´ÙÀ½ ÀÌÀü Â÷·Ê

3. IP ¸¶½ºÄ¿·¹ÀÌµå ¼³Á¤

¸¸¾à ´ç½ÅÀÇ ³×Æ®¿÷¿¡ Áß¿äÇÑ Á¤º¸°¡ ÀÖ´Ù¸é, IP ¸¶½ºÄ¿·¹À̵带 ±¸ÇöÇϱâ ÀÌÀü¿¡ "º¸¾È"À̶ó´Â °ÍÀ» »ý°¢ÇØ º¸±æ ¹Ù¶õ´Ù. ±âº»ÀûÀ¸·Î, IP MASQ´Â ´ç½ÅÀÌ ÀÎÅͳݿ¡ ¿¬°áÇÒ ¼ö ÀÖµµ·Ï ÇÏ´Â Åë·ÎÀÌÁö¸¸, ÀÎÅͳݻóÀÇ ´©±º°¡°¡ ´ç½ÅÀÇ ³»ºÎ ³×Æ®¿÷À¸·Î µé¾î¿À´Â Åë·Î°¡ µÉ ¼öµµ ÀÖ´Ù.

ÀÏ´Ü IP MASQ°¡ µ¿ÀÛÇÏ°Ô µÇ¸é, IPFWADM/IPCHAINS ¹æÈ­º®¿¡ ¸Å¿ì °­·ÂÇÑ Á¤Ã¥(ruleset)À» »ç¿ëÇÒ °ÍÀ» °­·ÂÈ÷ ±Ç°íÇÑ´Ù. ´õ ÀÚ¼¼ÇÑ Á¤º¸´Â Strong-IPFWADM-Rulesets °ú Strong-IPCHAINS-Rulesets ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.

3.1 Ä¿³Î¿¡¼­ IP ¸¶½ºÄ¿·¹À̵带 Áö¿øÇϵµ·Ï ÄÄÆÄÀÏ Çϱâ

¸¸¾à ´ç½ÅÀÇ ¸®´ª½º ¹èÆ÷º»ÀÌ ´ÙÀ½Ç׸ñµéÀ» Áö¿øÇϵµ·Ï ÄÄÆÄÀÏ µÇ¾îÁ® ÀÖ°í ¸¶½ºÄ¿·¹À̵忡 °ü°èµÈ ¸ðµâµéÀÌ ÄÄÆÄÀϵǾ Á¦°øµÇ°í ÀÖ´Ù¸é Ä¿³Î ÄÄÆÄÀÏÀ» ÇÒ ÇÊ¿ä°¡ ¾ø´Ù(´ëºÎºÐÀÇ ¹èÆ÷º»¿¡ Æ÷ÇԵǾî ÀÖÀ» °ÍÀÌ´Ù.): ´ç½ÅÀÇ ¹èÆ÷º»ÀÌ ¸¶½ºÄ¿·¹À̵带 Áö¿øÇÏ´ÂÁö È®½ÇÇÏÁö ¾Ê´Ù¸é, MASQ-supported-Distributions ¼½¼ÇÀ̳ª IP Masquerade Resource ¿¡¼­ ÀÚ¼¼ÇÑ »çÇ×À» È®ÀÎÇÒ ¼ö ÀÖ´Ù. ´ç½ÅÀÇ ÆÐÆ÷º»ÀÌ IP ¸¶½ºÄ¿·¹À̵ùÀ» Áö¿øÇÏ´ÂÁö ¾Ë ¼ö°¡ ¾ø´Ù¸é, Áö¿øÇÏÁö ¾Ê´Â´Ù°í »ý°¢ÇÏ°í ´ÙÀ½ ´Ü°è·Î ³Ñ¾î°¡¶ó.

Áö¿øÇϵµ·Ï µÇ¾î ÀÖµçÁö ¾Æ´ÏµçÁö »ó°ü¾øÀÌ, ÀÌ ¼½¼Ç¿¡´Â ´Ù¸¥ À¯¿ëÇÑ Á¤º¸µéÀÌ ¸¹ÀÌ ÀÖÀ¸¹Ç·Î ÀоîµÎ±â¸¦ ±ÇÀåÇÑ´Ù.

¸®´ª½º 2.0.x Ä¿³Î

ÇÊ¿äÇÑ ¼ÒÇÁÆ®¿þ¾î¿Í ÆÐÄ¡ µîÀº 2.0.x-Requirements ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. 

  * Prompt for development and/or incomplete code/drivers (CONFIG_EXPERIMENTAL) [Y/n/?]
    - YES: ÀÌ·¸°Ô ÇØ¾ß ³ªÁß¿¡ IP ¸¶½ºÄ¿·¹ÀÌµå ±â´ÉÀ» ¼±ÅÃÇÒ ¼ö ÀÖ´Ù.

  * Enable loadable module support (CONFIG_MODULES) [Y/n/?]
    - YES: IP ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâµéÀ» ÀûÀçÇÒ ¼ö ÀÖµµ·Ï ÇÑ´Ù.

  * Networking support (CONFIG_NET) [Y/n/?]
    - YES: ³×Æ®¿÷À» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù.

  * Network firewalls (CONFIG_FIREWALL) [Y/n/?]
    - YES: IPFWADM ¹æÈ­º®À» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù.

  * TCP/IP networking (CONFIG_INET)
    - YES: TCP/IP ÇÁ·ÎÅäÄÝÀ» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù.

  * IP: forwarding/gatewaying (CONFIG_IP_FORWARD)
    - YES: ¸®´ª½º ³×Æ®¿÷ ÆÐŶ Æ÷¿öµù°ú ¶ó¿ìÆÃÀ» °¡´ÉÇÏ°Ô ÇÑ´Ù. 
           - IPFWADM ¿¡ ÀÇÇؼ­ Á¦¾îµÈ´Ù.

