é,
±×´ÙÁö ¾î·ÆÁö ¾Ê°í ``'' ¼½¼Ç¿¡ ³ª¿À´Â ¸î¸î URL¿¡¼ ÄÄÆÄÀÏ ¹æ¹ý¿¡
´ëÇØ ¼³¸íÇÏ°í ÀÖ´Ù.
o tar xvzf linux-2.2.x.tar.gz -C /usr/src ¶ó°í ¸í·ÉÇÏ¿© Ä¿³ÎÀ»
/usr/src/ ¿¡ Ǭ´Ù.(2.2.x´Â Ä¿³Î ¹öÁ¯) ¾ÐÃàÀ» Ǭ ´ÙÀ½¿¡,
/usr/src/linux/ ¶ó´Â µð·ºÅ丮³ª ½Éº¼¸¯ ¸µÅ©°¡ ÀÖ´ÂÁö È®ÀÎÇÑ´Ù.
o ÆÐÄ¡¸¦ °¡ÇÒ °ÍÀÌ ÀÖÀ¸¸é ¾ÐÃàÀ» Ǭ Ä¿³Î ¼Ò½º¿¡ ÆÐÄ¡¸¦ °¡ÇÑ´Ù. 2.2.1
ÀÌ»ó ¹öÁ¯¿¡¼´Â, IP ¸¶½ºÄ¿·¹À̵ùÀ» Çϱâ À§ÇØ Æ¯º°ÇÑ ÆÐÄ¡°¡
ÇÊ¿äÇÏÁö´Â ¾Ê´Ù. PPTP, Xwindows forwarders ¿Í °°Àº ±â´ÉµéÀº ²À
ÇÊ¿äÇÏÁö´Â ¾ÊÀº ¼±ÅûçÇ×ÀÌ´Ù. URLµéÀº ``'' ¼½¼ÇÀ» ÂüÁ¶ÇÏ°í, ÃÖ½Å
Á¤º¸¿Í ±×¿ÜÀÇ ÆÐÄ¡¿¡ °ü·ÃµÈ URLµéÀº IP Masquerade Resources
À» ÂüÁ¶ÇÏ±æ ¹Ù¶õ´Ù.
o ¾Æ·¡¿¡ Ä¿³Î¿¡ Æ÷ÇԵǾî¾ß ÇÏ´Â ÃÖ¼ÒÇÑÀÇ ¿É¼ÇµéÀÇ ¸ñ·ÏÀÌ ÀÖ´Ù. ÇöÀç
¼³Ä¡µÇ¾î ÀÖ´Â ³×Æ®¿÷ ÀÎÅÍÆäÀ̽º(LAN Ä«µå, ¸ðµ© µîµî)¸¦ »ç¿ëÇÒ ¼ö
ÀÖµµ·Ï ¼³Á¤ÇÏ´Â °Íµµ ÀØÁö ¸»¾Æ¾ß ÇÑ´Ù. Ä¿³ÎÀ» ÄÄÆÄÀÏÇÏ´Â ´õ ÀÚ¼¼ÇÑ
¹æ¹ý¿¡ ´ëÇؼ´Â Linux Kernel HOWTO
¿Í Ä¿³Î ¼Ò½º
µð·ºÅ丮 ³»ÀÇ README ÈÀÏÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
´ÙÀ½ÀÇ ¿É¼Çµé¿¡¼ YESÀΰ¡ ¶Ç´Â NOÀΰ¡¸¦ È®ÀÎÇϱ⠹ٶõ´Ù. ÀÌ
HOWTO¿¡¼ ³ªÁß¿¡ ¼³¸íÇÏ´Â ÀûÀýÇÑ ÆÐÄ¡¸¦ °¡ÇÏÁö ¾Ê´Â´Ù¸é ¾Æ·¡ÀÇ
¿É¼ÇµéÀÌ ¸ðµÎ º¸ÀÌÁö ¾ÊÀ» ¼öµµ ÀÖ´Ù:
* Prompt for development and/or incomplete code/drivers (CONFIG_EXPERIMENTAL) [Y/n/?]
- YES: IP ¸¶½ºÄ¿·¹À̵带 À§ÇØ ²À ÇÊ¿äÇÑ °ÍÀº ¾Æ´ÏÁö¸¸, ÀÌ ¿É¼ÇÀ» ¼±ÅÃÇϸé
¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀ» »ý¼ºÇÏ°í Æ÷Æ® Æ÷¿öµù(port forwarding)À» ÇÒ ¼ö°¡
ÀÖ´Ù.
* Enable loadable module support (CONFIG_MODULES) [Y/n/?]
- YES: IP ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâµéÀ» ÀûÀçÇÒ ¼ö ÀÖµµ·Ï ÇÑ´Ù.
* Networking support (CONFIG_NET) [Y/n/?]
- YES: ³×Æ®¿÷À» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù.
* Packet socket (CONFIG_PACKET) [Y/m/n/?]
- YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ÀÌ ±â´ÉÀº TCPDUMP¸¦ »ç¿ëÇؼ IP ¸¶½ºÄ¿·¹À̵ù°ú
°ü·ÃÇÑ ¹®Á¦µéÀ» µð¹ö±ëÇÒ ¼ö ÀÖÀ¸¹Ç·Î ¼±ÅÃÇÒ °ÍÀ» ±ÇÀåÇÑ´Ù.
* Kernel/User netlink socket (CONFIG_NETLINK) [Y/n/?]
- YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ÀÌ ±â´ÉÀº ¹æȺ®ÀÇ Á¢±Ù ±â·ÏÀ» ³²±æ ¼ö ÀÖµµ·Ï
ÇÑ´Ù.
* Routing messages (CONFIG_RTNETLINK) [Y/n/?]
- NO: ÀÌ ¿É¼ÇÀº ÆÐŶ ¹æȺ®ÀÌ ±â·ÏÀ» ³²±â´Â °Í°ú ¾Æ¹« »ó°üÀÌ ¾ø´Ù.
* Network firewalls (CONFIG_FIREWALL) [Y/n/?]
- YES: IPCHAINS ¹æȺ® µµ±¸¸¦ »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù.
* TCP/IP networking (CONFIG_INET) [Y/n/?]
- YES: TCP/IP ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù.
* IP: advanced router (CONFIG_IP_ADVANCED_ROUTER) [Y/n/?]
- NO: CONFIG_IP_ROUTE_VERBOSE ¸¦ ¼³Á¤Çϱâ À§Çؼ ÇÊ¿äÇÏ°í ±ò²ûÇÑ ¶ó¿ìÆÃÀ»
À§Çؼ ÇÊ¿äÇÏ´Ù. (ipchains/¸¶½ºÄ¿·¹ÀÌµå ¿Í´Â °ü°è¾ø´Ù.)
* IP: verbose route monitoring (CONFIG_IP_ROUTE_VERBOSE) [Y/n/?]
- YES: ÀÌ ±â´ÉÀº IP ½ºÇªÇÎ(¼ÓÀÓ) ÆÐŶÀ» Á¦°ÅÇÏ°í ±× ±â·ÏÀ» ³²±â´Â Äڵ带
»ç¿ëÇÑ´Ù¸é ¸Å¿ì À¯¿ëÇÒ °ÍÀÌ´Ù.
* IP: firewalling (CONFIG_IP_FIREWALL) [Y/n/?]
- YES: ¹æȺ® ±â´ÉÀ» »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù.
* IP: firewall packet netlink device (CONFIG_IP_FIREWALL_NETLINK) [Y/n/?]
- YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ÀÌ ±â´ÉÀº ¹æȺ®ÀÇ Á¢±Ù ±â·ÏÀ» ³²±â´Â ±â´ÉÀ»
Çâ»ó½ÃÄÑ ÁÙ °ÍÀÌ´Ù.
* IP: always defragment (required for masquerading) (CONFIG_IP_ALWAYS_DEFRAG) [Y/n/?]
- YES: ÀÌ ±â´ÉÀ» ¼±ÅÃÇؾßÁö IP ¸¶½ºÄ¿·¹À̵å¿Í Åõ¸íÇÑ ÇÁ·Ï½Ã ±â´ÉÀ» ¼±ÅÃÇÒ
¼ö ÀÖ´Ù. ÀÌ ±â´ÉÀº IP ¸¶½ºÄ¿·¹À̵å Á¢¼ÓÀ» ÃÖÀûÈ Çϱ⵵ ÇÑ´Ù.
* IP: masquerading (CONFIG_IP_MASQUERADE) [Y/n/?]
- YES: ³»ºÎ ÁÖ¼Ò¸¦ ¿ÜºÎ·Î ³»º¸³¾ ÆÐŶÀ¸·Î º¯È¯ÇØ ÁÖ´Â IP ¸¶½ºÄ¿·¹À̵ù ±â´ÉÀ»
»ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù.
* IP: ICMP masquerading (CONFIG_IP_MASQUERADE_ICMP) [Y/n/?]
- YES: ICMP ÇÎ ÆÐŶÀ» ¸¶½ºÄ¿·¹À̵å Çϱâ À§ÇØ »ç¿ëµÈ´Ù. (¼±ÅÃÇÏÁö ¾Ê´õ¶óµµ
ICMP ¿¡·¯ ÄÚµå ÀÚü´Â ¸¶½ºÄ¿·¹ÀÌµå µÉ °ÍÀÌ´Ù.) Á¢¼Ó¿¡ ¹®Á¦°¡ »ý°åÀ»
¶§ ÇØ°áÇϱâ À§ÇØ »ç¿ëµÇ´Â Áß¿äÇÑ ±â´ÉÀÌ´Ù.
* IP: masquerading special modules support (CONFIG_IP_MASQUERADE_MOD) [Y/n/?]
- YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ÀÌ ±â´ÉÀº ³ªÁß¿¡ TCP/IP Æ÷Æ® Æ÷¿öµùÀ» »ç¿ë
°¡´ÉÇÏ°Ô Çϱâ À§Çؼ ¼±ÅÃÇØ¾ß ÇÑ´Ù. Æ÷Æ® Æ÷¿öµùÀ» ÅëÇؼ ¿ÜºÎ·ÎºÎÅÍ
¸¶½ºÄ¿·¹À̵åµÇ´Â ³»ºÎÀÇ ÄÄÇ»ÅÍ·Î Á÷Á¢ ¿¬°áÇÒ ¼ö ÀÖ´Ù.
* IP: ipautofw masq support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_IPAUTOFW) [N/y/m/?]
- NO: IPautofw ±â´ÉÀº Æ÷Æ® Æ÷¿öµùÀ» »ç¿ëÇϱâ À§Çؼ »ç¿ëµÇ´ø ±¸½Ã´ëÀûÀÎ
¹æ¹ýÀÌ´Ù. ÀÌ ±â´ÉÀº ÇÁ·ÎÅäÄÝ ´ÜÀ§ÀÇ ¸ðµâÀ» »ç¿ëÇÏ´Â °ÍÀÌ ´õ ³´´Ù.
* IP: ipportfw masq support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_IPPORTFW) [Y/m/n/?]
- YES: IPPORTFW¸¦ »ç¿ë°¡´ÉÇÏ°Ô ÇÑ´Ù.
ÀÌ ¿É¼ÇÀ» ¼±ÅÃÇϸé, ÀÎÅͳݻóÀÇ ¿ÜºÎÀÇ ÄÄÇ»Å͵éÀÌ ³»ºÎÀÇ
¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»ÅÍ¿Í Á÷Á¢ Åë½ÅÇÒ ¼ö ÀÖ°Ô µÈ´Ù. ÀÌ ±â´ÉÀº
Åë»óÀûÀ¸·Î ³»ºÎÀÇ SMTP, TELNET, WWW ¼¹ö¿¡ Á¢¼ÓÇϱâ À§Çؼ »ç¿ëµÈ´Ù.
FTP Æ÷Æ® Æ÷¿öµùÀº FAQ ¼½¼Ç¿¡ ¼³¸íµÇ´Â Ãß°¡ ÆÐÄ¡¸¦ »ç¿ëÇØ¾ß ÇÑ´Ù.
Æ÷Æ® Æ÷¿öµù¿¡ ´ëÇÑ Ãß°¡ÀûÀÎ Á¤º¸´Â ÀÌ HOWTOÀÇ Forwards ¼½¼Ç¿¡¼
´Ù·ç°í ÀÖ´Ù.
* IP: ip fwmark masq-forwarding support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_MFW) [Y/m/n/?]
- NO: IPCHAINS·Î ºÎÅÍ Á÷Á¢ IP Æ÷¿öµùÀ» ÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù. ÇöÀç ÀÌ ÄÚµå´Â
½ÃÇè¿ëÀ̸ç, ±ÇÀåÇÏ´Â ¹æ¹ýÀº IPMASQADM ¿Í IPPORTFW¸¦ »ç¿ëÇÏ´Â °ÍÀÌ´Ù.
* IP: optimize as router not host (CONFIG_IP_ROUTER) [Y/n/?]
- YES: ÀÌ ±â´ÉÀº Ä¿³ÎÀÇ ³×Æ®¿÷ ±â´ÉÀ» ÃÖÀûÈ ÇØ ÁØ´Ù.
* IP: GRE tunnels over IP (CONFIG_NET_IPGRE) [N/y/m/?]
- NO: ÀÌ ±â´ÉÀº ²À ÇÊ¿äÇÏÁö´Â ¾ÊÀ¸¸ç, IP ¸¶½ºÄ¿·¹À̵ùÀ» ÅëÇؼ PPTP¿Í
GRE ÅͳÎÀ» »ç¿ë°¡´ÉÇÏ°Ô ÇÑ´Ù.
* IP: TCP syncookie support (not enabled per default) (CONFIG_SYN_COOKIES) [Y/n/?]
- YES: ±âº»ÀûÀÎ ³×Æ®¿÷ º¸¾ÈÀ» À§Çؼ ¼±ÅÃÇÒ °ÍÀ» °·ÂÈ÷ ±ÇÀåÇÑ´Ù.
* Network device support (CONFIG_NETDEVICES) [Y/n/?]
- YES: ¸®´ª½ºÀÇ ³×Æ®¿÷ ÀåÄ¡¸¦ »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù.
* Dummy net driver support (CONFIG_DUMMY) [M/n/y/?]
- YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ¹®Á¦°¡ ¹ß»ýÇßÀ» ¶§ µð¹ö±ë ÇÒ ¶§ µµ¿òÀÌ µÉ
°ÍÀÌ´Ù.
* /proc filesystem support (CONFIG_PROC_FS) [Y/n/?]
- YES: ¸®´ª½ºÀÇ ³×Æ®¿÷ Æ÷¿öµù ½Ã½ºÅÛÀ» »ç¿ëÇϱâ À§Çؼ ÇÊ¿äÇÏ´Ù.
NOTE: ÀÌ ¿É¼ÇµéÀº ´ÜÁö IP ¸¶½ºÄ¿·¹À̵ùÀÌ µ¿ÀÛÇϱâ À§ÇÑ ¿ä¼ÒµéÀÌ´Ù.
ƯÁ¤ÇÑ ³×Æ®¿÷°ú ƯÁ¤ Çϵå¿þ¾î¸¦ ¼³Á¤Çϱâ À§Çؼ´Â ÇÊ¿äÇÑ ´Ù¸¥ ¿É¼ÇµéÀ»
´õ ¼±ÅÃÇØ¾ß ÇÑ´Ù.
o Ä¿³Î ÀÚü¸¦ ÄÄÆÄÀÏÇÏ°í ³ª¼´Â, ´ÙÀ½°ú °°Àº ¸í·ÉÀ¸·Î Ä¿³ÎÀÇ IP
¸¶½ºÄ¿·¹À̵ù °ü·Ã ¸ðµâµéÀ» ÄÄÆÄÀÏÇÏ°í ¼³Ä¡ÇØ¾ß ÇÑ´Ù:
make modules; make modules_install
o ´ÙÀ½¿¡´Â, /etc/rc.d/rc.local ÈÀÏ¿¡ ´ÙÀ½°ú °°ÀÌ ¸îÁÙÀ» Ãß°¡Çؼ IP
¸¶½ºÄ¿·¹À̵带 »ç¿ëÇϱâ À§ÇÑ ½ºÅ©¸³Æ®¸¦ loadÇϵµ·Ï ÇØ¾ß ÇÑ´Ù.
ÀÌ·¸°Ô ÇÏ¸é ¸®ºÎÆÃÀ» ÇÒ ¶§¸¶´Ù ÀÚµ¿ÀûÀ¸·Î IP ¸¶½ºÄ¿·¹À̵ù ±â´ÉÀ»
»ç¿ëÇÒ ¼ö ÀÖ´Ù:
.
.
.
#rc.firewall script - Start IPMASQ and the firewall
/etc/rc.d/rc.firewall
.
.
.
3.2. ³»ºÎ LAN¿¡ ºñ°ø½ÄÀûÀÎ ³»ºÎ IP ÁÖ¼Ò¸¦ ÇÒ´çÇϱâ
¸ðµç ³»ºÎÀÇ ¸¶½ºÄ¿·¹ÀÌµå µÈ ÄÄÇ»Å͵鿡 °ø½ÄÀûÀÎ ÀÎÅÍ³Ý ÁÖ¼Ò°¡
ÇÒ´çµÇ¾îÁ® ÀÖÁö ¾Ê±â ¶§¹®¿¡, ¿ÜºÎÀÇ ÀÎÅÍ³Ý ÁÖ¼Ò¿Í Ãæµ¹ÇÏÁö ¾Êµµ·Ï ±×
ÄÄÇ»Å͵鿡 ÁÖ¼Ò¸¦ ÇÒ´çÇÒ ¹æ¹ýÀÌ ÀÖ¾î¾ß ÇÑ´Ù.
>IP ¸¶½ºÄ¿·¹À̵å FAQÀÇ ¿øº»À¸·ÎºÎÅÍ Àοë:
RFC 1918 Àº ¿ÜºÎ¿Í ¿¬°áµÇÁö ¾Ê´Â "°³Àοë" ³×Æ®¿÷¿¡ »ç¿ëµÇ´Â IP
Áּҵ鿡 °üÇÑ °ø½ÄÀûÀÎ ¹®¼ÀÌ´Ù. ÀÌ·¯ÇÑ °æ¿ì¿¡ »ç¿ëµÇ±â À§Çؼ ¼¼
°¡ÁöÀÇ ÁÖ¼Ò ¿µ¿ªÀÌ ÀÖ´Ù.
Section 3: °³Àοë ÁÖ¼Ò ¿µ¿ª
ÀÎÅÍ³Ý ÁÖ¼Ò ÇÒ´ç ±â±¸(The Internet Assigned Numbers Authority : IANA)´Â
IP ÁÖ¼ÒÁß¿¡¼ ´ÙÀ½ ¼¼°¡Áö ¿µ¿ªÀ» °³ÀÎ¿ë ³×Æ®¿÷À» À§Çؼ ¿¹¾àÇØ µÎ¾ú´Ù:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
ù¹ø° ¿µ¿ªÀº "24-bit ¿µ¿ª", µÎ¹ø°´Â "20-bit ¿µ¿ª", ¼¼¹ø°´Â "16-bit ¿µ¿ª"À¸·Î
ºÎ¸£±â·Î ÇÑ´Ù. ù¹ø° ¿µ¿ªÀº class A ³×Æ®¿÷ ÁÖ¼Ò ¿µ¿ªÀ̸ç, µÎ¹ø°´Â class B
³×Æ®¿÷ ÁÖ¼ÒÀÇ ¿¬¼ÓµÈ 16°³ÀÇ ¹øÈ£µéÀÌ°í, ¼¼¹ø°´Â class C ³×Æ®¿÷ ÁÖ¼ÒÀÇ ¿¬¼ÓµÈ
255°³ÀÇ ¹øÈ£µéÀÌ´Ù.
¼³¸íÀ» À§Çؼ, ÇÊÀÚ´Â 192.168.0.0 ³×Æ®¿÷°ú 255.255.255.0ÀÇ class-C
¼ºê³Ý ¸¶½ºÅ©¸¦ »ç¿ëÇß°í, ÀÌ HOWTO¿¡¼µµ ÀÌ ÁÖ¼Ò¸¦ »ç¿ëÇÒ °ÍÀÌ´Ù.
±×·¯³ª, À§¿¡ ÀÖ´Â °³ÀÎ¿ë ³×Æ®¿÷ ÁÖ¼ÒÁß¿¡¼ ¾î¶² °ÍÀ» »ç¿ëÇصµ
¹«¹æÇÏ´Ù. ´Ü, °¢°¢ÀÇ °æ¿ì¿¡ ÀûÀýÇÑ ¼ºê³Ý ¸¶½ºÅ©¸¦ »ç¿ëÇØ¾ß ÇÑ´Ù.
¸¸¾à Class-C ³×Æ®¿÷À» »ç¿ëÇÑ´Ù¸é, ¸¶½ºÄ¿·¹À̵ùÀ» »ç¿ëÇÒ ÄÄÇ»Å͵鿡
192.168.0.1, 192.168.0.2, 192.168.0.3, ..., 192.168.0.x µî°ú °°ÀÌ
ÁÖ¼Ò¸¦ ÇÒ´çÇØ¾ß ÇÑ´Ù.
192.168.0.1 Àº º¸Åë ³»ºÎ °ÔÀÌÆ®¿þÀÌ È¤Àº ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¸Ó½ÅÀÇ
Áּҷμ ¿ÜºÎ·Î ¿¬°áµÇ´Â Åë·ÎÀÌ´Ù. 192.168.0.0°ú 192.168.0.255´Â °¢°¢
"³×Æ®¿÷" ÀÚüÀÇ ÁÖ¼Ò¿Í "ºê·Îµåij½ºÆ®" ÁÖ¼ÒÀÌ´Ù. (ÀÌ ÁÖ¼ÒµéÀº ¿¹¾àµÈ
ÁÖ¼ÒµéÀÌ´Ù.) ÀÌ ÁÖ¼ÒµéÀ» ÄÄÇ»Å͵鿡°Ô ÇÒ´ç¸é, ³×Æ®¿÷ÀÌ Á¦´ë·Î µ¿ÀÛÇÏÁö
¾ÊÀ» °ÍÀÌ´Ù.
3.3. IP Æ÷¿öµù Á¤Ã¥ ¼³Á¤Çϱâ
ÀÌÁ¦, Ä¿³Î°ú ±âŸ ÇÊ¿äÇÑ ÆÐÅ°ÁöµéÀÌ ÁغñµÇ¾î ÀÖ¾î¾ß ÇÑ´Ù. ¸®´ª½º
¸¶½ºÄ¿·¹ÀÌµå ¼¹ö¿¡µµ ¸ðµç ³×Æ®¿÷ IP ÁÖ¼Òµé°ú, °ÔÀÌÆ®¿þÀÌ, DNS
ÁÖ¼ÒµéÀ» ¼³Á¤ÇØ¾ß ÇÑ´Ù. ³×Æ®¿÷ Ä«µåµéÀ» ¼³Á¤ÇÏ´Â ¹æ¹ýÀ» ¸ð¸¥´Ù¸é, ``''
ȤÀº ``'' ¼½¼Ç¿¡ ¾ð±ÞµÈ HOWTOµéÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
ÀÌÁ¦ ³²Àº °ÍÀº IP ¹æȺ® µµ±¸µéÀ» ¼³Á¤Çؼ Æ÷¿öµù°ú ¸¶½ºÄ¿·¹À̵ùÀ»
Çϵµ·Ï ÇÏ´Â °ÍÀÌ´Ù:
** ¼³Á¤Àº ¿©·¯°¡Áö ¹æ¹ýÀ¸·Î ÇÒ ¼ö°¡ ÀÖÁö¸¸, ÇÊÀÚ´Â ´ÙÀ½¿¡
¿¹·Î µç ¹æ¹ýÀ» »ç¿ëÇؼ ¼º°øÇß´Ù. ÇÏÁö¸¸, ¿©·¯ºÐÀº ´Ù¸¥
¹æ¹ýÀ» »ç¿ëÇÒ ¼öµµ ÀÖÀ» °ÍÀÌ´Ù.
** ÀÌ ¼½¼Ç¿¡¼ Á¦°øÇÏ´Â °ÍÀº IP ¸¶½ºÄ¿·¹ÀÌµå ±â´ÉÀÌ ÀÛµ¿Çϱâ
À§ÇÑ ÃÖ¼ÒÇÑÀÇ ¹æȺ® Á¤Ã¥ÀÌ´Ù. ÀÏ´Ü IP ¸¶½ºÄ¿·¹À̵尡 Á¦´ë·Î
µ¿ÀÛÇϸé(ÀÌ HOWTO¿¡¼ ³ªÁß¿¡ ¾ð±ÞÇÑ´Ù) ``'' ¿Í ``'' ¼½¼Ç¿¡¼
º¸¾È °µµ°¡ º¸´Ù ³ôÀº Á¤Ã¥µé¿¡ ´ëÇØ ¾Ë¾Æº¸±â ¹Ù¶õ´Ù. ´õ
ÀÚ¼¼ÇÑ »çÇ×Àº IPFWADM (2.0.x) ȤÀº IPCHAINS(2.2.x) man
ÆäÀÌÁö¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù.
3.3.1. ¸®´ª½º 2.0.x Ä¿³Î
´ÙÀ½°ú °°Àº "°£´ÜÇÑ" Ãʱâ Á¤Ã¥À¸·Î /etc/rc.d/rc.firewall ÈÀÏÀ»
»ý¼ºÇÑ´Ù:
# rc.firewall - Initial SIMPLE IP Masquerade setup for 2.0.x kernels using IPFWADM
#
# Load all required IP MASQ modules
#
# NOTE: Only load the IP MASQ modules you need. All current available IP MASQ modules
# are shown below but are commented out from loading.
# Needed to initially load modules
#
/sbin/depmod -a
# Supports the proper masquerading of FTP file transfers using the PORT method
#
/sbin/modprobe ip_masq_ftp
# Supports the masquerading of RealAudio over UDP. Without this module,
# RealAudio WILL function but in TCP mode. This can cause a reduction
# in sound quality
#
#/sbin/modprobe ip_masq_raudio
# Supports the masquerading of IRC DCC file transfers
#
#/sbin/modprobe ip_masq_irc
# Supports the masquerading of Quake and QuakeWorld by default. This modules is
# for for multiple users behind the Linux MASQ server. If you are going to play
# Quake I, II, and III, use the second example.
#
#Quake I / QuakeWorld (ports 26000 and 27000)
#/sbin/modprobe ip_masq_quake
#
#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
#/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960
# Supports the masquerading of the CuSeeme video conferencing software
#
#/sbin/modprobe ip_masq_cuseeme
#Supports the masquerading of the VDO-live video conferencing software
#
#/sbin/modprobe ip_masq_vdolive
#CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options in /etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
echo "1" > /proc/sys/net/ipv4/ip_forward
# Dynamic IP users:
#
# If you get your Internet IP address dynamically from SLIP, PPP, or DHCP, enable this following
# option. This enables dynamic-ip address hacking in IP MASQ, making the life
# with DialD, PPPd, and similar programs much easier.
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users)
#
/sbin/ipfwadm -M -s 7200 10 160
# DHCP: For people who receive their external IP address from either DHCP or BOOTP
# such as ADSL or Cablemodem users, it is necessary to use the following
# before the deny command. The "bootp_client_net_if_name" should be replaced
# the name of the link that the DHCP/BOOTP server will put an address on to?
# This will be something like "eth0", "eth1", etc.
#
# This example is currently commented out.
#
#
#/sbin/ipfwadm -I -a accept -S 0/0 67 -D 0/0 68 -W bootp_clients_net_if_name -P udp
# Enable simple IP forwarding and Masquerading
#
# NOTE: The following is an example for an internal LAN address in the 192.168.0.x
# network with a 255.255.255.0 or a "24" bit subnet mask.
#
# Please change this network number and subnet mask to match your internal LAN setup
#
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0
/etc/rc.d/rc.firewall ÈÀÏÀ» ÆíÁýÇؼ Á¤Ã¥À» »ý¼ºÇÏ°í ³ª¸é, "chmod 700
/etc/rc.d/rc.firewall" ¶ó°í ¸í·ÉÇؼ ½ÇÇà°¡´ÉÇÑ ÈÀÏ·Î ¸¸µç´Ù.
À§ÀÇ ¹æ¹ýó·³ Àüü TCP/IP ³×Æ®¿÷¿¡ ´ëÇؼ°¡ ¾Æ´Ï¶ó, °¢°¢ÀÇ ¸Ó½Åº°·Î IP
¸¶½ºÄ¿·¹À̵ùÀ» ¼³Á¤ÇÒ ¼öµµ ÀÖ´Ù. ¿¹¸¦ µé¾î¼, 192.168.0.2¿Í
192.168.0.8ÀÇ ÁÖ¼Ò¸¦ °®´Â È£½ºÆ®´Â ÀÎÅͳݿ¡ Á¢±Ù°¡´ÉÇϵµ·Ï ÇÏ°í ´Ù¸¥
³»ºÎÀÇ ¸Ó½ÅµéÀº Á¢±ÙÇÏÁö ¸øÇϵµ·Ï ÇÏ°íÀÚ ÇÑ´Ù¸é, À§ÀÇ
/etc/rc.d/rc.firewall ÈÀÏ¿¡¼ "Enable simple IP forwarding and
Masquerading" À̶ó°í µÇ¾î ÀÖ´Â ºÎºÐÀ» ¹Ù²ãÁÖ¸é µÈ´Ù.
# Enable simple IP forwarding and Masquerading
#
# NOTE: The following is an example to only allow IP Masquerading for the 192.168.0.2
# and 192.168.0.8 machines with a 255.255.255.0 or a "24" bit subnet mask.
#
# Please use the following in ADDITION to the simple ruleset above for specific
# MASQ networks. Also change the network numbers and subnet masks to match your
# internal LAN setup
#
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -S 192.168.0.2/32 -D 0.0.0.0/0
/sbin/ipfwadm -F -a m -S 192.168.0.8/32 -D 0.0.0.0/0
IP ¸¶½ºÄ¿·¹À̵ùÀ» óÀ½ »ç¿ëÇÏ´Â »ç¶÷µéÀÌ ÈçÈ÷ ÀúÁö¸£´Â ½Ç¼ö´Â ´ÙÀ½°ú
°°ÀÌ ¸í·ÉÇÏ´Â °ÍÀÌ´Ù:
ipfwadm -F -p masquerade
µðÆúÆ®·Î ¸¶½ºÄ¿·¹À̵ùÀ» Çϵµ·Ï Çؼ´Â ¾ÈµÈ´Ù. ¸¸¾à ±×·¸°Ô ¼³Á¤Çϸé
¶ó¿ìÆà Å×À̺íÀ» ´Ù·ê ÁÙ ¾Æ´Â ¾î¶² ´©±º°¡°¡ ¿©·¯ºÐÀÇ °ÔÀÌÆ®¿þÀ̸¦
ÅëÇؼ ÀÚ½ÅÀÇ ½ÅºÐÀ» ¼û±â°í¼ ¾îµò°¡·Î Á¢¼ÓÇÒ ¼ö°¡ ÀÖ°Ô µÈ´Ù!
À§ÀÇ ¼³Á¤ÈÀÏ ³»¿ëÀº, /etc/rc.d/rc.firewall ÈÀÏÀ̳ª ȤÀº ¿øÇÏ´Â ´Ù¸¥
rc ÈÀÏ¿¡ ³ÖÀ» ¼öµµ ÀÖ°í, ¾Æ´Ï¸é IP ¸¶½ºÄ¿·¹À̵尡 ÇÊ¿äÇÒ ¶§¸¶´Ù
¼öµ¿À¸·Î ¸í·ÉÇÒ ¼öµµ ÀÖ´Ù.
``'' °ú ``'' ¼½¼Ç¿¡¼ IPFWADM¿¡ °üÇÑ ÀÚ¼¼ÇÑ ¾È³»¿Í ´õ °·ÂÇÑ IPFWADM
Á¤Ã¥µéÀÇ ¿¹¸¦ º¼¼ö°¡ ÀÖ´Ù.
3.3.2. ¸®´ª½º 2.2.x Ä¿³Î
2.1.x ³ª 2.2.x Ä¿³Î¿¡¼ IP ¸¶½ºÄ¿·¹À̵ù Á¤Ã¥µéÀ» ´Ù·ç±â À§ÇÑ ¹æȺ®
µµ±¸·Î¼ IPFWADMÀº ´õÀÌ»ó »ç¿ëµÇÁö ¾Ê´Â´Ù ÀÌ »õ ¹öÁ¯ÀÇ Ä¿³ÎµéÀº ÀÌÁ¦
IPCHAINS¶ó´Â µµ±¸¸¦ »ç¿ëÇÑ´Ù. ÀÌ·¸°Ô µÈ ÀÚ¼¼ÇÑ ÀÌÀ¯´Â ``'' ¼½¼ÇÀ»
ÂüÁ¶Çϱ⠹ٶõ´Ù.
´ÙÀ½°ú °°Àº "°£´ÜÇÑ" Ãʱâ Á¤Ã¥À¸·Î /etc/rc.d/rc.firewall ÈÀÏÀ»
»ý¼ºÇÑ´Ù:
#!/bin/sh
#
# rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x and 2.2.x kernels using IPCHAINS
#
# Load all required IP MASQ modules
#
# NOTE: Only load the IP MASQ modules you need. All current IP MASQ modules
# are shown below but are commented out from loading.
# Needed to initially load modules
#
/sbin/depmod -a
# Supports the proper masquerading of FTP file transfers using the PORT method
#
/sbin/modprobe ip_masq_ftp
# Supports the masquerading of RealAudio over UDP. Without this module,
# RealAudio WILL function but in TCP mode. This can cause a reduction
# in sound quality
#
#/sbin/modprobe ip_masq_raudio
# Supports the masquerading of IRC DCC file transfers
#
#/sbin/modprobe ip_masq_irc
# Supports the masquerading of Quake and QuakeWorld by default. This modules is
# for for multiple users behind the Linux MASQ server. If you are going to play
# Quake I, II, and III, use the second example.
#
#Quake I / QuakeWorld (ports 26000 and 27000)
#/sbin/modprobe ip_masq_quake
#
#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
#/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960
# Supports the masquerading of the CuSeeme video conferencing software
#
#/sbin/modprobe ip_masq_cuseeme
#Supports the masquerading of the VDO-live video conferencing software
#
#/sbin/modprobe ip_masq_vdolive
#CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options in /etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
echo "1" > /proc/sys/net/ipv4/ip_forward
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following
# option. This enables dynamic-ip address hacking in IP MASQ, making the life
# with Diald and similar programs much easier.
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users)
#
/sbin/ipchains -M -S 7200 10 160
# DHCP: For people who receive their external IP address from either DHCP or BOOTP
# such as ADSL or Cablemodem users, it is necessary to use the following
# before the deny command. The "bootp_client_net_if_name" should be replaced
# the name of the link that the DHCP/BOOTP server will put an address on to?
# This will be something like "eth0", "eth1", etc.
#
# This example is currently commented out.
#
#
#/sbin/ipchains -A input -j ACCEPT -i bootp_clients_net_if_name -s 0/0 67 -d 0/0 68 -p udp
# Enable simple IP forwarding and Masquerading
#
# NOTE: The following is an example for an internal LAN address in the 192.168.0.x
# network with a 255.255.255.0 or a "24" bit subnet mask.
#
# Please change this network number and subnet mask to match your internal LAN setup
#
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ
/etc/rc.d/rc.firewall ÈÀÏÀ» ÆíÁýÇؼ Á¤Ã¥À» »ý¼ºÇÏ°í ³ª¸é, chmod 700
/etc/rc.d/rc.firewall¶ó°í ¸í·ÉÇؼ ½ÇÇà°¡´ÉÇÑ ÈÀÏ·Î ¸¸µç´Ù.
À§ÀÇ ¹æ¹ýó·³ Àüü TCP/IP ³×Æ®¿÷¿¡ ´ëÇؼ°¡ ¾Æ´Ï¶ó, °¢°¢ÀÇ ¸Ó½Åº°·Î IP
¸¶½ºÄ¿·¹À̵ùÀ» ¼³Á¤ÇÒ ¼öµµ ÀÖ´Ù. ¿¹¸¦ µé¾î¼, 192.168.0.2¿Í
192.168.0.8ÀÇ ÁÖ¼Ò¸¦ °®´Â È£½ºÆ®´Â ÀÎÅͳݿ¡ Á¢±Ù°¡´ÉÇϵµ·Ï ÇÏ°í ´Ù¸¥
³»ºÎÀÇ ¸Ó½ÅµéÀº Á¢±ÙÇÏÁö ¸øÇϵµ·Ï ÇÏ°íÀÚ ÇÑ´Ù¸é, À§ÀÇ
/etc/rc.d/rc.firewall ÈÀÏ¿¡¼ "Enable simple IP forwarding and
Masquerading" À̶ó°í µÇ¾î ÀÖ´Â ºÎºÐÀ» ¹Ù²ãÁÖ¸é µÈ´Ù.
#!/bin/sh
#
# Enable simple IP forwarding and Masquerading
#
# NOTE: The following is an example to only allow IP Masquerading for the 192.168.0.2
# and 192.168.0.8 machines with a 255.255.255.0 or a "24" bit subnet mask.
#
# Please change this network number and subnet mask to match your internal LAN setup
#
/sbin/ipchains -P forward deny
/sbin/ipchains -A forward -s 192.168.0.2/32 -j MASQ
/sbin/ipchains -A forward -s 192.168.0.8/32 -j MASQ
IP ¸¶½ºÄ¿·¹À̵ùÀ» óÀ½ »ç¿ëÇÏ´Â »ç¶÷µéÀÌ ÈçÈ÷ ÀúÁö¸£´Â ½Ç¼ö´Â ´ÙÀ½°ú
°°ÀÌ ¸í·ÉÇÏ´Â °ÍÀÌ´Ù:
/sbin/ipchains -P forward masquerade
µðÆúÆ®·Î ¸¶½ºÄ¿·¹À̵ùÀ» Çϵµ·Ï Çؼ´Â ¾ÈµÈ´Ù. ¸¸¾à ±×·¸°Ô ¼³Á¤Çϸé
¶ó¿ìÆà Å×À̺íÀ» ´Ù·ê ÁÙ ¾Æ´Â ¾î¶² ´©±º°¡°¡ ¿©·¯ºÐÀÇ °ÔÀÌÆ®¿þÀ̸¦
ÅëÇؼ ÀÚ½ÅÀÇ ½ÅºÐÀ» ¼û±â°í¼ ¾îµò°¡·Î Á¢¼ÓÇÒ ¼ö°¡ ÀÖ°Ô µÈ´Ù!
À§ÀÇ ¼³Á¤ÈÀÏ ³»¿ëÀº, /etc/rc.d/rc.firewall ÈÀÏÀ̳ª ȤÀº ¿øÇÏ´Â ´Ù¸¥
rc ÈÀÏ¿¡ ³ÖÀ» ¼öµµ ÀÖ°í, ¾Æ´Ï¸é IP ¸¶½ºÄ¿·¹À̵尡 ÇÊ¿äÇÒ ¶§¸¶´Ù
¼öµ¿À¸·Î ¸í·ÉÇÒ ¼öµµ ÀÖ´Ù.
``'' °ú ``'' ¼½¼Ç¿¡¼ IPCHAINS¿¡ °üÇÑ ÀÚ¼¼ÇÑ ¾È³»¿Í ´õ °·ÂÇÑ IPCHAINS
Á¤Ã¥µéÀÇ ¿¹¸¦ º¼ ¼ö°¡ ÀÖ´Ù. IPCHAINSÀÇ »ç¿ë¹ý¿¡ °üÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº
Linux IP CHAINS HOWTOÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
4. ¸¶½ºÄ¿·¹À̵ù ³»ºÎÀÇ ÄÄÇ»Å͵éÀ» ¼³Á¤Çϱâ
³»ºÎÀÇ ¸¶½ºÄ¿·¹ÀÌµå µÇ´Â ÄÄÇ»Å͵éÀÇ IP ÁÖ¼Ò¸¦ ÀûÀýÈ÷ ¼³Á¤ÇÏ´Â °Í ¿Ü¿¡,
³»ºÎÀÇ °¢ ÄÄÇ»Å͵éÀÌ ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼¹öÀÇ ÁÖ¼Ò¸¦ °ÔÀÌÆ®¿þÀÌ
ÁÖ¼Ò·Î ¼³Á¤ÇÏ°í DNS ¼¹ö ÁÖ¼Ò¸¦ ÀûÀýÈ÷ ¼³Á¤ÇØ¾ß ÇÑ´Ù. ´ë°³ÀÇ °æ¿ì¿¡
ÀÌ°ÍÀº ²Ï ¼ö¿ùÇÏ´Ù. °£´ÜÈ÷, °ÔÀÌÆ®¿þÀÌ ÁÖ¼Ò¿¡ ¸®´ª½º È£½ºÆ®ÀÇ
ÁÖ¼Ò(ÀϹÝÀûÀ¸·Î 192.168.0.1)¸¦ ÀÔ·ÂÇÏ¸é µÈ´Ù.
µµ¸ÞÀÎ ³×ÀÓ ¼ºñ½º(DNS)ÀÇ °æ¿ì¿¡´Â, »ç¿ë °¡´ÉÇÑ ¾î¶² DNS ¼¹öÀÇ
ÁÖ¼Ò¶óµµ Ãß°¡ÇÒ ¼ö ÀÖ´Ù. °¡Àå ±ú²ýÇÑ ¹æ¹ýÀº ¸®´ª½º ¼¹ö°¡ »ç¿ëÇÏ°í
ÀÖ´Â DNS ¼¹ö¸¦ ÀÔ·ÂÇÏ´Â °ÍÀÌ´Ù. Ãß°¡·Î, "µµ¸ÞÀÎ °Ë»ö" Á¢¹Ì»ç¸¦ Ãß°¡ÇÒ
¼öµµ ÀÖ´Ù.
¸¶½ºÄ¿·¹ÀÌµå µÇ´Â ³»ºÎÀÇ ÄÄÇ»Å͵éÀ» Á¦´ë·Î ¼³Á¤ÇÏ°í ³ª¸é, ÇØ´ç
ÄÄÇ»ÅÍÀÇ ³×Æ®¿÷À» Àç½Ãµ¿ÇϵçÁö ¾Æ´Ï¸é ÀçºÎÆÃÇÑ´Ù.
´ÙÀ½ÀÇ ¼³Á¤ °úÁ¤¿¡¼´Â, ¿©·¯ºÐÀÌ Class C ³×Æ®¿÷ ÁÖ¼ÒµéÀ» »ç¿ëÇÏ°í,
¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼¹öÀÇ ÁÖ¼Ò°¡ 192.168.0.1À̶ó°í °¡Á¤ÇÑ´Ù.
192.168.0.0°ú 192.168.0.255´Â ¿¹¾àµÈ ÁÖ¼ÒÀÌ´Ï °¢ ÄÄÇ»ÅÍÀÇ ÁÖ¼Ò·Î
»ç¿ëÇؼ´Â ¾ÈµÈ´Ù.