  * IP: syn cookies (CONFIG_SYN_COOKIES) [Y/n/?]
    - YES: ±âº»ÀûÀÎ ³×Æ®¿÷ º¸¾ÈÀ» À§Çؼ­ °­·ÂÈ÷ ±ÇÀåÇÑ´Ù.

  * IP: firewalling (CONFIG_IP_FIREWALL) [Y/n/?]
    - YES: ¹æÈ­º® ±â´ÉÀ» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù.

  * IP: firewall packet logging (CONFIG_IP_FIREWALL_VERBOSE) [Y/n/?]
    - YES: (²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸ °­·ÂÈ÷ ±ÇÀå):  ¹æÈ­º®ÀÇ Á¢±Ù ±â·ÏÀ» ³²±æ ¼ö 
           ÀÖµµ·Ï ÇÑ´Ù.

  * IP: masquerading (CONFIG_IP_MASQUERADE [Y/n/?]
    - YES: IP ¸¶½ºÄ¿·¹À̵ù ±â´ÉÀ» »ç¿ëÇÏ¿© ³»ºÎ ³×Æ®¿÷ÀÇ Æ¯Á¤ ÁּҷκÎÅÍÀÇ 
           ÆÐŶÀ» ÁÖ¼Ò¸¦ º¯°æÇÏ¿© ¿ÜºÎÀÇ TCP/IP³×Æ®¿÷À¸·Î ³»º¸³»°Ô ÇÑ´Ù.

  * IP: ipautofw masquerade support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_IPAUTOFW) [Y/n/?]
    - NO:  IPautofw Àº TCP/IP Æ÷Å並 Æ÷¿öµùÇÏ´Â ±¸½Ã´ëÀûÀÎ ¹æ¹ýÀÌ´Ù. ¹°·Ð 
           ÀÛµ¿Çϱâ´Â ÇÏÁö¸¸, IPPORTFW °¡ ´õ ³ªÀº ¹æ¹ýÀÌ´Ù. ±×·¯¹Ç·Î IPAUTOFWÀº 
           ÃßõÇÏÁö ¾Ê´Â´Ù.

  * IP: ipportfw masq support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_IPPORTFW) [Y/n/?]
    - YES: ÀÌ ¿É¼ÇÀ» 2.0.x Ä¿³Î¿¡¼­ »ç¿ëÇϱâ À§Çؼ­´Â ÆÐÄ¡¸¦ ÇØ¾ß ÇÑ´Ù. 

           ÀÌ ¿É¼ÇÀ» ¼³Á¤Çϸé, ÀÎÅͳݿ¡ ÀÖ´Â ¿ÜºÎ ÄÄÇ»ÅÍ°¡ ¸¶½ºÄ¿·¹À̵åµÈ 
           ³»ºÎÀÇ Æ¯Á¤ ÄÄÇ»ÅÍ·Î Á÷Á¢ ¿¬°áÇÒ ¼ö ÀÖ°Ô µÈ´Ù. ÀÌ ±â´ÉÀº Åë»óÀûÀ¸·Î
           ³»ºÎÀÇ SMTP, TELNET, WWW ¼­¹ö¿¡ Á¢±ÙÇÏ´Â µ¥ »ç¿ëµÈ´Ù. FTP Æ÷Æ® 
           Æ÷¿öµùÀ» Çϱâ À§Çؼ­´Â FAQ¼½¼Ç¿¡ ¾ð±ÞµÇ¾î ÀÖ´Â Ãß°¡ÀûÀÎ ÆÐÄ¡¸¦ Àû¿ë
           ÇØ¾ß ÇÑ´Ù. Æ÷Æ® Æ÷¿öµù¿¡ ´ëÇÑ Ãß°¡ÀûÀÎ Á¤º¸´Â ÀÌ HOWTOÀÇ 
           Forwards ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.

  * IP: ICMP masquerading (CONFIG_IP_MASQUERADE_ICMP) [Y/n/?]
    - YES: ICMP ÆÐŶÀ» ¸¶½ºÄ¿·¹À̵ùÇÒ ¼ö ÀÖµµ·Ï ÇÑ´Ù. ²À ÇÊ¿äÇÏÁö ¾ÊÀ» ¼öµµ
           ÀÖÀ¸³ª, ICMP Áö¿ø ¾øÀÌ´Â ¸¹Àº ÇÁ·Î±×·¥µéÀÌ Á¦´ë·Î µ¿ÀÛÇÏÁö ¾ÊÀ» 
           ¼ö ÀÖ´Ù.

  * IP: loose UDP port managing (EXPERIMENTAL) (CONFIG_IP_MASQ_LOOSE_UDP) [Y/n/?]
    - YES: ÀÌ ¿É¼ÇÀ» 2.0.x Ä¿³Î¿¡¼­ »ç¿ëÇϱâ À§Çؼ­´Â ÆÐÄ¡¸¦ ÇØ¾ß ÇÑ´Ù. 

           ÀÌ ¿É¼ÇÀ» ÅëÇؼ­, ³»ºÎÀÇ ÄÄÇ»Å͵鿡¼­ NAT¿Í °°Àº ½ÄÀ¸·Î ÀÛµ¿ÇÏ´Â
           ³×Æ®¿÷ °ÔÀÓµéÀ» ÀÎÅͳÝÀ» ÅëÇØ Áñ±æ ¼ö ÀÖ´Ù. ´õ ÀÚ¼¼ÇÑ »çÇ×Àº 
           ÀÌ HOWTOÀÇ FAQ¼½¼Ç¿¡¼­ È®ÀÎÇÒ ¼ö ÀÖ´Ù.

  * IP: always defragment (CONFIG_IP_ALWAYS_DEFRAG) [Y/n/?]
    - YES: ÀÌ ±â´ÉÀº IP ¸¶½ºÄ¿·¹À̵ù Á¢¼ÓÀ» ÃÖÀûÈ­ ÁØ´Ù. - °­·ÂÈ÷ Ãßõ

  * IP: optimize as router not host (CONFIG_IP_ROUTER) [Y/n/?]
    - YES: ÀÌ ±â´ÉÀº Ä¿³ÎÀÇ ³×Æ®¿÷ ±â´ÉÀ» ÃÖÀûÈ­ ÁØ´Ù.

  * IP: Drop source routed frames (CONFIG_IP_NOSR) [Y/n/?]
    - YES: ±âº»ÀûÀÎ ³×Æ®¿÷ º¸¾ÈÀ» À§Çؼ­ °­·ÂÈ÷ ÃßõÇÑ´Ù.

  * Dummy net driver support (CONFIG_DUMMY) [M/n/y/?]
    - YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ÀÌ ¿É¼ÇÀº ¹®Á¦°¡ ¹ß»ýÇؼ­ µð¹ö±ëÀ» ÇÒ ¶§
           µµ¿òÀ» ÁÙ °ÍÀÌ´Ù.

  * /proc filesystem support (CONFIG_PROC_FS) [Y/n/?]
    - YES: ¸®´ª½º ³×Æ®¿÷ Æ÷¿öµùÀ» »ç¿ëÇϱâ À§Çؼ­ ÇÊ¿äÇÏ´Ù.

NOTE: ÀÌ ¿É¼ÇµéÀº ´ÜÁö IP ¸¶½ºÄ¿·¹µùÀÌ µ¿ÀÛÇϱâ À§ÇÑ ¿ä¼ÒµéÀÌ´Ù. ƯÁ¤ÇÑ ³×Æ®¿÷°ú ƯÁ¤ Çϵå¿þ¾î¸¦ ¼³Á¤Çϱâ À§Çؼ­´Â ÇÊ¿äÇÑ ´Ù¸¥ ¿É¼ÇµéÀ» ´õ ¼±ÅÃÇØ¾ß ÇÑ´Ù.

¸®´ª½º 2.2.x Ä¿³Î

ÇÊ¿äÇÑ ¼ÒÇÁÆ®¿þ¾î¿Í ÆÐÄ¡ µîÀº 2.2.x-Requirements ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. 


  * Prompt for development and/or incomplete code/drivers (CONFIG_EXPERIMENTAL) [Y/n/?]
    - YES: IP ¸¶½ºÄ¿·¹À̵带 À§ÇØ ²À ÇÊ¿äÇÑ °ÍÀº ¾Æ´ÏÁö¸¸, ÀÌ ¿É¼ÇÀ» ¼±ÅÃÇϸé
           ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀ» »ý¼ºÇÏ°í Æ÷Æ® Æ÷¿öµù(port forwarding)À» ÇÒ ¼ö°¡
           ÀÖ´Ù.

  * Enable loadable module support (CONFIG_MODULES) [Y/n/?]
    - YES: IP ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâµéÀ» ÀûÀçÇÒ ¼ö ÀÖµµ·Ï ÇÑ´Ù.

  * Networking support (CONFIG_NET) [Y/n/?]
    - YES: ³×Æ®¿÷À» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù.

  * Packet socket (CONFIG_PACKET) [Y/m/n/?]
    - YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ÀÌ ±â´ÉÀº TCPDUMP¸¦ »ç¿ëÇؼ­ IP ¸¶½ºÄ¿·¹À̵ù°ú
           °ü·ÃÇÑ ¹®Á¦µéÀ» µð¹ö±ëÇÒ ¼ö ÀÖÀ¸¹Ç·Î ¼±ÅÃÇÒ °ÍÀ» ±ÇÀåÇÑ´Ù.

  * Kernel/User netlink socket (CONFIG_NETLINK) [Y/n/?]
    - YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ÀÌ ±â´ÉÀº ¹æÈ­º®ÀÇ Á¢±Ù ±â·ÏÀ» ³²±æ ¼ö ÀÖµµ·Ï
           ÇÑ´Ù.

  * Routing messages (CONFIG_RTNETLINK) [Y/n/?]
    - NO:  ÀÌ ¿É¼ÇÀº ÆÐŶ ¹æÈ­º®ÀÌ ±â·ÏÀ» ³²±â´Â °Í°ú ¾Æ¹« »ó°üÀÌ ¾ø´Ù.

  * Network firewalls (CONFIG_FIREWALL) [Y/n/?]
    - YES: IPCHAINS ¹æÈ­º® µµ±¸¸¦ »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù.

  * TCP/IP networking (CONFIG_INET) [Y/n/?]
    - YES: TCP/IP ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù. 

  * IP: advanced router (CONFIG_IP_ADVANCED_ROUTER) [Y/n/?]
    - NO:  CONFIG_IP_ROUTE_VERBOSE ¸¦ ¼³Á¤Çϱâ À§Çؼ­ ÇÊ¿äÇÏ°í ±ò²ûÇÑ ¶ó¿ìÆÃÀ»
           À§Çؼ­ ÇÊ¿äÇÏ´Ù. (ipchains/¸¶½ºÄ¿·¹ÀÌµå ¿Í´Â °ü°è¾ø´Ù.)

  * IP: verbose route monitoring (CONFIG_IP_ROUTE_VERBOSE) [Y/n/?]
    - YES: ÀÌ ±â´ÉÀº IP ½ºÇªÇÎ(¼ÓÀÓ) ÆÐŶÀ» Á¦°ÅÇÏ°í ±× ±â·ÏÀ» ³²±â´Â Äڵ带 
           »ç¿ëÇÑ´Ù¸é ¸Å¿ì À¯¿ëÇÒ °ÍÀÌ´Ù.

  * IP: firewalling (CONFIG_IP_FIREWALL) [Y/n/?]
    - YES: ¹æÈ­º® ±â´ÉÀ» »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù.

  * IP: firewall packet netlink device (CONFIG_IP_FIREWALL_NETLINK) [Y/n/?]
    - YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ÀÌ ±â´ÉÀº ¹æÈ­º®ÀÇ Á¢±Ù ±â·ÏÀ» ³²±â´Â ±â´ÉÀ»
           Çâ»ó½ÃÄÑ ÁÙ °ÍÀÌ´Ù.