´ÙÀ½°ú °°Àº Ç÷§ÆûµéÀÌ ¸¶½ºÄ¿·¹À̵ù ³»ºÎ¿¡¼ Å×½ºÆ®µÇ¾ú´Ù:
o Linux 1.2.x, 1.3.x, 2.0.x, 2.1.x, 2.2.x
o Solaris 2.51, 2.6, 7
o Windows 95, OSR2, 98
o Windows NT 3.51, 4.0, 2000 (¿÷½ºÅ×À̼ǰú ¼¹ö ¸ðµÎ)
o Windows For Workgroup 3.11 (TCP/IP ÆÐÅ°Áö ¼³Ä¡)
o Windows 3.1 (Netmanage Chameleon ÆÐÅ°Áö ¼³Ä¡)
o TCP/IP ¼ºñ½º¸¦ ¼³Ä¡ÇÑ Novell 4.01 ¼¹ö
o OS/2 (Warp v3 Æ÷ÇÔ)
o Macintosh OS (MacTCP ȤÀº Open Transport ¼³Ä¡)
o DOS (NCSA Telnet ÆÐÅ°Áö ¼³Ä¡, DOS TrumpetÀº ºÎºÐÀûÀ¸·Î µ¿ÀÛ)
o Amiga (AmiTCP ȤÀº AS225-stack ¼³Ä¡)
o UCX¸¦ ¼³Ä¡ÇÑ VAX Stations 3520°ú 3100 (VMSÀÇ °æ¿ì¿¡´Â TCP/IP stack)
o Linux/RedhatÀ» ¼³Ä¡ÇÑ Alpha/AXP
o SCO Openserver (v3.2.4.2¿Í 5)
o AIX¸¦ ¼³Ä¡ÇÑ IBM RS/6000
4.1. Microsoft Windows 95 ¼³Á¤
1. ³×Æ®¿÷ ÀåÄ¡ µå¶óÀ̹ö¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´Ù¸é Áö±Ý ¼³Ä¡ÇÑ´Ù. µå¶óÀ̹ö
¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼¿¡¼ ´Ù·çÁö ¾Ê´Â´Ù.
2.
3. TCP/IP ÇÁ·ÎÅäÄÝÀÌ ¼³Ä¡µÇÁö ¾Ê¾Ò´Ù¸é, Ãß°¡ --> ÇÁ·ÎÅäÄÝ -->
Á¦Á¶È¸»ç: Microsoft --> ÇÁ·ÎÅäÄÝ: 'TCP/IP ÇÁ·ÎÅäÄÝ' À» Â÷·Ê·Î
¼±ÅÃÇؼ ¼³Ä¡ÇÑ´Ù.
4. TCP/IP Ç׸ñÀ» Windows95 ³×Æ®¿÷ Ä«µå·Î ¿¬°á(bound)µÇµµ·Ï ÇÏ°í
'µî·ÏÁ¤º¸'¸¦ ¼±Ã¥ÇÑ´Ù. 'IP ÁÖ¼Ò' ÅÇÀ» Ŭ¸¯ÇÏ°í IP ÁÖ¼Ò¸¦
192.168.0.x(1 < x < 255)·Î ¼³Á¤ÇÑ´Ù. ±×¸®°í ¼ºê³Ý ¸¶½ºÅ©¸¦
255.255.255.0À¸·Î ¼³Á¤ÇÑ´Ù.
5. "°ÔÀÌÆ®¿þÀÌ" ÅÇÀ» Ŭ¸¯ÇÏ°í '°ÔÀÌÆ®¿þÀÌ'¿¡ 192.168.0.1À̶ó°í
ÀÔ·ÂÇÑÈÄ "Ãß°¡"¸¦ Ŭ¸¯ÇÑ´Ù.
6.
7. ³ª¸ÓÁö ¼³Á¤µéÀº Àß ¾ËÁö ¸øÇÑ´Ù¸é ±×´ë·Î µÎµµ·Ï ÇÑ´Ù.
8. ¸ðµç ´ëÈ»óÀÚ¿¡¼ 'È®ÀÎ(OK)' À» Ŭ¸¯ÇÏ°í ÀçºÎÆÃÇÑ´Ù.
9. ³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇØ º¸±â À§Çؼ ¸®´ª½º È£½ºÆ®·Î Ping À» Çغ»´Ù:
'½ÃÀÛ/½ÇÇà', ping 192.168.0.1¶ó°í ÀÔ·Â.
(ÀÌ°ÍÀº ´ÜÁö ³»ºÎ LAN ¿¬°áÀ» ½ÃÇèÇÏ´Â °ÍÀÌ´Ù. ¾ÆÁ÷Àº ¹Ù±ù ¼¼°è·Î
ping À» ÇÒ ¼ö°¡ ¾ø´Ù.) PING ÇÑ °Í¿¡ ´ëÇØ ÀÀ´äÀÌ ¾ø´Ù¸é ³×Æ®¿÷
¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù.
10.
C:\Windows µð·ºÅ丮¿¡ HOSTS ÈÀÏÀ» ¸¸µé¸é, DNS ¼¹ö°¡ ¾ø¾îµµ
"È£½ºÆ®¸í"À¸·Î LAN ¾È¿¡ ÀÖ´Â ÄÄÇ»Å͵鿡°Ô PINGÀ» ÇÒ ¼ö°¡ ÀÖ´Ù.
C:\windows µð·ºÅ丮¿¡ HOSTS.SAM ¶ó´Â ¿¹Á¦ ÈÀÏÀÌ ÀÖÀ» °ÍÀÌ´Ù.
4.2. Windows NT ¼³Á¤
1. ³×Æ®¿÷ ÀåÄ¡ µå¶óÀ̹ö¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´Ù¸é Áö±Ý ¼³Ä¡ÇÑ´Ù. µå¶óÀ̹ö
¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼¿¡¼ ´Ù·çÁö ¾Ê´Â´Ù.
2.
3. TCP/IP ¼ºñ½º°¡ ¾ÆÁ÷ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù¸é '¼ÒÇÁÆ®¿þ¾î Ãß°¡'
¸Þ´º¿¡¼ TCP/IP ÇÁ·ÎÅäÄÝ°ú ±×¿Ü Ç׸ñµéÀ» Ãß°¡ÇÑ´Ù.
4.
5.
6. Windows NT µµ¸ÞÀÎ ³»¿¡ ÀÖÁö ¾Ê°Å³ª °¢ Ç׸ñÀÌ ¹«¾ùÀ» ÀǹÌÇÏ´ÂÁö Àß
¸ð¸¦ ¶§¿¡´Â 'Automatic DHCP Configuration'ÀÇ È°¼ºÈ¸¦ ÇØÁ¦ÇÏ°í,
'WINS Server' ºÎºÐ¿¡ ¾Æ¹«°Íµµ ÀÔ·ÂÇÏÁö ¸»°í, Enable IP
ForwardingsÀÇ È°¼ºÈ¸¦ ÇØÁ¦ÇÑ´Ù.
7.
8.
9. ¸ðµç ´ëÈ»óÀÚ¿¡¼ 'È®ÀÎ'À» Ŭ¸¯ÇÏ°í ½Ã½ºÅÛÀ» Àç½ÃÀÛÇÑ´Ù.
10.
³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇØ º¸±â À§Çؼ ¸®´ª½º È£½ºÆ®·Î Ping À» Çغ»´Ù:
'ÈÀÏ/½ÇÇà', ping 192.168.0.1¶ó°í ÀÔ·Â.
(ÀÌ°ÍÀº ´ÜÁö ³»ºÎ LAN ¿¬°áÀ» ½ÃÇèÇÏ´Â °ÍÀÌ´Ù. ¾ÆÁ÷Àº ¹Ù±ù ¼¼°è·Î
ping À» ÇÒ ¼ö°¡ ¾ø´Ù.) PING ÇÑ °Í¿¡ ´ëÇØ ÀÀ´äÀÌ ¾ø´Ù¸é ³×Æ®¿÷
¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù.
4.3. Windows¿¡¼ Workgroup 3.11 ¼³Á¤
1. ³×Æ®¿÷ ÀåÄ¡ µå¶óÀ̹ö¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´Ù¸é Áö±Ý ¼³Ä¡ÇÑ´Ù. µå¶óÀ̹ö
¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼¿¡¼ ´Ù·çÁö ¾Ê´Â´Ù.
2. TCP/IP 32b ÆÐÅ°Áö°¡ ¾ÆÁ÷ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù¸é ¼³Ä¡ÇÑ´Ù.
3.
4.
5. IP ÁÖ¼Ò¸¦ 192.168.0.x (1 < x < 255)·Î ¼³Á¤ÇÑ´Ù. ±×¸®°í ¼ºê³Ý
¸¶½ºÅ©¸¦ 255.255.255.0À¸·Î µðÆúÆ® °ÔÀÌÆ®¿þÀ̸¦ 192.168.0.1·Î
¼³Á¤ÇÑ´Ù.
6. Windows NT µµ¸ÞÀÎ ³»¿¡ ÀÖÁö ¾Ê°Å³ª °¢ Ç׸ñÀÌ ¹«¾ùÀ» ÀǹÌÇÏ´ÂÁö Àß
¸ð¸¦ ¶§¿¡´Â 'Automatic DHCP Configuration'ÀÇ È°¼ºÈ¸¦ ÇØÁ¦ÇÏ°í,
'WINS Server' ºÎºÐ¿¡ ¾Æ¹«°Íµµ ÀÔ·ÂÇÏÁö ¸»µµ·Ï ÇÑ´Ù.
7.
8.
9. ¸ðµç ´ëÈ»óÀÚ¿¡¼ 'È®ÀÎ'À» Ŭ¸¯ÇÏ°í ½Ã½ºÅÛÀ» Àç½ÃÀÛÇÑ´Ù.
10.
³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇØ º¸±â À§Çؼ ¸®´ª½º È£½ºÆ®·Î Ping À» Çغ»´Ù:
'ÈÀÏ/½ÇÇà', ping 192.168.0.1¶ó°í ÀÔ·Â.
4.4. UNIX ±â¹Ý ½Ã½ºÅÛÀÇ ¼³Á¤
1. ¾ÆÁ÷ ³×Æ®¿÷ Ä«µå¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò°Å³ª ÇØ´ç µå¶óÀ̹ö¸¦ Áö¿øÇϵµ·Ï
Ä¿³ÎÀ» ´Ù½Ã ÄÄÆÄÀÏ ÇÏÁö ¾Ê¾Ò´Ù¸é Áö±Ý ÇÑ´Ù. ÀÌ ¹®¼¿¡¼ ÀÌ ³»¿ëÀº
´Ù·çÁö ¾Ê´Â´Ù.
2. TCP/IP ³×Æ®¿÷ÀÌ ¾ÆÁ÷ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù¸é, net-tools ÆÐÅ°Áö¿Í °°Àº
TCP/IP ³×Æ®¿÷ ÅøÀ» ¼³Ä¡ÇÑ´Ù.
3. IPADDR¸¦ 192.168.0.x (1 < x < 255)·Î ¼³Á¤ÇÑ´Ù. NETMASK¸¦
255.255.255.0, GATEWAY¸¦ 192.168.0.1, ±×¸®°í BROADCAST¸¦
192.168.0.255·Î ¼³Á¤ÇÑ´Ù.
¿¹¸¦ µé¾î¼ ·¡µåÇÞ ¸®´ª½º ½Ã½ºÅÛÀ̶ó¸é, /etc/sysconfig/network-
scripts/ifcfg-eth0ÈÀÏÀ» ÆíÁýÇϰųª, °£´ÜÇÏ°Ô Control Panel¿¡¼
ÇØ°áÇÒ ¼ö ÀÖ´Ù. SunOS, BSDi, Slackware Linux, Solaris, SuSe, Debian
µîµî.. ´Ù¸¥ UNIX¿¡¼´Â ¹æ¹ýÀÌ ´Ù¸¦ ¼öµµ ÀÖ´Ù. Á¤º¸¸¦ ´õ ¾ò°íÀÚ
ÇÑ´Ù¸é ¿©·¯ºÐÀÇ ÇØ´ç UNIX ¹®¼¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù.
4. /etc/resolv.confÈÀÏ¿¡ µµ¸ÞÀÎ ³×ÀÓ ¼ºñ½º(DNS)¸¦ Ãß°¡ÇÏ°í µµ¸ÞÀÎ
°Ë»ö Á¢¹Ì»ç¸¦ Ãß°¡ÇÑ´Ù. UNIX ¹öÁ¯°ú Á¾·ù¿¡ µû¶ó¼´Â,
/etc/nsswitch.conf ÈÀÏÀ» ÆíÁýÇؼ DNS ¼ºñ½º¸¦ »ç¿ë°¡´ÉÇÏ°Ô ÇÑ´Ù.
5. ¼³Á¤¿¡ µû¶ó¼´Â /etc/networks ÈÀÏÀ» ÆíÁýÇؼ ¹Ù²Ù¾îÁà¾ß ÇÒ ¼öµµ
ÀÖ´Ù.
6. ÀûÀýÇÑ ¼ºñ½ºµéÀ» Àç½Ãµ¿Çϰųª, ȤÀº °£´ÜÇÏ°Ô ¾Æ¿¹ ½Ã½ºÅÛ ÀÚü¸¦
Àç½ÃÀÛÇÑ´Ù.
7. °ÔÀÌÆ®¿þÀÌ°¡ µÇ´Â ÄÄÇ»ÅÍ·ÎÀÇ ¿¬°áÀ» ½ÃÇèÇϱâ À§Çؼ ´ÙÀ½°ú °°ÀÌ
ping ¸í·ÉÀ» ³»¸°´Ù: ping 192.168.0.1.
(ÀÌ°ÍÀº ´ÜÁö ³»ºÎ LAN ¿¬°áÀ» ½ÃÇèÇÏ´Â °ÍÀÌ´Ù. ¾ÆÁ÷Àº ¹Ù±ù ¼¼°è·Î
ping À» ÇÒ ¼ö°¡ ¾ø´Ù.) PING ÇÑ °Í¿¡ ´ëÇØ ÀÀ´äÀÌ ¾ø´Ù¸é ³×Æ®¿÷
¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù.
4.5. NCSA ÅÚ³Ý ÆÐÅ°Áö¸¦ »ç¿ëÇÏ´Â DOSÀÇ ¼³Á¤
1. ¾ÆÁ÷ ³×Æ®¿÷ Ä«µå¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´Ù¸é Áö±Ý ¼³Ä¡ÇÑ´Ù. ³×Æ®¿÷ Ä«µå
¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼¿¡¼ ´Ù·çÁö ¾Ê´Â´Ù.
2. ÀûÀýÇÑ ÆÐŶ µå¶óÀ̹ö¸¦ ·ÎµåÇÑ´Ù. ¿¹¸¦ µé¾î¼: NE2000 ÀÌ´õ³Ý Ä«µå¸¦
I/O Æ÷Æ® 300, IRQ 10À¸·Î »ç¿ëÇÑ´Ù¸é, nwpd 0x60 10 0x300¶ó°í
¸í·ÉÇÑ´Ù.
3. »õ·Î¿î µð·ºÅ丮¸¦ ¸¸µé°í, ±× µð·ºÅ丮¿¡ NCSA ÅÚ³Ý ÆÐÅ°Áö¸¦ Ç®¾î
³õ´Â´Ù: pkunzip tel2308b.zip
4. ÅؽºÆ® ¿¡µðÅÍ·Î config.tel ÈÀÏÀ» ¿¬´Ù.
5. myip=192.168.0.x (1 < x < 255)·Î, netmask=255.255.255.0·Î ¼³Á¤ÇÑ´Ù.
6. ÀÌ ¿¹¿¡¼´Â, hardware=packet, interrupt=10, ioaddr=60¶ó°í ¼³Á¤Çؾß
ÇÑ´Ù.
7. °ÔÀÌÆ® ¿þÀ̷μ Àû¾îµµ ÇÑ°³ÀÇ ÄÄÇ»ÅÍ¿¡ ´ëÇÑ ¼³Á¤ÀÌ ÀÖ¾î¾ß ÇÑ´Ù(¿¹¸¦
µé¸é ÀÌ °æ¿ì¿¡´Â ¸®´ª½º È£½ºÆ®):
name=default
host=¸®´ª½ºÈ£½ºÆ®À̸§
hostip=192.168.0.1
gateway=1
8. µµ¸ÞÀÎ ³×ÀÓ ¼ºñ½º¸¦ À§Çؼ ¶Ç ÇϳªÀÇ ¼³Á¤À» ÇØÁà¾ß ÇÑ´Ù:
name=dns.domain.com ; hostip=123.123.123.123; nameserver=1
Note: ¸®´ª½º È£½ºÆ®°¡ »ç¿ëÇÏ°í ÀÖ´Â Á¤º¸´ë·Î À§ÀÇ ³»¿ëÀ» ¼öÁ¤ÇØ ÁØ´Ù.
9. config.tel ÈÀÏÀ» ÀúÀåÇÑ´Ù.
10.
³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇϱâ À§Çؼ ¸®´ª½º È£½ºÆ®·Î ÅÚ³Ý ¿¬°áÀ» ÇØ º»´Ù:
telnet 192.168.0.1 ¸¸¾à ·Î±ä ÇÁ·ÒÇÁÆ®°¡ ³ª¿ÀÁö ¾Ê´Â´Ù¸é, ³×Æ®¿÷
¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù.
4.6. MacTCP¸¦ »ç¿ëÇÏ´Â MacOS ±â¹Ý ½Ã½ºÅÛÀÇ ¼³Á¤
1. ÀÌ´õ³Ý ¾î´ðÅ͸¦ À§ÇÑ ¼ÒÇÁÆ®¿þ¾î¸¦ ¾ÆÁ÷ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´Ù¸é Áö±Ý
¼³Ä¡ÇÑ´Ù. ¾î´ðÅÍ ¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼¿¡¼ ´Ù·çÁö ¾Ê´Â´Ù.
2. MacTCP control panelÀ» ¿¬´Ù. ÀûÀýÇÑ ³×Æ®¿÷ µå¶óÀ̹ö¸¦
¼±ÅÃÇÑ´Ù(EtherTalkÀÌ ¾Æ´Ï°í EthernetÀ» ¼±ÅÃ). ±×¸®°í 'More...'
¹öÆ°À» Ŭ¸¯ÇÑ´Ù.
3.
4.
Address:'
5.
6.
7.
8. MacTCP control panelÀ» ´Ý´Â´Ù. Àç½ÃÀÛÀ» ¹¯´Â ´ëÈ»óÀÚ°¡ ³ªÅ¸³ª¸é
½Ã½ºÅÛÀ» Àç½ÃÀÛÇÑ´Ù.
9. ³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇϱâ À§Çؼ ¸®´ª½º È£½ºÆ®¿¡ pingÀ» º¸³¾ ¼ö ÀÖ´Ù.
MacTCP Watcher¶ó´Â ÇÁ¸®¿þ¾î ¼ÒÇÁÆ®¿þ¾î°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù¸é, 'Ping'
¹öÆ°À» ´©¸£°í, ³ªÅ¸³ª´Â ´ëÈ»óÀÚ¿¡¼ ¸®´ª½º È£½ºÆ®ÀÇ
ÁÖ¼Ò(192.168.0.1)¸¦ ÀÔ·ÂÇÑ´Ù. (ÀÌ°ÍÀº ´ÜÁö ³»ºÎ LAN ¿¬°áÀ»
½ÃÇèÇÏ´Â °ÍÀÌ´Ù. ¾ÆÁ÷Àº ¹Ù±ù ¼¼°è·Î ping À» ÇÒ ¼ö°¡ ¾ø´Ù.) PING ÇÑ
°Í¿¡ ´ëÇØ ÀÀ´äÀÌ ¾ø´Ù¸é ³×Æ®¿÷ ¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù.
10.
³»ºÎ LAN¿¡¼ IP ÁÖ¼Ò ´ë½Å È£½ºÆ® À̸§À» »ç¿ëÇϱâ À§Çؼ, ½Ã½ºÅÛ
Æú´õ¿¡ Hosts ÈÀÏÀ» ¸¸µé ¼öµµ ÀÖ´Ù. ½Ã½ºÅÛ Æú´õ¿¡´Â ÀÌ ÈÀÏÀÌ À̹Ì
Á¸ÀçÇÏ°í ÀÖÀ» °ÍÀÌ´Ù. ÀÌ ÈÀÏ¿¡´Â ¿©·¯ºÐÀÇ °æ¿ì¿¡ ¸ÂÃç¼ ¼öÁ¤Çؼ
»ç¿ëÇÒ ¼öÀÖ´Â »ùÇÃÀÌ µé¾î ÀÖÀ» °ÍÀÌ´Ù.
4.7. Open Transport¸¦ »ç¿ëÇÏ´Â MacOS ±â¹Ý ½Ã½ºÅÛÀÇ ¼³Á¤
1. ÀÌ´õ³Ý ¾î´ðÅ͸¦ À§ÇÑ ÀûÀýÇÑ µå¶óÀ̹ö°¡ ¾ÆÁ÷ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù¸é,
Áö±Ý ¼³Ä¡ÇÑ´Ù. µå¶óÀ̹ö ¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼¿¡¼ ´Ù·çÁö ¾Ê´Â´Ù.
2. TCP/IP Control PanelÀ» ¿¾î¼ Edit ¸Þ´º¿¡¼ 'User Mode ...'¸¦
¼±ÅÃÇÑ´Ù. user mode °¡ ÃÖ¼ÒÇÑ 'Advanced' ÀÌ»ó¿¡ ¼³Á¤µÇ¾î ÀÖ´ÂÁö
È®ÀÎÇÏ°í 'OK' ¹öÆ°À» ´©¸¥´Ù.
3. File ¸Þ´º¿¡¼ 'Configurations...'¸¦ ¼±ÅÃÇÑ´Ù. 'Default' ·Î µÇ¾î
ÀÖ´Â ¼³Á¤À» ¼±ÅÃÇÏ°í 'Duplicate...' ¹öÆ°À» Ŭ¸¯ÇÑ´Ù. 'Duplicate
Configuration' ´ëÈ»óÀÚ¿¡¼, 'IP Masq' (ȤÀº º¸ÅëÀÇ °æ¿ì¿¡¼ÀÇ
¼³Á¤ÀÌ ¾Æ´Ï¶ó´Â °ÍÀ» ÀǹÌÇÏ´Â °Í)À» ÀÔ·ÂÇÑ´Ù. ÀÌ·¸°Ô Çϸé 'Default
copy'¿Í °°Àº °ÍÀÌ ³ªÅ¸³¯ °ÍÀÌ´Ù. ±×·¯¸é 'OK' ¹öÆ°À» Ŭ¸¯ÇÏ°í, 'Make
Active' ¹öÆ°À» Ŭ¸¯ÇÑ´Ù.
4.
5.
6.
Address:'
7.
8.
9.
10.
11.
´ÙÀ½ °úÁ¤Àº ¼±ÅÃÀûÀÌ´Ù. À߸ø ¼³Á¤Çϸé Á¤»ó µ¿ÀÛÇÏÁö ¾ÊÀ» ¼öµµ ÀÖ´Ù.
Àß ¸ð¸£°Ú´Ù¸é, ¾Æ¹«°Íµµ ÀÔ·ÂÇÏÁö ¸»°í ºñ¿öµÎ°Å³ª, ¾Æ¹«°Íµµ ¼±ÅõÇÁö
¾ÊÀº ä·Î µÎ´Â °ÍÀÌ ÁÁÀ» °ÍÀÌ´Ù. ÇÊ¿äÇÏ´Ù¸é, ÀԷµǾî ÀÖ´Â Á¤º¸¸¦
¸ðµÎ ¾ø¾Öµµ·Ï ÇÑ´Ù. ÇÊÀÚ°¡ ¾Æ´Â ÇÑ, TCP/IP ´ëÈ»óÀÚ¸¦ ÅëÇؼ
½Ã½ºÅÛÀÌ ÀÌÀü¿¡ ¼±ÅõǾî ÀÖ´Â ´Ù¸¥ "Hosts" ÈÀÏÀ» »ç¿ëÇÏÁö ¾Êµµ·Ï
ÇÏ´Â ¹æ¹ýÀº ¾ø´Ù. ¸¸¾à ¿©·¯ºÐÀÌ ±× ¹æ¹ýÀ» ¾Ë°í ÀÖ´Ù¸é, ÇÊÀÚ¿¡°Ô
¾Ë·ÁÁÖ±æ ¹Ù¶õ´Ù.
¿©·¯ºÐÀÇ ³×Æ®¿÷ÀÌ 802.3 ŸÀÔÀÇ ÇÁ·¹ÀÓÀ» ÇÊ¿ä·Î ÇÑ´Ù¸é '802.3'À»
üũÇÑ´Ù.
12.
13.
³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇϱâ À§Çؼ ¸®´ª½º È£½ºÆ®¿¡ pingÀ» º¸³¾ ¼ö ÀÖ´Ù.
MacTCP Watcher¶ó´Â ÇÁ¸®¿þ¾î ¼ÒÇÁÆ®¿þ¾î°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù¸é, 'Ping'
¹öÆ°À» ´©¸£°í, ³ªÅ¸³ª´Â ´ëÈ»óÀÚ¿¡¼ ¸®´ª½º È£½ºÆ®ÀÇ
ÁÖ¼Ò(192.168.0.1)¸¦ ÀÔ·ÂÇÑ´Ù. (ÀÌ°ÍÀº ´ÜÁö ³»ºÎ LAN ¿¬°áÀ»
½ÃÇèÇÏ´Â °ÍÀÌ´Ù. ¾ÆÁ÷Àº ¹Ù±ù ¼¼°è·Î ping À» ÇÒ ¼ö°¡ ¾ø´Ù.) PING ÇÑ
°Í¿¡ ´ëÇØ ÀÀ´äÀÌ ¾ø´Ù¸é ³×Æ®¿÷ ¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù.
14.
³»ºÎ LAN¿¡¼ IP ÁÖ¼Ò ´ë½Å È£½ºÆ® À̸§À» »ç¿ëÇϱâ À§Çؼ, ½Ã½ºÅÛ
Æú´õ¿¡ Hosts ÈÀÏÀ» ¸¸µé ¼öµµ ÀÖ´Ù. ÀÌ ÈÀÏÀº ½Ã½ºÅÛ Æú´õ¿¡ ÀÖÀ»
¼öµµ ÀÖ°í ¾øÀ» ¼öµµ ÀÖ´Ù. ÀÌ ÈÀÏÀÌ Á¸ÀçÇÑ´Ù¸é, ¿©·¯ºÐÀÇ °æ¿ì¿¡
¸ÂÃç¼ ¼öÁ¤Çؼ »ç¿ëÇÒ ¼öÀÖ´Â »ùÇÃÀÌ µé¾î ÀÖÀ» °ÍÀÌ´Ù. Á¸ÀçÇÏÁö
¾Ê´Â´Ù¸é, MacTCP¸¦ »ç¿ëÇÏ°í ÀÖ´Â ½Ã½ºÅÛÀ¸·ÎºÎÅÍ º¹»çÇØ ¿Í¼ ¼öÁ¤ÇØ
¾²°Å³ª, ±×³É ¿©·¯ºÐ ÀÚ½ÅÀÌ ¸¸µé¾î¼ »ç¿ëÇصµ µÈ´Ù(ÀÌ ÈÀÏÀÇ Çü½ÄÀº
UNIXÀÇ /etc/hosts ÈÀÏ Çü½ÄÀÇ ÀϺθ¦ »ç¿ëÇϸç, RFC952¿¡ ¼³¸íµÇ¾î
ÀÖ´Ù). ÀÏ´Ü ÈÀÏÀ» ¸¸µé°í ³ª¸é, TCP/IP control panelÀ» ¿¾î¼,
'Select Hosts File...' ¹öÆ°À» ´©¸£°í Hosts ÈÀÏÀ» ¿¬´Ù.
15.
´Ý±â »óÀÚ¸¦ Ŭ¸¯Çϰųª File ¸Þ´º¿¡¼ 'Close' ȤÀº 'Quit' À»
¼±ÅÃÇÑ´Ù. ±×¸®°í 'Save' ¹öÆ°À» Ŭ¸¯Çؼ º¯°æ»çÇ×À» ÀúÀåÇÑ´Ù.
16.
º¯°æ »çÇ×Àº Áï½Ã ¹Ý¿µµÇÁö¸¸, ½Ã½ºÅÛÀ» ÀçºÎÆÃÇÏ´Â °Íµµ ÁÁ´Ù.
4.8. DNS¸¦ »ç¿ëÇÏ´Â Novell ³×Æ®¿÷ÀÇ ¼³Á¤
1. ÀÌ´õ³Ý ¾î´ðÅÍÀ» À§ÇÑ µå¶óÀ̹ö ¼ÒÇÁÆ®¿þ¾î°¡ ¾ÆÁ÷ ¼³Ä¡µÇ¾î ÀÖÁö
¾Ê´Ù¸é, Áö±Ý ¼³Ä¡ÇÑ´Ù. µå¶óÀ̹ö ¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼¿¡¼ ´Ù·çÁö
¾Ê´Â´Ù.
2. The Novell LanWorkPlace page
¿¡¼ tcpip16.exe¸¦
´Ù¿î·ÎµåÇÑ´Ù.
3.
c:\nwclient\startnet.bat¸¦ ÆíÁýÇÑ´Ù
SET NWLANGUAGE=ENGLISH
LH LSL.COM
LH KTC2000.COM
LH IPXODI.COM
LH tcpip
LH VLM.EXE
F:
4.
c:\nwclient\net.cfg¸¦ ÆíÁýÇÑ´Ù
Link Driver KTC2000
Protocol IPX 0 ETHERNET_802.3
Frame ETHERNET_802.3
Frame Ethernet_II
FRAME Ethernet_802.2
NetWare DOS Requester
FIRST NETWORK DRIVE = F
USE DEFAULTS = OFF
VLM = CONN.VLM
VLM = IPXNCP.VLM
VLM = TRAN.VLM
VLM = SECURITY.VLM
VLM = NDS.VLM
VLM = BIND.VLM
VLM = NWP.VLM
VLM = FIO.VLM
VLM = GENERAL.VLM
VLM = REDIR.VLM
VLM = PRINT.VLM
VLM = NETX.VLM
Link Support
Buffers 8 1500
MemPool 4096
Protocol TCPIP
PATH SCRIPT C:\NET\SCRIPT
PATH PROFILE C:\NET\PROFILE
PATH LWP_CFG C:\NET\HSTACC
PATH TCP_CFG C:\NET\TCP
ip_address 192.168.0.xxx
ip_router 192.168.0.1
À§ÀÇ "ip_address" ºÎºÐÀº ¿©·¯ºÐÀÇ IP ÁÖ¼Ò·Î ÇÑ´Ù (192.168.0.x, 1 < x < 255)
±×¸®°í ¸¶Áö¸·À¸·Î c:\bin\resolv.cfg¸¦ ÆíÁýÇÑ´Ù:
SEARCH DNS HOSTS SEQUENTIAL
NAMESERVER xxx.xxx.xxx.xxx
NAMESERVER yyy.yyy.yyy.yyy
5. À§ÀÇ "NAMESERVER" ºÎºÐÀº ¿©·¯ºÐÀÌ »ç¿ëÇÏ´Â DNS ¼¹ö·Î ´ëüÇÑ´Ù.
6. °ÔÀÌÆ®¿þÀÌ ÄÄÇ»ÅÍ·ÎÀÇ ³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇϱâ À§Çؼ ping ¸í·ÉÀ»
ÇÑ´Ù: ping 192.168.0.1
(ÀÌ°ÍÀº ´ÜÁö ³»ºÎ LAN ¿¬°áÀ» ½ÃÇèÇÏ´Â °ÍÀÌ´Ù. ¾ÆÁ÷Àº ¹Ù±ù ¼¼°è·Î
ping À» ÇÒ ¼ö°¡ ¾ø´Ù.) PING ÇÑ °Í¿¡ ´ëÇØ ÀÀ´äÀÌ ¾ø´Ù¸é ³×Æ®¿÷
¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù.
4.9. OS/2 WarpÀÇ ¼³Á¤
1. ÀÌ´õ³Ý ¾î´ðÅ͸¦ À§ÇÑ ÀûÀýÇÑ µå¶óÀ̹ö ¼ÒÇÁÆ®¿þ¾î°¡ ¾ÆÁ÷ ¼³Ä¡µÇ¾î
ÀÖÁö ¾Ê´Ù¸é Áö±Ý ¼³Ä¡ÇÑ´Ù. µå¶óÀ̹ö ¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼¿¡¼
´Ù·çÁö ¾Ê´Â´Ù.
2. TCP/IP ÇÁ·ÎÅäÄÝÀÌ ¾ÆÁ÷ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù¸é Áö±Ý ¼³Ä¡ÇÑ´Ù.
3. Programs/TCP/IP (LAN) / TCP/IP ¼³Á¤À¸·Î °£´Ù.
4.
5.
6.
7. TCP/IP control panelÀ» ´Ý°í µÚÀÌ¾î ³ª¿À´Â Áú¹®µé¿¡ yes¸¦ ´äÇÑ´Ù.
8. ½Ã½ºÅÛÀ» ÀçºÎÆÃÇÑ´Ù.
9. ³×Æ®¿÷ ¼³Á¤À» ½ÃÇèÇϱâ À§Çؼ ¸®´ª½º È£½ºÆ®¸¦ ping ÇÒ ¼öµµ ÀÖ´Ù.
'OS/2 Command prompt Window'¿¡¼ 'ping 192.168.0.1'¶ó°í ÀÔ·ÂÇÑ´Ù.
ping ÆÐŶÀÌ µ¹¾Æ¿À¸é ¸ðµç°Ô Á¦´ë·Î ¼³Á¤µÈ °ÍÀÌ´Ù.
4.10. ±×¿Ü ´Ù¸¥ ½Ã½ºÅÛÀÇ ¼³Á¤
±×¿Ü ´Ù¸¥ ½Ã½ºÅÛÀ» ¼³Á¤ÇÒ ¶§¿¡µµ Áö±Ý±îÁö¿Í °°Àº ¹æ½ÄÀ» »ç¿ëÇÑ´Ù. À§ÀÇ
¼½¼ÇµéÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. À§¿¡¼ ´Ù·çÁö ÀÖÁö ¾Ê´Â ½Ã½ºÅÛ¿¡¼ÀÇ ¼³Á¤¿¡
´ëÇؼ ±ÛÀ» ½á ÁÖ½Ç ºÐÀº, ±× ÀÚ¼¼ÇÑ ¼³Á¤°úÁ¤À» ambrose@writeme.com°ú
dranch@trinnet.netÀ¸·Î º¸³»Áֱ⠹ٶõ´Ù.
5. IP ¸¶½ºÄ¿·¹À̵åÀÇ ½ÃÇè
ÀÌÁ¦ ¸¶Áö¸·À¸·Î, IP ¸¶½ºÄ¿·¹À̵ùÀ» ½ÃÇèÇÒ ¶§´Ù. ¸®´ª½º È£½ºÆ®¸¦ ¾ÆÁ÷
ÀçºÎÆÃÇغ¸Áö ¾Ê¾Ò´Ù¸é, Áö±Ý ÀçºÎÆÃÇÏ°í ºÎÆÃÀÌ ¼º°øÇÏ´ÂÁö È®ÀÎÇÏ°í,
/etc/rc.d/rc.firewall Á¤Ã¥À» ½ÇÇàÇÑ´Ù. ´ÙÀ½À¸·Î, ³»ºÎ LAN°úÀÇ ¿¬°á°ú
¿ÜºÎ ÀÎÅͳÝÀ¸·ÎÀÇ ¿¬°áÀÌ Á¦´ë·Î µÇ¾î ÀÖ´ÂÁö È®ÀÎÇÑ´Ù.
ÀÌÁ¦ ´ÙÀ½°ú °°ÀÌ ÇÑ´Ù:
o ù¹ø°: ¸¶½ºÄ¿·¹À̵ù ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡¼, ³»ºÎÀÇ ´Ù¸¥ ÄÄÇ»ÅÍ·Î
pingÀ» Çغ»´Ù(¿¹¸¦ µé¸é ping 192.168.0.10 °ú °°ÀÌ). ÀÌ°ÍÀ¸·Î ³»ºÎ
LANÀÇ ÄÄÇ»ÅÍ¿¡¼ TCP/IP°¡ Á¦´ë·Î µ¿ÀÛÇÏ´ÂÁö È®ÀÎÇÒ ¼ö ÀÖ´Ù. ¸¸¾à
Á¦´ë·Î µÇÁö ¾Ê´Â´Ù¸é, ³»ºÎ ÄÄÇ»Å͵鿡¼ TCP/IP ¼³Á¤À» ÀÌ HOWTO¿¡¼
¼³¸íÇÑ ´ë·Î Á¦´ë·Î Çß´ÂÁö ´Ù½Ã È®ÀÎÇÑ´Ù.
o µÎ¹ø°: ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö ÀÚü¿¡¼, ¸¶½ºÄ¿·¹ÀÌµå ³»Æ®¿÷ ³»ºÎÀÇ IP
ÁÖ¼Ò·Î pingÀ» Çغ»´Ù(¿¹¸¦ µé¸é ping 192.168.0.1°ú °°ÀÌ). ÀÌÁ¦
ÀÎÅÍ³Ý »óÀÇ ¿ÜºÎ IP ÁÖ¼Ò·Î pingÀ» Çغ»´Ù. ÀÌ ¿ÜºÎÀÇ ÁÖ¼Ò´Â ISP¿¡
¿¬°áµÈ ÀÚ±â ÀÚ½ÅÀÇ PPP, ÀÌ´õ³Ý µîÀÇ ÁÖ¼Ò¿©µµ µÈ´Ù. ÀÌ IP ÁÖ¼Ò¸¦
¸ð¸¥´Ù¸é, "/sbin/ifconfig"¶ó°í ¸í·ÉÇؼ ÀÎÅÍ³Ý ÁÖ¼Ò¸¦ ¾Ë¾Æ³½´Ù.
ÀÌ°ÍÀ¸·Î ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö¿¡ ³×Æ®¿÷ÀÌ ¿ÂÀüÈ÷ ¿¬°áµÇ¾î ÀÖ´ÂÁö ¾Ë
¼ö°¡ ÀÖ´Ù.
o ¼¼¹ø°: ´Ù½Ã ¸¶½ºÄ¿·¹À̵ù µÇ´Â ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡¼, ¸¶½ºÄ¿·¹À̵ù
¸®´ª½º È£½ºÆ®ÀÇ ³»ºÎ ÀÌ´õ³Ý Ä«µå¿¡ ¿¬°áµÈ IP ÁÖ¼Ò·Î pingÀ»
Çغ»´Ù(¿¹¸¦ µé¸é ping 192.168.0.1°ú °°ÀÌ). ÀÌ°ÍÀ¸·Î ³»ºÎ ³×Æ®¿÷°ú
¶ó¿ìÆÃÀÌ Á¦´ë·Î µÇ°í ÀÖ´ÂÁö È®ÀÎÇÒ ¼ö ÀÖ´Ù. ¸¸¾à ÀÌ°ÍÀÌ
½ÇÆÐÇÑ´Ù¸é, ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö¿Í ³»ºÎ ÄÄÇ»ÅÍÀÇ ÀÌ´õ³Ý Ä«µå°¡
"¹°¸®ÀûÀ¸·Î" ¿¬°áµÇ¾î ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. ÀÌ´Â ÀÌ´õ³Ý Ä«µå µÞ¸éÀ̳ª
ÀÌ´õ³Ý Çãºê/½ºÀ§Ä¡(¸¸¾à ÀÖ´Ù¸é)ÀÇ LED°¡ Á¡µîÇÏ´ÂÁö È®ÀÎÇÏ¸é µÈ´Ù.
o ³×¹ø°: ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡¼, ¸¶½ºÄ¿·¹ÀÌµå ¼¹öÀÇ ¿ÜºÎ·Î ¿¬°áµÈ
TCP/IP ÁÖ¼Ò·Î pingÀ» Çغ»´Ù. ÀÌ ÁÖ¼Ò´Â ISP¿¡ ¿¬°áµÈ ¿©·¯ºÐÀÇ PPP,
ÀÌ´õ³Ý µîÀÇ ÁÖ¼ÒÀÏ °ÍÀÌ´Ù. ÀÌ ping Å×½ºÆ®·Î, ¸¶½ºÄ¿·¹À̵ù(ƯÈ÷
ICMP ¸¶½ºÄ¿·¹À̵ù)ÀÌ Á¦´ë·Î ÀÛµ¿ÇÏ°í ÀÖ´ÂÁö È®ÀÎÇÒ ¼ö ÀÖ´Ù. ¸¸¾à
ÀÌ°ÍÀÌ Á¦´ë·Î µ¿ÀÛÇÏÁö ¾Ê´Â´Ù¸é, Ä¿³ÎÀÌ "ICMP Masquerading"À»
Áö¿øÇϵµ·Ï µÇ¾î ÀÖ´ÂÁö¿Í /etc/rc.d/rc.firewall ½ºÅ©¸³Æ®¿¡¼ "IP
Forwarding"À» Çã¿ëÇß´ÂÁö È®ÀÎÇÑ´Ù. /etc/rc.d/rc.firewall Á¤Ã¥ÀÌ
Á¦´ë·Î ·ÎµåµÇ¾ú´ÂÁöµµ È®ÀÎÇÑ´Ù. /etc/rc.d/rc.firewall ½ºÅ©¸³Æ®¸¦
¼öµ¿À¸·Î ½ÇÇàÇؼ Á¦´ë·Î µ¿ÀÛÇÏ´ÂÁöµµ È®ÀÎÇÑ´Ù.