  * IP: always defragment (required for masquerading) (CONFIG_IP_ALWAYS_DEFRAG) [Y/n/?]
    - YES: ÀÌ ±â´ÉÀ» ¼±ÅÃÇؾßÁö IP ¸¶½ºÄ¿·¹À̵å¿Í Åõ¸íÇÑ ÇÁ·Ï½Ã ±â´ÉÀ» ¼±ÅÃÇÒ 
           ¼ö ÀÖ´Ù. ÀÌ ±â´ÉÀº IP ¸¶½ºÄ¿·¹À̵å Á¢¼ÓÀ» ÃÖÀûÈ­ Çϱ⵵ ÇÑ´Ù.

  * IP: masquerading (CONFIG_IP_MASQUERADE) [Y/n/?]
    - YES: ³»ºÎ ÁÖ¼Ò¸¦ ¿ÜºÎ·Î ³»º¸³¾ ÆÐŶÀ¸·Î º¯È¯ÇØ ÁÖ´Â IP ¸¶½ºÄ¿·¹À̵ù ±â´ÉÀ»
           »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù.

  * IP: ICMP masquerading (CONFIG_IP_MASQUERADE_ICMP) [Y/n/?]
    - YES: ICMP ÇÎ ÆÐŶÀ» ¸¶½ºÄ¿·¹À̵å Çϱâ À§ÇØ »ç¿ëµÈ´Ù. (¼±ÅÃÇÏÁö ¾Ê´õ¶óµµ
           ICMP ¿¡·¯ ÄÚµå ÀÚü´Â ¸¶½ºÄ¿·¹ÀÌµå µÉ °ÍÀÌ´Ù.) Á¢¼Ó¿¡ ¹®Á¦°¡ »ý°åÀ»
           ¶§ ÇØ°áÇϱâ À§ÇØ »ç¿ëµÇ´Â Áß¿äÇÑ ±â´ÉÀÌ´Ù.

  * IP: masquerading special modules support (CONFIG_IP_MASQUERADE_MOD) [Y/n/?]
    - YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ÀÌ ±â´ÉÀº ³ªÁß¿¡ TCP/IP Æ÷Æ® Æ÷¿öµùÀ» »ç¿ë 
           °¡´ÉÇÏ°Ô Çϱâ À§Çؼ­ ¼±ÅÃÇØ¾ß ÇÑ´Ù. Æ÷Æ® Æ÷¿öµùÀ» ÅëÇؼ­ ¿ÜºÎ·ÎºÎÅÍ
           ¸¶½ºÄ¿·¹À̵åµÇ´Â ³»ºÎÀÇ ÄÄÇ»ÅÍ·Î Á÷Á¢ ¿¬°áÇÒ ¼ö ÀÖ´Ù.

  * IP: ipautofw masq support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_IPAUTOFW) [N/y/m/?]
    - NO:  IPautofw ±â´ÉÀº Æ÷Æ® Æ÷¿öµùÀ» »ç¿ëÇϱâ À§Çؼ­ »ç¿ëµÇ´ø ±¸½Ã´ëÀûÀÎ
           ¹æ¹ýÀÌ´Ù. ÀÌ ±â´ÉÀº ÇÁ·ÎÅäÄÝ ´ÜÀ§ÀÇ ¸ðµâÀ» »ç¿ëÇÏ´Â °ÍÀÌ ´õ ³´´Ù.

  * IP: ipportfw masq support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_IPPORTFW) [Y/m/n/?]
    - YES: IPPORTFW¸¦ »ç¿ë°¡´ÉÇÏ°Ô ÇÑ´Ù.

           ÀÌ ¿É¼ÇÀ» ¼±ÅÃÇϸé, ÀÎÅͳݻóÀÇ ¿ÜºÎÀÇ ÄÄÇ»Å͵éÀÌ ³»ºÎÀÇ 
           ¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»ÅÍ¿Í Á÷Á¢ Åë½ÅÇÒ ¼ö ÀÖ°Ô µÈ´Ù. ÀÌ ±â´ÉÀº 
           Åë»óÀûÀ¸·Î ³»ºÎÀÇ SMTP, TELNET, WWW ¼­¹ö¿¡ Á¢¼ÓÇϱâ À§Çؼ­ »ç¿ëµÈ´Ù.
           FTP Æ÷Æ® Æ÷¿öµùÀº FAQ ¼½¼Ç¿¡ ¼³¸íµÇ´Â Ãß°¡ ÆÐÄ¡¸¦ »ç¿ëÇØ¾ß ÇÑ´Ù.
           Æ÷Æ® Æ÷¿öµù¿¡ ´ëÇÑ Ãß°¡ÀûÀÎ Á¤º¸´Â ÀÌ HOWTOÀÇ Forwards ¼½¼Ç¿¡¼­
           ´Ù·ç°í ÀÖ´Ù.

  * IP: ip fwmark masq-forwarding support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_MFW) [Y/m/n/?]
    - NO:  IPCHAINS·Î ºÎÅÍ Á÷Á¢ IP Æ÷¿öµùÀ» ÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù. ÇöÀç ÀÌ ÄÚµå´Â 
           ½ÃÇè¿ëÀ̸ç, ±ÇÀåÇÏ´Â ¹æ¹ýÀº IPMASQADM ¿Í IPPORTFW¸¦ »ç¿ëÇÏ´Â °ÍÀÌ´Ù.

  * IP: optimize as router not host (CONFIG_IP_ROUTER) [Y/n/?]
    - YES: ÀÌ ±â´ÉÀº Ä¿³ÎÀÇ ³×Æ®¿÷ ±â´ÉÀ» ÃÖÀûÈ­ ÇØ ÁØ´Ù.

  * IP: GRE tunnels over IP (CONFIG_NET_IPGRE) [N/y/m/?]
    - NO:  ÀÌ ±â´ÉÀº ²À ÇÊ¿äÇÏÁö´Â ¾ÊÀ¸¸ç, IP ¸¶½ºÄ¿·¹À̵ùÀ» ÅëÇؼ­ PPTP¿Í 
           GRE ÅͳÎÀ» »ç¿ë°¡´ÉÇÏ°Ô ÇÑ´Ù.

  * IP: TCP syncookie support (not enabled per default) (CONFIG_SYN_COOKIES) [Y/n/?]
    - YES: ±âº»ÀûÀÎ ³×Æ®¿÷ º¸¾ÈÀ» À§Çؼ­ ¼±ÅÃÇÒ °ÍÀ» °­·ÂÈ÷ ±ÇÀåÇÑ´Ù.

  * Network device support (CONFIG_NETDEVICES) [Y/n/?]
    - YES: ¸®´ª½ºÀÇ ³×Æ®¿÷ ÀåÄ¡¸¦ »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù.

  * Dummy net driver support (CONFIG_DUMMY) [M/n/y/?]
    - YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ¹®Á¦°¡ ¹ß»ýÇßÀ» ¶§ µð¹ö±ë ÇÒ ¶§ µµ¿òÀÌ µÉ 
           °ÍÀÌ´Ù.

  * /proc filesystem support (CONFIG_PROC_FS) [Y/n/?]
    - YES: ¸®´ª½ºÀÇ ³×Æ®¿÷ Æ÷¿öµù ½Ã½ºÅÛÀ» »ç¿ëÇϱâ À§Çؼ­ ÇÊ¿äÇÏ´Ù.

NOTE: ÀÌ ¿É¼ÇµéÀº ´ÜÁö IP ¸¶½ºÄ¿·¹À̵ùÀÌ µ¿ÀÛÇϱâ À§ÇÑ ¿ä¼ÒµéÀÌ´Ù. ƯÁ¤ÇÑ ³×Æ®¿÷°ú ƯÁ¤ Çϵå¿þ¾î¸¦ ¼³Á¤Çϱâ À§Çؼ­´Â ÇÊ¿äÇÑ ´Ù¸¥ ¿É¼ÇµéÀ» ´õ ¼±ÅÃÇØ¾ß ÇÑ´Ù.

3.2 ³»ºÎ LAN¿¡ ºñ°ø½ÄÀûÀÎ ³»ºÎ IP ÁÖ¼Ò¸¦ ÇÒ´çÇϱâ

¸ðµç ³»ºÎÀÇ ¸¶½ºÄ¿·¹ÀÌµå µÈ ÄÄÇ»Å͵鿡 °ø½ÄÀûÀÎ ÀÎÅÍ³Ý ÁÖ¼Ò°¡ ÇÒ´çµÇ¾îÁ® ÀÖÁö ¾Ê±â ¶§¹®¿¡, ¿ÜºÎÀÇ ÀÎÅÍ³Ý ÁÖ¼Ò¿Í Ãæµ¹ÇÏÁö ¾Êµµ·Ï ±× ÄÄÇ»Å͵鿡 ÁÖ¼Ò¸¦ ÇÒ´çÇÒ ¹æ¹ýÀÌ ÀÖ¾î¾ß ÇÑ´Ù.

>IP ¸¶½ºÄ¿·¹À̵å FAQÀÇ ¿øº»À¸·ÎºÎÅÍ Àοë:

RFC 1918 Àº ¿ÜºÎ¿Í ¿¬°áµÇÁö ¾Ê´Â "°³Àοë" ³×Æ®¿÷¿¡ »ç¿ëµÇ´Â IP Áּҵ鿡 °üÇÑ °ø½ÄÀûÀÎ ¹®¼­ÀÌ´Ù. ÀÌ·¯ÇÑ °æ¿ì¿¡ »ç¿ëµÇ±â À§Çؼ­ ¼¼ °¡ÁöÀÇ ÁÖ¼Ò ¿µ¿ªÀÌ ÀÖ´Ù. 


Section 3: °³Àοë ÁÖ¼Ò ¿µ¿ª

ÀÎÅÍ³Ý ÁÖ¼Ò ÇÒ´ç ±â±¸(The Internet Assigned Numbers Authority : IANA)´Â 
IP ÁÖ¼ÒÁß¿¡¼­ ´ÙÀ½ ¼¼°¡Áö ¿µ¿ªÀ» °³ÀÎ¿ë ³×Æ®¿÷À» À§Çؼ­ ¿¹¾àÇØ µÎ¾ú´Ù:

              10.0.0.0        -   10.255.255.255
              172.16.0.0      -   172.31.255.255
              192.168.0.0     -   192.168.255.255

ù¹ø° ¿µ¿ªÀº "24-bit ¿µ¿ª", µÎ¹ø°´Â "20-bit ¿µ¿ª", ¼¼¹ø°´Â "16-bit ¿µ¿ª"À¸·Î
ºÎ¸£±â·Î ÇÑ´Ù. ù¹ø° ¿µ¿ªÀº class A ³×Æ®¿÷ ÁÖ¼Ò ¿µ¿ªÀ̸ç, µÎ¹ø°´Â class B 
³×Æ®¿÷ ÁÖ¼ÒÀÇ ¿¬¼ÓµÈ 16°³ÀÇ ¹øÈ£µéÀÌ°í, ¼¼¹ø°´Â class C ³×Æ®¿÷ ÁÖ¼ÒÀÇ ¿¬¼ÓµÈ 
255°³ÀÇ ¹øÈ£µéÀÌ´Ù.