¿©ÀüÈ÷ Á¦´ë·Î ÀÛµ¿ÇÏÁö ¾Ê´Â´Ù¸é, ´ÙÀ½ ¸í·ÉÀÇ Ãâ·ÂÀ» Àß È®ÀÎÇØ º»´Ù.
o "ifconfig" : ÀÎÅÍ³Ý ¿¬°áÀÌ UP µÇ¾î ÀÖ´ÂÁö¿Í ÀÎÅÍ³Ý ¿¬°á¿¡ Á¦´ë·Î µÈ
IP ÁÖ¼Ò°¡ ¼³Á¤µÇ¾î ÀÖ´ÂÁö¸¦ È®ÀÎÇÑ´Ù.
o "netstat -rn" : µðÆúÆ® °ÔÀÌÆ®¿þÀÌ(Gateway ºÎºÐ¿¡ 0.0.0.0ÀÌ ¾Æ´Ñ IP
ÁÖ¼Ò°¡ ÀÖ´Â °Í)°¡ ¼³Á¤µÇ¾î ÀÖ´ÂÁö È®ÀÎÇÑ´Ù.
o "cat /proc/sys/net/ipv4/ip_forward" : "1"À» Ãâ·ÂÇÏ¸é ¸®´ª½º
Æ÷¿öµùÀÌ Çã¿ëµÇ¾î ÀÖ´Â °ÍÀε¥ ÀÌ·¸°Ô ³ª¿À´ÂÁö È®ÀÎÇÑ´Ù.
o Ä¿³Î 2.0.x¿¡¼´Â "/sbin/ipfwadm -F -l", Ä¿³Î 2.2.x¿¡¼´Â
"/sbin/ipchains -F -L" : ¸¶½ºÄ¿·¹À̵ùÀÌ È°¼ºÈ µÇ¾î ÀÖ´ÂÁö
È®ÀÎÇÑ´Ù.
o ´Ù¼¸¹ø°: ¸¶½ºÄ¿·¹À̵ùµÇ´Â ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡¼, ÀÎÅÍ³Ý»ó¿¡ ÀÖ´Â °íÁ¤
IP ÁÖ¼Ò·Î pingÀ» Çغ»´Ù (¿¹¸¦ µé¸é, ping 152.19.254.81 ¿Í °°ÀÌ (ÀÌ
ÁÖ¼Ò´Â LDP ȨÆäÀÌÁöÀÎ http://metalab.unc.edu ÀÇ ÁÖ¼ÒÀÌ´Ù). ÀÌ°ÍÀÌ
µ¿ÀÛÇϸé, ÀÎÅͳÝÀ» ÇâÇÑ ICMP ¸¶½ºÄ¿·¹À̵ùÀÌ Á¦´ë·Î ÀÌ·ç¾îÁö°í
ÀÖ´Ù´Â °ÍÀ» ÀǹÌÇÑ´Ù. ¸¸¾à µ¿ÀÛÇÏÁö ¾ÊÀ¸¸é, ÀÎÅÍ³Ý ¿¬°áÀ» ´Ù½Ã
È®ÀÎÇÑ´Ù. ´Ù½Ã È®ÀÎÇߴµ¥µµ µ¿ÀÛÇÏÁö ¾ÊÀ¸¸é, ¿¹·Î µç °£´ÜÇÑ
rc.firewall Á¤Ã¥À» »ç¿ëÇÏ°í ÀÖ´ÂÁö¿Í Ä¿³ÎÀ» ICMP ¸¶½ºÄ¿·¹À̵ùÀ»
Æ÷ÇÔÇÏ¿© ÄÄÆÄÀÏÇß´ÂÁö È®ÀÎÇÑ´Ù.
o ¿©¼¸¹ø°: ÀÌÁ¦ ¿ÜºÎÀÇ "IP ÁÖ¼Ò"·Î telnetÀ» Çغ»´Ù(¿¹¸¦ µé¸é telnet
152.2.254.81 (metalab.unc.edu - ÀÌ ¼¹ö´Â ºÎÇÏ°¡ ¸¹ÀÌ °É¸®±â ¶§¹®¿¡
·Î±ä ÇÁ·ÒÇÁÆ®¸¦ ¹Þ±â±îÁö ½Ã°£ÀÌ °É¸± ¼öµµ ÀÖ´Ù). ¾î´ÀÁ¤µµ ½Ã°£ÀÌ
Áö³ ÈÄ¿¡ ·Î±ä ÇÁ·ÒÇÁÆ®¸¦ ¹Þ´Â°¡? ÀÌ°ÍÀÌ ¼º°øÇϸé, TCP
¸¶½ºÄ¿·¹À̵ùÀÌ Á¦´ë·Î µ¿ÀÛÇÏ°í ÀÖ´Â °ÍÀÌ´Ù. ¸¸¾à ¼º°øÇÏÁö
¸øÇß´Ù¸é, telnetÀ» Áö¿øÇÏ´Â °Í Áß¿¡¼ ¿©·¯ºÐÀÌ ¾Ë°í ÀÖ´Â °÷À»
½ÃµµÇØ º»´Ù. (¿¹¸¦ µé¸é 198.182.196.55 (www.linux.org). ¿©ÀüÈ÷
µ¿ÀÛÇÏÁö ¾Ê´Â´Ù¸é, ÇöÀç ¿¹·Î µç °£´ÜÇÑ rc.firewall Á¤Ã¥À» »ç¿ëÇÏ°í
ÀÖ´ÂÁö È®ÀÎÇÑ´Ù.
o ÀÏ°ö¹ø°: ÀÌÁ¦ ¿ÜºÎÀÇ "È£½ºÆ® À̸§"À¸·Î telnetÀ» Çغ»´Ù(¿¹¸¦ µé¸é
"telnet metalab.unc.edu" (152.2.254.81). ÀÌ°ÍÀÌ ¼º°øÇϸé, DNS°¡
Á¦´ë·Î µ¿ÀÛÇÏ°í ÀÖ´Â °ÍÀÌ´Ù. ÀÌ°ÍÀº ¼º°øÇÏÁö ¸øÇßÁö¸¸ "³×¹ø°"
´Ü°è´Â ¼º°øÇß´Ù¸é, ¸¶½ºÄ¿·¹À̵ù ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡ DNS ¼¹ö°ü·Ã ¼³Á¤À»
Á¦´ë·Î Çß´ÂÁö È®ÀÎÇÑ´Ù.
o ¿©´ü¹ø°: ¸¶Áö¸· ½ÃÇèÀ¸·Î½á, ¸¶½ºÄ¿·¹À̵ù ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡¼ À¥
ºê¶ó¿ìÁ®¸¦ ÅëÇؼ 'INTERNET'»óÀÇ WWW »çÀÌÆ®¸¦ ¿¾îº¸°í ºê¶ó¿ìÁ®¿¡
Ç¥½Ã°¡ µÇ´ÂÁö È®ÀÎÇÑ´Ù. ¿¹¸¦ µé¾î¼, Linux Documentation Project
site¸¦ Á¢¼ÓÇØ º»´Ù. ÀÌ°ÍÀÌ ¼º°øÇϸé, ¸ðµç °ÍÀÌ ÈǸ¢ÇÏ°Ô µ¿ÀÛÇÏ°í
ÀÖ´Â °ÍÀÌ´Ù!
¸®´ª½º ¹®¼ ÇÁ·ÎÁ§Æ®ÀÇ È¨ÆäÀÌÁö¸¦ º¼ ¼ö ÀÖ´Ù¸é, ÃàÇÏÇÑ´Ù! ¼º°øÇß´Ù!
ÀÌ À¥ »çÀÌÆ®¸¦ Á¦´ë·Î º¼ ¼ö ÀÖ´Ù¸é, PING, TELNET, SSHµîÀÇ Ç¥ÁØ ³×Æ®¿÷
Åë½Åµé°ú, °ü·ÃµÈ IP ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀ» ÀûÀçÇϸé FTP, Real Audio, IRC
DCCs, Quake I/II/III, CuSeeme, VDOLiveµîµµ Á¦´ë·Î µ¿ÀÛÇÒ °ÍÀÌ´Ù! FTP,
IRC, RealAudio, Quake I/II/IIIµîÀÌ Á¦´ë·Î µ¿ÀÛÇÏÁö ¾Ê°Å³ª ºÎ½ÇÇÏ°Ô
µ¿ÀÛÇÑ´Ù¸é, "lsmod"¸í·ÉÀ¸·Î °ü·ÃµÈ ¸¶½ºÄ¿·¹À̵ù ¸ðµâµéÀÌ Á¦´ë·Î
ÀûÀçµÇ¾î ÀÖ´ÂÁö È®ÀÎÇϰųª ºÎÀûÀýÇÑ ¼¹ö Æ÷Æ®·Î ÀûÀçµÇ¾î ÀÖ´ÂÁö
È®ÀÎÇÑ´Ù. ÇÊ¿äÇÑ ¸ðµâÀÌ ÀûÀçµÇ¾î ÀÖÁö ¾Ê´Ù¸é, /etc/rc.d/rc.firewall
½ºÅ©¸³Æ®°¡ ±× ¸ðµâµéÀ» ÀûÀçÇϵµ·Ï µÇ¾î ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. (¿¹¸¦ µé¸é
ÇØ´ç IP ¸¶½ºÄ¿·¹À̵ù ¸ðµâÀÌ ÀÖ´Â ºÎºÐÀÌ "#" ¹®ÀÚ¸¦ Á¦°Å)
6. ±×¿ÜÀÇ IP ¸¶½ºÄ¿·¹ÀÌµå °ü·Ã »çÇ×°ú ¼ÒÇÁÆ®¿þ¾î Áö¿ø
6.1. IP ¸¶½ºÄ¿·¹À̵åÀÇ ¹®Á¦Á¡
¾î¶² TCP/IP ÀÀ¿ë ÇÁ·Î±×·¥µéÀÇ ÇÁ·ÎÅäÄÝÀº, Æ÷Æ® ¹øÈ£¿¡ ´ëÇÑ °ÍµéÀ» ÀÚ±â
³ª¸§´ë·Î °¡Á¤Çϰųª ±×µé µ¥ÀÌÅÍÀÇ TCP/IP ÁÖ¼Ò³ª Æ÷Æ® ¹øÈ£¸¦ ¾ÏÈ£ÈÇϱâ
¶§¹®¿¡, ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵ùÀ» ÅëÇؼ´Â Á¦´ë·Î µ¿ÀÛÇÏÁö ¾Ê´Â´Ù.
¾ÏÈ£È ¶§¹®¿¡ ¹®Á¦°¡ µÇ´Â ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇÏ´Â ÀÀ¿ëÇÁ·Î±×·¥µéÀº, ƯÁ¤ÇÑ
ÇÁ·Ï½Ã ¼¹ö¶óµç°¡, ¸¶½ºÄ¿·¹À̵ù ÄÚµå ³»¿¡ ƯÁ¤ IP ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀ»
Ãß°¡ÇØ¾ß ÀÛµ¿ÇÑ´Ù.
6.2. ¿ÜºÎ·ÎºÎÅÍ µé¾î¿À´Â ¼ºñ½º
±âº»ÀûÀ¸·Î, ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵ùÀº ¿ÜºÎ·ÎºÎÅÍ µé¾î¿À´Â ¼ºñ½ºµéÀ»
ÀüÇô ó¸®ÇÏÁö ¸øÇÑ´Ù. ÇÏÁö¸¸, ÀÌ°ÍÀ» ó¸®ÇÒ ¼ö ÀÖ´Â ¸î°¡Áö ¹æ¹ýÀÌ
ÀÖ´Ù.
¸¸¾à ³ôÀº ¼öÁØÀÇ º¸¾ÈÀ» ÇÊ¿ä·Î ÇÏÁö ¾Ê´Â´Ù¸é, °£´ÜÈ÷ ¿äûÀÌ µé¾î¿À´Â
IP Æ÷Æ®¸¦ Æ÷¿öµùÇØ ÁÖ¸é µÈ´Ù. À̸¦ ¼öÇàÇÏ´Â ¹æ¹ýÀº ¿©·¯°¡Áö°¡ ÀÖÁö¸¸,
°¡Àå ¾ÈÁ¤ÀûÀÎ ¹æ¹ýÀº IPPORTFW¸¦ »ç¿ëÇÏ´Â °ÍÀÌ´Ù. ´õ ÀÚ¼¼ÇÑ Á¤º¸´Â
``'' ¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù.
¿ÜºÎ·ÎºÎÅÍ µé¾î¿À´Â ¼ºñ½ºµé¿¡ ´ëÇؼ ¾î´ÀÁ¤µµÀÇ ÀÎÁõÀýÂ÷¸¦ °®°Ô
ÇÏ·Á¸é, TCP-wrappers³ª Xinetd µîÀ» »ç¿ëÇؼ ƯÁ¤ÇÑ IP ÁÖ¼Ò¸¸ Åë°ú½Ãų
¼ö ÀÖ´Ù. ±× µµ±¸³ª Á¤º¸¸¦ ¾ò±â À§Çؼ´Â TIS Firewall ToolkitÀ»
»ìÆ캸¸é ÁÁÀ» °ÍÀÌ´Ù.
¿ÜºÎ·ÎºÎÅÍ µé¾î¿À´Â ¼ºñ½ºÀÇ º¸¾È¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº TrinityOS
¹®¼¿Í IP
Masquerade Resource ¿¡¼ ãÀ» ¼ö ÀÖÀ» °ÍÀÌ´Ù.
6.3. Áö¿øµÇ´Â Ŭ¶óÀ̾ðÆ® ¼ÒÇÁÆ®¿þ¾î¿Í ±×¿Ü ¼³Á¤¿¡ ´ëÇØ ¾Ë¾ÆµÑ Á¡
** Linux Masquerade Application list ¿¡¼ ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵ùÀ» ÅëÇؼ µ¿ÀÛÇÏ´Â
ÀÀ¿ëÇÁ·Î±×·¥µé¿¡ °üÇÑ ´Ù·®ÀÇ ¿ì¼öÇÑ Á¤º¸µéÀ» ¾òÀ» ¼ö ÀÖ´Ù.
ÀÌ »çÀÌÆ®´Â ÇöÀç Steve Grevemeyer°¡ °ü¸®ÇÏ°í ÀÖÀ¸¸ç, ±×´Â
dzºÎÇÑ µ¥ÀÌŸº£À̽º¸¦ ±¸ÃàÇØ ³õ¾Ò´Ù. ¾ÆÁÖ ÈǸ¢ÇÑ
Á¤º¸ÀÚ¿øÀÌ´Ù!
ÀϹÝÀûÀ¸·Î, Ç¥ÁØ TCP¿Í UDP¸¦ »ç¿ëÇÏ´Â ÀÀ¿ëÇÁ·Î±×·¥µéÀº Àß ÀÛµ¿ÇÒ
°ÍÀÌ´Ù. ¸¸¾à ¾î¶°ÇÑ Á¦¾ÈÀ̳ª ÈùÆ®µîÀÌ ÀÖ´Ù¸é IP Masquerade Resource
¸¦ È®ÀÎÇؼ ÀÚ¼¼ÇÑ »çÇ×À» È®ÀÎÇϱ⠹ٶõ´Ù.
6.3.1. IP ¸¶½ºÄ¿·¹À̵å¿Í ÇÔ²² -µ¿ÀÛÇÏ´Â- ³×Æ®¿÷ Ŭ¶óÀ̾ðÆ®µé
ÀϹÝÀûÀΠŬ¶óÀ̾ðÆ®µé:
Archie
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, ÈÀÏ °Ë»ö Ŭ¶óÀ̾ðÆ® (¸ðµç archie
Ŭ¶óÀ̾ðÆ®°¡ Áö¿øµÇÁö´Â ¾Ê´Â´Ù).
FTP
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, active FTP Á¢¼ÓÀ» À§Çؼ ip_masq_ftp.o
Ä¿³Î ¸ðµâ »ç¿ë.
Gopher client
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû.
HTTP
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, À¥ ¼ÇÎ.
IRC
Áö¿øµÇ´Â ¿©·¯°¡Áö Ç÷§Æû¿¡¼ µ¿ÀÛÇÏ´Â ¸ðÀº IRC Ŭ¶óÀ̾ðÆ®, DCC´Â
ip_masq_irc.o ¸ðµâÀ» ÅëÇؼ Áö¿ø.
NNTP (USENET)
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, USENET ´º½º Ŭ¶óÀ̾ðÆ®.
PING
¸ðµç Ç÷§Æû, ICMP ¸¶½ºÄ¿·¹À̵ù Ä¿³Î ¿É¼Ç »ç¿ë
POP3
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, À̸ÞÀÏ Å¬¶óÀ̾ðÆ®.
SSH
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, º¸¾È»ó ¾ÈÀüÇÑ TELNET/FTP Ŭ¶óÀ̾ðÆ®.
SMTP
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, Sendmail, Qmail, PostFixµîÀÇ À̸ÞÀÏ ¼¹ö.
TELNET
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, ¿ø°Ý Á¢¼Ó.
TRACEROUTE
UNIX¿Í Windows ±â¹Ý Ç÷§Æû, ¸î°¡Áö º¯Á¾µéÀº µ¿ÀÛÇÏÁö ¾ÊÀ» ¼ö
ÀÖ´Ù.
VRML
Windows(Áö¿øµÇ´Â ¸ðµç Ç÷§Æû¿¡¼µµ ¾î¼¸é °¡´É), °¡»ó Çö½Ç.
WAIS client
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû.
¸ÖƼ¹Ìµð¾î¿Í Åë½Å Ŭ¶óÀ̾ðÆ®:
Alpha Worlds
Windows, Ŭ¶óÀ̾ðÆ®-¼¹ö ¹æ½ÄÀÇ 3D äÆà ÇÁ·Î±×·¥.
CU-SeeMe
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, ip_masq_cuseeme ¸ðµâ »ç¿ë, ÀÚ¼¼ÇÑ »çÇ×Àº
``'' ¼½¼Ç ÂüÁ¶.
ICQ
Áö¿øµÇ´Â ¸ðµç Ç÷§Æû. ¸®´ª½º Ä¿³ÎÀÌ IPPORTFW¸¦ Áö¿øÇϵµ·Ï
ÄÄÆÄÀϵǾî¾ß Çϸç, ICQ°¡ NON-SOCKS ÇÁ·Ï½Ã µÚÂÊ¿¡¼ µ¿ÀÛÇϵµ·Ï
¼³Á¤µÇ¾î¾ß ÇÑ´Ù. ÀÌ ¼³Á¤¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ ¼³¸íÀº ``'' ¼½¼Ç¿¡¼
È®ÀÎÇÒ ¼ö ÀÖ´Ù.
Internet Phone 3.2
Windows, Peer-to-peer ¹æ½ÄÀÇ À½¼º Åë½Å, ´ç½ÅÀÌ Åëȸ¦ ¿äûÇÏ´Â
°æ¿ì¿¡´Â Åë½ÅÀÌ °¡´ÉÇÏÁö¸¸, ´Ù¸¥ »ç¶÷µéÀÌ ´ç½Å¿¡°Ô Åëȸ¦ ¿äûÇÒ
¼ö ÀÖ°Ô ÇÏ·Á¸é ƯÁ¤ Æ÷Æ®¸¦ Æ÷¿öµùÇϵµ·Ï ¼³Á¤ÇØ¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ
»çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù.
Internet Wave Player
Windows, ³×Æ®¿÷ ½ºÆ®¸®¹Ö ¿Àµð¿À(network streaming audio).
Powwow
Windows, Peer-to-peer ¹æ½ÄÀÇ ÅؽºÆ®, À½¼º, ÂÊÁö Åë½Å, ´ç½ÅÀÌ
Åëȸ¦ ¿äûÇÏ´Â °æ¿ì¿¡´Â Åë½ÅÀÌ °¡´ÉÇÏÁö¸¸, ´Ù¸¥ »ç¶÷µéÀÌ
´ç½Å¿¡°Ô Åëȸ¦ ¿äûÇÒ ¼ö ÀÖ°Ô ÇÏ·Á¸é ƯÁ¤ Æ÷Æ®¸¦ Æ÷¿öµùÇϵµ·Ï
¼³Á¤ÇØ¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù.
Real Audio Player
Windows, ³×Æ®¿÷ ½ºÆ®¸®¹Ö ¿Àµð¿À(network streaming audio),
ip_masq_raudio UDP ¸ðµâÀ» »ç¿ëÇÏ¸é ´õ ÁÁÀº À½ÁúÀ» ¾òÀ» ¼ö ÀÖ´Ù.
True Speech Player 1.1b
Windows, ³×Æ®¿÷ ½ºÆ®¸®¹Ö ¿Àµð¿À(network streaming audio)
VDOLive
Windows, ip_masq_vdolive ÆÐÄ¡ Àû¿ë.
Worlds Chat 0.9a
Windows, Ŭ¶óÀ̾ðÆ®-¼¹ö ¹æ½ÄÀÇ 3D äÆà ÇÁ·Î±×·¥.
°ÔÀÓ - LooseUDP ÆÐÄ¡¿¡ °üÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
Battle.net
µ¿ÀÛÀº ÇÏÁö¸¸, TCP Æ÷Æ® 116°ú 118°ú UDP Æ÷Æ® 6112¸¦ °ÔÀÓÀ»
½ÇÇàÇÏ´Â ÄÄÇ»ÅÍ·Î IP Æ÷¿öµù(IPPORTFW)ÇØÁà¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº
``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. FSGS¿Í Bnetd ¼¹ö´Â NAT¿Í Àß
µ¿ÀÛÇϵµ·Ï ¸¸µé¾îÁ® ÀÖÁö ¾Ê±â ¶§¹®¿¡ IPPORTFW¸¦ ÇÊ¿ä·Î ÇÑ´Ù.
BattleZone 1.4
LooseUDP ÆÐÄ¡¸¦ ÇÏ°í »õ·Î¿î NAT¿Í Àß µ¿ÀÛÇÏ´Â .DLLs from
Activision¸¦ »ç¿ëÇÏ¸é µ¿ÀÛÇÑ´Ù.
Dark Reign 1.4
LooseUDP ÆÐÄ¡¸¦ Çϰųª TCP Æ÷Æ® 116°ú 118°ú UDP Æ÷Æ® 6112¸¦
°ÔÀÓÀ» ½ÇÇàÇÏ´Â ÄÄÇ»ÅÍ·Î IP Æ÷¿öµù(IPPORTFW)ÇØÁà¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ
»çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
Diablo
LooseUDP ÆÐÄ¡¸¦ Çϰųª TCP Æ÷Æ® 116°ú 118°ú UDP Æ÷Æ® 6112¸¦
°ÔÀÓÀ» ½ÇÇàÇÏ´Â ÄÄÇ»ÅÍ·Î IP Æ÷¿öµù(IPPORTFW)ÇØÁà¾ß ÇÑ´Ù.
DiabloÀÇ »õ·Î¿î ¹öÁ¯Àº TCP Æ÷Æ® 6112¿Í UDP Æ÷Æ® 6112¸¸À»
»ç¿ëÇÑ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
Heavy Gear 2
LooseUDP ÆÐÄ¡¸¦ Çϰųª TCP Æ÷Æ® 116°ú 118°ú UDP Æ÷Æ® 6112¸¦
°ÔÀÓÀ» ½ÇÇàÇÏ´Â ÄÄÇ»ÅÍ·Î IP Æ÷¿öµù(IPPORTFW)ÇØÁà¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ
»çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
Quake I/II/III
¹Ù·Î ÀÛµ¿ÇÏÁö¸¸, ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö µÚÂÊ¿¡ Quake I/II/III
Ç÷¹À̾ µÎ ¸í ÀÌ»ó ÀÖÀ» ¶§¿¡´Â ip_masq_quake ¸ðµâÀÌ ÇÊ¿äÇÏ´Ù.
¶Ç,, ÀÌ ¸ðµâÀº ±âº»ÀûÀ¸·Î´Â Quake I°ú QuakeWorld¸¸ Áö¿øÇÑ´Ù.
Quake II¸¦ Áö¿øÇÏ°Ô Çϰųª ¼¹ö¿¡ ±âº»À¸·Î Á¤ÇØÁø ÀÌ¿ÜÀÇ Æ÷Æ®·Î
Á¢¼ÓÇÏ°íÀÚ ÇÒ ¶§¿¡´Â, ``''¿Í ``''ÀÇ ¸ðµâ ¼³Ä¡ ¼½¼ÇÀ» ÂüÁ¶Ç϶ó.
StarCraft
LooseUDP ÆÐÄ¡¸¦ ÇÏ°í TCP¿Í UDPÀÇ 6112¹ø Æ÷Æ®¸¦ ¸¶½ºÄ¿·¹À̵ù
³»ºÎÀÇ °ÔÀÓÀ» ½ÇÇàÇÏ·Á´Â ÄÄÇ»ÅÍ·Î Æ÷¿öµù(IPPORTFW)ÇØÁÖ¾î¾ß ÇÑ´Ù.
ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
WorldCraft
LooseUDP ÆÐÄ¡¸¦ ÇÏ¸é µ¿ÀÛÇÑ´Ù.
±×¿ÜÀÇ Å¬¶óÀ̾ðÆ®µé:
Linux net-acct package
Linux, ³×Æ®¿÷ °ü¸®-¾îÄ«¿îÆà °ü·Ã ÆÐÅ°Áö
NCSA Telnet 2.3.08
DOS, TELNET, FTP, PINGµîÀÌ Æ÷ÇÔµÈ ÆÐÅ°Áö
PC-anywhere for Windows
MS-Windows, TCP/IP¸¦ ÅëÇؼ ¿ø°ÝÀ¸·Î PC¸¦ Á¦¾îÇÑ´Ù. ƯÁ¤ÇÑ
Æ÷Æ®¸¦ Æ÷¿öµùÇϵµ·Ï ¼³Á¤ÇÏÁö ¾ÊÀ¸¸é, Ŭ¶óÀ̾ðÆ®·Î´Â µ¿ÀÛÇÏÁö¸¸
È£½ºÆ®(¼¹ö)·Î´Â µ¿ÀÛÇÏÁö ¾Ê´Â´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼ÇÀ»
ÂüÁ¶Çϱ⠹ٶõ´Ù.
Socket Watch
NTP »ç¿ë - ³×Æ®¿÷ ½Ã°£Á¶Àý ÇÁ·ÎÅäÄÝ
6.3.2. µ¿ÀÛÇÏÁö ¾Ê´Â Ŭ¶óÀ̾ðÆ®:
All H.323 programs
- MS Netmeeting, Intel Internet Phone Beta 2 - ¿¬°áÀº µÇÁö¸¸
¸ñ¼Ò¸®´Â ÇÑÂÊÀ¸·Î¸¸(³ª°¡´Â ÂÊ) Àü´ÞµÈ´Ù. À̸¦ ÇØ°á °¡´ÉÇÑ
¹æ¹ýÀ¸·Î½á, Equivalence's PhonePatch
H.323
gateway¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù.
Intel Streaming Media Viewer Beta 1
¼¹ö¿¡ ¿¬°áÇÒ ¼ö ¾ø´Ù.
Netscape CoolTalk
»ó´ëÆí¿¡ ¿¬°áÇÒ ¼ö ¾ø´Ù.
WebPhone
ÇöÀç´Â µ¿ÀÛÇÏÁö ¾Ê´Â´Ù. (ÀÌ ÀÀ¿ëÇÁ·Î±×·¥Àº IP ÁÖ¼Ò¿¡ ´ëÇÑ À߸øµÈ
°¡Á¤À» ÇÑ´Ù.)
6.4. º¸¾È °µµ°¡ º¸´Ù ³ôÀº IP ¹æȺ®(IPFWADM) Á¤Ã¥
ÀÌ ¼½¼Ç¿¡´Â Ä¿³Î 2.0.x¿¡¼ »ç¿ëµÇ´Â ¹æȺ® µµ±¸ÀÎ IPFWADM¿¡ ´ëÇÑ ´õ
½Éµµ ÀÖ´Â ¾È³»°¡ ½Ç·Á ÀÖ´Ù. IPCHAINS(2.2.x ¿ë)ÀÇ Á¤Ã¥µé¿¡ ´ëÇؼ´Â
´ÙÀ½ ¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù.
ÀÌ ¿¹´Â ¹æȺ®/¸¶½ºÄ¿·¹ÀÌµå ½Ã½ºÅÛÀ» °íÁ¤ ÁÖ¼Ò¸¦ °¡Áø PPP Á¢¼ÓÀ»
ÅëÇؼ ±¸ÃàÇÏ´Â °ÍÀÌ´Ù.(µ¿Àû PPP¿¡ °üÇÑ °Íµµ Æ÷ÇԵǾî ÀÖÁö¸¸ ÄÚ¸àÆ®
󸮵Ǿî ÀÖ´Ù.) »ç¿ëµÈ ÀÎÅÍÆäÀ̽º´Â 192.168.0.1ÀÌ°í, PPP ÀÎÅÍÆäÀ̽ºÀÇ
IP ÁÖ¼Ò´Â À߸øµÈ »ç¿ëÀ» ¿ì·ÁÇؼ ½ÇÁ¦¿Í ´Ù¸¥ ÁÖ¼Ò·Î ´ëüµÇ¾ú´Ù :) IP
½ºÇªÇÎ(¼ÓÀÓ)°ú ºÎÁ¤ÀûÀÎ ¶ó¿ìÆÃÀ̳ª ¸¶½ºÄ¿·¹À̵ùÀ» °ËÃâÇϱâ À§Çؼ
µé¾î¿À°í ³ª°¡´Â ÀÎÅÍÆäÀ̽º¸¦ µû·Î µû·Î Àû¾ú´Ù. ¸í½ÃÀûÀ¸·Î Çã¿ëµÇÁö
¾ÊÀº °ÍÀº ±ÝÁöµÇ¾î ÀÖ´Ù (½ÇÁ¦ÀûÀ¸·Î´Â °ÅºÎµÈ´Ù). ¿©±â¿¡ ³ª¿Â
rc.firewall ½ºÅ©¸³Æ®¸¦ ½ÇÇàÇÏ°í ³ª¼ IP ¸¶½ºÄ¿·¹ÀÌµå ¹Ú½º°¡ Á״´ٸé,
¿©·¯ºÐÀÇ »óȲ¿¡ ¸Âµµ·Ï ÆíÁýÀ» Çß´ÂÁö¸¦ È®ÀÎÇÏ°í, /var/log/messages³ª
/var/adm/messagesÀÇ ½Ã½ºÅÛ ·Î±×ÈÀÏÀ» °ËÅäÇÑ´Ù.
PPP, ÄÉÀ̺í¸ðµ© µî¿¡ ´ëÇؼ Á»´õ ÀÌÇØÇϱ⠽¬¿î, "°µµ ³ôÀº IP
¸¶½ºÄ¿·¹À̵ùÀÇ IPFWADM Á¤Ã¥"¿¡ ´ëÇؼ´Â, TrinityOS - Section 10
¿Í
GreatCircle's Firewall WWW page¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù.
ÁÖÀÇ: ISP·ÎºÎÅÍ(PPP, ADSL, ÄÉÀÌºí ¸ðµ© µî) µ¿Àû TCP/IP ÁÖ¼Ò¸¦ ¹Þ¾Ò´Ù¸é
ºÎÆýÿ¡ ÀÌ "°µµ ³ôÀº" Á¤Ã¥À» ·ÎµåÇÒ ¼ö ¾ø´Ù. µ¿ÀûÀ¸·Î IP ÁÖ¼Ò¸¦
ÇÒ´ç¹ÞÀ» ¶§¸¶´Ù ¹æȺ® Á¤Ã¥ÈÀÏÀ» ´Ù½Ã ·ÎµåÇϰųª,
/etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏÀ» Á»´õ Áö´ÉÀûÀ¸·Î ¸¸µé ÇÊ¿ä°¡ ÀÖ´Ù.
PPP À¯ÀúÀÇ °æ¿ì¿¡´Â, "Dynamic PPP IP fetch" ºÎºÐÀ» ÁÖÀÇ ±í°Ô ´Ù½Ã Àоî
º¸°í¼ ÀûÀýÇÑ ºÎºÐÀÇ ÄÚ¸ÇÆ®¸¦ ÇØÁ¦ÇØ ÁØ´Ù. °µµ ³ôÀº ¹æȺ® Á¤Ã¥µé°ú
µ¿Àû IP ÁÖ¼Ò¿¡ °üÇÑ ´õ ÀÚ¼¼ÇÑ »çÇ×Àº TrinityOS - Section 10
¹®¼¸¦
ÂüÁ¶ÇÑ´Ù.
¶ÇÇÑ ¸î°¡ÁöÀÇ GUI ¹æ½ÄÀÇ ¹æȺ® ¼³Á¤ µµ±¸°¡ ÀÖ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº ``''
¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù.
¸¶Áö¸·À¸·Î, °íÁ¤ PPP IP ÁÖ¼Ò¸¦ »ç¿ëÇÏ°í ÀÖ´Ù¸é, "ppp_ip =
"your.static.PPP.address"" ¶ó°í µÇ¾î ÀÖ´Â ÁÙÀ» ¿©·¯ºÐÀÇ IP ÁÖ¼Ò¿¡ ¸Â°Ô
¹Ù²Û´Ù.
----------------------------------------------------------------
#!/bin/sh
#
# /etc/rc.d/rc.firewall: An example of a semi-STRONG IPFWADM firewall ruleset
#
PATH=/sbin:/bin:/usr/sbin:/usr/bin
# testing, wait a bit then clear all firewall rules.
# uncomment following lines if you want the firewall to automatically
# disable after 10 minutes.
# (sleep 600; \
# ipfwadm -I -f; \
# ipfwadm -I -p accept; \
# ipfwadm -O -f; \
# ipfwadm -O -p accept; \
# ipfwadm -F -f; \
# ipfwadm -F -p accept; \
# ) &
# Load all required IP MASQ modules
#
# NOTE: Only load the IP MASQ modules you need. All current IP MASQ modules
# are shown below but are commented from loading.
# Needed to initially load modules
#
/sbin/depmod -a
# Supports the proper masquerading of FTP file transfers using the PORT method
#
/sbin/modprobe ip_masq_ftp
# Supports the masquerading of RealAudio over UDP. Without this module,
# RealAudio WILL function but in TCP mode. This can cause a reduction
# in sound quality
#
#/sbin/modprobe ip_masq_raudio
# Supports the masquerading of IRC DCC file transfers
#
#/sbin/modprobe ip_masq_irc
# Supports the masquerading of Quake and QuakeWorld by default. This modules is
# for for multiple users behind the Linux MASQ server. If you are going to play
# Quake I, II, and III, use the second example.
#
#Quake I / QuakeWorld (ports 26000 and 27000)
#/sbin/modprobe ip_masq_quake
#
#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
#/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960
# Supports the masquerading of the CuSeeme video conferencing software
#
#/sbin/modprobe ip_masq_cuseeme
#Supports the masquerading of the VDO-live video conferencing software
#
#/sbin/modprobe ip_masq_vdolive
#CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options in /etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
echo "1" > /proc/sys/net/ipv4/ip_forward
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following
# option. This enables dynamic-ip address hacking in IP MASQ, making the life
# with Diald and similar programs much easier.
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# Specify your Static IP address here.
#
# If you have a DYNAMIC IP address, you need to make this ruleset understand your
# IP address everytime you get a new IP. To do this, enable the following one-line
# script. (Please note that the different single and double quote characters MATTER).
#
# You will also need to either create the following link or have your existing
# /etc/ppp/ip-up script run the /etc/rc.d/rc.firewall script.
#
# ln -s /etc/rc.d/rc.firewall /etc/ppp/ip-up
#
# If the /etc/ppp/ip-up file already exists, you should edit it and add a line
# containing "/etc/rc.d/rc.firewall" near the end of the file.
#
# If you aren't already aware, the /etc/ppp/ip-up script is always run when a PPP
# connection comes up. Because of this, we can make the ruleset go and get the
# new PPP IP address and update the strong firewall ruleset.
#
# PPP users: If your Internet connect is via a PPP connection, the following
one-line script will work fine.
#
# DHCP users: If you get your TCP/IP address via DHCP, you will need to replace
# the word "ppp0" with the name of your external Internet connection
# (eth0, eth1, etc). It should be also noted that DHCP can change
# IP addresses on you. To fix this, users should configure their
# DHCPc or DHCP client to re-run the firewall ruleset when their
# DHCP lease is renewed. For DHCPcd users, use the "-c" option.
#
#ppp_ip = "`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
#
ppp_ip = "your.static.PPP.address"
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec firewall timeout in ICQ itself)
#
/sbin/ipfwadm -M -s 7200 10 60
#############################################################################
# Incoming, flush and set default policy of reject. Actually the default policy
# is irrelevant because there is a catch all rule with deny and log.
#
/sbin/ipfwadm -I -f
/sbin/ipfwadm -I -p reject
# local interface, local machines, going anywhere is valid
#
/sbin/ipfwadm -I -a accept -V 192.168.0.1 -S 192.168.0.0/24 -D 0.0.0.0/0
# remote interface, claiming to be local machines, IP spoofing, get lost
#
/sbin/ipfwadm -I -a reject -V $ppp_ip -S 192.168.0.0/24 -D 0.0.0.0/0 -o
# remote interface, any source, going to permanent PPP address is valid
#
/sbin/ipfwadm -I -a accept -V $ppp_ip -S 0.0.0.0/0 -D $ppp_ip/32
# loopback interface is valid.
#
/sbin/ipfwadm -I -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0
# catch all rule, all other incoming is denied and logged. pity there is no
# log option on the policy but this does the job instead.
#
/sbin/ipfwadm -I -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o
#############################################################################
# Outgoing, flush and set default policy of reject. Actually the default policy
# is irrelevant because there is a catch all rule with deny and log.
#
/sbin/ipfwadm -O -f
/sbin/ipfwadm -O -p reject
# local interface, any source going to local net is valid
#
/sbin/ipfwadm -O -a accept -V 192.168.0.1 -S 0.0.0.0/0 -D 192.168.0.0/24
# outgoing to local net on remote interface, stuffed routing, deny
#
/sbin/ipfwadm -O -a reject -V $ppp_ip -S 0.0.0.0/0 -D 192.168.0.0/24 -o
# outgoing from local net on remote interface, stuffed masquerading, deny
#
/sbin/ipfwadm -O -a reject -V $ppp_ip -S 192.168.0.0/24 -D 0.0.0.0/0 -o
# outgoing from local net on remote interface, stuffed masquerading, deny
#
/sbin/ipfwadm -O -a reject -V $ppp_ip -S 0.0.0.0/0 -D 192.168.0.0/24 -o
# anything else outgoing on remote interface is valid
#
/sbin/ipfwadm -O -a accept -V $ppp_ip -S $ppp_ip /32 -D 0.0.0.0/0
# loopback interface is valid.
#
/sbin/ipfwadm -O -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0
# catch all rule, all other outgoing is denied and logged. pity there is no
# log option on the policy but this does the job instead.
#
/sbin/ipfwadm -O -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o
#############################################################################
# Forwarding, flush and set default policy of deny. Actually the default policy
# is irrelevant because there is a catch all rule with deny and log.
#
/sbin/ipfwadm -F -f
/sbin/ipfwadm -F -p deny
# Masquerade from local net on local interface to anywhere.
#
/sbin/ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/24 -D 0.0.0.0/0
#
# catch all rule, all other forwarding is denied and logged. pity there is no
# log option on the policy but this does the job instead.
#
/sbin/ipfwadm -F -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o
IPFWADMÀ» »ç¿ëÇϸé, ¿©·¯ºÐÀº -I, -O, -F µîÀÇ ¿É¼ÇÀ» ÀÌ¿ëÇؼ ƯÁ¤
»çÀÌÆ®·ÎÀÇ Á¢±ÙÀ» Á¦ÇÑÇÒ ¼ö ÀÖ´Ù. °¢ Á¤Ã¥ ¸í·ÉµéÀº À§¿¡¼ºÎÅÍ ¾Æ·¡·Î
ÀÐÇôÁö°í, "-a" ´Â ±âÁ¸ÀÇ Á¤Ã¥¿¡ "µ¡ºÙÀδÙ"´Â °ÍÀ» À¯³äÇÑ´Ù. ±×·¯¹Ç·Î,
ƯÁ¤ÇÑ Á¦ÇÑ »çÇ×Àº Àü¹ÝÀûÀÎ Á¤Ã¥º¸´Ù ¾Õ¿¡ ¿Í¾ß ÇÑ´Ù. ¿¹¸¦ µé¸é:
-I ¸¦ »ç¿ëÇϸé, °¡Àå ºü¸£Áö¸¸ Á¦ÇÑ »çÇ×Àº ³»ºÎÀÇ ÄÄÇ»Å͵鿡°Ô¸¸
Àû¿ëµÈ´Ù. ¹æȺ® ÄÄÇ»ÅÍ ÀÚü´Â ¿©ÀüÈ÷ "±ÝÁöµÈ" »çÀÌÆ®¿¡ Á¢¼ÓÇÒ ¼ö
ÀÖ´Ù. ¹°·Ð ¿©·¯ºÐÀº À̰͵éÀ» Á¶ÇÕÇؼ »ç¿ëÇÒ ¼öµµ ÀÖ´Ù.
/etc/rc.d/rc.firewall Á¤Ã¥ ÈÀÏ Áß¿¡¼:
... start of -I rules ...
# reject and log local interface, local machines going to 204.50.10.13
#
/sbin/ipfwadm -I -a reject -V 192.168.0.1 -S 192.168.0.0/24 -D 204.50.10.13/32 -o
# local interface, local machines, going anywhere is valid
#
/sbin/ipfwadm -I -a accept -V 192.168.0.1 -S 192.168.0.0/24 -D 0.0.0.0/0
... end of -I rules ...
-O ¸¦ »ç¿ëÇϸé, ÆÐŶµéÀÌ ¸¶½ºÄ¿·¹À̵ùÀ» ¸ÕÀú Åë°úÇϱ⠶§¹®¿¡ ¼Óµµ´Â
°¡Àå ´À¸®Áö¸¸, ¹æȺ® ÄÄÇ»ÅÍ ÀÚüµµ ±ÝÁöµÈ »çÀÌÆ®¿¡ Á¢¼ÓÇÒ ¼ö ¾ø´Ù.
... start of -O rules ...
# reject and log outgoing to 204.50.10.13
#
/sbin/ipfwadm -O -a reject -V $ppp_ip -S $ppp_ip/32 -D 204.50.10.13/32 -o
# anything else outgoing on remote interface is valid
#
/sbin/ipfwadm -O -a accept -V $ppp_ip -S $ppp_ip/32 -D 0.0.0.0/0
... end of -O rules ...
-F ¸¦ »ç¿ëÇϸé, -I ¸¦ »ç¿ëÇÑ °Íº¸´Ù´Â Á¶±Ý ´õ ´À¸®°í ¿ª½Ã ¸¶½ºÄ¿·¹À̵å
µÇ´Â (³»ºÎÀÇ) ÄÄÇ»Å͵鸸 Á¦ÇÑÇÏ°í ¹æȺ® ÄÄÇ»ÅÍ ÀÚü´Â ±ÝÁöµÈ »çÀÌÆ®¿¡
Á¢¼ÓÇÒ ¼ö ÀÖ´Ù.
... start of -F rules ...
# Reject and log from local net on PPP interface to 204.50.10.13.
#
/sbin/ipfwadm -F -a reject -W ppp0 -S 192.168.0.0/24 -D 204.50.10.13/32 -o
# Masquerade from local net on local interface to anywhere.
#
/sbin/ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/24 -D 0.0.0.0/0
... end of -F rules ...
192.168.0.0/24°¡ 204.50.11.0·Î Á¢¼ÓÇÒ ¼ö ÀÖµµ·Ï Çã¿ëÇϱâ À§ÇØ Æ¯º°ÇÑ
Á¤Ã¥ÀÌ ÇÊ¿äÇÏÁö´Â ¾Ê´Ù. Àü¹ÝÀûÀÎ Á¤Ã¥¿¡ Æ÷ÇԵǾî Àֱ⠶§¹®ÀÌ´Ù.
À§ÀÇ Á¤Ã¥ÈÀÏ¿¡¼ ÀÎÅÍÆäÀ̽º¸¦ ±¸¼ºÇÏ´Â ¹æ¹ýÀº ¿©·¯°¡Áö°¡ ÀÖÀ» ¼ö
ÀÖ´Ù. ¿¹¸¦ µé¾î¼, "-V 192.168.255.1" ´ë½Å¿¡ "-W eth0"¶ó°í ÀûÀ» ¼ö
ÀÖ°í, "-V $ppp_ip" ´ë½Å¿¡ "-W ppp0"¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù. "-V" ¸¦
»ç¿ëÇÏ´Â °ÍÀº IPCHAINS¿ÍÀÇ È£È¯À» À§Çؼ »ç¿ëµÈ °ÍÀÌ°í, IPFWADM¸¸À»
»ç¿ëÇÑ´Ù¸é ÀüÀûÀ¸·Î »ç¿ëÀÚÀÇ ¼±ÅÃÀÌ´Ù.
6.5. º¸¾È °µµ°¡ º¸´Ù ³ôÀº IP ¹æȺ®(IPCHAINS) Á¤Ã¥
ÀÌ ¼½¼Ç¿¡´Â Ä¿³Î 2.2.x¿¡¼ »ç¿ëµÇ´Â ¹æȺ® µµ±¸ÀÎ IPCHAINS¿¡ ´ëÇÑ ´õ
½Éµµ ÀÖ´Â ¾È³»°¡ ½Ç·Á ÀÖ´Ù. IPFWADM(2.0.x ¿ë)ÀÇ Á¤Ã¥µé¿¡ ´ëÇؼ´Â ÀÌÀü
¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù.
ÀÌ ¿¹´Â ¹æȺ®/¸¶½ºÄ¿·¹ÀÌµå ½Ã½ºÅÛÀ» °íÁ¤ ÁÖ¼Ò¸¦ °¡Áø PPP Á¢¼ÓÀ»
ÅëÇؼ ±¸ÃàÇÏ´Â °ÍÀÌ´Ù.(µ¿Àû PPP¿¡ °üÇÑ °Íµµ Æ÷ÇԵǾî ÀÖÁö¸¸ ÄÚ¸àÆ®
󸮵Ǿî ÀÖ´Ù.) »ç¿ëµÈ ÀÎ>ÅÍÆäÀ̽º´Â 192.168.0.1ÀÌ°í, PPP
ÀÎÅÍÆäÀ̽ºÀÇ IP ÁÖ¼Ò´Â À߸øµÈ »ç¿ëÀ» ¿ì·ÁÇؼ ½ÇÁ¦¿Í ´Ù¸¥ ÁÖ¼Ò·Î
´ëüµÇ¾ú´Ù :) IP ½ºÇªÇÎ(¼ÓÀÓ)°ú ºÎÁ¤ÀûÀÎ ¶ó¿ìÆÃÀ̳ª ¸¶½ºÄ¿·¹À̵ùÀ»
°ËÃâÇϱâ À§Çؼ µé¾î¿À°í ³ª°¡´Â ÀÎÅÍÆäÀ̽º¸¦ µû·Î µû·Î Àû¾ú´Ù.