¼³¸íÀ» À§Çؼ­, ÇÊÀÚ´Â 192.168.0.0 ³×Æ®¿÷°ú 255.255.255.0ÀÇ class-C ¼­ºê³Ý ¸¶½ºÅ©¸¦ »ç¿ëÇß°í, ÀÌ HOWTO¿¡¼­µµ ÀÌ ÁÖ¼Ò¸¦ »ç¿ëÇÒ °ÍÀÌ´Ù. ±×·¯³ª, À§¿¡ ÀÖ´Â °³ÀÎ¿ë ³×Æ®¿÷ ÁÖ¼ÒÁß¿¡¼­ ¾î¶² °ÍÀ» »ç¿ëÇصµ ¹«¹æÇÏ´Ù. ´Ü, °¢°¢ÀÇ °æ¿ì¿¡ ÀûÀýÇÑ ¼­ºê³Ý ¸¶½ºÅ©¸¦ »ç¿ëÇØ¾ß ÇÑ´Ù.

¸¸¾à Class-C ³×Æ®¿÷À» »ç¿ëÇÑ´Ù¸é, ¸¶½ºÄ¿·¹À̵ùÀ» »ç¿ëÇÒ ÄÄÇ»Å͵鿡 192.168.0.1, 192.168.0.2, 192.168.0.3, ..., 192.168.0.x µî°ú °°ÀÌ ÁÖ¼Ò¸¦ ÇÒ´çÇØ¾ß ÇÑ´Ù.

192.168.0.1 Àº º¸Åë ³»ºÎ °ÔÀÌÆ®¿þÀÌ È¤Àº ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¸Ó½ÅÀÇ Áּҷμ­ ¿ÜºÎ·Î ¿¬°áµÇ´Â Åë·ÎÀÌ´Ù. 192.168.0.0°ú 192.168.0.255´Â °¢°¢ "³×Æ®¿÷" ÀÚüÀÇ ÁÖ¼Ò¿Í "ºê·Îµåij½ºÆ®" ÁÖ¼ÒÀÌ´Ù. (ÀÌ ÁÖ¼ÒµéÀº ¿¹¾àµÈ ÁÖ¼ÒµéÀÌ´Ù.) ÀÌ ÁÖ¼ÒµéÀ» ÄÄÇ»Å͵鿡°Ô ÇÒ´ç¸é, ³×Æ®¿÷ÀÌ Á¦´ë·Î µ¿ÀÛÇÏÁö ¾ÊÀ» °ÍÀÌ´Ù.

3.3 IP Æ÷¿öµù Á¤Ã¥ ¼³Á¤Çϱâ

ÀÌÁ¦, Ä¿³Î°ú ±âŸ ÇÊ¿äÇÑ ÆÐÅ°ÁöµéÀÌ ÁغñµÇ¾î ÀÖ¾î¾ß ÇÑ´Ù. ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö¿¡µµ ¸ðµç ³×Æ®¿÷ IP ÁÖ¼Òµé°ú, °ÔÀÌÆ®¿þÀÌ, DNS ÁÖ¼ÒµéÀ» ¼³Á¤ÇØ¾ß ÇÑ´Ù. ³×Æ®¿÷ Ä«µåµéÀ» ¼³Á¤ÇÏ´Â ¹æ¹ýÀ» ¸ð¸¥´Ù¸é, 2.0.x-Requirements ȤÀº 2.2.x-Requirements ¼½¼Ç¿¡ ¾ð±ÞµÈ HOWTOµéÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.

ÀÌÁ¦ ³²Àº °ÍÀº IP ¹æÈ­º® µµ±¸µéÀ» ¼³Á¤Çؼ­ Æ÷¿öµù°ú ¸¶½ºÄ¿·¹À̵ùÀ» Çϵµ·Ï ÇÏ´Â °ÍÀÌ´Ù:

** ¼³Á¤Àº ¿©·¯°¡Áö ¹æ¹ýÀ¸·Î ÇÒ ¼ö°¡ ÀÖÁö¸¸, ÇÊÀÚ´Â ´ÙÀ½¿¡ ¿¹·Î µç ¹æ¹ýÀ» »ç¿ëÇؼ­ ¼º°øÇß´Ù. ÇÏÁö¸¸, ¿©·¯ºÐÀº ´Ù¸¥ ¹æ¹ýÀ» »ç¿ëÇÒ ¼öµµ ÀÖÀ» °ÍÀÌ´Ù.

** ÀÌ ¼½¼Ç¿¡¼­ Á¦°øÇÏ´Â °ÍÀº IP ¸¶½ºÄ¿·¹ÀÌµå ±â´ÉÀÌ ÀÛµ¿Çϱâ À§ÇÑ ÃÖ¼ÒÇÑÀÇ ¹æÈ­º® Á¤Ã¥ÀÌ´Ù. ÀÏ´Ü IP ¸¶½ºÄ¿·¹À̵尡 Á¦´ë·Î µ¿ÀÛÇϸé(ÀÌ HOWTO¿¡¼­ ³ªÁß¿¡ ¾ð±ÞÇÑ´Ù) Strong-IPFWADM-Rulesets ¿Í Strong-IPCHAINS-Rulesets ¼½¼Ç¿¡¼­ º¸¾È °­µµ°¡ º¸´Ù ³ôÀº Á¤Ã¥µé¿¡ ´ëÇØ ¾Ë¾Æº¸±â ¹Ù¶õ´Ù. ´õ ÀÚ¼¼ÇÑ »çÇ×Àº IPFWADM (2.0.x) ȤÀº IPCHAINS(2.2.x) man ÆäÀÌÁö¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù.

¸®´ª½º 2.0.x Ä¿³Î

´ÙÀ½°ú °°Àº "°£´ÜÇÑ" Ãʱâ Á¤Ã¥À¸·Î /etc/rc.d/rc.firewall È­ÀÏÀ» »ý¼ºÇÑ´Ù: 


# rc.firewall - Initial SIMPLE IP Masquerade setup for 2.0.x kernels using IPFWADM
#
# Load all required IP MASQ modules
#
#   NOTE:  Only load the IP MASQ modules you need.  All current available IP MASQ modules
#          are shown below but are commented out from loading.

# Needed to initially load modules
#
/sbin/depmod -a

# Supports the proper masquerading of FTP file transfers using the PORT method
#
/sbin/modprobe ip_masq_ftp

# Supports the masquerading of RealAudio over UDP.  Without this module,
#       RealAudio WILL function but in TCP mode.  This can cause a reduction
#       in sound quality
#
#/sbin/modprobe ip_masq_raudio

# Supports the masquerading of IRC DCC file transfers
#
#/sbin/modprobe ip_masq_irc

# Supports the masquerading of Quake and QuakeWorld by default.  This modules is
#   for for multiple users behind the Linux MASQ server.  If you are going to play
#   Quake I, II, and III, use the second example.
#
#Quake I / QuakeWorld (ports 26000 and 27000)
#/sbin/modprobe ip_masq_quake
#
#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
#/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960

# Supports the masquerading of the CuSeeme video conferencing software
#
#/sbin/modprobe ip_masq_cuseeme

#Supports the masquerading of the VDO-live video conferencing software
#
#/sbin/modprobe ip_masq_vdolive


#CRITICAL:  Enable IP forwarding since it is disabled by default since
#
#           Redhat Users:  you may try changing the options in /etc/sysconfig/network from:
#
#                       FORWARD_IPV4=false
#                             to
#                       FORWARD_IPV4=true
#
echo "1" > /proc/sys/net/ipv4/ip_forward

# Dynamic IP users:
#
#   If you get your Internet IP address dynamically from SLIP, PPP, or DHCP, enable this following
#       option.  This enables dynamic-ip address hacking in IP MASQ, making the life
#       with DialD, PPPd, and similar programs much easier.
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr


# MASQ timeouts
#
#   2 hrs timeout for TCP session timeouts
#  10 sec timeout for traffic after the TCP/IP "FIN" packet is received
#  160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users)
#
/sbin/ipfwadm -M -s 7200 10 160


# DHCP:  For people who receive their external IP address from either DHCP or BOOTP
#        such as ADSL or Cablemodem users, it is necessary to use the following
#        before the deny command.  The "bootp_client_net_if_name" should be replaced
#        the name of the link that the DHCP/BOOTP server will put an address on to?
#        This will be something like "eth0", "eth1", etc.
#
#        This example is currently commented out.
#
#
#/sbin/ipfwadm -I -a accept -S 0/0 67 -D 0/0 68 -W bootp_clients_net_if_name -P udp


# Enable simple IP forwarding and Masquerading
#
#  NOTE:  The following is an example for an internal LAN address in the 192.168.0.x
#         network with a 255.255.255.0 or a "24" bit subnet mask.
#
#         Please change this network number and subnet mask to match your internal LAN setup
#
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0

/etc/rc.d/rc.firewall È­ÀÏÀ» ÆíÁýÇؼ­ Á¤Ã¥À» »ý¼ºÇÏ°í ³ª¸é, "chmod 700 /etc/rc.d/rc.firewall" ¶ó°í ¸í·ÉÇؼ­ ½ÇÇà°¡´ÉÇÑ È­ÀÏ·Î ¸¸µç´Ù.

À§ÀÇ ¹æ¹ýó·³ Àüü TCP/IP ³×Æ®¿÷¿¡ ´ëÇؼ­°¡ ¾Æ´Ï¶ó, °¢°¢ÀÇ ¸Ó½Åº°·Î IP ¸¶½ºÄ¿·¹À̵ùÀ» ¼³Á¤ÇÒ ¼öµµ ÀÖ´Ù. ¿¹¸¦ µé¾î¼­, 192.168.0.2¿Í 192.168.0.8ÀÇ ÁÖ¼Ò¸¦ °®´Â È£½ºÆ®´Â ÀÎÅͳݿ¡ Á¢±Ù°¡´ÉÇϵµ·Ï ÇÏ°í ´Ù¸¥ ³»ºÎÀÇ ¸Ó½ÅµéÀº Á¢±ÙÇÏÁö ¸øÇϵµ·Ï ÇÏ°íÀÚ ÇÑ´Ù¸é, À§ÀÇ /etc/rc.d/rc.firewall È­ÀÏ¿¡¼­ "Enable simple IP forwarding and Masquerading" À̶ó°í µÇ¾î ÀÖ´Â ºÎºÐÀ» ¹Ù²ãÁÖ¸é µÈ´Ù. 

# Enable simple IP forwarding and Masquerading
#
#  NOTE:  The following is an example to only allow IP Masquerading for the 192.168.0.2
#         and 192.168.0.8 machines with a 255.255.255.0 or a "24" bit subnet mask.
#
#         Please use the following in ADDITION to the simple ruleset above for specific
#         MASQ networks.  Also change the network numbers and subnet masks to match your
#         internal LAN setup
#
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -S 192.168.0.2/32 -D 0.0.0.0/0
/sbin/ipfwadm -F -a m -S 192.168.0.8/32 -D 0.0.0.0/0

IP ¸¶½ºÄ¿·¹À̵ùÀ» óÀ½ »ç¿ëÇÏ´Â »ç¶÷µéÀÌ ÈçÈ÷ ÀúÁö¸£´Â ½Ç¼ö´Â ´ÙÀ½°ú °°ÀÌ ¸í·ÉÇÏ´Â °ÍÀÌ´Ù: 

ipfwadm -F -p masquerade

µðÆúÆ®·Î ¸¶½ºÄ¿·¹À̵ùÀ» Çϵµ·Ï Çؼ­´Â ¾ÈµÈ´Ù. ¸¸¾à ±×·¸°Ô ¼³Á¤ÇÏ¸é ¶ó¿ìÆà Å×À̺íÀ» ´Ù·ê ÁÙ ¾Æ´Â ¾î¶² ´©±º°¡°¡ ¿©·¯ºÐÀÇ °ÔÀÌÆ®¿þÀ̸¦ ÅëÇؼ­ ÀÚ½ÅÀÇ ½ÅºÐÀ» ¼û±â°í¼­ ¾îµò°¡·Î Á¢¼ÓÇÒ ¼ö°¡ ÀÖ°Ô µÈ´Ù!