¸í½ÃÀûÀ¸·Î Çã¿ëµÇÁö ¾ÊÀº °ÍÀº ±ÝÁöµÇ¾î ÀÖ´Ù (½ÇÁ¦ÀûÀ¸·Î´Â °ÅºÎµÈ´Ù).
¿©±â¿¡ ³ª¿Â rc.firewall ½ºÅ©¸³Æ®¸¦ ½ÇÇàÇÏ°í ³ª¼ IP ¸¶½ºÄ¿·¹À̵å
¹Ú½º°¡ Á״´ٸé, ¿©·¯ºÐÀÇ >»óȲ¿¡ ¸Âµµ·Ï ÆíÁýÀ» Çß´ÂÁö¸¦ È®ÀÎÇÏ°í,
/var/log/messages³ª /var/adm/messagesÀÇ ½Ã½ºÅÛ ·Î±×ÈÀÏÀ» °ËÅäÇÑ´Ù.
PPP, ÄÉÀ̺í¸ðµ© µî¿¡ ´ëÇؼ Á»´õ ÀÌÇØÇϱ⠽¬¿î, "°µµ ³ôÀº IP
¸¶½ºÄ¿·¹À̵ùÀÇ IPFWADM Á¤Ã¥"¿¡ ´ëÇؼ´Â, TrinityOS - Section 10
¿Í
GreatCircle's Firewall WWW page¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù.
ÁÖÀÇ #1: 2.2.11º¸´Ù ¹öÁ¯ÀÌ ³·Àº ¸®´ª½º 2.2.x Ä¿³ÎÀº IPCHAINS
fragmentation bug¸¦ °¡Áö°í ÀÖ´Ù. ÀÌ ¶§¹®¿¡, °µµ ³ôÀº IPCHAINS Á¤Ã¥À»
»ç¿ëÇÏ¸é °ø°Ý¿¡ ³ëÃâµÇ°Ô µÈ´Ù. ¹ö±×°¡ ¼öÁ¤µÈ Ä¿³Î·Î ¾÷±×·¹À̵åÇϱâ
¹Ù¶õ´Ù.
ÁÖÀÇ #2: ISP·ÎºÎÅÍ(PPP, ADSL, ÄÉÀÌºí ¸ðµ© µî) µ¿Àû TCP/IP ÁÖ¼Ò¸¦
¹Þ¾Ò´Ù¸é ºÎÆýÿ¡ ÀÌ "°µµ ³ôÀº" Á¤Ã¥À» ·ÎµåÇÒ ¼ö ¾ø´Ù. µ¿ÀûÀ¸·Î IP
ÁÖ¼Ò¸¦ ÇÒ´ç¹ÞÀ» ¶§¸¶´Ù ¹æȺ® Á¤Ã¥ÈÀÏÀ» ´Ù½Ã ·ÎµåÇϰųª,
/etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏÀ» Á»´õ Áö´ÉÀûÀ¸·Î ¸¸µé ÇÊ¿ä°¡ ÀÖ´Ù.
PPP À¯ÀúÀÇ °æ¿ì¿¡´Â, "Dynamic PPP IP fetch" >ºÎºÐÀ» ÁÖÀÇ ±í°Ô ´Ù½Ã
ÀÐ¾î º¸°í¼ ÀûÀýÇÑ ºÎºÐÀÇ ÄÚ¸ÇÆ®¸¦ ÇØÁ¦ÇØ ÁØ´Ù. °µµ ³ôÀº ¹æȺ®
Á¤Ã¥µé°ú µ¿Àû IP ÁÖ¼Ò¿¡ °üÇÑ ´õ ÀÚ¼¼ÇÑ »çÇ×Àº TrinityOS - Section 10
>¹®¼¸¦
ÂüÁ¶ÇÑ´Ù.
¶ÇÇÑ ¸î°¡ÁöÀÇ GUI ¹æ½ÄÀÇ ¹æȺ® ¼³Á¤ µµ±¸°¡ ÀÖ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº ``''
¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù.
¸¶Áö¸·À¸·Î, °íÁ¤ PPP IP ÁÖ¼Ò¸¦ »ç¿ëÇÏ°í ÀÖ´Ù¸é, "ppp_ip =
"your.static.PPP.address"" ¶ó°í µÇ¾î ÀÖ´Â ÁÙÀ» ¿©·¯ºÐÀÇ IP ÁÖ¼Ò¿¡ ¸Â°Ô
¹Ù²Û´Ù.
----------------------------------------------------------------
#!/bin/sh
#
# /etc/rc.d/rc.firewall: An example of a Semi-Strong IPCHAINS firewall ruleset.
#
PATH=/sbin:/bin:/usr/sbin:/usr/bin
# Load all required IP MASQ modules
#
# NOTE: Only load the IP MASQ modules you need. All current IP MASQ modules
# are shown below but are commented from loading.
# Needed to initially load modules
#
/sbin/depmod -a
# Supports the proper masquerading of FTP file transfers using the PORT method
#
/sbin/modprobe ip_masq_ftp
# Supports the masquerading of RealAudio over UDP. Without this module,
# RealAudio WILL function but in TCP mode. This can cause a reduction
# in sound quality
#
/sbin/modprobe ip_masq_raudio
# Supports the masquerading of IRC DCC file transfers
#
#/sbin/modprobe ip_masq_irc
# Supports the masquerading of Quake and QuakeWorld by default. This modules is
# for for multiple users behind the Linux MASQ server. If you are going to play
# Quake I, II, and III, use the second example.
#
#Quake I / QuakeWorld (ports 26000 and 27000)
#/sbin/modprobe ip_masq_quake
#
#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
#/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960
# Supports the masquerading of the CuSeeme video conferencing software
#
#/sbin/modprobe ip_masq_cuseeme
#Supports the masquerading of the VDO-live video conferencing software
#
#/sbin/modprobe ip_masq_vdolive
#CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options in /etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
echo "1" > /proc/sys/net/ipv4/ip_forward
# Get the dynamic IP address assigned via DHCP
#
extip="`/sbin/ifconfig eth1 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
extint="eth1"
# Assign the internal IP
intint="eth0"
intnet="192.168.1.0/24"
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec firewall timeout in ICQ itself)
#
ipchains -M -S 7200 10 60
#############################################################################
# Incoming, flush and set default policy of reject. Actually the default policy
# is irrelevant because there is a catch all rule with deny and log.
#
ipchains -F input
ipchains -P input REJECT
# local interface, local machines, going anywhere is valid
#
ipchains -A input -i $intint -s $intnet -d 0.0.0.0/0 -j ACCEPT
# remote interface, claiming to be local machines, IP spoofing, get lost
#
ipchains -A input -i $extint -s $intnet -d 0.0.0.0/0 -l -j REJECT
# remote interface, any source, going to permanent PPP address is valid
#
ipchains -A input -i $extint -s 0.0.0.0/0 -d $extip/32 -j ACCEPT
# loopback interface is valid.
#
ipchains -A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
# catch all rule, all other incoming is denied and logged. pity there is no
# log option on the policy but this does the job instead.
#
ipchains -A input -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT
#############################################################################
# Outgoing, flush and set default policy of reject. Actually the default policy
# is irrelevant because there is a catch all rule with deny and log.
#
ipchains -F output
ipchains -P output REJECT
# local interface, any source going to local net is valid
#
ipchains -A output -i $intint -s 0.0.0.0/0 -d $intnet -j ACCEPT
# outgoing to local net on remote interface, stuffed routing, deny
#
ipchains -A output -i $extint -s 0.0.0.0/0 -d $intnet -l -j REJECT
# outgoing from local net on remote interface, stuffed masquerading, deny
#
ipchains -A output -i $extint -s $intnet -d 0.0.0.0/0 -l -j REJECT
# anything else outgoing on remote interface is valid
#
ipchains -A output -i $extint -s $extip/32 -d 0.0.0.0/0 -j ACCEPT
# loopback interface is valid.
#
ipchains -A output -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
# catch all rule, all other outgoing is denied and logged. pity there is no
# log option on the policy but this does the job instead.
#
ipchains -A output -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT
#############################################################################
# Forwarding, flush and set default policy of deny. Actually the default policy
# is irrelevant because there is a catch all rule with deny and log.
#
ipchains -F forward
ipchains -P forward DENY
# Masquerade from local net on local interface to anywhere.
#
ipchains -A forward -i $extint -s $intnet -d 0.0.0.0/0 -j MASQ
#
# catch all rule, all other forwarding is denied and logged. pity there is no
# log option on the policy but this does the job instead.
#
ipchains -A forward -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT
IPCHAINS¸¦ »ç¿ëÇϸé, ¿©·¯ºÐÀº "input", "output", "forward" ±ÔÄ¢À»
ÅëÇؼ ƯÁ¤ »çÀÌÆ®¿ÍÀÇ Åë½ÅÀ» Á¦ÇÑÇÒ ¼ö ÀÖ´Ù. °¢ Á¤Ã¥ ¸í·ÉµéÀº
À§¿¡¼ºÎÅÍ ¾Æ·¡·Î ÀÐÇôÁö°í, "-A" ´Â ±âÁ¸ÀÇ Á¤Ã¥¿¡ "µ¡ºÙÀδÙ"´Â °ÍÀ»
À¯³äÇÑ´Ù. ±×·¯¹Ç·Î, ƯÁ¤ÇÑ Á¦ÇÑ »çÇ×Àº Àü¹ÝÀûÀÎ Á¤Ã¥º¸´Ù ¾Õ¿¡ ¿Í¾ß
ÇÑ´Ù. ¿¹¸¦ µé¸é:
"input" ±ÔÄ¢: °¡Àå ºü¸£Áö¸¸ Á¦ÇÑÀº ³»ºÎÀÇ ÄÄÇ»Å͵鿡°Ô¸¸ Àû¿ëµÈ´Ù.
¹æȺ® ÄÄÇ»ÅÍ ÀÚü´Â ¿©ÀüÈ÷ "±ÝÁöµÈ" »çÀÌÆ®¿¡ Á¢¼ÓÇÒ ¼ö ÀÖ´Ù. ¹°·Ð
¿©·¯ºÐÀº À̰͵éÀ» Á¶ÇÕÇؼ »ç¿ëÇÒ ¼öµµ ÀÖ´Ù.
/etc/rc.d/rc.firewall Á¤Ã¥ ÈÀÏ Áß¿¡¼:
... start of "input" rules ...
# reject and log local interface, local machines going to 204.50.10.13
#
/sbin/ipfwadm -I -a reject -V 192.168.0.1 -S 192.168.0.0/24 -D 204.50.10.13/32 -o
# local interface, local machines, going anywhere is valid
#
/sbin/ipfwadm -I -a accept -V 192.168.0.1 -S 192.168.0.0/24 -D 0.0.0.0/0
... end of "input" rules ...
"output"À» »ç¿ëÇϸé, ÆÐŶµéÀÌ ¸¶½ºÄ¿·¹À̵ùÀ» ¸ÕÀú Åë°úÇϱ⠶§¹®¿¡
¼Óµµ´Â °¡Àå ´À¸®Áö¸¸, ¹æȺ® ÄÄÇ»ÅÍ ÀÚüµµ ±ÝÁöµÈ »çÀÌÆ®¿¡ Á¢¼ÓÇÒ ¼ö
¾ø´Ù.
... start of "output" rules ...
# reject and log outgoing to 204.50.10.13
#
/sbin/ipfwadm -O -a reject -V $ppp_ip -S $ppp_ip/32 -D 204.50.10.13/32 -o
# anything else outgoing on remote interface is valid
#
/sbin/ipfwadm -O -a accept -V $ppp_ip -S $ppp_ip/32 -D 0.0.0.0/0
... end of "output" rules ...
"forward"¸¦ »ç¿ëÇϸé, "input"À» »ç¿ëÇÑ °Íº¸´Ù´Â Á¶±Ý ´õ ´À¸®°í ¿ª½Ã
¸¶½ºÄ¿·¹ÀÌµå µÇ´Â (³»ºÎÀÇ) ÄÄÇ»Å͵鸸 Á¦ÇÑÇÏ°í ¹æȺ® ÄÄÇ»ÅÍ ÀÚü´Â
±ÝÁöµÈ »çÀÌÆ®¿¡ Á¢¼ÓÇÒ ¼ö ÀÖ´Ù.
... start of "forward" rules ...
# Reject and log from local net on PPP interface to 204.50.10.13.
#
/sbin/ipfwadm -F -a reject -W ppp0 -S 192.168.0.0/24 -D 204.50.10.13/32 -o
# Masquerade from local net on local interface to anywhere.
#
/sbin/ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/24 -D 0.0.0.0/0
... end of "forward" rules ...
192.168.0.0/24°¡ 204.50.11.0·Î Á¢¼ÓÇÒ ¼ö ÀÖµµ·Ï Çã¿ëÇϱâ À§ÇØ Æ¯º°ÇÑ
Á¤Ã¥ÀÌ ÇÊ¿äÇÏÁö´Â ¾Ê´Ù. Àü¹ÝÀûÀÎ Á¤Ã¥¿¡ Æ÷ÇԵǾî Àֱ⠶§¹®ÀÌ´Ù.
IPFWADM¿Í´Â ´Ù¸£°Ô, À§ÀÇ Á¤Ã¥ÈÀÏ¿¡¼ ÀÎÅÍÆäÀ̽º¸¦ ±¸¼ºÇÏ´Â ¹æ¹ýÀº
¿ÀÁ÷ ÇÑ°¡Áö »ÓÀÌ´Ù. IPCHAINS´Â "-i eth0" ¿É¼ÇÀ» »ç¿ëÇÑ´Ù. "-V"´Â
IPFWADMÀÇ ¹æ¹ýÀ¸·Î IPCHAINS¿ÍÀÇ È£È¯À» À§Çؼ »ç¿ëµÈ °ÍÀÌ°í,
IPFWADM¸¸À» »ç¿ëÇÑ´Ù¸é ÀüÀûÀ¸·Î »ç¿ëÀÚÀÇ ¼±ÅÃÀÌ´Ù.
6.6. ¿©·¯°³ÀÇ ³»ºÎ ³×Æ®¿÷À» IP ¸¶½ºÄ¿·¹À̵ùÇÏ´Â ¹ý
¿©·¯°³ÀÇ ³»ºÎ ³×Æ®¿÷À» ¸¶½ºÄ¿·¹À̵ùÇÏ´Â °ÍÀÌ ¸Å¿ì °£´ÜÇÏ´Ù. ¿ì¼±
³»ºÎ¿Í ¿ÜºÎÀÇ ¸ðµç ³×Æ®¿÷ÀÌ Á¦´ë·Î µ¿ÀÛÇÏ´ÂÁö È®ÀÎÇØ¾ß ÇÑ´Ù. ±×·±
ÈÄ¿¡ ³×Æ®¿÷ Æ®·¡ÇÈÀÌ ³»ºÎÀÇ ´Ù¸¥ ÄÄÇ»Å͵鿡°Ôµµ Àü´ÞµÇ°í ÀÎÅͳÝÀ¸·Î
¸¶½ºÄ¿·¹À̵ùµÇµµ·Ï ¸¸µé¾î¾ß ÇÑ´Ù.
´ÙÀ½À¸·Î, ³»ºÎÀÇ ÀÎÅÍÆäÀ̽º¿¡ ¸¶½ºÄ¿·¹À̵ùÀ» »ç¿ë°¡´ÉÇϵµ·Ï ÇØÁà¾ß
ÇÑ´Ù. ÀÌ ¿¹´Â eth1 (192.168.0.1)¿Í eth2 (192.168.1.1)ÀÇ µÎ°³ÀÇ ³»ºÎ
ÀÎÅÍÆäÀ̽º°¡ ¿ÜºÎ·Î ÇâÇÏ´Â eth0 ÀÎÅÍÆäÀ̽º·Î ¸¶½ºÄ¿·¹À̵ùµÇµµ·Ï
¼³Á¤ÇÏ´Â °ÍÀÌ´Ù. rc.firewall Á¤Ã¥ÈÀÏ¿¡ ´ÙÀ½ ³»¿ëÀ» Ãß°¡ÇÑ´Ù:
o IPFWADMÀ» »ç¿ëÇÏ´Â 2.0.x Ä¿³Î¿ë
#Enable internal interfaces to communication between each other
/sbin/ipfwadm -F -a accept -V 192.168.0.1 -D 192.168.1.0/24
/sbin/ipfwadm -F -a accept -V 192.168.1.1 -D 192.168.0.0/24
#Enable internal interfaces to MASQ out to the Internet
/sbin/ipfwadm -F -a masq -W eth0 -S 192.168.0.0/24 -D 0.0.0.0/0
/sbin/ipfwadm -F -a masq -W eth0 -S 192.168.1.0/24 -D 0.0.0.0/0
o IPCHAINS¸¦ »ç¿ëÇÏ´Â 2.2.x Ä¿³Î¿ë
#Enable internal interfaces to communication between each other
/sbin/ipchains -A forward -i eth1 -d 192.168.1.0/24
/sbin/ipchains -A forward -i eth2 -d 192.168.0.0/24
#Enable internal interfaces to MASQ out to the Internet
/sbin/ipchains -A forward -j MASQ -i eth0 -s 192.168.0.0/24 -d 0.0.0.0/0
/sbin/ipchains -A forward -j MASQ -i eth0 -s 192.168.1.0/24 -d 0.0.0.0/0
6.7. IP ¸¶½ºÄ¿·¹À̵å¿Í ÀüÈ Á¢¼Ó
1. ÀÎÅͳݿ¡ ¿¬°áÇϱâ À§Çؼ ÀÚµ¿À¸·Î ÀüÈ Á¢¼ÓÀ» Çϵµ·Ï ¼³Á¤ÇÏ°íÀÚ
ÇÑ´Ù¸é, Diald¸¦ »ç¿ëÇÑ ÀüȰɱ⳪ PPPdÀÇ »õ ¹öÁ¯À» »ç¿ëÇÏ´Â °ÍÀÌ
ÁÁÀ» °ÍÀÌ´Ù. ±¸¼ºÀÌ ´õ ³ªÀº Diald¸¦ »ç¿ëÇÏ´Â °ÍÀ» ±ÇÀåÇÑ´Ù.
2. Diald¸¦ ¼³Á¤Çϱâ À§Çؼ´Â, Setting Up Diald for Linux Page
³ª TrinityOS
- Section 23
¸¦
»ìÆ캸±â ¹Ù¶õ´Ù.
3. ÀÏ´Ü Diald¿Í IP ¸¶½ºÄ¿·¹À̵ùÀÌ Á¦´ë·Î ¼³Á¤µÇ°í ³ª¸é,
¸¶½ºÄ¿·¹À̵åµÇ´Â Ŭ¶óÀ̾ðÆ®µéÀÌ À¥À̳ª telnet, ftpµîÀÇ Á¢¼ÓÀ»
ÇÏ·Á°í ÇÏ¸é ¸®´ª½º box°¡ ÀÚµ¿À¸·Î ÀÎÅÍ³Ý ¿¬°áÀ» ÇÒ °ÍÀÌ´Ù.
4. óÀ½ Á¢¼Ó ¶§´Â ½Ã°£ ÃÊ°ú°¡ ÀÖÀ» ¼öµµ Àִµ¥, ¾Æ³¯·Î±× ¸ðµ©À»
»ç¿ëÇÑ´Ù¸é ¾î¿ ¼ö ¾ø´Ù. ¸ðµ© ÀÚüÀÇ Á¢¼Ó°ú PPP Á¢¼ÓÀ» À§ÇÑ ½Ã°£
¶§¹®¿¡, Ŭ¶óÀ̾ðÆ® ÇÁ·Î±×·¥µé(À¥ ºê¶ó¿ìÀú µî)ÀÌ ½Ã°£ ÃÊ°ú¸¦ ÀÏÀ¸Å³
¼ö ÀÖ´Ù. ÇÏÁö¸¸ ´Ã ±×·± °ÍÀº ¾Æ´Ï´Ù. ¸¸¾à ÀÌ·± Çö»óÀÌ ÀϾ¸é,
´ÜÁö Àç½Ãµµ(À̸¦Å׸é, À¥ ÆäÀÌÁö¸¦ ´Ù½Ã º¸±â)¸¦ ÇÏ¸é ±× ´ÙÀ½ºÎÅÍ´Â
Àß µ¿ÀÛÇÒ °ÍÀÌ´Ù. ¶Ç´Â, echo "1" >
/proc/sys/net/ipv4/ip_dynaddr¶ó°í Ä¿³Î¿¡ ¿É¼ÇÀ» ÁÖ¾î¼ ÀÌ·¯ÇÑ Ãʱâ
¼³Á¤¿¡ °üÇÑ °ÍÀ» ÇØ°áÇÒ ¼öµµ ÀÖ´Ù.
6.8. IPPORTFW, IPMASQADM, IPAUTOFW, REDIR, UDPRED µî°ú ±âŸÀÇ Æ÷Æ®
Æ÷¿öµù µµ±¸µé
IPPORTFW, IPAUTOFW, REDIR, UDPRED µî°ú ±âŸ ´Ù¸¥ ÇÁ·Î±×·¥µéÀº ¸®´ª½º
IP ¸¶½ºÄ¿·¹À̵带 À§ÇÑ ÀϹÝÀûÀº TCP¶Ç´Â UDP Æ÷Æ® Æ÷¿öµù µµ±¸µéÀÌ´Ù.
ÀÌ·¯ÇÑ µµ±¸µéÀº ÀϹÝÀûÀ¸·Î, ÇöÀçÀÇ FTP, Quake µîÀ» À§ÇÑ Æ¯Á¤ÇÑ IP
¸¶½ºÄ¿·¹ÀÌµå ¸ðµâµé°ú ÇÔ²² »ç¿ëµÇ°Å³ª ´ëüÇؼ »ç¿ëµÈ´Ù. Æ÷Æ® Æ÷¿öµù
µµ±¸µéÀ» »ç¿ëÇϸé, ÀÎÅͳÝÀ¸·ÎºÎÅÍ ¿À´Â Á¢¼ÓµéÀ», IP ¸¶½ºÄ¿·¹À̵ù
µÚ¿¡¼ ³»ºÎ ÁÖ¼Ò¸¸ °¡Áö°í ÀÖ´Â ÄÄÇ»ÅÍ·Î Àü´ÞÇØ ÁÙ ¼ö ÀÖ´Ù. ÀÌ·¯ÇÑ
Æ÷¿öµù ±â´ÉÀº TELNET, WWW, SMTP, FTP (Ưº°ÇÑ ÆÐÄ¡¸¦ ÇÊ¿ä·Î ÇÑ´Ù -
¾Æ·¡¸¦ º¼ °Í), ICQ ¿Í ´Ù¸¥ ¸¹Àº ³×Æ®¿÷ ÇÁ·ÎÅäÄݵéÀ» ó¸®ÇÒ ¼ö ÀÖ´Ù.
ÁÖÀÇ: ¸¸¾à IP ¸¶½ºÄ¿·¹À̵ù ¾øÀÌ ´ÜÁö Æ÷Æ® Æ÷¿öµù¸¸À» ÇÏ±æ ¿øÇÑ´Ù Çصµ,
¿©ÀüÈ÷ Ä¿³Î°ú IPFWADM³ª IPCHAINS Á¤Ã¥ ³»¿¡ IP ¸¶½ºÄ¿·¹À̵ù ±â´ÉÀ»
Ãß°¡ÇÏ°í¼ ¸®´ª½ºÀÇ Æ÷Æ® Æ÷¿öµù µµ±¸µéÀ» »ç¿ëÇØ¾ß ÇÑ´Ù.
±×·¯¸é À̰͵éÀÇ Â÷ÀÌ´Â ¹«¾ùÀΰ¡? IPAUTOFW, REDIR¿Í UDPRED(¸ðµç URLµéÀº
``'' ¼½¼Ç¿¡ ÀÖ´Ù)µîÀº IP ¸¶½ºÄ¿·¹ÀÌµå »ç¿ëÀÚ°¡ ÀÌ ±â´ÉÀ» »ç¿ëÇϱâ
À§Çؼ ÇÊ¿äÇÑ ÃʱâÀÇ µµ±¸µéÀ̾ú´Ù. ½Ã°£ÀÌ È帣°í, ¸®´ª½º IP
¸¶½ºÄ¿·¹À̵尡 ¹ßÀüÇϸé¼, ÀÌ µµ±¸µéÀº ´õ Áö´ÉÀûÀÎ ÇØ°áÃ¥ÀÎ IPPORTFW·Î
´ëüµÇ¾ú´Ù. »õ·Î¿î µµ±¸µéÀ» »ç¿ë°¡´ÉÇÏ°Ô µÇ¾ú±â ¶§¹®¿¡, IPQUTOFW¿Í
REDIR¿Í °°Àº ¿¹ÀüÀÇ µµ±¸µéÀ» »ç¿ëÇÏ´Â °ÍÀº *¸Å¿ì ¹Ù¶÷Á÷ÇÏÁö ¾Ê´Ù*.
À̵éÀº Ä¿³Î°ú ÇÔ²² Á¦´ë·Î µ¿ÀÛÇÏÁö ¸øÇϰųª ½ÉÁö¾î ¿©·¯ºÐÀÇ ¸®´ª½º
¼¹ö¸¦ Æı«ÇÒ ¼öµµ ÀÖ´Ù.
2.0.x ¹öÁ¯ÀÇ IPPORTFW³ª 2.2.x ¹öÁ¯ÀÇ IPMASQADMÀ» IPPORTFW¿Í ÇÔ²²
»ç¿ëÇϱâ Àü¿¡, ´Ù¸¥ Æ÷Æ® Æ÷¿öµù µµ±¸µéÀ» »ç¿ëÇÏ¸é ³×Æ®¿÷ º¸¾È ¹®Á¦¸¦
ÀÏÀ¸Å³ ¼ö ÀÖ´Ù. ±× ÀÌÀ¯´Â ÀÌ·¯ÇÑ µµ±¸µéÀº TCP/UDP Æ÷Æ®¸¦ Æ÷¿öµùÇϱâ
À§Çؼ ±âº»ÀûÀ¸·Î ÆÐŶ ¹æȺ®¿¡ ±¸¸ÛÀ» ¸¸µé±â ¶§¹®ÀÌ´Ù. ÀÌ°ÍÀÌ ¸®´ª½º
¸Ó½Å¿¡ À§ÇùÀ» ÁÖÁö´Â ¾ÊÁö¸¸, ÆÐŶÀÌ Æ÷¿öµùµÇ´Â ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡°Ô´Â
¹®Á¦°¡ µÉ ¼öµµ ÀÖ´Ù. Å« ¹®Á¦´Â ¾Æ´ÏÁö¸¸, IPPORTFWÀÇ Á¦ÀÛÀÚÀÎ Steven
ClarkeÀº ´ÙÀ½°ú °°ÀÌ ¸»ÇÑ´Ù:
"ÇØ´çÇÏ´Â IPFWADM/IPCHAINS Á¤Ã¥¿¡ µé¾î¸Âµµ·Ï, Æ÷Æ® Æ÷¿öµùÀº
¸¶½ºÄ¿·¹À̵ù ÇÔ¼ö¿¡¼¸¸ ºÒ·ÁÁø´Ù. ¸¶½ºÄ¿·¹À̵ùÀº IP Æ÷¿öµùÀ¸·Î
È®ÀåµÈ´Ù. ±×·¡¼, ipportfw´Â ÀԷ°ú ipfwadm Á¤Ã¥ ¸ðµÎ¿¡ µé¾î¸Â´Â
ÆÐŶ¸¸À» º¼ ¼ö ÀÖ´Ù."
ÀÌ·¯ÇÑ ÀÌÀ¯·Î, °·ÂÇÑ ¹æȺ® Á¤Ã¥À» »ç¿ëÇÏ´Â °ÍÀÌ Áß¿äÇÏ´Ù. °·ÂÇÑ
¹æȺ® Á¤Ã¥¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ °ÍÀº ``''°ú ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
ÀÌÁ¦, IPPORTFW Æ÷¿öµùÀ» 2.0.x³ª 2.2.x Ä¿³Î¿¡ »ç¿ëÇϱâ À§Çؼ´Â, ¸®´ª½º
Ä¿³ÎÀÌ IPPORTFW¸¦ Áö¿øÇϵµ·Ï ÀçÄÄÆÄÀÏÇØ¾ß ÇÑ´Ù.
o 2.0.x Ä¿³Î »ç¿ëÀÚµéÀº ¾Æ·¡¿Í °°Àº °£´ÜÇÑ Ä¿³Î ¿É¼Ç ÆÐÄ¡¸¦ Çؾß
ÇÑ´Ù.
o 2.2.x Ä¿³Î »ç¿ëÀÚµéÀº IPMASQADMÀ» ÅëÇؼ ÀÌ¹Ì IPPORTFW Ä¿³Î ¿É¼ÇÀ»
»ç¿ëÇÒ ¼ö ÀÖÀ» °ÍÀÌ´Ù.
6.8.1. 2.0.x Ä¿³Î¿¡¼ IPPORTFW »ç¿ë
¿ì¼±, /usr/src/linux µð·ºÅ丮¿¡ °¡Àå ÃÖ½ÅÀÇ 2.0.x Ä¿³ÎÀÌ Á¸ÀçÇÏ´ÂÁö
È®ÀÎÇÑ´Ù. ¸¸¾à ¾ø´Ù¸é, ``'' ¼½¼Ç¿¡¼ ÀÚ¼¼ÇÑ »çÇ×À» ÂüÁ¶ÇÑ´Ù. ´ÙÀ½À¸·Î,
``'' ¼½¼Ç¿¡¼ "ipportfw.c" ÇÁ·Î±×·¥°ú "subs-patch-x.gz" Ä¿³Î ÆÐÄ¡¸¦
´Ù¿î·ÎµåÇؼ /usr/src/ µð·ºÅ丮¿¡ ¾ÐÃàÀ» Ǭ´Ù.
ÁÖÀÇ: "subs-patch-x.gz"ÀÇ ÈÀÏ¸í¿¡¼ "x"´Â ±× »çÀÌÆ®¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â
°¡Àå ÃÖ½ÅÀÇ ¹öÁ¯À¸·Î ´ëÄ¡ÇÑ´Ù.
ÀÌÁ¦, IPPORTFW ÆÐÄ¡(subs-patch-x.gz)¸¦ ¸®´ª½º µð·ºÅ丮·Î º¹»çÇÑ´Ù.
cp /usr/src/subs-patch-1.37.gz /usr/src/linux
´ÙÀ½¿¡, IPPORTFW Ä¿³Î ¿É¼ÇÀ» »ý¼ºÇϱâ À§Çؼ Ä¿³Î ÆÐÄ¡¸¦ ÇÑ´Ù:
cd /usr/src/linux
zcat subs-patch-1.3x.gz | patch -p1
´ÙÀ½À¸·Î, FTP Á¢¼ÓÀ» ³»ºÎÀÇ ¼¹ö·Î Æ÷Æ® Æ÷¿öµùÇÏ°íÀÚ ÇÑ´Ù¸é, ``''
¼½¼Ç¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â »õ·Î¿î IP_MASQ_FTP ¸ðµâ ÆÐÄ¡¸¦ ÇØ¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ
»çÇ×Àº ÀÌ ¼½¼ÇÀÇ ³ªÁß ºÎºÐ¿¡ ³ª¿Í ÀÖ´Ù.
ÀÚ, ``'' ¼½¼Ç¿¡ ÀÖ´Â °Íó·³ Ä¿³ÎÀ» ÄÄÆÄÀÏÇÒ Â÷·ÊÀÌ´Ù. Ä¿³ÎÀ» ¼³Á¤ÇÏ´Â
´Ü°è¿¡¼ IPPORTFW ¿É¼Ç¿¡ YES¶ó°í Çϵµ·Ï ÇÑ´Ù. ÀÏ´Ü ÄÄÆÄÀÏÀÌ ³¡³ª°í
»õ·Î¿î Ä¿³Î·Î ¸®ºÎÆ®ÇÏ°í ³ª¸é, ´Ù½Ã ÀÌ ¼½¼ÇÀ¸·Î µ¹¾Æ¿Â´Ù.
ÀÌÁ¦ »õ·Î ÄÄÆÄÀÏÇÑ Ä¿³ÎÀ» »ç¿ëÇؼ, ½ÇÁ¦ÀÇ "IPPORTFW" ÇÁ·Î±×·¥À»
ÄÄÆÄÀÏÇÏ°í ¼³Ä¡ÇÑ´Ù.
cd /usr/src
gcc ipportfw.c -o ipportfw
mv ipportfw /usr/local/sbin
ÀÌÁ¦, ¿¹¸¦ µé¾î¼ ¸ðµç À¥ Á¢¼Ó(Æ÷Æ® 80)À» ¸¶½ºÄ¿·¹À̵åµÇ´Â ³»ºÎÀÇ ¸Ó½Å
Áß¿¡¼ 192.168.0.10À» ÁÖ¼Ò·Î °°Àº ¸Ó½ÅÀ¸·Î Æ÷¿öµåÇÏ·Á ÇÑ´Ù°í ÇÏÀÚ.
ÁÖÀÇ: ÀÏ´Ü Æ÷Æ® 80À» Æ÷Æ® Æ÷¿öµùÇϸé, ¸®´ª½º IP ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö´Â ±×
Æ÷Æ®¸¦ ´õÀÌ»ó »ç¿ëÇÏÁö ¸øÇÑ´Ù. ´õ ±¸Ã¼ÀûÀ¸·Î, ¸¸¾à ¿©·¯ºÐÀÌ
¸¶½ºÄ¿·¹ÀÌµå ¼¹ö¿¡ ÀÌ¹Ì À¥ ¼¹ö¸¦ ¿î¿µÇÏ°í ÀÖ°í Æ÷Æ® 80À» ³»ºÎÀÇ
¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»ÅÍ·Î Æ÷Æ® Æ÷¿öµùÇÑ´Ù¸é, ¸ðµç ÀÎÅÍ³Ý »ç¿ëÀÚµéÀº IP
¸¶½ºÄ¿·¹ÀÌµå ¼¹ö¿¡¼ º¸³»´Â ÆäÀÌÁö°¡ ¾Æ´Ñ -³»ºÎÀÇ- À¥ ¼¹ö¿¡¼ º¸³»´Â
ÆäÀÌÁö¸¦ º¼ °ÍÀÌ´Ù. À̸¦ ÇØ°áÇϱâ À§ÇÑ À¯ÀÏÇÑ ¹æ¹ýÀº ¿¹¸¦ µé¾î 8080°ú
°°Àº ´Ù¸¥ Æ÷Æ®¸¦ ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ¸Ó½ÅÀ¸·Î Æ÷Æ® Æ÷¿öµùÇÏ´Â
°ÍÀÌ´Ù. ÀÌ·¸°Ô ÇÏ¸é µÇ±ä ÇÏÁö¸¸, ¸ðµç ÀÎÅÍ³Ý »ç¿ëÀÚµéÀº ³»ºÎÀÇ
¸¶½ºÄ¿·¹À̵åµÇ´Â À¥ ¼¹ö¿¡ Á¢¼ÓÇϱâ À§Çؼ URL¿¡ :8080À» µ¡ºÙ¿©¾ß
ÇÑ´Ù.
¾î·µç, Æ÷Æ® Æ÷¿öµùÀ» »ç¿ëÇϱâ À§Çؼ´Â, /etc/rc.d/rc.firewall
Á¤Ã¥ÈÀÏÀ» ÆíÁýÇÑ´Ù. ´ÙÀ½¿¡ ÀÖ´Â ³»¿ëÀ» Ãß°¡ÇϵÇ, "$extip"´Â ¿©·¯ºÐÀÇ
ÀÎÅÍ³Ý IP ÁÖ¼Ò·Î ´ëÄ¡ÇÑ´Ù.
ÁÖÀÇ: ¸¸¾à ¿©·¯ºÐÀÌ ISP ·ÎºÎÅÍ(PPP, ADSL, ÄÉÀÌºí ¸ðµ©, ±âŸ µîµî) µ¿Àû
TCP/IP ÁÖ¼Ò¸¦ ¹Þ¾Æ¼ »ç¿ëÇÑ´Ù¸é, /etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏÀ» ´õ
Áö´ÉÀûÀ¸·Î ¸¸µé¾î¾ß ÇÒ °ÍÀÌ´Ù. °·ÂÇÑ Á¤Ã¥µé°ú µ¿Àû IP ÁÖ¼Ò¿¡ °üÇÑ
ÀÚ¼¼ÇÑ »çÇ×Àº TrinityOS - Section 10
À» ÂüÁ¶Çϱâ
¹Ù¶õ´Ù.
/etc/rc.d/rc.firewall
--
#echo "Enabling IPPORTFW Redirection on the external LAN.."
#
/usr/local/sbin/ipportfw -C
/usr/local/sbin/ipportfw -A -t$extip/80 -R 192.168.0.10/80
--
ÀÚ ÀÌÁ¦ µÆ´Ù! /etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏÀ» ´Ù½Ã ½ÇÇà½ÃÅ°°í ½ÃÇèÇØ
º¸ÀÚ!
¸¸¾à¿¡ "ipfwadm: setsockopt failed: Protocol not available" ¶ó´Â ¿¡·¯
¸Þ½ÃÁö¸¦ º¸°Ô µÈ´Ù¸é, »õ·Î ÄÄÆÄÀÏÇÑ Ä¿³ÎÀ» »ç¿ëÇÏ°í ÀÖÁö ¾Ê´Â °ÍÀÌ´Ù.
»õ·Î¿î Ä¿³ÎÀ» Á¦´ë·Î µÈ À§Ä¡¿¡ ¿Å°Ü ³õ¾Ò´ÂÁö, LILO¸¦ Àç ½ÇÇàÇß´ÂÁö
È®ÀÎÇÏ°í ´Ù½Ã Çѹø ¸®ºÎÆ®ÇÑ´Ù.
FTP ¼¹öÀÇ Æ÷Æ® Æ÷¿öµù:
FTP¸¦ ³»ºÎÀÇ ¸Ó½ÅÀ¸·Î Æ÷Æ® Æ÷¿öµùÇÏ°íÀÚ ÇÑ´Ù¸é, ÀÏÀÌ Á» ´õ º¹ÀâÇØÁø´Ù.
±× ÀÌÀ¯´Â Ç¥ÁØÀÇ IP_MASQ_FTP Ä¿³Î ¸ðµâÀÌ ÀÌ·¯ÇÑ ¸ñÀûÀ¸·Î ¸¸µé¾îÁ® ÀÖÁö
¾Ê±â ¶§¹®ÀÌ´Ù. ´ÙÇàÈ÷ Fred Viles°¡ ÀÌ·¯ÇÑ ¸ñÀûÀ¸·Î µ¿ÀÛÇϵµ·Ï ¼öÁ¤µÈ
IP_MASQ_FTP ¸ðµâÀ» ÀÛ¼ºÇß´Ù. Á¤È®È÷ ¹«¾ùÀÌ ¹®Á¦ÀÎÁö ¾Ë°í ½Í´Ù¸é,
Fred°¡ ¹®¼¸¦ ¸Å¿ì Àß ÀÛ¼ºÇØ ³õ¾ÒÀ¸´Ï ±×°ÍÀ» ´Ù¿î·ÎµåÇØ º¸±â ¹Ù¶õ´Ù.
ÀÌ ÆÐÄ¡´Â ´Ù¼Ò ½ÇÇèÀûÀÎ ¸éÀÌ ÀÖ´Ù´Â °Íµµ ¾Ë¾ÆµÎ±â ¹Ù¶õ´Ù. ¶ÇÇÑ ÇöÀç ÀÌ
ÆÐÄ¡´Â 2.0.x Ä¿³Î¿ë¿¡¼¸¸ »ç¿ëÇÒ ¼ö ÀÖ´Ù´Â °Íµµ ¾Ë¾ÆµÎ±â ¹Ù¶õ´Ù. 2.2.x
Ä¿³Î·ÎÀÇ Æ÷Æõµ ¾î´À Á¤µµ ÀÌ·ç¾îÁ® ÀÖÁö¸¸, ¿©±â¿¡ µµ¿òÀ» ÁÖ°í ½Í´Ù¸é
Fred Viles - fv@episupport.com·Î Á÷Á¢ À̸ÞÀÏÀ» º¸³»±â ¹Ù¶õ´Ù.
ÀÌÁ¦ ´ÙÀ½ °úÁ¤À» °ÅÃļ 2.0.x ÆÐÄ¡¸¦ ÇÑ´Ù:
o ¿ì¼± ÀÌ ¼½¼ÇÀÇ ¾Õ ºÎºÐ¿¡ ÀÖ´Â °Í°ú °°ÀÌ IPPORTFW Ä¿³Î ÆÐÄ¡¸¦
°¡ÇÑ´Ù.
o ``'' ¼½¼Ç¿¡ ¼ö·ÏµÈ Fred VilesÀÇ FTP ¼¹ö¿¡¼ "msqsrv-patch-36"¸¦
´Ù¿î·ÎµåÇÏ°í /usr/src/linux¿¡ ³Ö´Â´Ù.
o "cat msqsrv-patch-36 | patch -p1"¶ó°í ¸í·ÉÇؼ ÀÌ »õ·Î¿î ÄÚµå·Î
Ä¿³ÎÀ» ÆÐÄ¡ÇÑ´Ù.
o ÀÌÁ¦, ¿ø·¡ÀÇ "ip_masq_ftp.c" Ä¿³Î ¸ðµâÀ» »õ·Î¿î °ÍÀ¸·Î ´ëüÇÑ´Ù.
o mv /usr/src/linux/net/ipv4/ip_masq_ftp.c
/usr/src/linux/net/ipv4/ip_masq_ftp.c.orig
o mv /usr/src/linux/ip_masq_ftp.c
/usr/src/linux/net/ipv4/ip_masq_ftp.c
o ¸¶Áö¸·À¸·Î »õ·Î¿î Äڵ尡 Àû¿ëµÈ Ä¿³ÎÀ» »ý¼ºÇؼ ÀνºÅçÇÑ´Ù.
´Ù µÆÀ¸¸é, /etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏÀ» ÆíÁýÇؼ ´ÙÀ½ ³»¿ëÀ»
Ãß°¡Ç쵂 "$extip"´Â ¿©·¯ºÐÀÇ ÀÎÅÍ³Ý IP ÁÖ¼Ò·Î ´ëÄ¡ÇÑ´Ù.
ÁÖÀÇ: ¸¸¾à ¿©·¯ºÐÀÌ ISP ·ÎºÎÅÍ(PPP, ADSL, ÄÉÀÌºí ¸ðµ©, ±âŸ µîµî) µ¿Àû
TCP/IP ÁÖ¼Ò¸¦ ¹Þ¾Æ¼ »ç¿ëÇÑ´Ù¸é, /etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏÀ» ´õ
Áö´ÉÀûÀ¸·Î ¸¸µé¾î¾ß ÇÒ °ÍÀÌ´Ù. °·ÂÇÑ Á¤Ã¥µé°ú µ¿Àû IP ÁÖ¼Ò¿¡ °üÇÑ
ÀÚ¼¼ÇÑ »çÇ×Àº TrinityOS - Section 10
À» ÂüÁ¶Çϱâ
¹Ù¶õ´Ù.
ÀÌ ¿¹´Â À§¿¡¼¿Í °°ÀÌ ¸ðµç FTP Á¢¼Ó(Æ÷Æ® 21)À» ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â
¸Ó½Å Áß 192.168.0.10ÀÇ ÁÖ¼Ò¸¦ °®´Â ¸Ó½ÅÀ¸·Î Æ÷Æ® Æ÷¿öµùÇÒ °ÍÀÌ´Ù.
ÁÖÀÇ: ÀÏ´Ü Æ÷Æ® 21À» Æ÷Æ® Æ÷¿öµùÇϸé, ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö´Â ±×
Æ÷Æ®¸¦ ´õ ÀÌ»ó »ç¿ëÇÏÁö ¸øÇÒ °ÍÀÌ´Ù. ´õ ±¸Ã¼ÀûÀ¸·Î, ¸¸¾à ¸®´ª½º
¸¶½ºÄ¿·¹ÀÌµå ¼¹ö¿¡ ÀÌ¹Ì FTP ¼¹ö¸¦ ¿î¿µÇÏ°í ÀÖ´Ù¸é, ¸ðµç ÀÎÅͳÝ
»ç¿ëÀÚÀÇ FTP Á¢¼ÓÀº IP ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö°¡ ¾Æ´Ï¶ó -³»ºÎÀÇ- FTP ¼¹ö·Î
°¥ °ÍÀÌ´Ù.
/etc/rc.d/rc.firewall
--
#echo "Enabling IPPORTFW Redirection on the external LAN.."
#
/usr/local/sbin/ipportfw -C
/usr/local/sbin/ipportfw -A -t$extip/21 -R 192.168.0.10/21
--
ÀÚ ÀÌÁ¦ µÆ´Ù! /etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏÀ» ´Ù½Ã ½ÇÇà½ÃÅ°°í ½ÃÇèÇØ
º¸ÀÚ!
¸¸¾à¿¡ "ipchains: setsockopt failed: Protocol not available" ¶ó´Â ¿¡·¯
¸Þ½ÃÁö¸¦ º¸°Ô µÈ´Ù¸é, »õ·Î ÄÄÆÄÀÏÇÑ Ä¿³ÎÀ» »ç¿ëÇÏ°í ÀÖÁö ¾Ê´Â °ÍÀÌ´Ù.
»õ·Î¿î Ä¿³ÎÀ» Á¦´ë·Î µÈ À§Ä¡¿¡ ¿Å°Ü ³õ¾Ò´ÂÁö, LILO¸¦ Àç ½ÇÇàÇß´ÂÁö
È®ÀÎÇÏ°í ´Ù½Ã Çѹø ¸®ºÎÆ®ÇÑ´Ù. »õ·Î¿î Ä¿³ÎÀ» »ç¿ëÇÏ°í ÀÖ´Â °ÍÀÌ
È®½ÇÇÏ´Ù¸é, "ls /proc/net"À̶ó°í ¸í·ÉÇؼ "ip_portfw" ÈÀÏÀÌ ÀÖ´ÂÁö
È®ÀÎÇÑ´Ù. ¾ø´Ù¸é, Ä¿³ÎÀ» ¼³Á¤ÇÏ´Â ´Ü°è¿¡¼ ¹«¾ùÀΰ¡ ºüÆ®·ÈÀ» °ÍÀÌ´Ù.
Ä¿³ÎÀ» ´Ù½Ã ¸¸µç´Ù.
6.8.2. 2.2.x Ä¿³Î¿¡¼ IPPORTFW¿Í ÇÔ²² IPMASQADM »ç¿ë
¿ì¼±, /usr/src/linux µð·ºÅ丮¿¡ ÃÖ½ÅÀÇ 2.2.x Ä¿³ÎÀÌ ÀÖ´ÂÁö È®ÀÎÇÑ´Ù.
¾ø´Ù¸é, ``'' ¼½¼Ç¿¡¼ ÀÚ¼¼ÇÑ »çÇ×À» ÂüÁ¶ÇÑ´Ù. ´ÙÀ½À¸·Î, ``'' ¼½¼Ç¿¡¼
"ipmasqadm.c" ÇÁ·Î±×·¥À» ´Ù¿î·ÎµåÇؼ /usr/src/ µð·ºÅ丮¿¡ ³Ö´Â´Ù.
´ÙÀ½À¸·Î, ``'' ¼½¼Ç¿¡ ÀÖ´Â °Í°ú °°ÀÌ 2.2.x Ä¿³ÎÀ» ÄÄÆÄÀÏÇØ¾ß ÇÑ´Ù.
Ä¿³ÎÀ» ¼³Á¤ÇÏ´Â ´Ü°è¿¡¼ IPPORTFW ¿É¼Ç¿¡ YES ¶ó°í ÇÑ´Ù. ÀÏ´Ü Ä¿³ÎÀ»
ÄÄÆÄÀÏÇؼ ¸®ºÎÆ®ÇÑ ÈÄ¿¡ ÀÌ ¼½¼ÇÀ¸·Î µ¹¾Æ¿Â´Ù.
ÀÌÁ¦, IPMASQADM µµ±¸¸¦ ÄÄÆÄÀÏÇÏ°í ¼³Ä¡ÇÑ´Ù:
cd /usr/src
tar xzvf ipmasqadm-x.tgz
cd ipmasqadm-x
make
make install
ÀÌÁ¦, ¿¹¸¦ µé¾î¼ ¸ðµç À¥ Á¢¼Ó(Æ÷Æ® 80)À» ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â
¸Ó½ÅÁß¿¡¼ 192.168.0.10À» ÁÖ¼Ò·Î °®´Â ¸Ó½ÅÀ¸·Î Æ÷Æ® Æ÷¿öµùÇÑ´Ù°í ÇÏÀÚ.
ÁÖÀÇ: FTP Á¢¼ÓÀ» Æ÷Æ® Æ÷¿öµùÇϱâ À§Çؼ ¼öÁ¤µÈ IP_MASQ_FTP ¸ðµâÀÌ
ÇöÀç·Î´Â 2.2.x Ä¿³Î¿¡¼ µ¿ÀÛÇÏÁö ¾ÊÀ» Áöµµ ¸ð¸¥´Ù. ÇÏÁö¸¸ À̸¦ ½ÃÇèÇØ
º¸°í ½Í´Ù¸é, ÀÌ ¸ðµâÀ» 2.2.x Ä¿³Î¿ëÀ¸·Î Æ÷ÆÃÇØ º¸¶ó. ±×¸®°í Ambrose ¿Í
David¿¡°Ô ¿©·¯ºÐÀÇ °á°ú¹°À» ¸ÞÀÏ·Î º¸³» Áֱ⠹ٶõ´Ù.
ÁÖÀÇ: ÀÏ´Ü Æ÷Æ® 80À» Æ÷Æ® Æ÷¿öµùÇÏ°í ³ª¸é, ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵å
¼¹ö´Â ±× Æ÷Æ®¸¦ »ç¿ëÇÏÁö ¸øÇÑ´Ù. ´õ ±¸Ã¼ÀûÀ¸·Î, ¸¸¾à ¸¶½ºÄ¿·¹À̵å
¼¹ö¿¡ ÀÌ¹Ì À¥ ¼¹ö¸¦ ¿î¿µÇÏ°í ÀÖ´Ù¸é, ¸ðµç ÀÎÅÍ³Ý »ç¿ëÀÚµéÀº ¿©·¯ºÐÀÇ
IP ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö°¡ ¾Æ´Ñ -³»ºÎÀÇ- À¥ ¼¹ö¿¡¼ À¥ ÆäÀÌÁö¸¦ ¹Þ¾Æ º¼
°ÍÀÌ´Ù.
¾î·µç, Æ÷Æ® Æ÷¿öµùÀ» Çϱâ À§Çؼ´Â /etc/rc.d/rc.firewall Á¤Ã¥ ÈÀÏÀ»
ÆíÁýÇÑ´Ù. ´ÙÀ½ÀÇ ³»¿ëÀ» Ãß°¡ÇϵÇ, "$extip"¸¦ ¿©·¯ºÐÀÇ ÀÎÅÍ³Ý IP ÁÖ¼Ò·Î
´ëÄ¡ÇÑ´Ù.
ÁÖÀÇ: ¸¸¾à ISP·ÎºÎÅÍ(PPP, ADSL, ÄÉÀÌºí ¸ðµ©, ±âŸ µîµî) µ¿Àû TCP/IP
ÁÖ¼Ò¸¦ ¹Þ¾Æ¼ »ç¿ëÇÏ°í ÀÖ´Ù¸é, /etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏÀ» Á»´õ
Áö´ÉÀûÀ¸·Î ¸¸µé ÇÊ¿ä°¡ ÀÖ´Ù. °·ÂÇÑ ¹æȺ® Á¤Ã¥°ú µ¿Àû IP ÁÖ¼Ò¿¡ °üÇÑ
ÀÚ¼¼ÇÑ »çÇ׿¡ ´ëÇؼ´Â TrinityOS - Section 10
À» ÂüÁ¶Çϱâ
¹Ù¶õ´Ù. ¿©±â¿¡ ÈùÆ®¸¦ ÇÑ°¡Áö Á¦°øÇÑ´Ù: PPP »ç¿ëÀÚµéÀ» À§ÇÑ
/etc/ppp/ip-up ÈÀÏ.
/etc/rc.d/rc.firewall
--
#echo "Enabling IPPORTFW Redirection on the external LAN.."
#
/usr/sbin/ipmasqadm portfw -f
/usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 80 -R 192.168.0.10 80
--
ÀÚ ÀÌÁ¦ µÆ´Ù! /etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏÀ» ´Ù½Ã ½ÇÇà½ÃÅ°°í ½ÃÇèÇØ
º¸ÀÚ!
¸¸¾à¿¡ "ipchains: setsockopt failed: Protocol not available" ¶ó´Â ¿¡·¯
¸Þ½ÃÁö¸¦ º¸°Ô µÈ´Ù¸é, »õ·Î ÄÄÆÄÀÏÇÑ Ä¿³ÎÀ» »ç¿ëÇÏ°í ÀÖÁö ¾Ê´Â °ÍÀÌ´Ù.
»õ·Î¿î Ä¿³ÎÀ» Á¦´ë·Î µÈ À§Ä¡¿¡ ¿Å°Ü ³õ¾Ò´ÂÁö, LILO¸¦ Àç ½ÇÇàÇß´ÂÁö
È®ÀÎÇÏ°í ´Ù½Ã Çѹø ¸®ºÎÆ®ÇÑ´Ù. »õ·Î¿î Ä¿³ÎÀ» »ç¿ëÇÏ°í ÀÖ´Â °ÍÀÌ
È®½ÇÇÏ´Ù¸é, "ls /proc/net/ip_masq"¶ó°í ¸í·ÉÇؼ "portfw" ÈÀÏÀÌ ÀÖ´ÂÁö
È®ÀÎÇÑ´Ù. ¾ø´Ù¸é, Ä¿³ÎÀ» ¼³Á¤ÇÏ´Â ´Ü°è¿¡¼ ¹«¾ùÀΰ¡ ºüÆ®·ÈÀ» °ÍÀÌ´Ù.
Ä¿³ÎÀ» ´Ù½Ã ¸¸µç´Ù.
6.9. CU-SeeMe¿Í ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵å
¸®´ª½º IP ¸¶½ºÄ¿·¹À̵å´Â "ip_masq_cuseeme" Ä¿³Î ¸ðµâÀ» ÅëÇؼ
CuSeeme¸¦ Áö¿øÇÑ´Ù. ÀÌ Ä¿³Î ¸ðµâÀº /etc/rc.d/rc.firewall ½ºÅ©¸³Æ®¿¡¼
¸Þ¸ð¸®¿¡ ÀûÀçµÇ¾î¾ß ÇÑ´Ù. ÀÏ´Ü "ip_masq_cuseeme" ¸ðµâÀÏ ¼³Ä¡µÇ¸é,
¿ø°ÝÀÇ reflectorµéÀ̳ª »ç¿ëÀڵ鿡°Ô Á¢¼Ó ½ÅÈ£¸¦ º¸³»°Å³ª Á¢¼ÓÀ»
¹Þ¾ÆµéÀÏ ¼ö ÀÖ°Ô µÈ´Ù.
ÁÖÀÇ: CuSeeme¸¦ »ç¿ëÇϱâ À§Çؼ´Â ¿¹ÀüÀÇ IPAUTOFW µµ±¸ ´ë½Å¿¡ IPPORTFW
µµ±¸¸¦ »ç¿ëÇÒ °ÍÀ» ±ÇÀåÇÑ´Ù.
CuSeeme¸¦ ¼³Á¤ÇÏ´Â µ¥ ÀÖ¾î¼ ´õ È®½ÇÇÑ Á¤º¸°¡ ÇÊ¿äÇÏ´Ù¸é, Michael
Owings's CuSeeMe page ¿¡¼
¹Ì´Ï-ÇÏ¿ìÅõ¸¦ º¸°Å³ª The IP Masquerade Resources¿¡¼ ¹Ì´Ï-ÇÏ¿ìÅõÀÇ
¹Ì·¯ ÆäÀÌÁö¸¦ º¼ ¼ö ÀÖÀ» °ÍÀÌ´Ù.
6.10. Mirabilis ICQ
¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼¹öÀÇ µÚ¿¡¼ ICQ¸¦ »ç¿ëÇÏ´Â ¹æ¹ýÀº µÎ°¡Áö°¡ ÀÖ´Ù.
ÇÑ°¡Áö ¹æ¹ýÀº »õ·Î¿î ICQ ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀ» »ç¿ëÇÏ´Â °ÍÀÌ°í, ´Ù¸¥
ÇÑ°¡Áö´Â IPPORTFW¸¦ »ç¿ëÇÏ´Â °ÍÀÌ´Ù.
ICQ ¸ðµâÀº ¸î°¡Áö À̵æ°ú ÇÔ²² Á¦Çѵµ ÀÖ´Ù. ÀÌ ¸ðµâÀº °£´ÜÇÑ ¼³Á¤À¸·Î
¸¶½ºÄ¿·¹ÀÌµå ¼¹ö µÚ¿¡¼ ¿©·¯¸íÀÌ ICQ¸¦ »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù. ICQ
Ŭ¶óÀ̾ðÆ®¿¡¼ Ưº°ÇÑ ¼³Á¤À» ÇÊ¿ä·Î ÇÏÁöµµ ¾Ê´Â´Ù. ±×·¯³ª, ÇöÀç´Â ÈÀÏ
Àü¼Û°ú ½Ç½Ã°£ äÆÃÀÌ µÇÁö ¾Ê´Â´Ù.
IPPORTFW¸¦ ¼³Á¤Çؼ »ç¿ëÇϸé, ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö¿Í ICQ Ŭ¶óÀ̾ðÆ®
¸ðµÎ¿¡ ¸î°¡Áö ¼³Á¤À» º¯°æ½ÃÄÑÁà¾ß ÇÏÁö¸¸, ICQÀÇ ¸Þ½ÃÁö ±â´É, URL ±â´É,
äÆÃ, ÈÀÏ Àü¼Û µî ¸ðµç °ÍÀÌ µ¿ÀÛÇÒ °ÍÀÌ´Ù.
Andrew DeryabinÀÇ djsf@usa.net 2.2.x Ä¿³ÎÀ» À§ÇÑ ICQ IP ¸¶½ºÄ¿·¹À̵å
¸ðµâ¿¡ °ü½ÉÀÌ ÀÖ´Ù¸é, ``'' ¼½¼Ç¿¡¼ ÀÚ¼¼ÇÑ »çÇ×À» È®ÀÎÇϱ⠹ٶõ´Ù.
¸¶½ºÄ¿·¹ÀÌµå ¼¹ö µÚ¿¡¼ ICQ¸¦ »ç¿ëÇϱâ À§ÇØ ´Ù¼Ò °íÀüÀûÀÎ ¹æ¹ýÀ» ¾²±æ
¿øÇÑ´Ù¸é ´ÙÀ½°ú °°ÀÌ ÇÑ´Ù:
o ¿ì¼±, ¸®´ª½º Ä¿³Î¿¡ IPPORTFW ±â´ÉÀ» Æ÷ÇÔ½ÃŲ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº ``''
¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù.
o ´ÙÀ½À¸·Î, ´ÙÀ½ÀÇ ³»¿ëÀ» /etc/rc.d/rc.firewall ÈÀÏ¿¡ Ãß°¡ÇÑ´Ù. ÀÌ
¿¹´Â ¿ÜºÎ·Î ÅëÇÏ´Â ¿©·¯ºÐÀÇ ÀÎÅÍ³Ý IP ÁÖ¼Ò¸¦ 10.1.2.3À¸·Î, ³»ºÎÀÇ
¸¶½ºÄ¿·¹À̵åµÇ´Â ICQ Ŭ¶óÀ̾ðÆ®¸¦ 192.168.0.10À¸·Î °¡Á¤Çß´Ù:
IPFWADMÀ» »ç¿ëÇÏ´Â 2.0.x Ä¿³ÎÀÇ ¿¹:
µÎ°¡Áö ¿¹¸¦ Æ÷ÇÔ½ÃÄ×´Ù: ¾î¶² °ÍÀ̵ç Àß µ¿ÀÛÇÒ °ÍÀÌ´Ù:
¿¹ #1
--
/usr/local/sbin/ipportfw -A -t10.1.2.3/2000 -R 192.168.0.10/2000
/usr/local/sbin/ipportfw -A -t10.1.2.3/2001 -R 192.168.0.10/2001
/usr/local/sbin/ipportfw -A -t10.1.2.3/2002 -R 192.168.0.10/2002
/usr/local/sbin/ipportfw -A -t10.1.2.3/2003 -R 192.168.0.10/2003
/usr/local/sbin/ipportfw -A -t10.1.2.3/2004 -R 192.168.0.10/2004
/usr/local/sbin/ipportfw -A -t10.1.2.3/2005 -R 192.168.0.10/2005
/usr/local/sbin/ipportfw -A -t10.1.2.3/2006 -R 192.168.0.10/2006
/usr/local/sbin/ipportfw -A -t10.1.2.3/2007 -R 192.168.0.10/2007
/usr/local/sbin/ipportfw -A -t10.1.2.3/2008 -R 192.168.0.10/2008
/usr/local/sbin/ipportfw -A -t10.1.2.3/2009 -R 192.168.0.10/2009
/usr/local/sbin/ipportfw -A -t10.1.2.3/2010 -R 192.168.0.10/2010
/usr/local/sbin/ipportfw -A -t10.1.2.3/2011 -R 192.168.0.10/2011
/usr/local/sbin/ipportfw -A -t10.1.2.3/2012 -R 192.168.0.10/2012
/usr/local/sbin/ipportfw -A -t10.1.2.3/2013 -R 192.168.0.10/2013
/usr/local/sbin/ipportfw -A -t10.1.2.3/2014 -R 192.168.0.10/2014
/usr/local/sbin/ipportfw -A -t10.1.2.3/2015 -R 192.168.0.10/2015
/usr/local/sbin/ipportfw -A -t10.1.2.3/2016 -R 192.168.0.10/2016
/usr/local/sbin/ipportfw -A -t10.1.2.3/2017 -R 192.168.0.10/2017
/usr/local/sbin/ipportfw -A -t10.1.2.3/2018 -R 192.168.0.10/2018
/usr/local/sbin/ipportfw -A -t10.1.2.3/2019 -R 192.168.0.10/2019
/usr/local/sbin/ipportfw -A -t10.1.2.3/2020 -R 192.168.0.10/2020
--
¿¹ #2
--
port=2000
while [ $port -lt 2020 ]
do
/usr/local/sbin/ipportfw -A t10.1.2.3/$port -R 192.168.0.10/$port
port=$((port+1)
done
--
IPCHAINS¸¦ »ç¿ëÇÏ´Â 2.2.x Ä¿³ÎÀÇ ¿¹:
µÎ°¡Áö ¿¹¸¦ Æ÷ÇÔ½ÃÄ×´Ù: ¾î¶² °ÍÀ̵ç Àß µ¿ÀÛÇÒ °ÍÀÌ´Ù:
¿¹ #1
--
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2000 -R 192.168.0.10 2000
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2001 -R 192.168.0.10 2001
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2002 -R 192.168.0.10 2002
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2003 -R 192.168.0.10 2003
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2004 -R 192.168.0.10 2004
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2005 -R 192.168.0.10 2005
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2006 -R 192.168.0.10 2006
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2007 -R 192.168.0.10 2007
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2008 -R 192.168.0.10 2008
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2009 -R 192.168.0.10 2009
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2010 -R 192.168.0.10 2010
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2011 -R 192.168.0.10 2011
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2012 -R 192.168.0.10 2012
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2013 -R 192.168.0.10 2013
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2014 -R 192.168.0.10 2014
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2015 -R 192.168.0.10 2015
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2016 -R 192.168.0.10 2016
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2017 -R 192.168.0.10 2017
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2018 -R 192.168.0.10 2018
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2019 -R 192.168.0.10 2019
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2020 -R 192.168.0.10 2020
--
¿¹ #2
--
port=2000
while [ $port -lt 2020 ]
do
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 $port -R 192.168.0.10 $port
port=$((port+1)
done
--
o »õ·Î¿î rc.firewallÀÌ ÁغñµÇ¸é, °£´ÜÈ÷ "/etc/rc.d/rc.firewall"¶ó°í
¸í·ÉÇؼ Á¤Ã¥À» ´Ù½Ã ·ÎµåÇÏ°í Á¦´ë·Î µÇ´ÂÁö È®ÀÎÇÑ´Ù. ¸¸¾à ¿¡·¯°¡
³´Ù¸é, Ä¿³Î¿¡ IPPORTFW Áö¿øÀ» Æ÷ÇÔ½ÃÅ°Áö ¾Ê¾Ò°Å³ª rc.firewall
ÈÀÏ¿¡¼ ¿ÀŸ°¡ ³µÀ» °ÍÀÌ´Ù.
o ÀÌÁ¦, ICQÀÇ Preferences(¼³Á¤)-->Connection(Á¢¼Ó)¿¡¼, "Behind a
LAN(LANÀ» ÅëÇؼ Á¢¼Ó)"°ú "Behind a firewall or Proxy(¹æȺ®À̳ª
ÇÁ·Ï½Ã¸¦ ÅëÇؼ Á¢¼Ó)"À» ¼³Á¤ÇÑ´Ù. ÀÌÁ¦, "Firewall Settings(¹æȺ®
¼³Á¤)"À» Ŭ¸¯ÇÏ°í "I don't use a SOCK5 proxy(SOCK5 ÇÁ·Ï½Ã¸¦
»ç¿ëÇÏÁö ¾ÊÀ½)"·Î ¼³Á¤ÇÑ´Ù. ¿¹Àü¿¡´Â ICQÀÇ "Firewall session
timeouts(¹æȺ® Á¢¼Ó Á¦Çѽð£)"À» "30"ÃÊ·Î ÇÏ´Â °ÍÀ» ±ÇÀåÇßÁö¸¸,
ICQ°¡ ºÒ¾ÈÁ¤ÇØÁüÀÌ ¾Ë·ÁÁ³´Ù. stock timeout settingÀ» ¼±ÅÃÇÏ°í
´Ü¼øÈ÷ ¸¶½ºÄ¿·¹ÀÌµå ¼¹öÀÇ Á¦Çѽð£À» 160ÃÊ·Î º¯°æÇϸé ICQ°¡ ´õ
¾ÈÁ¤ÀûÀÌ µÈ´Ù´Â °ÍÀÌ ¾Ë·ÁÁ³´Ù. ÀÌ Á¦Çѽð£À» º¯°æÇÏ´Â ¹ýÀº ``''°ú
``'' Á¤Ã¥¿¡¼ È®ÀÎÇÒ ¼ö ÀÖ´Ù. ¸¶Áö¸·À¸·Î, Next¸¦ Ŭ¸¯ÇÏ°í "Use the
following TCP listen ports..(´ÙÀ½ÀÇ TCP Æ÷Æ®¸¦ È®ÀÎ..)"ºÎºÐÀ»
"2000"¿¡¼ "2020"À¸·Î ¼³Á¤ÇÑ´Ù. ÀÌÁ¦ "¿Ï·á"¸¦ Ŭ¸¯ÇÑ´Ù.
ÀÌÁ¦ ICQ°¡ º¯°æ»çÇ×À» ¹Ý¿µÇϱâ À§ÇØ ICQ¸¦ Àç½ÃÀÛÇÒ °ÍÀ» ¿ä±¸ÇÒ
°ÍÀÌ´Ù. »ç½ÇÀº, ÇÊÀÚ´Â ¸ðµç °ÍÀÌ Á¦´ë·Î µÇµµ·Ï Çϱâ À§Çؼ´Â
Windows9x¸¦ ¸®ºÎÆ®Çؾ߸¸ ÇßÁö¸¸ ´Ù¸¥ »ç¶÷µéÀº ´Ù¸£°Ô ¸»ÇÑ´Ù. ±×·¯´Ï
¾ÈÀüÇÏ°Ô ÇÏ·Á¸é µÎ°¡Áö¸¦ ¸ðµÎ ÇØ º»´Ù(ICQ Àç½ÃÀÛ, ¸®ºÎÆ®)
o ¾Æ¿ï·¯ ¾Ë¸®°í ½ÍÀº °ÍÀº, ¾î¶² »ç¿ëÀÚ´Â ´Ü¼øÈ÷ Æ÷Æ® 4000À» ±×ÀÇ ICQ
Ŭ¶óÀ̾ðÆ®·Î Æ÷Æ® Æ÷¿öµùÇÏ´Â °ÍÀÌ °¡Àå Àß µ¿ÀÛÇÑ´Ù°í ¸»Çß´Ù. ±×´Â
ICQ¸¦ ±âº»¼³Á¤¿¡¼ º¯°æÇÏÁö ¾Ê°íµµ ¸ðµç °ÍÀÌ(äÆÃ, ÈÀÏ Àü¼Û, ±âŸ
µîµî) Àß µ¿ÀÛÇß´Ù°í Çß´Ù. ÀÌ ¹®Á¦´Â ¿©·¯ºÐÀÌ ¼±ÅÃÇÒ ¹®Á¦ÀÌÁö¸¸,
ÀÌ·¯ÇÑ ÀÇ°ß¿¡ ´ëÇؼµµ ¾Ë°í ½Í¾îÇÏ´Â »ç¶÷ÀÌ ÀÖÀ» °ÍÀÌ´Ù.
6.11. °ÔÀÓ: LooseUDP ÆÐÄ¡
LooseUDP ÆÐÄ¡´Â, ÀϹÝÀûÀ¸·Î ¸®´ª½º IP ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö µÚ¿¡¼
µ¿ÀÛÇÏ¸é¼ UDP Á¢¼ÓÀ» »ç¿ëÇÏ´Â, NAT¿Í Àß µ¿ÀÛÇÏ´Â °ÔÀÓµéÀ» ÇÒ ¼ö
ÀÖµµ·Ï ÇØ ÁØ´Ù. ÇöÀç, LooseUDP´Â 2.0.36ÀÌ»óÀÇ Ä¿³Î¿¡ ÆÐÄ¡·Î¼ Á¦°øµÇ°í
2.2.3ÀÌ»óÀÇ Ä¿³Î¿¡´Â ÀÌ¹Ì ÀÚü Æ÷ÇԵǾî ÀÖ´Ù. À̸¦ »ç¿ëÇϱâ À§Çؼ´Â,
¸î°¡Áö Àϸ¸ ÇØÁÖ¸é µÈ´Ù:
o /usr/src/linux µð·ºÅ丮¿¡ ÃÖ½ÅÀÇ 2.0.x Ä¿³Î ¼Ò½º°¡ µé¾î ÀÖ´ÂÁö
È®ÀÎÇÑ´Ù.
o ¹öÁ¯ 2.0.x¿¡¼´Â Àý´ëÀûÀ¸·Î ÇÊ¿äÇÑ °Í: ``'' ¼½¼Ç¿¡¼ IPPORTFW
ÆÐÄ¡¸¦ ´Ù¿î·Îµå ÇÏ°í ÀÌ ÇÏ¿ìÅõÀÇ ``'' ¼½¼Ç¿¡ ¼³¸íµÈ ´ë·Î ¼³Ä¡ÇÑ´Ù.
o ``'' ¼½¼Ç¿¡¼ LooseUDP ÆÐÄ¡¸¦ ´Ù¿î·ÎµåÇÑ´Ù.
ÀÌÁ¦, LooseUDP ÆÐÄ¡¸¦ /usr/src/linux µð·ºÅ丮¿¡ ³Ö´Â´Ù. ±× ´ÙÀ½¿¡
´ÙÀ½°ú °°ÀÌ ¸í·ÉÇÑ´Ù:
¾ÐÃàµÈ ÆÐÄ¡ ÈÀÏÀÏ ¶§: zcat loose-udp-2.0.36.patch.gz | patch -p1
¾ÐÃàµÇÁö ¾Ê´Â ÆÐÄ¡ ÈÀÏÀÏ ¶§: cat loose-udp-2.0.36.patch | patch -p1
ÀÌÁ¦, "patch" ÇÁ·Î±×·¥ÀÇ ¹öÁ¯¿¡ µû¶ó¼, ´ÙÀ½°ú °°Àº ¸Þ½ÃÁö¸¦ º¼
°ÍÀÌ´Ù:
patching file `CREDITS'
patching file `Documentation/Configure.help'
patching file `include/net/ip_masq.h'
patching file `net/ipv4/Config.in'
patching file `net/ipv4/ip_masq.c'
ÆÐÄ¡ÀÇ Á¦ÀÏ Ã³À½¿¡¼¸¸ "Hunk FAILED"¶ó´Â ¸Þ½ÃÁö¸¦ º¸°Ô µÈ´Ù¸é, ½É°¢ÇÑ
¹®Á¦´Â ¾Æ´Ï´Ù. ¾Æ¸¶µµ ¿À·¡µÈ ÆÐÄ¡ ÈÀÏÀÏ Å×Áö¸¸ µ¿ÀÛÇÒ °ÍÀÌ´Ù. ÇÏÁö¸¸
¸¸¾à ÆÐÄ¡°¡ ¿ÏÀüÈ÷ ½ÇÆÐÇÑ´Ù¸é, IPPORTFW Ä¿³Î ÆÐÄ¡¸¦ "¸ÕÀú" Àû¿ëÇß´ÂÁö
È®ÀÎÇØ º»´Ù.
ÆÐÄ¡°¡ ¼³Ä¡µÇ¸é, ``'' ¼½¼Ç¿¡ ³ª¿Í ÀÖ´Â ´ë·Î Ä¿³ÎÀ» À籸¼ºÇÏ°í "IP:
loose UDP port managing (EXPERIMENTAL) (CONFIG_IP_MASQ_LOOSE_UDP)
[Y/n/?]" ¿É¼Ç¿¡¼ "Y"¶ó°í ÇÑ´Ù.
ÀÏ´Ü LooseUDP ±â´ÉÀÌ Ãß°¡µÈ »õ Ä¿³ÎÀ» »ç¿ëÇϸé, NAT¿Í Àß µ¿ÀÛÇÏ´Â
°ÔÀÓµéÀº Àß µ¿ÀÛÇÒ °ÍÀÌ´Ù. BattleZoneÀ̳ª ´Ù¸¥ °ÔÀÓµéÀ» NAT¿Í Àß
µ¿ÀÛÇϵµ·Ï ÇØ ÁÖ´Â ÆÐÄ¡µéÀ» ±¸ÇÒ ¼ö ÀÖ´Â ¸î°¡Áö URLµéÀÌ ÀÖ´Ù. ÀÚ¼¼ÇÑ
»çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù.
7. ÀÚÁÖ ¹¯´Â Áú¹®µé(FAQ)
À¯¿ëÇÑ FAQ°¡ ÀÖ´Ù¸é, ambrose@writeme.com°ú dranch@trinnet.netÀ¸·Î
º¸³»Áֱ⠹ٶõ´Ù. Áú¹®À» ¸íÈ®ÇÏ°Ô Ç¥½ÃÇÏ°í ÀûÀýÇÑ ´äº¯À» ´Þ¾ÆÁÖ±â
¹Ù¶õ´Ù. ¹Ì¸® °¨»çµå¸°´Ù!
7.1. IP ¸¶½ºÄ¿·¹À̵带 ¹Ù·Î »ç¿ëÇÒ ¼ö ÀÖ´Â ¸®´ª½º ¹èÆ÷º»Àº ¾î¶²
°ÍÀԴϱî?
¿©·¯ºÐÀÇ ¸®´ª½º ¹èÆ÷º»ÀÌ IP ¸¶½ºÄ¿·¹À̵带 ¹Ù·Î »ç¿ëÇÒ ¼ö ¾ø´Ù Çصµ
°ÆÁ¤ÇÏÁö ¸¶½Ê½Ã¿ä. ´ÜÁö ÀÌ ÇÏ¿ìÅõ¿¡ ³ª¿Â ´ë·Î Ä¿³ÎÀ» ÀçÄÄÆÄÀÏÇϱ⸸
ÇÏ¸é µË´Ï´Ù.
ÁÖÀÇ: ÀÌ Ç¥¸¦ ¿Ïº®È÷ ä¿ì´Âµ¥ µµ¿òÀ» ÁÖ°íÀÚ ÇÒ ¶§¿¡´Â
ambrose@writeme.comÀ̳ª dranch@trinnet.netÀ¸·Î À̸ÞÀÏÀ» Áֽʽÿä.
o Caldera < v1.2 : NO - ?
o Caldera v1.3 : YES - 2.0.35 ±â¹Ý
o Caldera v2.2 : YES - 2.2.5 ±â¹Ý
o Debian v1.3 : NO - ?
o Debian v2.0 : NO - ?
o Debian v2.1 : NO - 2.2.1 ±â¹Ý
o DLX Linux v? : ? - ?
o DOS Linux v? : ? - ?
o Hal91 Linux v? : ? - ?
o Linux Mandrake v5.3 : YES - ?
o Linux Mandrake v6.0 : YES - 2.2.5 ±â¹Ý
o Linux PPC vR4 : NO - ?
o Linux Pro v? : ? - ?
o LinuxWare v? : ? - ?
o MkLinux v? : ? - ?
o MuLinux v3rl : YES - ?
o Redhat < v4.x : NO - ?
o Redhat v5.0 : YES - ?
o Redhat v5.1 : YES - ?
o Redhat v5.2 : YES - 2.0.36 ±â¹Ý
o Redhat v6.0 : YES - 2.2.5 ±â¹Ý
o Slackware v3.0 : ? - ?
o Slackware v3.1 : ? - ?
o Slackware v3.2 : ? - ?
o Slackware v3.3 : ? - 2.0.34 ±â¹Ý
o Slackware v3.4 : ? - ?
o Slackware v3.5 : ? - ?
o Slackware v3.6 : ? - ?
o Slackware v3.9 : ? - 2.0.37pre10 ±â¹Ý
o Slackware v4.0 : ? - ?
o Stampede Linux v? : ? - ?
o SuSE v5.2 : YES - ?
o SuSE v5.3 : YES - ?
o SuSE v6.0 : YES - ?
o SuSE v6.1 : YES - 2.2.5 ±â¹Ý
o Tomsrbt Linux v? : ? - ?
o TriLinux v? : ? - ?
o TurboLinux v? : ? - ?
o Yggdrasil Linux v? : ? - ?
7.2. IP ¸¶½ºÄ¿·¹À̵尡 µ¿ÀÛÇϱâ À§ÇÑ ÃÖ¼ÒÇÑÀÇ Çϵå¿þ¾î »ç¾ç°ú
Á¦ÇÑ»çÇ×Àº ¹«¾ùÀԴϱî? ¼º´ÉÀº ¾î´ÀÁ¤µµÀԴϱî?
16MB RAMÀ» °®´Â 486/66À¸·Îµµ 1.54Mb/s T1À» 100% ó¸®ÇÏ°íµµ ³²¾Ò¾ú´Ù!
¸¶½ºÄ¿·¹À̵å´Â 386SX-16s ¿¡¼ 8BM RAMÀ» °¡Áö°í¼µµ Àß µ¿ÀÛÇÑ´Ù°í
¾Ë·ÁÁ® ÀÖ´Ù. ±×·¯³ª, ¸¶½ºÄ¿·¹À̵å Ç׸ñÀÌ 500°³°¡ ³ÑÀ¸¸é ¸®´ª½º IP
¸¶½ºÄ¿·¹À̵嵵 ¹ö¹÷À̱⠽ÃÀÛÇÑ´Ù´Â °Íµµ ¾Ë¾ÆµÎ¾î¾ß ÇÒ °ÍÀÌ´Ù.
¸®´ª½º IP ¸¶½ºÄ¿·¹À̵带 Àá½Ã³ª¸¶ ¸ØÃß°Ô ÇÒ ¼ö ÀÖ´Â À¯ÀÏÇÑ
ÀÀ¿ëÇÁ·Î±×·¥À¸·Î´Â, ÇÊÀÚ°¡ ¾Æ´Â ÇÑ GameSpy»ÓÀÌ´Ù. ±× ÀÌÀ¯´Â ¸ñ·ÏÀ»
°»½ÅÇÒ ¶§, ¸Å¿ì ªÀº ½Ã°£µ¿¾È 10,000°³ÀÇ ºü¸¥ Á¢¼ÓÀ» ÇÊ¿ä·Î Çϱâ
¶§¹®ÀÌ´Ù. ÀÌ ÀÏÀÌ ³¡³¯ ¶§±îÁö´Â, ¸¶½ºÄ¿·¹À̵å Å×À̺íÀÌ "²Ë" Â÷°Ô µÈ´Ù.
ÀÚ¼¼ÇÑ »çÇ×Àº FAQÀÇ ``'' ¼½¼ÇÀ» »ìÆ캸±â ¹Ù¶õ´Ù.
¸»ÇÏ´Â ±è¿¡ ¸î°¡Áö ´õ:
TCP¿Í UDP¿¡´Â 4096°³ÀÇ µ¿½Ã Á¢¼Ó ÇÑ°è°¡ ÀÖ´Ù. ÀÌ ÇÑ°è´Â
/usr/src/linux/net/ipv4/ip_masq.h¿¡¼ °ªÀ» °Çµå¸®¸é ¼öÁ¤µÉ ¼ö ÀÖ´Ù -
À§ÂÊ ÇÑ°èÀÎ 32000 Á¤µµµµ ±¦Âú´Ù. ÇÑ°èÄ¡¸¦ ¼öÁ¤ÇÏ°í ½Í´Ù¸é -
PORT_MASQ_BEGIN ¿Í PORT_MASQ_END °ªÀ» 32Kº¸´Ù ³ô°í 64Kº¸´Ù ³·Àº ¹üÀ§·Î
¼öÁ¤ÇÏ¸é µÈ´Ù.
7.3. ¸ðµç ¼³Á¤À» È®ÀÎÇßÁö¸¸, ¿©ÀüÈ÷ IP ¸¶½ºÄ¿·¹À̵尡 µ¿ÀÛÇÏÁö
¾Ê½À´Ï´Ù. ¾î¶»°Ô ÇØ¾ß Çմϱî?
o ¿ì¼± ¸¶À½À» °¡¶ó ¾ÉÈ÷½Ê½Ã¿ä. Â÷¸¦ ÇÑÀÜÇϵ簡, Ä¿Çdzª, À½·á¼ö¶óµç°¡.
±×¸®°í Á» ½¬½Ê½Ã¿ä. ÀÏ´Ü ¸¶À½ÀÌ ÁøÁ¤µÇ¾úÀ¸¸é, ¾Æ·¡¿¡ ÀÖ´Â Á¦¾È´ë·Î
µû¶óÇϽʽÿä. ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵带 ¼³Á¤ÇÏ´Â °ÍÀº ¾î·ÆÁö ¾ÊÁö¸¸,
¸î°¡Áö »ý¼ÒÇÑ °³³äÀÌ ÀÖÀ» ¼ö ÀÖ½À´Ï´Ù.
o ÀÚ, ÀÌÁ¦ ´Ù½Ã ``'' ¼½¼Ç¿¡ ÀÖ´Â °Í´ë·Î µû¶óÇϽʽÿä. ¸¶½ºÄ¿·¹À̵带
óÀ½ »ç¿ëÇÏ´Â »ç¶÷µé Áß¿¡¼ ¹®Á¦°¡ ¹ß»ýÇÑ °æ¿ìÀÇ 99%´Â ±× ¼½¼ÇÀ»
º¸Áö ¾Ê¾ÒÀ» °Ì´Ï´Ù.
o IP Masquerade Mailing List Archives
¸¦ È®ÀÎÇØ º¸½Ê½Ã¿ä. ¿©·¯ºÐÀÇ
Áú¹®À̳ª ¹®Á¦µé Áß ´ëºÎºÐÀº º¸ÅëÀÇ Áú¹®µéÀÌ°í, °£´ÜÈ÷ Archive¸¦
°Ë»öÇØ º¸¸é ´äÀ» ãÀ» ¼ö ÀÖÀ» °Ì´Ï´Ù.
o TrinityOS
¹®¼¸¦
È®ÀÎÇØ º¸½Ê½Ã¿ä. ±× ¹®¼´Â 2.0.x ¿Í 2.2.x Ä¿³Î¿¡¼ IP
¸¶½ºÄ¿·¹À̵ùÀ» »ç¿ëÇÏ´Â °Í¿¡ ´ëÇؼ ´Ù·ç°í ÀÖÀ¸¸ç, PPPd, DialD,
DHCP, DNS, SendmailÀ̳ª ±×¿ÜÀÇ ÁÖÁ¦µéÀ» ´Ù·ç°í ÀÖ½À´Ï´Ù.
o Ȥ½Ã³ª ¿©·¯ºÐÀÌ ROUTED³ª GATED¸¦ ½ÇÇàÇÏ°í ÀÖÁö´Â ¾Ê´ÂÁö
È®ÀÎÇϽʽÿä. È®ÀÎÇϱâ À§Çؼ´Â, "ps aux | grep -e routed -e
gated"¶ó°í ¸í·ÉÇØ º¸½Ê½Ã¿ä.
o ¿©·¯ºÐÀÇ Áú¹®À» IP ¸¶½ºÄ¿·¹ÀÌµå ¸ÞÀϸµ ¸®½ºÆ®·Î º¸³»½Ê½Ã¿ä(ÀÚ¼¼ÇÑ
°ÍÀº FAQÀÇ ´ÙÀ½ ¼½¼ÇÀ» ÂüÁ¶ÇϽʽÿä). ´Ü, Áú¹®¿¡ ´ëÇÑ ´äÀ» IP
¸¶½ºÄ¿·¹À̵ù Archive¿¡¼ ãÀ» ¾øÀ» ¶§¸¸ º¸³»½Ê½Ã¿ä. À̸ÞÀÏÀ» º¸³¾
¶§´Â ``'' ¼½¼Ç¿¡ ÀÖ´Â ´ë·Î ½ÇÇàÇßÀ» ¶§ÀÇ °á°ú¸¦ ¹Ýµå½Ã
Æ÷ÇÔ½ÃÅ°½Ê½Ã¿ä!!
o ¿©·¯ºÐÀÇ Áú¹®À» °ü·ÃµÈ ¸®´ª½º NNTP ´º½º±×·ìÀ¸·Î º¸³»½Ê½Ã¿ä.
o ambrose@writeme.com°ú dranch@trinnet.netÀ¸·Î À̸ÞÀÏÀ» º¸³»½Ê½Ã¿ä.
ÇÏÁö¸¸, ¿ì¸®µé¿¡°Ô Áú¹®ÇÏ´Â °Íº¸´Ù IP ¸¶½ºÄ¿·¹À̵ù ¸ÞÀϸµ
¸®½ºÆ®¿¡¼ ¿øÇÏ´Â ´äÀ» ¾ò±â°¡ ½¬¿ï °Ì´Ï´Ù.
o ¿©·¯ºÐÀÇ ¼³Á¤À» ´Ù½Ã È®ÀÎÇϽʽÿä. :-)
7.4. IP ¸¶½ºÄ¿·¹À̵峪 IP ¸¶½ºÄ¿·¹ÀÌµå °³¹ßÀÚ ¸ÞÀϸµ ¸®½ºÆ®¿¡
Âü°¡Çϰųª º¸±â À§Çؼ´Â ¾î¶»°Ô ÇØ¾ß Çմϱî?
¸®´ª½º IP ¸¶½ºÄ¿·¹À̵ù ¸ÞÀϸµ ¸®½ºÆ®¿¡ Âü°¡ÇÏ´Â ¹æ¹ý¿¡´Â µÎ°¡Áö°¡
ÀÖ½À´Ï´Ù. ù¹ø° ¹æ¹ýÀº masq-request@indyramp.comÀ¸·Î ¸ÞÀÏÀ» º¸³»´Â
°ÍÀÔ´Ï´Ù. ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵ù °³¹ßÀÚ ¸ÞÀϸµ ¸®½ºÆ®¿¡ Âü°¡Çϱâ
À§Çؼ´Â, masq-dev-request@indyramp.comÀ¸·Î ¸ÞÀÏÀ» º¸³»½Ê½Ã¿ä. ´õ
ÀÚ¼¼ÇÑ »çÇ×Àº ¾Æ·¡ÀÇ ±â»ç¸¦ ÂüÁ¶ÇϽʽÿä.
o À̸ÞÀÏÀ» ÅëÇؼ °¡ÀÔ(Âü°¡)Çϱâ: ¸ÞÀÏ ³»¿ëÀ̳ª Á¦¸ñ¿¡
"subscribe"¶ó´Â ´Ü¾î¸¦ ÀÔ·ÂÇϽʽÿä. ¸¶½ºÄ¿·¹À̵å ÁÖ ¸ÞÀϸµ
¸®½ºÆ®³ª ¸¶½ºÄ¿·¹ÀÌµå °³¹ßÀÚ ¸®½ºÆ®ÀÇ Ãà¾àÆÇ¿¡¸¸ °¡ÀÔÇϱ⠿øÇÑ´Ù¸é
(±× ¸®½ºÆ®·Î º¸³»Áö´Â ¸ðµç À̸ÞÀÏÀÌ ÀÏÁÖÀÏ¿¡ Çѹø ÇÑ °³ÀÇ "Å«"
À̸ÞÀÏ·Î ¿©·¯ºÐ¿¡°Ô º¸³»Áú °Ì´Ï´Ù), ¸ÞÀÏ ³»¿ëÀ̳ª Á¦¸ñ¿¡
"subscribe" ´ë½Å "subscribe digest"¶ó°í ÀÔ·ÂÇϽʽÿä.
ÀÏ´Ü ¼¹ö°¡ ¿©·¯ºÐÀÇ ¿äûÀ» ¹ÞÀ¸¸é, ¿©·¯ºÐÀÌ ¿äûÇÑ ¸®½ºÆ®¿¡
°¡ÀÔ½ÃÅ°°í ¿©·¯ºÐ¿¡°Ô Æнº¿öµå¸¦ º¸³¾ °Ì´Ï´Ù. ÀÌ Æнº¿öµå¸¦
¾îµò°¡¿¡ ÀúÀåÇØ ³õÀ¸½Ê½Ã¿ä. ¿É¼ÇÀ» º¯°æÇϰųª ¸®½ºÆ®¿¡¼ Å»ÅðÇÒ ¶§
ÇÊ¿äÇÕ´Ï´Ù.
µÎ¹ø° ¹æ¹ýÀº À¥ ºê¶ó¿ìÁ®¸¦ ÀÌ¿ëÇؼ °¡ÀÔÇÏ´Â °Ì´Ï´Ù. ¸¶½ºÄ¿·¹À̵å ÁÖ
¸®½ºÆ®¿¡ °¡ÀÔÇÏ·Á¸é http://www.indyramp.com/masq-list/ÀÇ Çü½Ä¿¡ ¸ÂÃç¼
°¡ÀÔÇÏ°í, ¸¶½ºÄ¿·¹ÀÌµå °³¹ßÀÚ ¸®½ºÆ®¿¡ °¡ÀÔÇÏ·Á¸é
http://www.indyramp.com/masq-dev-list/¸¦ ÀÌ¿ëÇϽʽÿä.
ÀÏ´Ü °¡ÀÔµÇ°í ³ª¸é, °¡ÀÔµÈ ¸®½ºÆ®¿¡¼ À̸ÞÀÏÀ» ¹ÞÀ» °Ì´Ï´Ù. ¶Ç ÇÑ°¡Áö
¾Ë·ÁµÑ °ÍÀº ¸®½ºÆ®¿¡ °¡ÀÔÇÏµç °¡ÀÔÇÏÁö ¾Êµç, µÎ ¸®½ºÆ®ÀÇ archive¸¦ º¼
¼ö ÀÖ½À´Ï´Ù. ÀÚ¼¼ÇÑ ¹æ¹ýÀº À§¿¡ ÀÖ´Â µÎ °³ÀÇ À¥ URLÀ» ÂüÁ¶ÇϽʽÿä.
¸¶Áö¸·À¸·Î ¾Ë·ÁµÑ °ÍÀº, ¸¶½ºÄ¿·¹ÀÌµå ¸®½ºÆ®¿¡ ±ÛÀ» ¿Ã¸®±â À§Çؼ´Â
óÀ½¿¡ °¡ÀÔÇß´ø °èÁ¤°ú ÁÖ¼Ò¸¦ ÀÌ¿ëÇØ¾ß ÇÑ´Ù´Â °Ì´Ï´Ù.
¸ÞÀϸµ ¸®½ºÆ®³ª ¸ÞÀϸµ ¸®½ºÆ® archive¿¡ °ü·ÃÇÑ ¹®Á¦°¡ ¹ß»ýÇϸé, Robert
Novak¿¡°Ô ¿¬¶ôÇϽʽÿä.
7.5. IP ¸¶½ºÄ¿·¹À̵尡 ÇÁ·Ï½Ã(Proxy)³ª NAT ¼ºñ½º¿Í ´Ù¸¥ Á¡Àº
¹«¾ùÀԴϱî?
Proxy: ÇÁ·Ï½Ã ¼¹ö´Â ´ÙÀ½ ȯ°æ¿¡¼ »ç¿ë°¡´É: Win95, NT, Linux, Solaris, ±âŸ.
ÀåÁ¡: + ÇÑ°³ÀÇ IP ÁÖ¼Ò ; Àú·ÅÇÔ
+ ´õ ³ªÀº ¼º´É(À¥ µî)À» À§Çؼ ¼±ÅÃÀûÀ¸·Î ij½¬ »ç¿ë
´ÜÁ¡: - ÇÁ·Ï½Ã ¼¹ö µÚ¿¡ ÀÖ´Â ¸ðµç ÀÀ¿ëÇÁ·Î±×·¥µéÀÌ
ÇÁ·Ï½Ã ¼ºñ½º(SOCKS)¸¦ Áö¿øÇØ¾ß ÇÏ°í ÇÁ·Ï½Ã ¼¹ö¸¦
»ç¿ëÇϵµ·Ï ¼³Á¤µÇ¾î¾ß ÇÑ´Ù
- À¥ Ä«¿îÅͳª À¥ Åë°è ÇÁ·Î±×·¥À» È¥¶õ½ÃŲ´Ù
ÇÁ·Ï½Ã ¼¹ö´Â, IP ¸¶½ºÄ¿·¹À̵å¿Í °°ÀÌ, ´Ü ÇÑ°³ÀÇ °ø½ÄÀûÀÎ IP ÁÖ¼Ò¸¦
»ç¿ëÇÏ°í, ³»ºÎ LAN¿¡ Àִ Ŭ¶óÀ̾ðÆ®µé(À¥ ºê¶ó¿ìÀú µîµî)¿¡°Ô ¹ø¿ªÀÚ
¿ªÇÒÀ» ÇÑ´Ù. ÀÌ ÇÁ·Ï½Ã ¼¹ö´Â ³»ºÎ ³×Æ®¿÷À¸·ÎºÎÅÍ ¿À´Â TELNET, FTP,
À¥°ú °°Àº Á¢¼ÓÀ» ÇÑ °³ÀÇ ÀÎÅÍÆäÀ̽º¸¦ ÅëÇؼ ¹Þ¾ÆµéÀδÙ. ±×¸®°í ³ª¼,
ÇÁ·Ï½Ã ¼¹ö ÀÚü¿¡¼ Á¢¼ÓÀ» ¿äûÇÑ °Íó·³ ¹Ù²Ù¾î¼ ¿ÜºÎ·Î º¸³½´Ù.
ÀÏ´Ü ¿ø°ÝÀÇ ÀÎÅÍ³Ý ¼¹ö°¡ ¿äûÇÑ Á¤º¸¸¦ º¸³»¿À¸é, ÇÁ·Ï½Ã ¼¹ö´Â
TCP/IP ÁÖ¼Ò¸¦ ³»ºÎÀÇ Å¬¶óÀ̾ðÆ®ÀÇ ÁÖ¼Ò·Î ´Ù½Ã º¯°æÇÏ°í ³»ºÎ¿¡¼
¿äûÇß´ø È£½ºÆ®·Î º¸³»ÁØ´Ù. ÀÌ·¯ÇÑ °ÍÀ» "ÇÁ·Ï½Ã(´ë¸®ÀÎ)" ¼¹ö¶ó°í
ºÎ¸¥´Ù.
ÁÖÀÇ : ³»ºÎÀÇ ¸Ó½Åµé¿¡¼ »ç¿ëÇÏ´Â ¸ðµç ÀÀ¿ëÇÁ·Î±×·¥Àº
*¹Ýµå½Ã* ÇÁ·Ï½Ã ¼¹ö »ç¿ëÀ» Áö¿øÇØ¾ß ÇÑ´Ù. ¿¹¸¦ µé¸é,
Netscape³ª ¸î¸î ÁÁÀº TELNETÀ̳ª FTP Ŭ¶óÀ̾ðÆ®µé.
ÇÁ·Ï½Ã ¼¹ö¸¦ Áö¿øÇÏÁö ¾Ê´Â Ŭ¶óÀ̾ðÆ®µéÀº µ¿ÀÛÇÏÁö
¾ÊÀ» °ÍÀÌ´Ù.
ÇÁ·Ï½Ã ¼¹öÀÇ ÁÁÀº Á¡ ¶Ç ÇÑ°¡Áö´Â ¾î¶² ¼¹öµéÀº ij½¬ ±â´Éµµ °®Ãß°í
ÀÖ´Ù´Â °ÍÀÌ´Ù(WWW¿¡ »ç¿ëÇÏ´Â Squid). ±×·³, 50°³ÀÇ ÇÁ·Ï½ÃµÇ´Â
È£½ºÆ®µéÀÌ ÀÖ°í, ¸ðµÎ ÇѲ¨¹ø¿¡ Netscape¸¦ ½ÇÇàÇÑ´Ù°í ÇÏÀÚ. ±×µéÀÌ
µðÆúÆ®·Î µÇ¾î Àִ ȨÆäÀÌÁö URL·Î ¼³Á¤µÇ¾ú´Ù¸é, 50°³ÀÇ µ¿ÀÏÇÑ Netcape
À¥ ÆäÀÌÁö¸¦ ¿ø°Ý¿¡¼ ¹Þ¾Æ¿Í¼ ÇØ´çÇÏ´Â ÄÄÇ»ÅÍ·Î º¸³»ÁÖ¾î¾ß ÇÑ´Ù.
ij½¬ ±â´ÉÀÌ ÀÖ´Â ÇÁ·Ï½Ã ¼¹ö¶ó¸é, ÇÁ·Ï½Ã ¼¹ö°¡ ¿ø°ÝÀ¸·ÎºÎÅÍ Çѹø¸¸
ÆäÀÌÁö¸¦ ·ÎµåÇÏ°í, ÇÁ·Ï½Ã ³»ºÎÀÇ ÄÄÇ»Å͵éÀº ij½¬·ÎºÎÅÍ ±× ÆäÀÌÁö¸¦
¹Þ¾Æº¼ °ÍÀÌ´Ù. ÀÌ·¸°Ô Çϸé, ¿ÜºÎ·ÎÀÇ ÀÎÅÍ³Ý Á¢¼Ó ´ë¿ªÆøÀ» Àý¾àÇÒ ¼ö
ÀÖÀ» »Ó ¾Æ´Ï¶ó, ÇÁ·Ï½Ã ³»ºÎÀÇ ¸Ó½ÅµéÀº ÆäÀÌÁö¸¦ Àд °ÍÀÌ ¾ÆÁÖ¾ÆÁÖ
¸¹ÀÌ ºü¸£°Ô ´À²¸Áú °ÍÀÌ´Ù.
MASQ: IP ¸¶½ºÄ¿·¹À̵å´Â ¸®´ª½º¿Í Zytel Prestige128, Cisco 770, NetGear ISDN
ȤÀº ¶ó¿ìÅÍ µîÀÇ ¸î¸î ¶ó¿ìÅÍ¿¡¼ »ç¿ë °¡´ÉÇÏ´Ù.
1´ë´Ù
NAT
ÀåÁ¡: + ¿ÀÁ÷ ÇÑ°³ÀÇ IP ÁÖ¼Ò¸¸ ÇÊ¿äÇÏ´Ù (Àú·ÅÇÔ)
+ ÀÀ¿ëÇÁ·Î±×·¥ÀÌ Æ¯º°ÇÑ °ÍÀ» Áö¿øÇÒ ÇÊ¿ä°¡ ¾ø´Ù
+ ³×Æ®¿÷ º¸¾ÈÀ» °ÈÇϱâ À§Çؼ ¹æȺ® ¼ÒÇÁÆ®¿þ¾î¸¦
»ç¿ëÇÑ´Ù.
´ÜÁ¡: - ¸®´ª½º È£½ºÆ®³ª Ưº°ÇÑ ISDN ¶ó¿ìÅ͸¦ ÇÊ¿ä·Î ÇÑ´Ù
(´Ù¸¥ Á¦Ç°µéµµ ÀÌ ±â´ÉÀ» °¡Áú ¼ö Àִµ¥µµ.. )
- ¿ÜºÎ·ÎºÎÅÍ µé¾î¿À´Â Á¤º¸µéÀº, ³»ºÎ LANÀÇ ÄÄÇ»ÅÍ¿¡¼
¿äûÇÑ °ÍÀÌ ¾Æ´Ï°Å³ª, ƯÁ¤ Æ÷Æ® Æ÷¿öµù ¼ÒÇÁÆ®¿þ¾î°¡
¼³Ä¡µÇ¾î ÀÖÁö ¾ÊÀ¸¸é ³»ºÎ LAN¿¡ Á¢±ÙÇÒ ¼ö ¾ø´Ù.
¸¹Àº NAT ¼¹öµéÀÌ ÀÌ·¯ÇÑ ±â´ÉÀ» Á¦°øÇÏÁö ¾Ê´Â´Ù.
- Ưº°ÇÑ ÇÁ·ÎÅäÄݵéÀº ¹æȺ® Àü´ÞÀÚ(redirector) µî¿¡
ÀÇÇØ °³º°ÀûÀ¸·Î 󸮵Ǿî¾ß ÇÑ´Ù. ¸®´ª½º´Â ÀÌ·¯ÇÑ
±â´É(FTP, IRC, ±âŸµîµî)À» ¿ÏÀüÈ÷ Áö¿øÇÏÁö¸¸ ¸¹Àº
¶ó¿ìÅ͵éÀÌ Áö¿øÇÏÁö ¾Ê´Â´Ù (NetGear´Â Áö¿øÇÑ´Ù).
¸¶½ºÄ¿·¹À̵峪 1´ë´Ù(Òý) NAT´Â, ¼¹ö°¡ IP ÁÖ¼Ò¸¦ ÀüȯÇؼ, ¸¶Ä¡ ³»ºÎ
¸Ó½ÅÀÌ ¾Æ´Ï¶ó ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö ÀÚü°¡ Á¢¼ÓÀ» ¿äûÇÑ °Íó·³(¿¹¸¦ µé¸é
À¥ Á¢¼Ó µî) ¿ø°Ý ¼¹ö¸¦ ¼ÓÀδٴ Á¡¿¡¼´Â, ÇÁ·Ï½Ã ¼¹ö¿Í À¯»çÇÏ´Ù.
¸¶½ºÄ¿·¹À̵å¿Í ÇÁ·Ï½Ã ¼¹öÀÇ ÁÖµÈ Â÷ÀÌÁ¡Àº, ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö´Â
Ŭ¶óÀ̾ðÆ® ¸Ó½Å(³»ºÎ ¸Ó½Å)¿¡°Ô ¾î¶°ÇÑ ¼³Á¤ÀÇ º¯°æµµ ¿ä±¸ÇÏÁö ¾Ê´Â´Ù´Â
°ÍÀÌ´Ù. ´Ü½Ã ³»ºÎ ¸Ó½ÅµéÀÌ ¸®´ª½º È£½ºÆ®¸¦ ±×µéÀÇ ±âº» °ÔÀÌÆ®¿þÀÌ·Î
»ç¿ëÇϵµ·Ï Çϱ⸸ ÇÏ¸é ¸ðµç °ÍÀÌ Àß µ¿ÀÛÇÒ °ÍÀÌ´Ù. (¸®¾ó¿Àµð¿À, FTP
µîÀÌ µ¿ÀÛÇϱâ À§Çؼ´Â ƯÁ¤ ¸®´ª½º ¸ðµâÀ» ¼³Ä¡ÇØ¾ß ÇÑ´Ù!)
¶ÇÇÑ, ¸¹Àº »ç¶÷µéÀÌ IP ¸¶½ºÄ¿·¹À̵带 TELNET, FTP µî¿¡ »ç¿ëÇϸé¼,
*µ¿½Ã¿¡* °°Àº ¸®´ª½º È£½ºÆ®¿¡ À¥ Á¢¼ÓÀ» À§ÇÑ Ä³½¬¿ë ÇÁ·Ï½Ã¸¦ ¼³Ä¡Çؼ
Ãß°¡ÀûÀÎ ¼º´É Çâ»óÀ» ¾ò±âµµ ÇÑ´Ù.
NAT: NAT ¼¹ö´Â Windows 95/NT, Linux, Solaris, ±×¸®°í ¸î¸î °í±ÞÀÇ ISDN
¶ó¿ìÅÍ(Ascend Á¦¿Ü)¿¡¼ »ç¿ëÇÒ ¼ö ÀÖ´Ù
ÀåÁ¡: + ¼³Á¤Çϱ⠸ſì ÁÁ´Ù
+ Ưº°ÇÑ ÀÀ¿ë ¼ÒÇÁÆ®¿þ¾î¸¦ ÇÊ¿ä·Î ÇÏÁö ¾Ê´Â´Ù
´ÜÁ¡: - ISP·ÎºÎÅÍ ¼ºê³ÝÀ» ÇÒ´ç¹Þ¾Æ¾ß ÇÑ´Ù (ºñ½Î´Ù)
Network Address Translation(³×Æ®¿÷ ÁÖ¼Ò Àüȯ)Àº, ÀÎÅͳÝ
ÀÎÅÍÆäÀ̽º¿¡, »ç¿ë °¡´ÉÇÑ IP ÁÖ¼Ò ¸ðÀ½À» °¡Áö°í Àִ ȣ½ºÆ®¸¦
ÁöĪÇÑ´Ù. ³»ºÎ ³×Æ®¿÷¿¡¼ ÀÎÅÍ³Ý Á¢¼ÓÀ» ÇÏ°íÀÚ ÇÒ ¶§, ±× È£½ºÆ®´Â
Á¢¼ÓÀ» ¿äûÇÑ ÄÄÇ»ÅÍÀÇ ¿ø·¡ ³»ºÎ IP ÁÖ¼Ò¿¡, ÀÎÅÍ³Ý ÀÎÅÍÆäÀ̽ºÀÇ
°ø½ÄÀûÀÎ IP ÁÖ¼Ò¸¦ ÇÒ´çÇÑ´Ù. ±× ÈÄ¿¡, ¸ðµç Á¤º¸ ±³È¯Àº NATÀÇ °ø½ÄÀûÀÎ
IP ÁÖ¼Ò¿¡¼ NAT ¾ÈÂÊÀÇ ³»ºÎ ÁÖ¼Ò·Î ÀüȯÇؼ ÀÌ·ç¾îÁø´Ù. ÀÌ¹Ì ÇÒ´çµÈ
°ø½ÄÀûÀÎ NATÀÇ ÁÖ¼Ò°¡ ¹Ì¸® Á¤ÇØÁø ¾ó¸¶°£ÀÇ ½Ã°£ µ¿¾È »ç¿ëµÇÁö ¾ÊÀ¸¸é,
±× °ø½ÄÀûÀÎ IP ÁÖ¼Ò´Â ´Ù½Ã »ç¿ë °¡´ÉÇÑ NAT ÁÖ¼Ò ¸ðÀ½À¸·Î µÇµ¹·Á Áø´Ù.
NAT°¡ °®´Â ÁÖµÈ ¹®Á¦Á¡Àº, ¸ðµç °ø½Ä IP ÁÖ¼ÒµéÀÌ »ç¿ëµÇ¸é, ³»ºÎÀÇ
»ç¿ëÀÚµéÀº »ç¿ë°¡´ÉÇÑ ÁÖ¼Ò°¡ »ý±æ ¶§±îÁö ÀÎÅͳݿ¡ Á¢¼ÓÀ» ÇÒ ¼ö
¾ø´Ù´Â °ÍÀÌ´Ù.
7.6. GUI ¹æ½ÄÀÇ ¹æȺ® »ý¼º/°ü¸® µµ±¸°¡ ÀÖ½À´Ï±î?
±×·¸½À´Ï´Ù! ±×µéÀº »ç¿ëÀÚ ÀÎÅÍÆäÀ̽º³ª º¹À⼺ µî¿¡ Â÷ÀÌ°¡ ÀÖ½À´Ï´Ù.
±×·¯³ª, Áö±Ý±îÁö´Â ´ëºÎºÐ IPFWADM¸¸ Áö¿øÇÏÁö¸¸ ²Ï ÈǸ¢ÇÕ´Ï´Ù. »ç¿ë ÇÒ
¼ö ÀÖ´Â µµ±¸µéÀ» ¾ËÆĺª ¼øÀ¸·Î °£´ÜÈ÷ ¸ñ·ÏÀ¸·Î ¸¸µé¾ú½À´Ï´Ù. ´Ù¸¥
µµ±¸µéÀ» ¾Ë°í Àְųª ¾î¶² °ÍÀÌ ÁÁ°í ³ª»Ú°í ±î´Ù·Î¿îÁö ÆòÇÏ°í ½Í´Ù¸é,
Ambrose³ª David¿¡°Ô À̸ÞÀÏÀ» º¸³»Áֱ⠹ٶø´Ï´Ù.
o John HardinÀÇ IPFWADM Dot file generator - IPCHAINS ¹öÁ¯Àº À̹Ì
»ç¿ëµÇ°í ÀÖÀ½.
o Sonny ParlinÀÇ IPFWADM°ú IPCHAINS¿ëÀÇ FWCONFIG
o William StearnsÀÇ Mason -
½Ç½Ã°£À¸·Î Á¤Ã¥À» ¸¸µå´Â Çü½ÄÀÇ ½Ã½ºÅÛ
7.7. IP ¸¶½ºÄ¿·¹À̵尡 µ¿ÀûÀ¸·Î ÇÒ´ç¹ÞÀº IP Áּҿ͵µ µ¿ÀÛÇմϱî?
¿¹, ISP·ÎºÎÅÍ PPP³ª DHCP/BOOTp ¼¹ö¸¦ ÅëÇؼ ÇÒ´ç¹ÞÀº µ¿Àû IP Áּҿ͵µ
µ¿ÀÛÇÕ´Ï´Ù. °ø½ÄÀûÀÎ ÀÎÅÍ³Ý IP ÁÖ¼Ò°¡ Àֱ⸸ ÇÏ¸é ¹Ýµå½Ã µ¿ÀÛÇÒ
°Ì´Ï´Ù. ¹°·Ð, Á¤Àû IPµµ µ¿ÀÛÇÕ´Ï´Ù. ÇÏÁö¸¸, ¿©·¯ºÐÀÌ °·ÂÇÑ
IPFWADM/IPCHAINS Á¤Ã¥À» »ç¿ëÇÏ°íÀÚ ÇѴٰųª, Æ÷Æ® Æ÷¿ö´õ¸¦ »ç¿ëÇÏ°íÀÚ
ÇÑ´Ù¸é, ¿©·¯ºÐÀÇ Á¤Ã¥Àº IP ÁÖ¼Ò°¡ ¹Ù²ð ¶§¸¶´Ù ´Ù½Ã ½ÇÇàµÇ¾î¾ß ÇÕ´Ï´Ù.
°·ÂÇÑ ¹æȺ® Á¤Ã¥°ú µ¿Àû IP ÁÖ¼Ò¿¡ °üÇÑ Ãß°¡ÀûÀÎ µµ¿òÀº TrinityOS -
Section 10
ÀÇ
¾ÕºÎºÐ¿¡¼ ãÀ» ¼ö ÀÖ½À´Ï´Ù.
7.8. ÀÎÅͳݿ¡ ¿¬°áÇϱâ À§ÇØ ÄÉÀÌºí ¸ðµ©(¾ç¹æÇâ°ú ¸ðµ© ÀÀ´äÀ» »ç¿ëÇÏ´Â
°Í ¸ðµÎ), DSL, À§¼º Á¢¼Ó µîÀÇ ¹æ¹ýÀ» »ç¿ëÇÏ¸é¼ IP ¸¶½ºÄ¿·¹À̵带
»ç¿ëÇÒ ¼ö ÀÖ½À´Ï±î?
¿¹, ¸®´ª½º°¡ ±× ³×Æ®¿÷ ÀÎÅÍÆäÀ̽º¸¦ Áö¿øÇϱ⸸ Çϸé, ¹Ýµå½Ã µ¿ÀÛÇÒ
°Ì´Ï´Ù. µ¿ÀûÀÎ IP ÁÖ¼Ò¸¦ ÇÒ´ç¹Þ¾Ò´Ù¸é, À§ÀÇ FAQÀÇ "IP ¸¶½ºÄ¿·¹À̵尡
µ¿ÀûÀ¸·Î ÇÒ´ç¹ÞÀº IP Áּҿ͵µ µ¿ÀÛÇմϱî?" Ç׸ñ ¾Æ·¡¿¡ ÀÖ´Â URLÀ»
º¸½Ê½Ã¿ä.
7.9. Diald³ª PPPdÀÇ ÀüÈÁ¢¼Ó ±â´ÉÀ» IP ¸¶½ºÄ¿·¹À̵å¿Í ÇÔ²² »ç¿ëÇÒ ¼ö
ÀÖ½À´Ï±î?
¹°·Ð °¡´ÉÇÕ´Ï´Ù! IP ¸¶½ºÄ¿·¹À̵ùÀº Diald³ª PPP¿Í´Â ¿ÏÀüÈ÷ Åõ¸íÇÑ
°ü°è¿¡ ÀÖ½À´Ï´Ù(¿ªÀÚÁÖ: ¼·ÎÀÇ ¼¼ºÎÀûÀÎ ³»¿ë¿¡ ¾ô¸ÅÀÌÁö ¾ÊÀ½). ¹®Á¦°¡
µÉ¸¸ÇÑ À¯ÀÏÇÑ °æ¿ì´Â, ¿©·¯ºÐÀÌ µ¿Àû IP ÁÖ¼Ò¿Í ÇÔ²² °·ÂÇÑ ¹æȺ®
Á¤Ã¥À» »ç¿ëÇÒ ¶§ÀÔ´Ï´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº À§ÀÇ FAQÀÇ "IP ¸¶½ºÄ¿·¹À̵尡
µ¿ÀûÀ¸·Î ÇÒ´ç¹ÞÀº IP Áּҿ͵µ µ¿ÀÛÇմϱî?" Ç׸ñÀ» º¸½Ê½Ã¿ä.
7.10. IP ¸¶½ºÄ¿·¹À̵å¿Í ÇÔ²² »ç¿ëÇÒ ¼ö ÀÖ´Â ÀÀ¿ëÇÁ·Î±×·¥Àº ¾î¶²
°ÍµéÀԴϱî?
"µ¿ÀÛÇÏ´Â ÀÀ¿ëÇÁ·Î±×·¥"ÀÇ ¸ñ·ÏÀ» °è¼Ó ¸¸µå´Â °ÍÀº ¸Å¿ì ¾î·Á¿î
ÀÛ¾÷ÀÔ´Ï´Ù. ÇÏÁö¸¸, À¥ ºê¶ó¿ì¡(Netscape, MSIE µî), FTP(WS_FTP°°Àº
°Íµé), TELNET, SSH, ¸®¾ó ¿Àµð¿À, POP3(¸ÞÀÏ ¹Þ±â - Pine, Eudora,
Outlook µî), SMTP(¸ÞÀÏ º¸³»±â), ±âŸ µîµîÀÇ Åë»óÀûÀÎ ÀÎÅͳÝ
ÀÀ¿ëÇÁ·Î±×·¥Àº ´ëºÎºÐ Áö¿øµË´Ï´Ù. ¸¶½ºÄ¿·¹À̵å¿Í ÇÔ²² µ¿ÀÛÇÏ´Â
Ŭ¶óÀ̾ðÆ®µéÀÇ Á» ´õ ¿ÏÀüÇÑ ¸ñ·ÏÀº ÀÌ ÇÏ¿ìÅõÀÇ ``'' ¼½¼Ç¿¡¼ ãÀ» ¼ö
ÀÖÀ» °Ì´Ï´Ù.
È»óȸÀÇ ¼ÒÇÁÆ®¿þ¾î¿Í °°ÀÌ, Á»´õ º¹ÀâÇÑ ÇÁ·ÎÅäÄÝÀ̳ª Ưº°ÇÑ Á¢¼Ó
¹æ½ÄÀ» »ç¿ëÇÏ´Â ÀÀ¿ëÇÁ·Î±×·¥µéÀº Ưº°ÇÑ µµ±¸¸¦ °°ÀÌ »ç¿ëÇØ¾ß ÇÕ´Ï´Ù.
´õ ÀÚ¼¼ÇÑ »çÇ×Àº, Linux IP masquerading Applications
ÆäÀÌÁö¸¦ º¸½Ê½Ã¿ä.
7.11. Redhat, Debian, Slackware³ª ±âŸÀÇ ¹èÆ÷º»¿¡¼´Â ¾î¶»°Ô IP
¸¶½ºÄ¿·¹À̵带 »ç¿ëÇմϱî?
¿©·¯ºÐÀÌ ¾î¶°ÇÑ ¸®´ª½º ¹èÆ÷º»À» »ç¿ëÇÏ°í ÀÖµç, ÀÌ ÇÏ¿ìÅõ¿¡¼ ¼³¸íÇÑ IP
¸¶½ºÄ¿·¹ÀÌµå ¼³Á¤ ¹æ¹ýÀº ¿ª½Ã À¯È¿ÇÕ´Ï´Ù. ¾î¶² ¹èÆ÷º»Àº ¼³Á¤À» ½±°Ô ÇØ
ÁÖ´Â GUI³ª Ưº°ÇÑ ¼³Á¤ ÈÀÏÀ» °¡Áö°í ÀÖÀ» °Ì´Ï´Ù. ¿ì¸®´Â ÀÌ ÇÏ¿ìÅõ¸¦
°¡´ÉÇϸé ÀϹÝÀûÀÎ »óȲ¿¡ ¸ðµÎ Àû¿ë °¡´ÉÇϵµ·Ï ÀÛ¼ºÇϱâ À§Çؼ ÃÖ¼±À»
´ÙÇß½À´Ï´Ù.
7.12. TELNET Á¢¼ÓÀ» ÀÚÁÖ »ç¿ëÇÏÁö ¾ÊÀ¸¸é µ¿ÀÛÇÏÁö ¾Ê´Â °Í °°½À´Ï´Ù.
¿Ö ±×·¸½À´Ï±î?
IP ¸¶½ºÄ¿·¹À̵å´Â, ±âº»ÀûÀ¸·Î, TCP ¼¼¼Ç°ú TCP FIN, UDP Åë½ÅµîÀÇ
Á¦Çѽð£À» 15ºÐÀ¸·Î ¸ÂÃß¾î ³õ½À´Ï´Ù. ´ÙÀ½ÀÇ ¼³Á¤À»(ÀÌ ÇÏ¿ìÅõÀÇ
/etc/rc.d/rc.firewall Á¤Ã¥ ÈÀÏ¿¡ ÀÌ¹Ì ³ª¿Í ÀÖÀ½) °¡´ÉÇÏ¸é ¸ðµç
»ç¿ëÀڵ鿡 ´ëÇØ »ç¿ëÇÒ °ÍÀ» ±ÇÀåÇÕ´Ï´Ù:
IPFWADMÀ» »ç¿ëÇÏ´Â ¸®´ª½º 2.0.x:
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec firewall timeout in ICQ itself)
#
/sbin/ipfwadm -M -s 7200 10 60
IPCHAINS¸¦ »ç¿ëÇÏ´Â ¸®´ª½º 2.2.x:
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec firewall timeout in ICQ itself)
#
/ipchains -M -S 7200 10 60
7.13. ÀÎÅÍ³Ý Á¢¼ÓÀÌ Ã³À½ ÀÌ·ç¾îÁú ¶§´Â ¾Æ¹«°Íµµ µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù.
ÇÏÁö¸¸, ´Ù½Ã ½ÃµµÇÏ¸é ¸ðµç °ÍÀÌ Àß µ¿ÀÛÇÕ´Ï´Ù. ¿Ö ±×·¸½À´Ï±î?
±× ÀÌÀ¯´Â ¿©·¯ºÐÀÌ µ¿ÀûÀÎ IP ÁÖ¼Ò¸¦ °¡Áö°í ÀÖ°í, ÀÎÅÍ³Ý ¿¬°áÀÌ
óÀ½À¸·Î ÀÌ·ç¾îÁú ¶§´Â, IP ¸¶½ºÄ¿·¹À̵尡 IP ÁÖ¼Ò¸¦ ¾Ë ¼ö ¾ø±â ¶§¹®¿¡
±×·¸½À´Ï´Ù. À̸¦ À§ÇÑ ÇØ°áÃ¥ÀÌ ÀÖ½À´Ï´Ù. ¿©·¯ºÐÀÇ
/etc/rc.d/rc.firewall Á¤Ã¥ÈÀÏ¿¡, ´ÙÀ½ ³»¿ëÀ» Ãß°¡ÇϽʽÿä:
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following
# option. This enables dynamic-ip address hacking in IP MASQ, making the life
# with Diald and similar programs much easier.
#
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
7.14. IP ¸¶½ºÄ¿·¹À̵尡 Àß µ¿ÀÛÇÏ´Â °Í °°Áö¸¸ ¸î¸î »çÀÌÆ®¿¡ ´ëÇؼ´Â
µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù. ÁÖ·Î À¥°ú FTP¿¡¼ ±×·¸½À´Ï´Ù.
ÀÌ¿¡´Â, µÎ°¡Áö ÀÌÀ¯¸¦ »ý°¢ÇØ º¼ ¼ö ÀÖ½À´Ï´Ù. ù¹ø°´Â ¸Å¿ì ÀÚÁÖ
ÀϾ´Â °ÍÀÌ°í, µÎ¹ø°´Â ¸Å¿ì µå¹® °æ¿ìÀÔ´Ï´Ù.
o 2.0.36°ú 2.2.9 ¸®´ª½º Ä¿³Î¿¡´Â ²Ï ã±â Èûµç ¹ö±×°¡ ¸¶½ºÄ¿·¹À̵å
ÄÚµå ³»¿¡ ÀÖ¾î¼, DF ȤÀº "Don't Fragment(Á¶°¢³»Áö ¸»°Í)" ºñÆ®°¡
¼³Á¤µÇ¾î ÀÖ´Â ÆÐŶ°ú´Â ¹®Á¦¸¦ ÀÏÀ¸Åµ´Ï´Ù. ±âº»ÀûÀ¸·Î, ¸¶½ºÄ¿·¹À̵å
¹Ú½º°¡ 1500º¸´Ù ÀÛÀº °ªÀÇ MTU·Î ÀÎÅͳݿ¡ ¿¬°áµÉ ¶§, ¸î¸î ÆÐŶÀÌ DF
Çʵ尡 ¼³Á¤µÉ ¼ö ÀÖ½À´Ï´Ù. ¸®´ª½º ¹Ú½º¿¡¼ MTU¸¦ 1500À¸·Î º¯°æÇϸé
¹®Á¦°¡ ÇØ°áµÇ´Â µí Çϱä ÇÏÁö¸¸, ¹ö±×´Â ¿©ÀüÈ÷ ³²¾Æ ÀÖ½À´Ï´Ù.
¹®Á¦¶ó°í »ý°¢µÇ´Â °ÍÀº, ¸¶½ºÄ¿·¹À̵å Äڵ尡, ICMP 3 sub 4 Äڵ带
°®´Â ICMP ÆÐŶÀÌ µ¹¾Æ¿À¸é ¿ø·¡ÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»ÅÍ·Î °¡µµ·Ï
Á¦´ë·Î ó¸®ÇÏÁö ¸øÇÑ´Ù´Â °ÍÀÔ´Ï´Ù. ÀÌ ¶§¹®¿¡, ÆÐŶÀÌ Áß°£¿¡
´©¶ôµË´Ï´Ù. ¸¸¾à ¿©·¯ºÐÀÌ ³×Æ®¿÷ ÇÁ·Î±×·¡¸ÓÀÌ°í ÀÌ ¹®Á¦¸¦ °íÄ¥ ¼ö
ÀÖ´Ù°í »ý°¢µÇ¸é.. µµÀüÇØ º¸½Ê½Ã¿ä!
ÇÏÁö¸¸ °ÆÁ¤ÇÒ °ÍÀº ¾ø½À´Ï´Ù. ¸Å¿ì ÈǸ¢ÇÑ º¸¿ÏÃ¥Àº ¿©·¯ºÐÀÇ ÀÎÅͳÝ
Á¢¼ÓÀÇ MTU¸¦ 1500À¸·Î º¯°æÇÏ´Â °ÍÀÔ´Ï´Ù. ±×·¸°Ô µÇ¸é ¾î¶²
»ç¿ëÀÚµéÀº ºÒÆòÇÏ°Ô µÉ °ÍÀε¥, ±×°Ç TELNETÀ̳ª °ÔÀÓµî ¸î¸î
ÀáÀç´É·Â¿¡ ¹Î°¨ÇÑ ÇÁ·Î±×·¥µéÀÌ ¹®Á¦¸¦ ÀÏÀ¸Å°±â ¶§¹®ÀÔ´Ï´Ù. ÇÏÁö¸¸,
ÇÇÇØ´Â ´ÜÁö Á¶±ÝÀÏ »ÓÀÔ´Ï´Ù. HTTP¿Í FTP ¼Óµµ´Â ´õ ÁÁ¾ÆÁú °ÍÀÔ´Ï´Ù!
ÀÌ ¹®Á¦¸¦ °íÄ¡±â À§Çؼ´Â, ¿ì¼± ¿©·¯ºÐÀÇ ÀÎÅÍ³Ý ¿¬°áÀÇ MTU°¡
¾ó¸¶ÀÎÁö ÇöÀç ¾ó¸¶ÀÎÁö ¾Ë¾Æ¾ß ÇÕ´Ï´Ù. È®ÀÎÇÏ´Â ¹æ¹ýÀº,
"/bin/ifconfig"¶ó°í ¸í·ÉÇÏ´Â °ÍÀÔ´Ï´Ù. ÀÌÁ¦ ¿©·¯ºÐÀÇ ÀÎÅÍ³Ý ¿¬°á¿¡
ÇØ´çÇÏ´Â ¶óÀεéÀ» »ìÆ캸°í MTU°¡ ¾ó¸¶ÀÎÁö È®ÀÎÇÕ´Ï´Ù. ÀÌ °ªÀº
1500À̾î¾ß ÇÕ´Ï´Ù. º¸Åë Ethernet(ÀÌ´õ³Ý) ¿¬°áÀº ±âº»ÀûÀ¸·Î ÀÌ
°ªÀ¸·Î µÇ¾î ÀÖÀ» °ÍÀÌ°í, PPP´Â ±âº»ÀûÀ¸·Î 576À¸·Î µÇ¾î ÀÖÀ» °Ì´Ï´Ù.
o PPP Á¢¼Ó¿¡¼ MTU °ªÀ» °íÄ¡±â À§Çؼ´Â, /etc/ppp/options ÈÀÏÀ»
ÆíÁýÇؼ ÀºÎºÐ¿¡ "mtu 1500"°ú "mru 1500"À̶ó´Â ¶óÀεéÀ»
Ãß°¡ÇÕ´Ï´Ù. º¯°æ»çÇ×À» ÀúÀåÇÏ°í PPP¸¦ Àç½ÃÀÛÇÕ´Ï´Ù. À§¿¡¼¿Í °°Àº
¹æ¹ýÀ¸·Î PPP Á¢¼ÓÀÌ ÀÌÁ¦´Â Á¦´ë·Î µÈ MTU °ªÀ» °®´ÂÁö È®ÀÎÇÕ´Ï´Ù.
o ADSLÀ̳ª ÄÉÀÌºí ¸ðµ© µîÀÇ Ethernet ¿¬°á¿¡¼ MTU °ªÀ» °íÄ¡±â
À§Çؼ´Â, ¿©·¯ºÐÀÇ ³×Æ®¿÷ ½ÃÀÛ ½ºÅ©¸³Æ®¸¦ ÆíÁýÇØ¾ß ÇÕ´Ï´Ù. ³×Æ®¿÷
ÃÖÀûÈ¿¡ °üÇؼ´Â TrinityOS - Section 16
¹®¼¸¦
º¸½Ê½Ã¿ä.
o ¸¶Áö¸·À¸·Î, º¸Åë ÀϾ´Â ¹®Á¦´Â ¾Æ´ÏÁö¸¸, ¾î¶² ¶§´Â ÀÌ·± ÇØ°áÃ¥ÀÌ
ÇÊ¿äÇÑ °æ¿ì°¡ ÀÖ½À´Ï´Ù. PPP »ç¿ëÀÚÀÇ °æ¿ì¿¡, PPPd Äڵ尡 ¾î¶²
Æ÷Æ®·Î Á¢¼ÓÇϴ°¡ ÇÏ´Â °ÍÀÔ´Ï´Ù. /dev/cua* Æ÷Æ®Àΰ¡, /dev/ttyS*
Æ÷Æ®Àΰ¡ ÇÏ´Â °ÍÀÔ´Ï´Ù. /dev/ttyS* Æ÷Æ®¿©¾ß ÇÕ´Ï´Ù. cua ½ºÅ¸ÀÏÀº
¿¹Àü °ÍÀÌ°í, ¸Å¿ì ƯÀÌÇÑ ¹æ¹ýÀ¸·Î ¹®Á¦¸¦ ÀÏÀ¸Åµ´Ï´Ù.
7.15. IP ¸¶½ºÄ¿·¹À̵ùÀÌ ´À¸° °Í °°½À´Ï´Ù.
ÀÌ°Í¿¡´Â ¸î°¡Áö ÀÌÀ¯°¡ ÀÖÀ» ¼ö ÀÖ½À´Ï´Ù:
o Ȥ½Ã³ª ¿©·¯ºÐÀÇ ³»ºÎ ³×Æ®¿÷°ú ¿ÜºÎ ³×Æ®¿÷ÀÌ IP Alias ±â´ÉÀ» ÅëÇؼ
°°Àº ³×Æ®¿÷ Ä«µå¿¡¼ µ¿ÀÛÇÏ°í ÀÖÁö´Â ¾Ê´ÂÁö È®ÀÎÇϽʽÿä. ¸¸¾à
±×·¸´Ù¸é, ³×Æ®¿÷ Ä«µå Çϳª¸¦ ´õ ±¸Çؼ ³»ºÎ ³×Æ®¿÷°ú ¿ÜºÎ ³×Æ®¿÷ÀÌ
±×µé ÀÚ½ÅÀÇ ÀÎÅÍÆäÀ̽º¿¡¼ µ¿ÀÛÇϵµ·Ï ÇÒ °ÍÀ» °·ÂÀÌ ±ÇÀåÇÕ´Ï´Ù.
o ¸¸¾à ¿©·¯ºÐÀÌ ¿ÜÀå ¸ðµ©À» »ç¿ëÇÏ°í ÀÖ´Ù¸é, Ç°ÁúÀÌ ÁÁÀº Á÷·Ä
ÄÉÀ̺íÀ» »ç¿ëÇÏ°í ÀÖ´ÂÁö È®ÀÎÇϽʽÿä. ¶ÇÇÑ, ¸¹Àº PCµéÀÌ ½Î±¸·ÁÀÇ
¸®º» ÄÉÀ̺í·Î ¸¶´õº¸µå³ª I/O Ä«µåÀÇ Á÷·Ä Æ÷Æ®¿Í ¿ÜºÎ Á÷·Ä Æ÷Æ® Á¢¼Ó
´ÜÀÚ¸¦ ¿¬°áÇÏ°í ÀÖ½À´Ï´Ù. ÀÌ·± °æ¿ì¿¡ ÇØ´çµÈ´Ù¸é, ÄÉÀ̺í°ú ´ÜÀÚÀÇ
»óÅ°¡ ¾çÈ£ÇÑÁö È®ÀÎÇϽʽÿä. °³ÀÎÀûÀ¸·Î, ÇÊÀÚ´Â ¸ðµç ¸®º» ÄÉÀ̺í
ÁÖÀ§¿¡ Æä¶óÀÌÆ® ÄÚÀÏ(£Àº ȸ»öÀÇ µÕ±Ù ±Ý¼Ó)À» °¨¾Æ³õ°í ÀÖ½À´Ï´Ù.
o ÀÌ ÇÏ¿ìÅõÀÇ À§ÂÊ FAQ¿¡¼ ¼³¸íÇÑ ´ë·Î MTU°¡ 1500À¸·Î µÇ¾î ÀÖ´ÂÁö
È®ÀÎÇϽʽÿä.
o ½Ã¸®¾ó Æ÷Æ®°¡ 16550AÀ̰ųª ȤÀº ´õ ÁÁÀº UARTÀÎÁö È®ÀÎÇϽʽÿä.
È®ÀÎÇϱâ À§Çؼ´Â "dmesg | more"¶ó°í ¸í·ÉÇϽʽÿä.
o PPP Á¢¼ÓÀ» À§ÇÑ ½Ã¸®¾ó Æ÷Æ®°¡ 115200À¸·Î µ¿ÀÛÇÏ´ÂÁö
È®ÀÎÇϽʽÿä(¸ðµ©°ú ½Ã¸®¾ó Æ÷Æ®°¡ ó¸®ÇÒ ¼ö ÀÖ´Ù¸é ´õ ºü¸¥ °ª..
À̸¦ Å׸é ISDN Å͹̳Π¾î´ðÅÍ(TA).
o 2.0.x Ä¿³Î: 2.0.x Ä¿³ÎÀº Á» ±«»óÇÑ ¸éÀÌ ÀÖ¾î¼ Ä¿³Î¿¡°Ô ½Ã¸®¾ó
Æ÷Æ® ¼Óµµ¸¦ 115200À¸·Î ¸ÂÃßµµ·Ï Á÷Á¢ ¸í·ÉÇÒ ¼ö ¾ø½À´Ï´Ù. ±×·¡¼,
/etc/rc.d/rc.localÀ̳ª /etc/rc.d/rc.serial °°Àº Ãʱ⠽ºÅ©¸³Æ®¿¡¼,
´ÙÀ½ ¸í·ÉÀ» ½ÇÇàÇϵµ·Ï ÇÕ´Ï´Ù(¸ðµ©À» COM2¿¡¼ »ç¿ëÇÒ ¶§):
o setserial /dev/ttyS1 spd_vhi
o PPPd ½ºÅ©¸³Æ®¿¡¼, ½ÇÁ¦ pppd¸¦ ½ÇÇàÇÏ´Â °÷À» ¼Óµµ°¡ "38400"ÀÌ
µÇµµ·Ï °íĨ´Ï´Ù(pppdÀÇ man page ÂüÁ¶).
o 2.2.x Ä¿³Î: 2.0.x Ä¿³Î°ú ´Ù¸£°Ô, 2.1.x¿Í 2.2.x Ä¿³ÎÀº ÀÌ·±
"spd_vhi" ¹®Á¦°¡ ¾ø½À´Ï´Ù.
o ±×·¡¼, PPPd ½ºÅ©¸³Æ®¿¡¼, ½ÇÁ¦ pppd¸¦ ½ÇÇàÇÏ´Â °÷À» ¼Óµµ°¡
"115200"ÀÌ µÇµµ·Ï °íÄ¡±â¸¸ ÇÕ´Ï´Ù(pppdÀÇ man page ÂüÁ¶).
o TCP Sliding window¸¦ ÃÖ¼ÒÇÑ 8192°¡ µÇµµ·Ï ¼³Á¤ÇÕ´Ï´Ù.
o ÀÌ ³»¿ëÀº ÀÌ ¹®¼ÀÇ ¹üÀ§¸¦ ¿ÏÀüÈ÷ ¹þ¾î³ªÁö¸¸, ÀÌ·¸°Ô ÇÏ¸é ³»Àå/¿ÜÀå
PPP, Ethernet, TokenRing µî ¾î¶°ÇÑ ³×Æ®¿÷ ±¸¼ºÀ» °®°í ÀÖµç ¸¹Àº
µµ¿òÀÌ µÉ °ÍÀÔ´Ï´Ù. ´õ ÀÚ¼¼ÇÑ »çÇ×Àº, TrinityOS - Section 16ÀÇ
³×Æ®¿÷ ÃÖÀûÈ ¼½¼ÇÀ» º¸½Ê½Ã¿ä.
o ½Ã¸®¾ó Æ÷Æ®¿¡ IRQ-TuneÀ» ¼³Á¤
o ´ëºÎºÐÀÇ PC Çϵå¿þ¾î¿¡¼, Craig EsteyÀÇ IRQTUNE
µµ±¸¸¦ »ç¿ëÇÏ¸é ½Ã¸®¾ó Æ÷Æ®ÀÇ
¼º´ÉÀÌ SLIP°ú PPP¸¦ Æ÷ÇÔÇؼ ȹ±âÀûÀ¸·Î Çâ»óµÉ °Ì´Ï´Ù.
7.16. ÀÌÁ¦ IP ¸¶½ºÄ¿·¹À̵ùÀº µ¿ÀÛÇÏÁö¸¸, SYSLOGÀÇ ·Î±× ÈÀÏ¿¡
°®°¡ÁöÀÇ ÀÌ»óÇÑ ¸Þ½ÃÁöµé°ú ¿¡·¯°¡ »ý±é´Ï´Ù. IPFWADM/IPCHAINS ¹æȺ®ÀÇ
¿¡·¯ ¸Þ½ÃÁöÀÇ Àǹ̵éÀ» ¾Ë ¼ö ÀÖÀ»±î¿ä?
¿©·¯ºÐÀÌ º¸Åë º¸°Ô µÉ ¸Þ½ÃÁö´Â ¾Æ¸¶µµ ´ÙÀ½ µÎ°¡ÁöÀÏ °Ì´Ï´Ù:
o MASQ: Failed TCP Checksum error: ÀÌ ¿¡·¯°¡ º¸ÀÌ´Â °æ¿ì´Â,
ÀÎÅͳݿ¡¼ ¿À´Â ÆÐŶÀÌ µ¥ÀÌŸ ¼½¼Ç¿¡ ¹®Á¦°¡ ÀÖÁö¸¸ ³ª¸ÓÁö´Â ±¦Âú¾Æ
"º¸ÀÏ" ¶§ÀÔ´Ï´Ù. ¸®´ª½º ¹Ú½º°¡ÀÌ ÀÌ·± ÆÐŶÀ» ¹ÞÀ¸¸é, ÆÐŶÀÇ CRC¸¦
°è»êÇؼ ÆÐŶ¿¡ ¹®Á¦°¡ ÀÖ´Ù´Â °ÍÀ» ÆÇ´ÜÇÕ´Ï´Ù. Microsoft Windows¿Í
°°Àº OS¸¦ ¿î¿µÇÏ´Â ´ëºÎºÐÀÇ ¸Ó½ÅµéÀº, ÀÌ·± ÆÐŶÀ» ±×³É Á¶¿ëÈ÷
¹«½ÃÇÏÁö¸¸ ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵å´Â ±×°ÍÀ» SYSLOG¿¡ º¸°íÇÕ´Ï´Ù.
¸¸¾à PPP Á¢¼Ó¿¡¼ ÀÌ·± ¸Þ½ÃÁö¸¦ "¾ÆÁÖ ¸¹ÀÌ" Á¢ÇÏ°Ô µÈ´Ù¸é, À§ÀÇ FAQ
Ç׸ñ Áß "¸¶½ºÄ¿·¹À̵尡 ´À¸³´Ï´Ù"¸¦ º¸½Ã±â ¹Ù¶ø´Ï´Ù.
o ±× Ç׸ñÀÇ ³»¿ëÀÌ µµ¿òÀÌ ¾È µÉ ¶§´Â, /etc/ppp/options ÈÀÏ¿¡
"-vj"¶ó´Â ÁÙÀ» Ãß°¡ÇÏ°í PPPd¸¦ Àç½ÃÀÛÇØ º¸½Ã±â ¹Ù¶ø´Ï´Ù.
o Firewall hits: ÀÎÅͳÝÀ» »ç¿ëÇÏ¸é¼ °ü´ëÇÑ(¾ö°ÝÇÏÁö ¾ÊÀº) ¹æȺ®À»
¿î¿µÇÑ´Ù¸é, ¾ó¸¶³ª ¸¹Àº »ç¶÷µéÀÌ ¿©·¯ºÐÀÇ ¸®´ª½º ¹Ú½º¿¡ ħÀÔÇÏ·Á°í
ÇÏ´ÂÁö¸¦ º¸°í¼ ³î¶ó°Ô µÉ °Ì´Ï´Ù! ±×·³ ÀÌ·± ¹æȺ®ÀÇ ·Î±×µéÀÌ
ÀǹÌÇÏ´Â °Ç ¹»±î¿ä?
TrinityOS - Section 10
¹®¼¿¡¼:
¾Æ·¡ÀÇ Á¤Ã¥¿¡¼, ¾î¶² Æ®·¡ÇÈÀ» °ÅÀý ¶Ç´Â °ÅºÎÇÏ´Â ¶óÀεéÀº "-o"
¿É¼ÇÀ» °¡Áö°í ÀÖ¾î¼ ¹æȺ®¿¡ÀÇ Á¢±Ù ±â·ÏÀ» ´ÙÀ½ÀÇ À§Ä¡¿¡ ÀÖ´Â
SYSLOG ¸Þ½ÃÁö ÈÀÏ¿¡ ³²±é´Ï´Ù:
Redhat: /var/log
Slackware: /var/adm
ÀÌ ¹æȺ® ·Î±×µéÀ» »ìÆ캸¸é, ´ÙÀ½ÀÇ °Íµé°ú °°Àº °ÍÀ» º¸°Ô µÉ °Ì´Ï´Ù:
---------------------------------------------------------------------
IPFWADM:
Feb 23 07:37:01 Roadrunner kernel: IP fw-in rej eth0 TCP 12.75.147.174:1633
100.200.0.212:23 L=44 S=0x00 I=54054 F=0x0040 T=254
IPCHAINS:
Packet log: input DENY eth0 PROTO=17 12.75.147.174:1633 100.200.0.212:23
L=44 S=0x00 I=54054 F=0x0040 T=254
---------------------------------------------------------------------
ÀÌ ´Ü ÇÑ ÁÙ¿¡´Â ¾ÆÁÖ ¸¹Àº Á¤º¸°¡ ÀÖ½À´Ï´Ù. ÀÌ ¿¹¸¦ ºÐ¼®ÇØ º¸¸é¼ ¿©·¯ºÐÀÌ
º¸°ÔµÇ´Â ¹æȺ® Á¢±Ù ±â·ÏÀ» È®ÀÎÇØ º¾½Ã´Ù. ÀÌ ¿¹´Â IPFWADMÀ» ¼³¸íÇÏ°í ÀÖÁö¸¸
IPCHAINS »ç¿ëÀڵ鵵 ¹Ù·Î ¹«¾ðÁö ¾Ë ¼ö ÀÖÀ» °Ì´Ï´Ù.
--------------
- ÀÌ ¹æȺ® "Á¢±Ù"Àº "Feb 23 07:37:01"¿¡ ¹ß»ýÇß½À´Ï´Ù.
- ÀÌ Á¢±ÙÀº "RoadRunner"¶ó´Â ÄÄÇ»ÅÍ¿¡ ´ëÇÑ °ÍÀÔ´Ï´Ù.
- ÀÌ Á¢±ÙÀº "IP" ȤÀº TCP/IP ÇÁ·ÎÅäÄÝÀ» ÅëÇÑ °ÍÀÔ´Ï´Ù.
- ÀÌ Á¢±ÙÀº ¹æȺ®À¸·Î "µé¾î¿À´Â"("fw-in") °ÍÀÔ´Ï´Ù.
* ´Ù¸¥ ·Î±×µéÀº "³ª°¡´Â" °Í¿¡ ´ëÇؼ "fw-out" ȤÀº FORWARDÇÏ´Â
°Í¿¡ ´ëÇؼ´Â "fw-fwd"¶ó°í ÇÒ °ÍÀÔ´Ï´Ù.
- ÀÌ Á¢±ÙÀº "°ÅºÎµÇ¾ú½À´Ï´Ù(rejECTED)".
* ´Ù¸¥ ·Î±×µéÀº "deny" ȤÀº "accept"¶ó°í ÇÒ ¼öµµ ÀÖ½À´Ï´Ù.
- ÀÌ ¹æȺ® Á¢±Ù "eth0" ÀÎÅÍÆäÀ̽º(ÀÎÅÍ³Ý ¿¬°á)¿¡¼ ÀϾ½À´Ï´Ù.
- ÀÌ Á¢±ÙÀº "TCP" ÆÐŶÀ̾ú½À´Ï´Ù.
- ÀÌ Á¢±ÙÀº "12.75.147.174"fksms IP ÁּҷκÎÅÍ ¿Â °ÍÀÌ°í "1633"¹ø
Æ÷Æ®·Î µ¹·ÁÁ³½À´Ï´Ù.
- ÀÌ Á¢±ÙÀº "100.200.0.212"¶ó´Â ÁÖ¼Ò¿¡ "23"¹ø Æ÷Æ® ȤÀº TELNETÀ¸·Î
¿¬°áÇϱâ À§ÇÑ °ÍÀ̾ú½À´Ï´Ù.
* 23¹ø Æ÷Æ®°¡ TELNETÀ» À§ÇÑ °ÍÀÎÁö Àß ¸ð¸£°Ú´Ù¸é,
/etc/services ÈÀÏ¿¡¼ Æ÷Æ®¸¦ È®ÀÎÇϽʽÿä.
- ÀÌ ÆÐŶÀº Å©±â°¡ "44" ¹ÙÀÌÆ®¿´½À´Ï´Ù.
- ÀÌ ÆÐŶÀº "Type of Service(¼ºñ½º Á¾·ù)"°¡ ¼³Á¤µÅ ÀÖÁö ¾Ê¾Ò½À´Ï´Ù.
--ÀÌ ¸»À» ÀÌÇØÇÏÁö ¸øÇÏ´õ¶ó°í °ÆÁ¤ÇÏÁö ¸¶½Ê½Ã¿ä.. ¾Ë ÇÊ¿ä
¾ø½À´Ï´Ù.
* ipchains »ç¿ëÀÚÀÇ °æ¿ì ÀÌ °ªÀ» 4·Î ³ª´©¸é ¼ºñ½º Á¾·ù°¡
µË´Ï´Ù.
- ÀÌ ÆÐŶÀº "IP ID" ¹øÈ£°¡ "18" À̾ú½À´Ï´Ù.
--ÀÌ ¸»À» ÀÌÇØÇÏÁö ¸øÇÏ´õ¶ó°í °ÆÁ¤ÇÏÁö ¸¶½Ê½Ã¿ä.. ¾Ë ÇÊ¿ä
¾ø½À´Ï´Ù.
- ÀÌ ÆÐŶÀº 16ºñÆ®ÀÇ Á¶°¢ À§Ä¡¸¦ °¡Áö°í ÀÖ°í TCP/IP ÆÐŶ Ç÷¡±×´Â
"0x0000"À̾ú½À´Ï´Ù.
--ÀÌ ¸»À» ÀÌÇØÇÏÁö ¸øÇÏ´õ¶ó°í °ÆÁ¤ÇÏÁö ¸¶½Ê½Ã¿ä.. ¾Ë ÇÊ¿ä
¾ø½À´Ï´Ù.
* "0x2..."³ª "0x3..."·Î ½ÃÀÛÇÏ´Â °ªÀº "´õ ¸¹Àº Á¶°¢" ºñÆ®°¡
µÇ¾î¼ ´õ¸¹Àº Á¶°¢³ ÆÐŶµéÀÌ µµÂøÇؾßÁö ÀÌ "Å«" ÆÐŶÀÌ
¿Ï¼ºµÉ °ÍÀ̶ó´Â °ÍÀ» ÀǹÌÇÕ´Ï´Ù.
* "0x4..."³ª "0x5..."·Î ½ÃÀÛÇÏ´Â °ªÀº "Á¶°¢³»±â ±ÝÁö" ºñÆ®°¡
¼³Á¤µÇ¾î ÀÖ´Ù´Â °ÍÀ» ÀǹÌÇÕ´Ï´Ù.
* ´Ù¸¥ °ªµéÀº Á¶°¢ À§Ä¡ (8·Î ³ª¿ì¾úÀ» ¶§) °ªµéÀÌ°í ³ªÁß¿¡ ¿ø·¡ÀÇ
Å« ÆÐŶÀ¸·Î Á¶ÇÕÇÒ ¶§ »ç¿ëµË´Ï´Ù.
- ÀÌ ÆÐŶÀº Áö¼Ó½Ã°£(TimeToLive) (TTL)ÀÌ 20À̾ú½À´Ï´Ù.
* ÀÎÅͳݻ󿡼ÀÇ ¸Å µµ¾à ¶§ ¸¶´Ù ÀÌ °ªÀº 1¾¿ °¨¼ÒÇÕ´Ï´Ù. º¸Åë,
ÆÐŶµéÀº Ãâ¹ßÇÒ ¶§ 255ÀÇ °ªÀ» °®°í ¸¸¾à ÀÌ ¼ýÀÚ°¡ °á±¹ 0ÀÌ
µÇ¸é, ÆÐŶÀº ¾ø¾îÁø °ÍÀ̶ó¼ Áö¿öÁö°Ô µÉ °Ì´Ï´Ù.
7.17. ¿ÜºÎÀÇ ÀÎÅÍ³Ý »ç¿ëÀÚµéÀÌ ³»ºÎ¿¡ ¸¶½ºÄ¿·¹À̵åµÇ´Â ¼¹öµé¿¡ Á÷Á¢
Á¢¼ÓÇÒ ¼ö ÀÖµµ·Ï IP ¸¶½ºÄ¿·¹À̵带 ¼³Á¤ÇÒ ¼ö ÀÖ½À´Ï±î?
¿¹! IPPORTFW¸¦ »ç¿ëÇϸé, ¸ðµç, ȤÀº ¼±ÅÃµÈ ¸î¸î ÀÎÅÍ³Ý È£½ºÆ®µéÀÌ
³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»Å͵鿡 Á¢¼ÓÇÒ ¼ö ÀÖµµ·Ï ÇÒ ¼ö ÀÖ½À´Ï´Ù. ÀÌ
ÁÖÁ¦¿¡ ´ëÇؼ´Â ``'' ¼½¼Ç¿¡¼ »ó¼¼È÷ ´Ù·ç°í ÀÖ½À´Ï´Ù.
7.18. SYSLOG ÈÀÏ¿¡ "kernel: ip_masq_new(proto=UDP): no free
ports."¶ó´Â ¸Þ½ÃÁö°¡ ³²½À´Ï´Ù. ¿Ö ±×·±°¡¿ä?
³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ¸Ó½Å Áß Çϳª°¡ ÀÎÅͳÝÀ¸·Î ³ª°¡´Â ÆÐŶÀ»
ºñÁ¤»óÀûÀ¸·Î ¸¹ÀÌ ¸¸µé°í Àֱ⠶§¹®ÀÔ´Ï´Ù. IP ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö´Â
¸¶½ºÄ¿·¹À̵å Å×À̺íÀ» ¸¸µé°í ÀÌ ÆÐŶµéÀ» ÀÎÅͳÝÀ¸·Î ³»º¸³»´Âµ¥, ÀÌ
Å×À̺íÀÌ ³Ê¹« »¡¸® ä¿öÁö´Â °Ì´Ï´Ù. ÀÏ´Ü Å×À̺íÀÌ ²Ë Â÷°Ô µÇ¸é, ÀÌ¿Í
°°Àº ¿¡·¯¸¦ ³»°Ô µË´Ï´Ù.
ÀÌ·¯ÇÑ »óȲÀ» ¸¸µé¾î ³»´Â ÀÀ¿ëÇÁ·Î±×·¥À¸·Î¼ Á¦°¡ ¾Ë°í ÀÖ´Â À¯ÀÏÇÑ
°ÍÀº "GameSpy"¶ó´Â °ÔÀÓ ÇÁ·Î±×·¥ÀÔ´Ï´Ù. ÀÌÀ¯´Â, Gamespy¶ó´Â °ÔÀÓÀº
¼¹öÀÇ ¸®½ºÆ®¸¦ ¸¸µé°í, ±× ¸®½ºÆ®¿¡ ÀÖ´Â ¼öõ°³ÀÇ ¸ðµç °ÔÀÓ ¼¹ö¿¡
pingÀ» Çϱ⠶§¹®ÀÔ´Ï´Ù. ÀÌ·¸°Ô pingÀ» ÇÔÀ¸·Î½á, ¸Å¿ì ªÀº ½Ã°£µ¿¾È
¼ö¸¸°³ÀÇ ºü¸¥ Á¢¼ÓÀ» ¿ä±¸ÇÕ´Ï´Ù. À̵éÀÌ IP ¸¶½ºÄ¿·¹À̵åÀÇ ½Ã°£Á¦ÇÑ¿¡
°É·Á¼ ³¡³¯ ¶§±îÁö, ¸¶½ºÄ¿·¹À̵å Å×À̺íÀ» "²Ë" Â÷°Ô µË´Ï´Ù.
±×·³ ¾î¶»°Ô Çϳª¿ä? ÀÌ»óÀûÀ¸·Î ¸»ÇÑ´Ù¸é, ±×·± ÇÁ·Î±×·¥Àº ¾²Áö
¸¶½Ê½Ã¿ä. ·Î±× ÈÀÏ¿¡ ±×·± ¿¡·¯µéÀÌ ½×Àδٸé, ¾î¶² ÇÁ·Î±×·¥ÀÎÁö
ã¾Æ³»¼ »ç¿ëÀ» ÁßÁöÇϽʽÿä. ÇÏÁö¸¸, ¿©·¯ºÐÀÌ GameSpy°°Àº °ÔÀÓÀ»
Á¤¸»·Î ÁÁ¾ÆÇÑ´Ù¸é, ¼¹ö ¸ñ·ÏÀ» °»½ÅÇÏ´Â °ÍÀ» ¸¹ÀÌ ÇÏÁö ¸¶½Ê½Ã¿ä.
¾î·µç, ±×·± ÇÁ·Î±×·¥µéÀ» »ç¿ëÇÏÁö ¾Ê´Â´Ù¸é, ¸¶½ºÄ¿·¹À̵尡 ³»º¸³»´ø
±× ¿¡·¯µéÀº ´õ ÀÌ»ó ³ªÅ¸³ªÁö ¾ÊÀ» °Ì´Ï´Ù.
7.19. IPPORTFW¸¦ »ç¿ëÇÏ·Á°í Çϸé "ipfwadm: setsockopt failed: Proto
col not available"¶ó´Â ¿¡·¯°¡ ³³´Ï´Ù!
"ipfwadm: setsockopt failed: Protocol not available"¶ó´Â ¿¡·¯ ¸Þ½ÃÁö¸¦
¸¸³´Ù¸é, »õ·Ó°Ô ÄÄÆÄÀÏÇÑ Ä¿³ÎÀ» »ç¿ëÇÏ°í ÀÖÁö ¾ÊÀº °ÍÀÔ´Ï´Ù. »õ
Ä¿³ÎÀ» Á¦ À§Ä¡¿¡ ¿Å±â°í, LILO¸¦ ´Ù½Ã ½ÇÇàÇÏ°í, ´Ù½Ã ÀçºÎÆÃÇØ º¸½Ê½Ã¿ä.
ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼ÇÀÇ ¸¶Áö¸· ºÎºÐÀ» º¸½Ê½Ã¿ä.
7.20. Microsoft ÈÀÏ ÇÁ¸°Æ® °øÀ¯¿Í Microsoft µµ¸ÞÀÎ
Ŭ¶óÀ̾ðÆ®µé(SAMBA)ÀÌ IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù!
MicrosoftÀÇ SMB ÇÁ·ÎÅäÄÝÀ» Á¦´ë·Î Áö¿øÇϱâ À§Çؼ´Â ±×¸¦ À§ÇÑ
¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀÌ ÀÖ¾î¾ß ÇÏÁö¸¸, ÇöÀç·Î¼´Â ¼¼°¡ÁöÀÇ ¿ìȸÀûÀÎ ¹æ¹ýÀÌ
ÀÖ½À´Ï´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº, this Microsoft KnowledgeBase articleÀ»
º¸½Ê½Ã¿ä.
ù¹ø° ¿ìȸ¹æ¹ýÀº, IPPORTFW¸¦ ``'' ¼½¼Ç¿¡ ³ª¿Â ´ë·Î ¼³Á¤ÇÏ°í, TCP Æ÷Æ®
137, 138, 139¸¦ ³»ºÎÀÇ À©µµ¿ìÁî ¸Ó½ÅÀÇ IP ÁÖ¼Ò·Î Æ÷¿öµåÇÏ´Â °ÍÀÔ´Ï´Ù.
ÀÌ·¸°Ô ÇÏ¸é µ¿ÀÛÇϱä ÇÏÁö¸¸, ¿ÀÁ÷ ÇÑ °³ÀÇ ³»ºÎ ¸Ó½Å¿¡ ´ëÇؼ¸¸ µ¿ÀÛÇÒ
°ÍÀÔ´Ï´Ù.
µÎ¹øÀç ¹æ¹ýÀº, ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼¹ö¿¡ Samba¸¦ ¼³Ä¡ÇÏ´Â °ÍÀÔ´Ï´Ù.
Samba°¡ ½ÇÇàÇϸé, ³»ºÎÀÇ À©µµ¿ìÁîÀÇ ÈÀÏ ÇÁ¸°Æ® °øÀ¯¸¦ Samba ¼¹ö¿¡¼
º¸ÀÌ°Ô ÇÒ ¼ö ÀÖ½À´Ï´Ù. ±×·¯¸é, ¿ÜºÎÀÇ ¸ðµç Ŭ¶óÀ̾ðÆ®¿¡¼ ÀÌ °øÀ¯µé¿¡
Á¢±ÙÇÒ ¼ö ÀÖ°Ô µË´Ï´Ù. Samba¸¦ ¼³Á¤ÇÏ´Â ¹æ¹ýÀº ¸®´ª½º ¹®¼ ÇÁ·ÎÁ§Æ®ÀÇ
HOWTO¿¡¼ ãÀ» ¼ö ÀÖ°í, TrinityOS ¹®¼¿¡¼µµ ¿ª½Ã ãÀ» ¼ö ÀÖÀ»
°ÍÀÔ´Ï´Ù.
¼¼¹ø° ¹æ¹ýÀº, µÎ ¿Þµµ¿ìÁî ¸Ó½Å »çÀÌ¿¡, ȤÀº µÎ ³×Æ®¿÷ »çÀÌ¿¡ VPN(°¡»ó
°³ÀÎ ³×Æ®¿÷)À» ¼³Á¤ÇÏ´Â °ÍÀÔ´Ï´Ù. ÀÌ°ÍÀº PPTP³ª IPSEC VPN ¼Ö·ç¼ÇÀ»
»ç¿ëÇؼ ¼³Á¤ÇÒ ¼ö ÀÖ½À´Ï´Ù. ¸®´ª½º¿ëÀÇ ``'' ÆÐÄ¡µµ ÀÖ°í, 2.0.x¿Í
2.2.x Ä¿³Î¿¡¼ »ç¿ëÇÒ ¼ö ÀÖ´Â ¿ÏÀüÇÑ IPSECµµ ±¸ÇöµÇ¾î ÀÖ½À´Ï´Ù. ÀÌ
¹æ¹ýÀº ¼¼°¡Áö ¹æ¹ý Áß¿¡¼ °¡Àå ¾ÈÁ¤ÀûÀÌ°í ¾ÈÀüÇÑ ¹æ¹ýÀÔ´Ï´Ù.
ÀÌ ¹æ¹ýµéÀº ÀÌ HOWTO¿¡¼ ´Ù·çÁö´Â ¾Ê½À´Ï´Ù. IPSEC¿¡ ´ëÇؼ´Â TrinityOS
¹®¼¿¡¼ µµ¿òÀ» ¹ÞÀ» ¼ö ÀÖÀ» °ÍÀÌ°í, ±× ÀÌ»óÀÇ Á¤º¸´Â JJohn HardinÀÇ
PPTP ÆäÀÌÁö¸¦ º¼ °ÍÀ» ±ÇÀåÇÕ´Ï´Ù.
¶ÇÇÑ ¾Ë¾Æ µÑ °ÍÀº, MicrosoftÀÇ SMB ÇÁ·ÎÅäÄÝÀº º¸¾È¿¡ ¸Å¿ì Ãë¾àÇÏ´Ù´Â
°ÍÀÔ´Ï´Ù. ÀÌ ¶§¹®¿¡, ÀÎÅͳÝÀ» ÅëÇؼ ¾ÏÈ£È ¾øÀÌ Microsoft ÈÀÏ ÇÁ¸°Æ®
°øÀ¯³ª ¿Þµµ¿ìÁî µµ¸ÞÀÎ ·Î±äÀ» »ç¿ëÇÏ´Â °ÍÀº ¸Å¿ì ÁÁÁö ¾Ê½À´Ï´Ù.
7.21. ¸¶½ºÄ¿·¹À̵åµÇ´Â IRC »ç¿ëÀÚµéÀº IRC¸¦ Á¦´ë·Î »ç¿ëÇÒ ¼ö
¾ø½À´Ï´Ù. ¿Ö ±×·±°¡¿ä?
ÁÖµÈ ¿øÀÎÀ¸·Î »ý°¢ÇÒ ¼ö ÀÖ´Â °ÍÀº, ´ëºÎºÐÀÇ ¸®´ª½º ¹èÆ÷º»µéÀÇ IDENT³ª
"ÀÎÁõ" ¼¹ö´Â IP ¸¶½ºÄ¿·¹À̵åµÇ´Â ¿¬°áÀ» ó¸®ÇÏÁö ¸ø ÇÑ´Ù´Â °Ì´Ï´Ù.
ÇÏÁö¸¸ °ÆÁ¤ÇÒ °ÍÀº ¾ø½À´Ï´Ù. Á¦´ë·Î µ¿ÀÛÇÏ´Â IDENTµéÀÌ ÀÖÀ¸´Ï±î¿ä.
ÀÌ ¼ÒÇÁÆ®¿þ¾î¸¦ ¼³Ä¡ÇÏ´Â °ÍÀº ÀÌ HOWTOÀÇ ³»¿ëÀ» ¹þ¾î³ª´Â °ÍÀÔ´Ï´Ù.
°¢°¢ÀÇ µµ±¸µéÀº °¢°¢ ¹®¼µéÀ» °¡Áö°í ÀÖ½À´Ï´Ù. ¿©±â¿¡ ¸î°³ÀÇ URLµéÀ»
Àû½À´Ï´Ù:
o Mident °¡ ´ëºÎºÐÀÇ IRC
»ç¿ëÀÚµéÀÌ »ç¿ëÇÏ´Â °ÍÀÔ´Ï´Ù.
o Sident
o Other Idents including Oidentd
¾î¶² ÀÎÅÍ³Ý IRC ¼¹öµéÀº ¿©ÀüÈ÷ °°Àº È£½ºÆ®¿¡¼ ¿©·¯°³ÀÇ Á¢¼ÓÀ» ÇÏ´Â
°ÍÀ» Çã¿ëÇÏÁö ¾Ê°í ÀÖ½À´Ï´Ù. ÀÎÁõ Á¤º¸¸¦ ÅëÇؼ »ç¿ëÀÚµéÀÌ ¼·Î
´Ù¸£´Ù´Â °ÍÀ» ¾Ë ¼ö ÀÖ´õ¶óµµ ¸»ÀÔ´Ï´Ù. ±× ¶§´Â ±× ¼¹öÀÇ °ü¸®ÀÚ¿¡°Ô
Ç×ÀÇÇϽʽÿä. :)
7.22. mIRC°¡ DCC Àü¼ÛÀ» ÇÏÁö ¸øÇÕ´Ï´Ù.
ÀÌ°ÍÀº mIRCÀÇ ¼³Á¤ ¹®Á¦ÀÔ´Ï´Ù. °íÄ¡±â À§Çؼ´Â, ¿ì¼± mIRC¸¦ IRC
¼¹ö·ÎºÎÅÍ Á¢¼ÓÀ» ²÷½À´Ï´Ù. ±×¸®°í, mIRC¿¡¼ ÈÀÏ --> ¼³Á¤À¸·Î °¡¼
"IRC servers tab"À» Ŭ¸¯ÇÕ´Ï´Ù. Æ÷Æ®°¡ 6667·Î ¼³Á¤µÇ¾î ÀÖ´ÂÁö
È®ÀÎÇÕ´Ï´Ù. ´Ù¸¥ Æ÷Æ®¸¦ »ç¿ëÇØ¾ß ÇÑ´Ù¸é, ÀÌ ¾Æ·¡¿¡ ÀÖ´Â ³»¿ëÀ»
º¸½Ê½Ã¿ä. ´ÙÀ½À¸·Î, ÈÀÏ --> ¼³Á¤ --> Áö¿ª Á¤º¸·Î °¡¼ Áö¿ª
È£½ºÆ®(ÀÚ½ÅÀÇ È£½ºÆ®)¿¡ ÇØ´çÇÏ´Â ºÎºÐ°ú IP ÁÖ¼Ò¸¦ Áö¿ó´Ï´Ù. "LOCAL
HOST"¿Í "IP address"(IP address´Â üũµÇ¾úÁö¸¸ »ç¿ëºÒ°¡·Î µÉ ¼ö
ÀÖ½À´Ï´Ù)ÀÇ Ã¼Å©¹Ú½º¸¦ ¼±ÅÃÇÕ´Ï´Ù. ´ÙÀ½À¸·Î, "Lookup
Method(°Ë»ö¹æ¹ý)"À» "normal(º¸Åë)"À¸·Î ¼³Á¤ÇÕ´Ï´Ù. ¸¸¾à¿¡ "servers"°¡
¼±ÅõǾî ÀÖÀ¸¸é µ¿ÀÛÇÏÁö ¾ÊÀ» °Ì´Ï´Ù. ÀÚ ³¡³µ½À´Ï´Ù. IRC ¼¹ö¿¡ ´Ù½Ã
Á¢¼ÓÇØ º¸½Ê½Ã¿ä.
IRC ¼¹öÀÇ Æ÷Æ®¸¦ 6667ÀÌ ¾Æ´Ñ °ÍÀ» »ç¿ëÇØ¾ß ÇÑ´Ù¸é, (¿¹¸¦ µé¾î 6969)
IRC ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀ» ·ÎµåÇÏ´Â /etc/rc.c/rc.firewall ÈÀÏÀ» ÆíÁýÇؾß
ÇÕ´Ï´Ù. ÀÌ ÈÀÏ¿¡¼ "modprobe ip_masq_irc"¶ó´Â ÁÙÀÌ ÀÖ´Â °÷À» ÆíÁýÇؼ
"ports=6667,6969"¸¦ ±¸°¡ÇÕ´Ï´Ù. ´Ù¸¥ Æ÷Æ®µéµµ ÄÞ¸¶·Î ±¸ºÐÇؼ Ãß°¡ÇÒ
¼ö ÀÖ½À´Ï´Ù.
¸¶Áö¸·À¸·Î, ¸¶½ºÄ¿·¹À̵åµÇ´Â ¸Ó½ÅµéÀÇ IRC Ŭ¶óÀ̾ðÆ®µéÀ» Á¾·áÇÏ°í IRC
¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀ» ´Ù½Ã ·ÎµåÇÕ´Ï´Ù:
/sbin/rmmod ip_masq_irc /etc/rc.d/rc.firewall
7.23. ÇÑ°³ÀÇ ÀÌ´õ³Ý ³×Æ®¿÷ Ä«µå¸¸ À־ (IP AliasingÀ» ÅëÇؼ) IP
¸¶½ºÄ¿·¹À̵带 »ç¿ëÇÒ ¼ö ÀÖ½À´Ï±î?
±×·¸±âµµ ÇÏ°í ¾Æ´Ï±âµµ ÇÕ´Ï´Ù. "IP Alias"¶ó´Â Ä¿³ÎÀÇ ±â´ÉÀ» ÅëÇؼ,
»ç¿ëÀÚ´Â eth0:1, eth0:2 µî°ú °°ÀÌ ¿©·¯°³ÀÇ ÀÎÅÍÆäÀ̽º¸¦ ¼³Á¤ÇÒ ¼ö
ÀÖ½À´Ï´Ù. ÇÏÁö¸¸, IP ¸¶½ºÄ¿·¹À̵忡 aliasµÈ ÀÎÅÍÆäÀ̽º¸¦ »ç¿ëÇÏ´Â °ÍÀº
ÃßõÇÏÁö ¾Ê½À´Ï´Ù. ¿Ö³Ä±¸¿ä? ÇÑ °³ÀÇ ³×Æ®¿÷ Ä«µå¸¦ ÅëÇؼ´Â ¾ÈÀüÇÑ
¹æȺ®À» ±¸¼ºÇÏ´Â °ÍÀÌ ´ë´ÜÈ÷ ¾î·Æ½À´Ï´Ù. ¶ÇÇÑ, ÆÐŶµéÀÌ µé¾î¿À¸é ¶Ç
µ¿½Ã¿¡ ³»º¸³»Áö±â ¶§¹®¿¡ »ó´ç·®ÀÇ ¿¡·¯µéÀÌ ³¯ °ÍÀÔ´Ï´Ù. ÀÌ·± ÀÌÀ¯µµ
ÀÖ°í ¶Ç ¿äÁòÀº ³×Æ®¿÷ Ä«µå°¡ Àú·ÅÇϱ⠶§¹®¿¡, Àú´Â ¿©·¯ºÐ¿¡°Ô ³×Æ®¿÷
Ä«µå¸¦ ´õ ±¸ÀÔÇÒ °ÍÀ» °·ÂÈ÷ ±ÇÀåÇÕ´Ï´Ù.
¿©·¯ºÐÀÌ ¶Ç ¾Ë¾ÆµÖ¾ß ÇÒ °ÍÀº, IP ¸¶½ºÄ¿·¹À̵ùÀº eth0, eth1 µî°ú °°Àº
¹°¸®ÀûÀÎ ÀÎÅÍÆäÀ̽º¿¡¼¸¸ Á¦´ë·Î µ¿ÀÛÇÑ´Ù´Â °Ì´Ï´Ù. "eth0:1, eth1:1
µî°ú °°ÀÌ" alias µÈ ÀÎÅÍÆäÀ̽º¿¡¼ ¸¶½ºÄ¿·¹À̵ùÀº Á¦´ë·Î µ¿ÀÛÇÏÁö ¾ÊÀ»
°Ì´Ï´Ù. ¸»ÇÏÀÚ¸é, ´ÙÀ½°ú °°Àº °æ¿ì´Â µ¿ÀÛÇÏÁö ¾ÊÀ» °Ì´Ï´Ù:
o /sbin/ipfwadm -F -a m -W eth0:1 -S 192.168.0.0/24 -D 0.0.0.0/0
o /sbin/ipchains -A forward -i eth0:1 -s 192.168.0.0/24 -j MASQ"
ÇÏÁö¸¸ ¿©ÀüÈ÷ alias µÈ ÀÎÅÍÆäÀ̽º¸¦ »ç¿ëÇÏ°í ½Í´Ù¸é, Ä¿³Î¿¡¼ "IP
Alias" ±â´ÉÀ» ÄÑ¾ß ÇÕ´Ï´Ù. ±×¸®°í Ä¿³ÎÀ» ´Ù½Ã ÄÄÆÄÀÏÇÏ°í ÀçºÎÆÃÇؾß
ÇÕ´Ï´Ù. »õ·Î¿î Ä¿³Î·Î ºÎÆÃÇÏ°í ³ª¸é, ¸®´ª½º°¡ »õ·Î¿î ÀÎÅÍÆäÀ̽º(¿¹¸¦
µé¸é /dev/eth0:1 µî)¸¦ »ç¿ëÇϵµ·Ï ¼³Á¤ÇØ Áà¾ß ÇÕ´Ï´Ù. ±×¸®°í ³ª¸é,
¾Õ¼ ¸»ÇÑ °Í°ú °°Àº Á¦¾àÀº ÀÖÁö¸¸ ±×°ÍµéÀ» º¸ÅëÀÇ ÀÌ´õ³Ý
ÀÎÅÍÆäÀ̽ºÃ³·³ »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù.
7.24. ¸¶½ºÄ¿·¹À̵åµÇ´Â ¿¬°áµéÀ» º¸±âÀ§Çؼ NETSTAT ¸í·ÉÀ» »ç¿ëÇÏ·Á°í
Çϴµ¥ µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù.
"netstat" ÇÁ·Î±×·¥¿¡´Â ¹®Á¦°¡ ÀÖ½À´Ï´Ù. ¸®´ª½º ºÎÆ®µÈ Á÷ÈÄ¿¡, "netstat
-M"¶ó°í ¸í·ÉÇϸé Àß µ¿ÀÛÇÏÁö¸¸, ¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»ÅÍ°¡ pingÀ̳ª
traceroute °°Àº ICMP Åë½ÅÀ» ¼öÇàÇÏ°í ³ª¼´Â ´ÙÀ½°ú °°Àº °ÍÀ» º¸°Ô µÉ
°Ì´Ï´Ù:
masq_info.c: Internal Error `ip_masquerade unknown type'.
À̸¦ À§ÇÑ ´Ù¸¥ ¹æ¹ýÀº "/sbin/ipfwadm -M -l"¶ó´Â ¸í·ÉÀ» »ç¿ëÇÏ´Â
°Ì´Ï´Ù. ¶ÇÇÑ ¿°ÅµÈ ICMP ¸¶½ºÄ¿·¹À̵å Ç׸ñµéÀÌ ³¡³ª°í ³ª¸é,
"netstat"°¡ ´Ù½Ã Àß µ¿ÀÛÇÏ´Â °É º¸°Ô µÉ °Ì´Ï´Ù.
7.25. IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ Microsoft PPTP (GRE tunnels)À̳ª IPSEC
(Linux SWAN) tunnels µîÀ» »ç¿ëÇÏ°í ½Í½À´Ï´Ù.
°¡´ÉÇÕ´Ï´Ù. ÇÏÁö¸¸ ÀÌ ¹®¼ÀÇ ¹üÁÖ¸¦ ¹þ¾î³ª´Â °ÍÀ̹ǷÎ, ÀÚ¼¼ÇÑ Á¤º¸´Â
John HardinÀÇ PPTP Masq¸¦ º¸½Ã±â ¹Ù¶ø´Ï´Ù.
7.26. IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ XYZ ³×Æ®¿÷ °ÔÀÓÀ» ½ÇÇàÇÏ°í ½ÍÁö¸¸
µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù. µµ¿ÍÁÖ¼¼¿ä!
¿ì¼±, Steve Grevemeyer's MASQ Applications page
¸¦ »ìÆ캸½Ê½Ã¿ä. °Å±â¿¡ ÇØ°áÃ¥ÀÌ
¾ø´Ù¸é, À§ÀÇ ``'' ¼½¼Ç¿¡ ÀÖ´Â Glenn LambÀÇ LooseUDP
ÆÐÄ¡·Î
¸®´ª½º Ä¿³ÎÀ» ÆÐÄ¡ÇØ º¸½Ê½Ã¿ä. ´õ ÀÚ¼¼ÇÑ Á¤º¸´Â Dan KegelÀÇ NAT Page
¸¦ »ìÆ캸½Ê½Ã¿ä.
¿©·¯ºÐÀÌ ±â¼úÀûÀÎ ´É·ÂÀÌ ÀÖ´Ù¸é, "tcpdump" ÇÁ·Î±×·¥À» »ç¿ëÇؼ
¿©·¯ºÐÀÇ ³×Æ®¿÷À» sniff ÇØ º¸½Ê½Ã¿ä. ±× XYZ °ÔÀÓÀÌ »ç¿ëÇÏ°í ÀÖ´Â
ÇÁ·ÎÅäÄÝ°ú Æ÷Æ® ¹øÈ£¸¦ ¾Ë¾Æ³»´Â °Ì´Ï´Ù. ÀÌ Á¤º¸µéÀ» ¾Ë¾Æ³»¸é, IP Masq
email list¿¡ °¡ÀÔÇÏ°í ¿©·¯ºÐÀÇ °á°ú¸¦ ÀÌ ¸ÞÀÏ·Î º¸³»°í µµ¿òÀ»
¿äûÇϽʽÿä.
7.27. IP ¸¶½ºÄ¿·¹À̵尡 ¾ó¸¶°£Àº Àß µ¿ÀÛÇÏÁö¸¸ °©Àڱ⠸ØÃä´Ï´Ù.
ÀçºÎÆÃÇÏ°í ³ª¸é Çѵ¿¾È ¶Ç Àß µ¿ÀÛÇÕ´Ï´Ù. ¿Ö ±×·±°¡¿ä?
Á¦°¡ »ý°¢Çϱ⿡ ¿©·¯ºÐÀº IPAUTOFWÀ» »ç¿ëÇÏ°í Àְųª Ä¿³Î¿¡ Æ÷ÇÔ½ÃÄ×À»
°Ì´Ï´Ù. ¸Â³ª¿ä?? ÀÌ°Ç IPAUTOFWÀÇ Àß ¾Ë·ÁÁø ¹®Á¦Á¡ÀÔ´Ï´Ù. ¸®´ª½º Ä¿³Î¿¡
IPAUTOFW ±â´ÉÀ» Æ÷ÇÔ½ÃÅ°Áö ¸»°í, ´ë½Å IPPORTFW ¿É¼ÇÀ» »ç¿ëÇϽʽÿä. ÀÌ
¹®Á¦µéÀº ``'' ¼½¼Ç¿¡¼ ÀÚ¼¼È÷ ´Ù·ç°í ÀÖ½À´Ï´Ù.
7.28. ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»Å͵éÀÌ SMTP³ª POP-3 ¸ÞÀÏÀ» º¸³»Áö
¸øÇÕ´Ï´Ù!
ÀÌ°ÍÀÌ ¸¶½ºÄ¿·¹À̵ù¿¡ °ü·ÃµÈ »çÇ×Àº ¾ÆÁö¸¸, ¸¹Àº »ç¶÷µé¿¡ °ü°èµÈ
°ÍÀ̱⠶§¹®¿¡ ¿©±â¿¡ ¾ð±ÞÇÕ´Ï´Ù.
SMTP: ¿©·¯ºÐÀº ¾Æ¸¶µµ ¸®´ª½º ¹Ú½º¸¦ SMTP Áß°è±â(relay)·Î »ç¿ëÇÏ·Á°í
ÇÏ°í ´ÙÀ½°ú °°Àº ¿¡·¯°¡ ³¯ °Ì´Ï´Ù:
"error from mail server: we do not relay"
SendmailÀÇ »õ ¹öÁ¯À̳ª ´Ù¸¥ ¸ÞÀÏ Àü¼Û ÇÁ·Î±×·¥(MTA)µéÀº ±âº»ÀûÀ¸·Î
Á߰踦 ÇÏÁö ¾Ê½À´Ï´Ù(ÀÌ°ÍÀÌ ¹Ù¶÷Á÷ÇÑ °Ì´Ï´Ù). ÀÌ ¹®Á¦¸¦ °íÄ¡·Á¸é
´ÙÀ½°ú °°ÀÌ ÇÕ´Ï´Ù:
o Sendmail: /etc/sendmail.cw ÈÀÏÀ» ÆíÁýÇؼ ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â
¸Ó½Åµé¿¡ ´ëÇÑ Æ¯Á¤ Á߰踦 Çã¿ëÇÏ°í, ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ¸Ó½ÅÀÇ
È£½ºÆ®¸í°ú µµ¸ÞÀÎ ¸íÀ» Ãß°¡ÇÕ´Ï´Ù. ¶ÇÇÑ /etc/hosts ÈÀÏ¿¡ IP
ÁÖ¼Òµé°ú ¿ÏÀüÈ÷ ±â¼úµÈ µµ¸ÞÀÎ ¸í(Fully Qualified Domain Name:
FQDN)ÀÌ ¼³Á¤µÇ¾î ÀÖ´ÂÁö È®ÀÎÇÕ´Ï´Ù. ÀÌ°ÍÀÌ ÀÏ´Ü µÇ¾úÀ¸¸é,
SendmailÀ» Àç½ÃÀÛÇؼ ¼³Á¤ÈÀÏÀ» ´Ù½Ã ÀоîµéÀ̵µ·Ï ÇÕ´Ï´Ù. ÀÌ
³»¿ëÀº TrinityOS - Section 25
¿¡¼
´Ù·ç°í ÀÖ½À´Ï´Ù.
POP-3: ¾î¶² »ç¿ëÀÚµéÀº ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»ÅÍÀÇ POP-3
Ŭ¶óÀ̾ðÆ®µéÀÌ ¿ÜºÎÀÇ SMTP ¼¹ö¿¡ Á¢¼ÓÇϵµ·Ï ¼³Á¤ÇÕ´Ï´Ù. ÀÌ°Ç
±¦ÂúÁö¸¸, ¸¹Àº SMTP ¼¹öµéÀº Æ÷Æ® 113À¸·Î ¿©·¯ºÐÀÇ ¿¬°áÀ»
ÀÎÁõ(IDENT)ÇÏ°íÀÚ ÇÒ °ÍÀÔ´Ï´Ù. ¹®Á¦°¡ ¹ß»ýÇÏ´Â °ÍÀº, ´ëºÎºÐ ¿©·¯ºÐÀÇ
±âº» ¸¶½ºÄ¿·¹À̵å Á¤Ã¥ÀÌ DENYÀÎ °Í°ú °ü·ÃµÅ ÀÖ½À´Ï´Ù. ÀÌ°Ç ¹Ù¶÷Á÷ÇÏÁö
¾Ê½À´Ï´Ù. ÀÌ°ÍÀ» REJECT·Î ¼³Á¤ÇÏ°í rc.firewall Á¤Ã¥À» ´Ù½Ã
½ÇÇàÇϽʽÿä.
7.29. ³»ºÎÀÇ ¼·Î ´Ù¸¥ ¸¶½ºÄ¿·¹ÀÌµå ³×Æ®¿÷Àº °¢°¢ÀÇ ¿ÜºÎ IP ÁÖ¼Ò¸¦
ÅëÇؼ ³ª°¡µµ·Ï ÇÏ°í ½Í½À´Ï´Ù. (IPROUTE2)
¿©·¯ºÐÀÌ ´ÙÀ½°ú °°Àº ¹®Á¦¸¦ °¡Áö°í ÀÖ´Ù°í ÇսôÙ:
³»ºÎ LAN -----> °ø½Ä IP 192.168.1.x --> 123.123.123.11 192.168.2.x -->
123.123.123.12
¿©·¯ºÐÀº ¿ì¼±, IPFWADM°ú IPCHAINS´Â ¶ó¿ìÆà ½Ã½ºÅÛÀÌ ÆÐŶÀ» ¾îµð·Î º¸³¾
°ÍÀΰ¡¸¦ °áÁ¤ÇÑ *ÈÄ¿¡* ½ÇÇàµÈ´Ù´Â »ç½ÇÀ» ÀÌÇØÇØ¾ß ÇÕ´Ï´Ù. ÀÌ »ç½ÇÀº
¸ðµç IPFWADM/IPCHAINS/IPMASQ ¹®¼¿¡ Ä¿´Ù¸¥ ºÓÀº ±Û¾¾·Î µµÀåÀ» Âï¾î³ö¾ß
¸¶¶¥ÇÕ´Ï´Ù. ¿ì¼± ¶ó¿ìÆÃÀÌ Á¦´ë·Î µÇµµ·Ï ÇÏ°í ³ª¼ IPFWADM/IPCHAINS³ª
¸¶½ºÄ¿·¹À̵ùÀ» Ãß°¡ÇØ¾ß ÇÏ´Â °Ì´Ï´Ù.
À§ÀÇ °æ¿ì¿¡¼´Â, ¿ì¼± ¶ó¿ìÆà ½Ã½ºÅÛÀÌ 192.168.1.x·ÎºÎÅÍÀÇ ÆÐŶÀ»
123.123.123.11·Î, 192.168.2.x·ÎºÎÅÍÀÇ ÆÐŶÀ» 123.123.123.12·Î º¸³»µµ·Ï
¼³Á¤ÇØ¾ß ÇÕ´Ï´Ù. ÀÌ ÀÛ¾÷ÀÌ ¾î·Á¿î ÀÛ¾÷ÀÌ°í, ±× À§¿¡ ¸¶½ºÄ¿·¹À̵带
¼³Á¤ÇÏ´Â °ÍÀº ½±½À´Ï´Ù.
ÀÌ ÀÛ¾÷À» À§Çؼ IPROUTE2¸¦ »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù.
Primary FTP site is:
o ftp://ftp.inr.ac.ru/ip-routing
Mirrors are:
ftp://linux.wauug.org/pub/net
ftp://ftp.nc.ras.ru/pub/mirrors/ftp.inr.ac.ru/ip-routing/
ftp://ftp.gts.cz/MIRRORS/ftp.inr.ac.ru/
ftp://ftp.funet.fi/pub/mirrors/ftp.inr.ac.ru/ip-routing/ (STM1 to
USA) ftp://sunsite.icm.edu.pl/pub/Linux/iproute/
ftp://ftp.sunet.se/pub/Linux/ip-routing/
ftp://ftp.nvg.ntnu.no/pub/linux/ip-routing/
ftp://ftp.crc.ca/pub/systems/linux/ip-routing/ ftp://ftp.paname.org
(France) ftp://donlug.ua/pub/mirrors/ip-route/
ftp://omni.rk.tusur.ru/mirrors/ftp.inr.ac.ru/ip-routing/
RPMs are available at ftp://omni.rk.tusur.ru/Tango/ and at
ftp://ftp4.dgtu.donetsk.ua/pub/RedHat/Contrib-Donbass/KAD/
NOTE: The following instructions are given below ONLY because
currently there is very little documentation to the IPROUTE2 tool
available. Check out http://www.compendium.com.ar/policy-routing.txt
for the beginnings of a IPROUTE2 howto.
The "iprule" and "iproute" commands are the same as "ip rule" and "ip
route" commands (I prefer the former since it is easier to search
for.) All the commands below are completely untested, if they do not
work, please contact the author of IPROUTE2.. not David Ranch, Ambrose
Au, or anyone on the Masq email list as it has NOTHING to do with IP
Masquerading.
The first few commands only need to be done once at boot, say in
/etc/rc.d/rc.local file.
# Allow internal LANs to route to each other, no masq.
/sbin/iprule add from 192.168.0.0/16 to 192.168.0.0/16 table main pref 100
# All other traffic from 192.168.1.x is external, handle by table 101
/sbin/iprule add from 192.168.1.0/24 to 0/0 table 101 pref 102
# All other traffic from 192.168.2.x is external, handle by table 102
/sbin/iprule add from 192.168.2.0/24 to 0/0 table 102 pref 102
These commands need to be issued when eth0 is configured, perhaps in
/etc/sysconfig/network-scripts/ifup-post (for Redhat systems). Be sure to
do them by hand first to make sure they work.
# Table 101 forces all assigned packets out via 123.123.123.11
/sbin/iproute add table 101 via 62123.123.123.11
# Table 102 forces all assigned packets out via 123.123.123.12
/sbin/iproute add table 102 via 62123.123.123.12
At this stage, you should find that packets from 192.168.1.x to the
outside world are being routed via 123.123.123.11, packets from
192.168.2.x are routed via 123.123.123.12.
Once routing is correct, now you can add any IPFWADM or IPCHAINS rules.
The following examples are for IPCHAINS:
/sbin/ipchains -A forward -i ppp+ -j MASQ
If everything hangs together, the masq code will see packets being
routed out on 123.123.123.11 and 123.123.123.12 and will use those addresses
as the masq source address.
7.30. Why do the new 2.1.x and 2.2.x kernels use IPCHAINS instead of
IPFWADM?
IPCHAINS supports the following features that IPFWADM doesn't:
o "Quality of Service" (QoS support)
o A TREE style chains system vs. LINEAR system like IPFWADM (Eg.
this allows something like "if it is ppp0, jump to this chain
(which contains its own difference set of rules)"
o IPCHAINS is more flexible with configuration. For example, it has
the "replace" command (in addition to "insert" and "add"). You can
also negate rules (e.g. "discard any outbound packets that don't
come from my registered IP" so that you aren't the source of
spoofed attacks).
o IPCHAINS can filter any IP protocol explicitly, not just TCP, UDP,
ICMP
7.31. I've just upgraded to the 2.2.x kernels, why isn't IP Masquer
ade working?
There are several things you should check assuming your Linux IP Masq
box already have proper connection to the Internet and your LAN:
o Make sure you have the necessary features and modules are compiled
and loaded. See earlier sections for detail.
o Check /usr/src/linux/Documentation/Changes and make sure you have
the minimal requirement for the network tools installed.
o Make sure you followed all the tests in the ``'' section of the
HOWTO.
o You should use ipchains
to manipulate IP Masq and firewalling rules.
o The standard IPAUTOFW and IPPORTFW port forwarders have been
replaced by IPMASQADM . You'll
need to apply these patches to the kernel, re-compile the kernel,
compile the new IPMASQADM tool and then convert your old
IPAUTOFW/IPPORTFW firewall rulesets to the new syntax. This is
completely covered in the ``'' section.
o Go through all setup and configuration again! A lot of time it's
just a typo or a simple mistake you are overlooking.
7.32. I've just upgraded to a 2.0.36+ kernels later, why isn't IP
Masquerade working?
There are several things you should check assuming your Linux IP Masq
box already have proper connection to the Internet and your LAN:
o Make sure you have the necessary features and modules are compiled
and loaded. See earlier sections for detail.
o Check /usr/src/linux/Documentation/Changes and make sure you have
the minimal requirement for the network tools installed.
o Make sure you followed all the tests in the ``'' section of the
HOWTO.
o You should use ipfwadm to manipulate IP Masq
and firewalling rules. If you want to use IPCHAINS, you'll need to
apply a patch the 2.0.x kernels.
o Go through all setup and configuration again! A lot of time it's
just a typo or a simple mistake you overlooked.
7.33. I need help with EQL connections and IP Masq
EQL has nothing to do with IP Masq though they are commonly teamed up
on Linux boxes. Because of this, I recommend to check out the NEW
version of Robert Novak's EQL HOWTO for all your EQL needs.
7.34. I can't get IP Masquerade to work! What options do I have for
Windows Platforms?
Giving up a free, reliable, high performance solution that works on
minimal hardware and pay a fortune for something that needs more
hardware, lower performance and less reliable? (IMHO. And yes, I
have real life experience with these ;-)
Okay, it's your call. If you want a Windows NAT and/or proxy
solution, here is a decent listing. I have no preference of these
tools since I haven't used them before.
o Firesock (from the makers of Trumpet Winsock)
o Does Proxy
o http://www.trumpet.com.au
o Iproute
o DOS program designed to run on 286+ class computers
o requires another box like Linux MASQ
o http://www.mischler.com/iproute/
o Microsoft Proxy
o Requires Windows NT Server
o Quite expensive
o http://www.microsoft.com
o NAT32
o Windows 95/98/NT compatible
o http://www.nat32.com
o Roughly $25 for Win9x and $47 for Win9x and WinNT
o SyGate
o http://www.sygate.com
o Wingate
o Does proxy
o Costs roughly $30 for 2-3 IPs
o http://www.wingate.com
o Winroute
o Does NAT
o http://www.winroute.cz/en/
Lastly, do a web search on "MS Proxy Server", "Wingate", "WinProxy",
or goto www.winfiles.com . And definitely
DON'T tell anyone that we sent you.
7.35. I want to help on IP Masquerade development. What can I do?
Join the Linux IP Masquerading DEVELOPERS list and ask the developers
there what you can help with. For more details on joining the lists,
check out the ``'' FAQ section.
Please DON'T ask NON-IP-Masquerade development related questions
there!!!!
7.36. Where can I find more information on IP Masquerade?
You can find more information on IP Masquerade at the Linux IP
Masquerade Resource that both David Ranch and
Ambrose Au maintain.
You can also find more information at Dranch's Linux page
where
the TrinityOS and other Linux documents are kept.
You may also find more information at The Semi-Original Linux IP
Masquerading Web Site maintained by
Indyramp Consulting, who also provides the IP Masq mailing lists.
Lastly, you can look for specific questions in the IP MASQ and IP MASQ
DEV email archives or ask a specific question on these lists. Check
out the ``'' FAQ item for more details.
7.37. I want to translate this HOWTO to another language, what should
I do?
Make sure the language you want to translate to is not already covered
by someone else. But, most of the translated HOWTOs are now OLD and
need to be updated. A list of available HOWTO translations are
available at the Linux IP Masquerade Resource
.
If a copy of a current IP MASQ HOWTO isn't in your proposed language,
please download the newest copy of the IP-MASQ HOWTO SGML code from
the Linux IP Masquerade Resource . From
there, begin your work while maintaining good SGML coding. For more
help on SGML, check out www.sgmltools.org
7.38. This HOWTO seems out of date, are you still maintaining it?
Can you include more information on ...? Are there any plans for mak
ing this better?
Yes, this HOWTO is still being maintained. In the past, we've been
guilty of being too busy working on two jobs and don't have much time
to work on this, my apology. As of v1.50, David Ranch has begun to
revamp the document and get it current again.
If you think of a topic that could be included in the HOWTO, please
send email to ambrose@writeme.com and dranch@trinnet.net. It will be
even better if you can provide that information. We will then include
the information into the HOWTO once it is both found appropriate and
tested. Many thanks for your contributions!
We have a lot of new ideas and plans for improving the HOWTO, such as
case studies that will cover different network setup involving IP
Masquerade, more on security via strong IPFWADM/IPCHAINS firewall
rulesets, IPCHAINS usage, more FAQ entries, etc. If you think you can
help, please do! Thanks.
7.39. I got IP Masquerade working, it's great! I want to thank you
guys, what can I do?
o Can you translate the newer version of the HOWTO to another
language?
o Thank the developers and appreciate the time and effort they spent
on this.
o Join the IP Masquerade email list and support new MASQ users
o Send an email to us and let us know how happy you are
o Introduce other people to Linux and help them when they have
problems.
8. ±âŸ »çÇ×µé
8.1. À¯¿ëÇÑ ÀÚ·áµé
o IP Masquerade Resource page ¿¡¼ 2.0.x,
2.2.x, ½ÉÁö¾î ¿À·¡µÈ 1.2 Ä¿³Î¿¡¼ IP ¸¶½ºÄ¿·¹À̵带 ¼³Á¤Çϱâ À§ÇÑ
ÇöÀçÀÇ Á¤º¸µéÀ» Á¦°øÇÑ´Ù.
o IP Masquerade mailing list Archives
¿¡¼ ¸ÞÀϸµ ¸®½ºÆ®¿¡ º¸³»Áø
ÃÖ±ÙÀÇ ¸Þ½ÃÁöµéÀ» Á¦°øÇÑ´Ù.
o David Ranch's Linux page including the TrinityOS Linux document and
current versions of the IP-MASQ-HOWTO.
. IP
¸¶½ºÄ¿·¹À̵å, °·ÂÇÑ IPFWADM/IPCHAINS Á¤Ã¥µé, PPP, Diald, ÄÉÀ̺í
¸ðµ©, DNS, Sendmail, Samba, NFS, º¸¾È, ±âŸ µîµî¿¡ °üÇÑ Á¤º¸µéÀ»
´Ù·é´Ù.
o IP Masquerading Applications page
: Linux IP ¸¶½ºÄ¿·¹À̵ù ¼¹ö¸¦
ÅëÇؼ µ¿ÀÛÇϰųª ȤÀº µ¿ÀÛÇϵµ·Ï Á¶Á¤µÉ ¼ö ÀÖ´Â ÀÀ¿ëÇÁ·Î±×·¥µéÀÇ
¸ñ·Ï.
o MkLinux¿¡¼ IP ¸¶½ºÄ¿·¹À̵带 ¼³Á¤Çϱ⠿øÇÏ´Â »ç¶÷µéÀº, Taro
Fukunaga¿¡°Ô tarozax@earthlink.net·Î À̸ÞÀÏÀ» º¸³»¼ ÀÌ ÇÏ¿ìÅõ¿Í
ºñ½ÁÇÑ ³»¿ëÀÇ °£´ÜÇÑ ¹®¼¸¦ ¾òÀ» ¼ö ÀÖ´Ù.
o IP masquerade FAQ
¿¡¼ ¸î°¡Áö
ÀϹÝÀûÀÎ Á¤º¸µéÀ» Á¦°øÇÑ´Ù.
o Paul RusselÀÇ http://www.rustcorp.com/linux/ipchains/ÀÇ ¹®¼µé°ú
ȤÀº ±× ¹é¾÷º»À» Linux IPCHAINS HOWTO¿¡¼ ¾òÀ» ¼ö ÀÖ´Ù. ÀÌ
ÇÏ¿ìÅõ´Â IPCHAINS¸¦ »ç¿ëÇÏ´Â µ¥ °ü·ÃÇÑ ¸¹Àº Á¤º¸µéÀ» ´ã°í ÀÖÀ¸¸ç,
ipchains µµ±¸ÀÇ ¼Ò½º¿Í ½ÇÇàÈÀϵµ ¾òÀ» ¼ö ÀÖ´Ù.
o X/OS Ipfwadm page ¿¡¼ ipfwadm
ÆÐÅ°Áö¿¡ °üÇÑ Á¤º¸µé°ú ±× ¼Ò½º, ½ÇÇàÈÀÏ, ¹®¼µéÀ» ¾òÀ» ¼ö ÀÖ´Ù.
o °·ÂÇÑ ¹æȺ® Á¤Ã¥¿¡ °üÇÑ ¾öû³ ¾çÀÇ ÀÚ·áµéÀ» GreatCircle's
Firewall mailing list¿¡¼ ¾òÀ» ¼ö ÀÖ´Ù.
o LDP Network Administrator's Guide
´Â ³×Æ®¿÷À» ¼³Á¤ÇÏ°íÀÚ
ÇÏ´Â Ãʺ¸ Linux °ü¸®ÀÚµéÀ» À§ÇÑ °ÍÀÌ´Ù.
o Linux NET-3 HOWTO
µµ Linux
³×Æ®¿öÅ·À» ¼³Á¤ÇÏ°í ±¸¼ºÇÏ´Â °Í¿¡ °üÇÑ Ãæ½ÇÇÑ ¹®¼ÀÌ´Ù.
o Linux ISP Hookup HOWTO ¿Í Linux PPP HOWTO
¿¡¼ Linux
È£½ºÆ®¸¦ ÀÎÅͳݿ¡ ¿¬°áÇÏ´Â °Í¿¡ °üÇÑ Á¤º¸µéÀ» ¾òÀ» ¼ö ÀÖ´Ù.
o Linux Ethernet-Howto ´Â Ethernet(ÀÌ´õ³Ý)À» ÅëÇؼ LANÀ» ±¸¼ºÇÏ´Â ¹æ¹ý¿¡ °üÇÑ
ÁÁÀº Á¤º¸µéÀ» Á¦°øÇÑ´Ù.
o Linux Firewalling and Proxy Server HOWTO
¿¡¼µµ Èï¹Ì
ÀÖ´Â Á¤º¸¸¦ ¾òÀ» ¼ö ÀÖ´Ù.
o Linux Kernel HOWTO °¡ Ä¿³Î ÄÄÆÄÀÏ °úÁ¤¿¡ ´ëÇÑ ¾È³»°¡ µÉ °ÍÀÌ´Ù.
o Linux HOWTOs .
Ä¿³Î ÇÏ¿ìÅõ¿Í °°Àº ±âŸÀÇ ÇÏ¿ìÅõ ¹®¼µé.
o À¯Áî³Ý ´º½º±×·ìÀ¸·Îµµ Æ÷½ºÆÃÀ» ÇÒ ¼ö ÀÖ´Ù: comp.os.linux.networking
8.2. Linux IP ¸¶½ºÄ¿·¹À̵å ÀÚ·á(Linux IP Masquerade Resource)
Linux IP Masquerade Resource Àº David Ranch¿Í
Ambrose Au°¡ °ü¸®ÇÏ°í Linux IP ¸¶½ºÄ¿·¹À̵忡 °ü·ÃÇÑ Á¤º¸¸¦ Á¦°øÇÏ´Â
À¥»çÀÌÆ®ÀÌ´Ù. IP ¸¶½ºÄ¿·¹À̵忡 °üÇöÇÑ °¡Àå ÃÖ½ÅÀÇ Á¤º¸¸¦ Á¦°øÇϸç,
ÇÏ¿ìÅõ¿¡ Æ÷ÇÔµÇÁö ¾ÊÀº Á¤º¸µéµµ Á¦°øÇÑ´Ù.
´ÙÀ½ÀÇ À§Ä¡¿¡¼ Linux IP ¸¶½ºÄ¿·¹À̵å ÀÚ·á(Linux IP Masquerade
Resource)¸¦ ãÀ» ¼ö ÀÖÀ» °ÍÀÌ´Ù:
o http://ipmasq.cjb.net/, ÁÖ »çÀÌÆ®, http://ipmasq.cjb.net/·Î ¿¬°áµÉ
°ÍÀÌ´Ù.
o http://ipmasq2.cjb.net/, º¸Á¶ »çÀÌÆ®,
http://www.geocities.com/SiliconValley/Heights/2288/·Î ¿¬°áµÉ
°ÍÀÌ´Ù.
8.3. °¨»ç¸¦ µå·Á¾ß ÇÒ »ç¶÷µé..
¾ËÆĺª ¼ø:
o Gabriel Beitler, gabrielb@voicenet.com
¼½¼Ç 3.3.8 (Novell ¼³Á¤) ÀÛ¼º.
o Juan Jose Ciarlante, irriga@impsat1.com.ar
IPMASQADM Æ÷Æ® Æ÷¿öµù µµ±¸ ÀÛ¼º¿¡ ±â¿©, 2.1.x¿Í 2.2.x Ä¿³Î ÄÚµå¿Í
¿ø·¡ÀÇ LooseUDP ÆÐÄ¡ ÀÛ¼º¿¡ ±â¿©, ±âŸ µîµî.
o Steven Clarke, steven@monmouth.demon.co.uk
IPPORTFW IP Æ÷¿öµù µµ±¸ ÀÛ¼º.
o Andrew Deryabin, djsf@usa.net
ICQ ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâ ÀÛ¼º.
o Ed Doolittle, dolittle@math.toronto.edu
ipfwadm ¸í·É¿¡¼ º¸¾ÈÀ» ³ôÀ̱â À§ÇØ -V ¿É¼ÇÀ» »ç¿ëÇÒ °ÍÀ» Á¦¾È.
o Matthew Driver, mdriver@cfmeu.asn.au
ÀÌ ÇÏ¿ìÅõ¿¡ ´ëÇÑ È¹±âÀûÀÎ µµ¿ò, ¼½¼Ç 3.3.1 (Windows 95 ¼³Á¤) ÀÛ¼º.
o Ken Eves, ken@eves.com
ÀÌ ÇÏ¿ìÅõ¿¡ °ªÀ¸·Î µûÁú ¼ö ¾ø´Â Á¤º¸¸¦ Á¦°øÇÑ FAQ ÀÛ¼º.
o John Hardin, jhardin@wolfenet.com
PPTP¿Í IPSEC Æ÷¿öµù µµ±¸.
o Glenn Lamb, mumford@netcom.com
LooseUDP ÆÐÄ¡.
o Ed. Lott, edlott@neosoft.com
½ÃÇèµÈ ½Ã½ºÅÛ°ú ¼ÒÇÁÆ®¿þ¾îµéÀÇ ¸ñ·Ï.
o Nigel Metheringham, Nigel.Metheringham@theplanet.net
±× ÀÚ½ÅÀÇ IP ÆÐŶ ÇÊÅ͸µ°ú IP ¸¶½ºÄ¿·¹À̵ù ÇÏ¿ìÅõ ÀÛ¼º, ÀÌ ¹®¼·Î
ÀÎÇؼ ÀÌ ÇÏ¿ìÅõ°¡ ´õ ÁÁÀº ÇÏ¿ìÅõ°¡ µÇ·Î·Ï ÇßÀ¸¸ç ±â¼úÀûÀ¸·Î ½Éµµ
ÀÖµµ·Ï Çß´Ù.
¼½¼Ç 4.1, 4.2¿Í ±×¿Ü ´Ù¸¥ ºÎºÐµé ÀÛ¼º.
o Keith Owens, kaos@ocs.com.au
¼½¼Ç 4.2¿¡¼ ipfwadm¿¡ ´ëÇÑ ÈǸ¢ÇÑ ¾È³»¸¦ Á¦°ø.
ipfwadm -deny ¿É¼ÇÀÌ º¸¾È ±¸¸ÛÀ» ¸·À» ¼ö ÀÖ°í IP ¸¶½ºÄ¿·¹À̵带
ÅëÇؼ pingÀ» ÇÒ ¶§ ¸í·áÇÑ °á°ú¸¦ ¾òÀ» ¼ö ÀÖÀ½À» ÁöÀû.
o Michael Owings, mikey@swampgas.com
CU-SeeMe¿¡ °üÇÑ ¼½¼Ç°ú Linux IP ¸¶½ºÄ¿·¹À̵å Teeny ÇÏ¿ìÅõ ÀÛ¼º
o Rob Pelkey, rpelkey@abacus.bates.edu
¼½¼Ç 3.3.6°ú 3.3.7 (MacTCP¿Í Open Transport ¼³Á¤) ÀÛ¼º
o Harish Pillay, h.pillay@ieee.org
¼½¼Ç 4.5 (Diald¸¦ ÀÌ¿ëÇÑ ÀüÈ Á¢¼Ó) ÀÛ¼º
o Mark Purcell, purcell@rmcs.cranfield.ac.uk
¼½¼Ç 4.6 (IPautofw) ÀÛ¼º
o David Ranch, dranch@trinnet.net
ÀÌ ÇÏ¿ìÅõ¿Í Linux ¸¶½ºÄ¿·¹À̵å ÀÚ·á(Linux IP Masquerade Resource),
±×¸®°í TrinityOS ¹®¼¸¦ ¾÷µ¥ÀÌÆ®ÇÏ°í À¯ÁöÇÏ´Â °ÍÀ» µµ¿ò , ...,
¿©±â¿¡ ¿°ÅÇÒ ¼ö ¾øÀ» ¸¸Å ¸¹Àº µµ¿òÀ» ÁÜ :-)
o Paul Russell, rusty@rustcorp.com.au
IP CHAINS, IP ¸¶½ºÄ¿·¹À̵å Ä¿³Î ÆÐÄ¡¿Í ±×¿ÜÀÇ ¸ðµç ±â¿©
o Ueli Rutishauser, rutish@ibm.net
¼½¼Ç 3.3.9 (OS/2 Warp ¼³Á¤) ÀÛ¼º
o Steve Grevemeyer, seg@cylexsys.com
Lee Nevo·ÎºÎÅÍÀÇ IP ¸¶½ºÄ¿·¹À̵å ÀÀ¿ëÇÁ·Î±×·¥ ÆäÀÌÁö¸¦ ³Ñ°Ü¹Þ¾Æ¼
dzºÎÇÑ µ¥ÀÌÅͺ£À̽º·Î ¸¸µê.
o Fred Viles, fv@episupport.com
o John B. (Brent) Williams, forerunner@mercury.net
¼½¼Ç 3.3.7 (Open Transport ¼³Á¤) ÀÛ¼º
o Enrique Pessoa Xavier, enrique@labma.ufrj.br
BOOTp ¼³Á¤¿¡ ´ëÇÑ Á¦¾È
o IP ¸¶½ºÄ¿·¹ÀÌµå ¸ÞÀϸµ ¸®½ºÆ®ÀÇ ¸ðµç »ç¶÷µé,
masq@tiffany.indyramp.com
»õ·Î¿î Linux ¸¶½ºÄ¿·¹ÀÌµå »ç¿ëÀÚµéÀ» µ½°í Áö¿øÇØ ÁØ °Í.
o ±×¿Ü ´Ù¸¥ IP ¸¶½ºÄ¿·¹À̵åÀÇ ÄÚµå¿Í ¹®¼ ÀÛ¾÷ÀÚµéÀÌ ¸¸µç ÀÌ ¾öû³
ÀÛ¾÷¿¡ ´ëÇؼ °¨»ç
o Delian Delchev, delian@wfpa.acad.bg
o David DeSimone (FuzzyFox), fox@dallas.net
o Jeanette Pauline Middelink, middelin@polyware.iaf.nl
o Miquel van Smoorenburg, miquels@q.cistron.nl
o Jos Vos, jos@xos.nl
o ±×¸®°í ±×¿Ü¿¡ ½Ç¼ö·Î ºüÆ®·ÈÀ» ¸¹Àº »ç¶÷µé (¾Ë·ÁÁÖ±â
¹Ù¶ø´Ï´Ù)
o ¸ÞÀϸµ ¸®½ºÆ®·Î ÀÇ°ßÀ» º¸³»ÁØ ¸ðµç »ç¿ëÀÚµé, ƯÈ÷ ¹®¼¿¡¼ Ʋ¸°
Á¡À» ÁöÀûÇØ ÁØ ºÐµé°ú ¾î¶² Ŭ¶óÀ̾ðÆ®°¡ Áö¿øÀÌ µÇ´ÂÁö ¾È µÇ´ÂÁö
¾Ë·ÁÁØ ºÐµé
o ¿ì¸®°¡ Áß¿äÇÑ À̸§µéÀ» ºüÆ®·È°Å³ª, ¶Ç´Â µ¿·á »ç¿ëÀÚµéÀÌ º¸³»ÁØ
Á¤º¸¸¦ ¾ÆÁ÷ Æ÷ÇÔ½ÃÅ°Áö ¾Ê¾Ò´Ù¸é Á˼ÛÇÕ´Ï´Ù. ¿ì¸®¿¡°Ô º¸³»Á® ¿Â ¾ÆÁÖ
¸¹Àº ¾çÀÇ Á¦¾È°ú ¾ÆÀ̵ð¾î°¡ ÀÖÁö¸¸ À̰͵éÀ» °ËÁõÇÏ°í º¯°æ »çÇ×À»
À籸¼ºÇÒ ½Ã°£ÀÌ ºÎÁ·ÇÕ´Ï´Ù. º¸ÀçÁ® ¿Â ¸ðµç Á¤º¸µéÀ» ÀÌ ÇÏ¿ìÅõ¿¡
Æ÷ÇÔ½ÃÅ°±â À§Çؼ Ambrose Au¿Í David Ranch ¸ðµÎ ÃÖ¼±À» ´ÙÇÏ°í
ÀÖ½À´Ï´Ù. ¿©·¯ºÐÀÇ ³ë·Â¿¡ °¨»çµå¸®°í, ¿©·¯ºÐÀÌ ¿ì¸®ÀÇ ÀÔÀåÀ» ÀÌÇØÇØ
ÁÖ¼ÌÀ¸¸é ÇÕ´Ï´Ù.
8.4. Âü°íÇÑ ÀÚ·á
o Ken Eves°¡ ¸¸µç ¿ø·¡ÀÇ IP ¸¶½ºÄ¿·¹À̵å FAQ
o Indyramp ConsultingÀÌ ¸¸µç IP ¸¶½ºÄ¿·¹ÀÌµå ¸ÞÀϸµ ¸®½ºÆ® archive
o Ambrose Au°¡ ¸¸µç IP ¸¶½ºÄ¿·¹À̵å À¥ »çÀÌÆ®
o X/OS°¡ ¸¸µç Ipfwadm ÆäÀÌÁö
o ±×¿Ü ³×Æ®¿÷¿¡ °ü·ÃµÈ ¿©·¯°¡Áö Linux ÇÏ¿ìÅõµé
o David Ranch°¡ ¸¸µç TrinityOS¿¡¼ ¾ð±ÞµÈ ¸î°¡Áö ÁÖÁ¦µé
8.5. Changes
o TO do - HOWTO:
o Add the scripted IPMASQADM example to the Forwarders section. Also
confirm the syntax.
o Add a little section on having multiple subnets behind a MASQ
server
o Confirm the IPCHAINS ruleset and make sure it is consistant with
the IPFWADM ruleset
TO DO - WWW page:
o Update all PPTP urls from lowrent to
ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html
o Update the PPTP patch on the masq site
o Update the portfw FTP patch
Changes from 1.78 to 1.79 - 10/21/99
o Updated the HOWTO name to reflect that it isn't a MINI anymore!
Changes from 1.77 to 1.78 - 8/24/99
o Fixed a typeo in "Section 6.6 - Multiple Internal Networks" where
the -a policy was ommited.
o Deleted the 2.2.x kernel configure option "Drop source routed
frames" since it is now enabled by default and the kernel compile
option was removed.
o Updated the 2.2.x and all other IPCHAINS sections to notify users
of the IPCHAINS fragmentation bug.
o Updated all the URLs point at Lee Nevo's old IP Masq Applications
page to Seg's new page.
Changes from 1.76 to 1.77 - 7/26/99
o Fixed a typo in the Port fowarding section that used "ipmasqadm
ipportfw -C" instead of "ipmasqadm portfw -f"
Changes from 1.75 to 1.76 - 7/19/99
o Updated the "ipfwadm: setsockopt failed: Protocol not available"
message in the FAQ to be more clear instead of making the user hunt
for the answer in the Forwarders section.
o Fixed incorrect syntax in section 6.7 for IPMASQADM and "portfw"
Changes from 1.72 to 1.75 - 6/19/99
o Fixed the quake module port setup order for the weak IPFWADM &
IPCHAINS ruleset and the strong IPFWADM ruleset as well.
o Added a user report about port forwarding ICQ 4000 directly in and
using ICQ's default settings WITHOUT enabling the "Non-Sock" proxy
setup.
o Updated the URLs for the IPMASQADM tool
o Added references to Taro Fukunaga, tarozax@earthlink.net for his
MkLinux port of the HOWTO
o Updated the blurb about Sonny Parlin's FWCONFIG tool to note new
IPCHAINS support
o Noted that Fred Vile's patch for portfw'ed FTP access is ONLY
available for the 2.0.x kernels
o Updated the 2.2.x kernel step with a few clarifications on the
Experiemental tag
o Added Glen Lamb's name to the credits for the LooseUDP patch
o Added a clarification on installing the LooseUDP patch that it
should use "cat" for non-compressed patches.
o Fixed a typo in the IPAUTO FAQ section
o I had the DHCP client port numbers reversed for the IPFWADM and
IPCHAINS rulesets. The order I had was if your Linux server was a
DHCP SERVER.
o Added explict /sbin path to all weak and strong ruleset examples.
o Made some clarifications in the strong IPFWADM section regarding
Dynamic IP addresses for PPP and DHCP users. I also noted that the
strong rulesets should be re-run when PPP comes up or when a DHCP
lease is renewed.
o Added reference in the 2.2.x requirements, updated the ICQ FAQ
section, and added Andrew Deryabin to credits section for his ICQ
MASQ module.
o Added some clarifcation in the FAQ section why the 2.1.x and 2.2.x
kernels went to IPCHAINS.
o Added a little FAQ section on Microsoft File/Print/Domain services
(Samba) through a MASQ server. I also added a URL to a Microsoft
Knowledge base document for more details.
o Added clarification in the FAQ section that NO Debian distribution
supports IP masq out of the box.
o Updated the supported MASQ distributions in the FAQ section.
o Added to the Aliased NIC section of the FAQ that you CANNOT masq
out of an aliased interface.
o Wow.. never caught this before but the "ppp-ip" variable in the
strong ruleset section is an invalid variable name! It has been
renamed to "ppp_ip"
o In both the IPFWADM and IPCHAINS simple ruleset setup areas, I had
a commented out section on enabling DHCP traffic. Problem is, it
was below the final reject line! Doh! I moved both up a section.
o In the simple IPCHAINS setup, the #ed out line for DHCP users, I
was using the IPFWADM "-W" command instead of IPCHAINS's "-i"
parameter.
o Added a little blurb to the Forwarders section the resolution to
the famous "ipfwadm: setsockopt failed: Protocol not available"
error. This also includes a little /proc test to let people
confirm if IPPORTFW is enabled in the kernel. I also added this
error to a FAQ section for simple searching.
o Added a Strong IPCHAINS ruleset to the HOWTO
o Added a FAQ section explaining the "kernel: ip_masq_new(proto=UDP):
no free ports." error.
o Added an example of scripting IPMASQADM PORTFW rules
o Updated a few of the Linux Documentation Project (LDP) URLs
o Added Quake III support in the module loading sections of all the
rc.firewall rulesets.
o Fixed the IPMASQADM forwards for ICQ
o 1.72 - 4/14/99 - Dranch: Added a large list of Windows NAT/Proxy
alternatives with rough pricing and URLs to the FAQ.
o 1.71 - 4/13/99 - Dranch: Added IPCHAINS setups for multiple
internal MASQed networks. Changed the ICQ setup to use ICQ's
default 60 second timeout and change IPFWADM/IPCHAINS timeout to
160 seconds. Updated the MASQ and MASQ-DEV email list and archive
subscription instructions.
o 1.70 - 3/30/99 - Dranch: Added two new FAQ sections that cover
SMTP/POP-3 timeout problems and how to masquerade multiple internal
networks out different external IP addresses with IPROUTE2.
o 1.65 - 3/29/99 - Dranch: Typo fixes, clarifications of required
2.2.x kernel options, added dynamic PPP IP address support to the
strong firewall section, additional quake II module ports, noted
that the LooseUDP patch is built into later 2.2.x kernels and its
from Glenn Lamb and not Dan Kegel, added more game info in the
compatibility section.
o 1.62 - Dranch: Make the final first-draft changes to the doc and
now announce it the the MASQ email list.
o 1.61 - Dranch: Make editorial changes, cleaned things up and fixed
some errors in the Windows95 and NT setups.
o 1.58 - Dranch: Addition of the port forwarding sections; LooseUDP
setup; Ident servers for IRC users, how to read firewall logs,
deleted the CuSeeme Mini-HOWTO since it is rarely used.
o 1.55 - Dranch: Complete overhaul, feature and FAQ addition, and
editing sweep of the v1.50 HOWTO. Completed the 2.2.x kernel and
IPCHAINS configurations. Did a conversion from IPAUTOFW to
IPPORTFW for the examples that applied. Added many URLs to various
other documentation and utility sites. There are so many changes..
I hope everyone likes it. Final publishing of this new rev of the
HOWTO to the LDP project won't happen until the doc is looked over
and approved by the IP MASQ email list (then v2.00).
o 1.50 - Ambrose: A serious update to the HOWTO and the initial
addition of the 2.2.0 and IPCHAINS configurations.
o 1.20 - Ambrose: One of the more recent HOWTO versions that solely
dealt with < 2.0.x kernels and IPFWADM.