À§ÀÇ ¼³Á¤È­ÀÏ ³»¿ëÀº, /etc/rc.d/rc.firewall È­ÀÏÀ̳ª ȤÀº ¿øÇÏ´Â ´Ù¸¥ rc È­ÀÏ¿¡ ³ÖÀ» ¼öµµ ÀÖ°í, ¾Æ´Ï¸é IP ¸¶½ºÄ¿·¹À̵尡 ÇÊ¿äÇÒ ¶§¸¶´Ù ¼öµ¿À¸·Î ¸í·ÉÇÒ ¼öµµ ÀÖ´Ù.

Strong-IPFWADM-Rulesets °ú Strong-IPCHAINS-Rulesets ¼½¼Ç¿¡¼­ IPFWADM¿¡ °üÇÑ ÀÚ¼¼ÇÑ ¾È³»¿Í ´õ °­·ÂÇÑ IPFWADM Á¤Ã¥µéÀÇ ¿¹¸¦ º¼¼ö°¡ ÀÖ´Ù.

¸®´ª½º 2.2.x Ä¿³Î

2.1.x ³ª 2.2.x Ä¿³Î¿¡¼­ IP ¸¶½ºÄ¿·¹À̵ù Á¤Ã¥µéÀ» ´Ù·ç±â À§ÇÑ ¹æÈ­º® µµ±¸·Î¼­ IPFWADMÀº ´õÀÌ»ó »ç¿ëµÇÁö ¾Ê´Â´Ù ÀÌ »õ ¹öÁ¯ÀÇ Ä¿³ÎµéÀº ÀÌÁ¦ IPCHAINS¶ó´Â µµ±¸¸¦ »ç¿ëÇÑ´Ù. ÀÌ·¸°Ô µÈ ÀÚ¼¼ÇÑ ÀÌÀ¯´Â FAQ ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.

´ÙÀ½°ú °°Àº "°£´ÜÇÑ" Ãʱâ Á¤Ã¥À¸·Î /etc/rc.d/rc.firewall È­ÀÏÀ» »ý¼ºÇÑ´Ù: 


#!/bin/sh
#
# rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x and 2.2.x kernels using IPCHAINS
#
# Load all required IP MASQ modules
#
#   NOTE:  Only load the IP MASQ modules you need.  All current IP MASQ modules
#          are shown below but are commented out from loading.

# Needed to initially load modules
#
/sbin/depmod -a

# Supports the proper masquerading of FTP file transfers using the PORT method
#
/sbin/modprobe ip_masq_ftp

# Supports the masquerading of RealAudio over UDP.  Without this module,
#       RealAudio WILL function but in TCP mode.  This can cause a reduction
#       in sound quality
#
#/sbin/modprobe ip_masq_raudio

# Supports the masquerading of IRC DCC file transfers
#
#/sbin/modprobe ip_masq_irc


# Supports the masquerading of Quake and QuakeWorld by default.  This modules is
#   for for multiple users behind the Linux MASQ server.  If you are going to play
#   Quake I, II, and III, use the second example.
#
#Quake I / QuakeWorld (ports 26000 and 27000)
#/sbin/modprobe ip_masq_quake
#
#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
#/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960


# Supports the masquerading of the CuSeeme video conferencing software
#
#/sbin/modprobe ip_masq_cuseeme

#Supports the masquerading of the VDO-live video conferencing software
#
#/sbin/modprobe ip_masq_vdolive


#CRITICAL:  Enable IP forwarding since it is disabled by default since
#
#           Redhat Users:  you may try changing the options in /etc/sysconfig/network from:
#
#                       FORWARD_IPV4=false
#                             to
#                       FORWARD_IPV4=true
#
echo "1" > /proc/sys/net/ipv4/ip_forward


# Dynamic IP users:
#
#   If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following
#       option.  This enables dynamic-ip address hacking in IP MASQ, making the life
#       with Diald and similar programs much easier.
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr


# MASQ timeouts
#
#   2 hrs timeout for TCP session timeouts
#  10 sec timeout for traffic after the TCP/IP "FIN" packet is received
#  160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users)
#
/sbin/ipchains -M -S 7200 10 160


# DHCP:  For people who receive their external IP address from either DHCP or BOOTP
#        such as ADSL or Cablemodem users, it is necessary to use the following
#        before the deny command.  The "bootp_client_net_if_name" should be replaced
#        the name of the link that the DHCP/BOOTP server will put an address on to?
#        This will be something like "eth0", "eth1", etc.
#
#        This example is currently commented out.
#
#
#/sbin/ipchains -A input -j ACCEPT -i bootp_clients_net_if_name -s 0/0 67 -d 0/0 68 -p udp

# Enable simple IP forwarding and Masquerading
#
#  NOTE:  The following is an example for an internal LAN address in the 192.168.0.x
#         network with a 255.255.255.0 or a "24" bit subnet mask.
#
#         Please change this network number and subnet mask to match your internal LAN setup
#
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ

/etc/rc.d/rc.firewall È­ÀÏÀ» ÆíÁýÇؼ­ Á¤Ã¥À» »ý¼ºÇÏ°í ³ª¸é, chmod 700 /etc/rc.d/rc.firewall¶ó°í ¸í·ÉÇؼ­ ½ÇÇà°¡´ÉÇÑ È­ÀÏ·Î ¸¸µç´Ù.

À§ÀÇ ¹æ¹ýó·³ Àüü TCP/IP ³×Æ®¿÷¿¡ ´ëÇؼ­°¡ ¾Æ´Ï¶ó, °¢°¢ÀÇ ¸Ó½Åº°·Î IP ¸¶½ºÄ¿·¹À̵ùÀ» ¼³Á¤ÇÒ ¼öµµ ÀÖ´Ù. ¿¹¸¦ µé¾î¼­, 192.168.0.2¿Í 192.168.0.8ÀÇ ÁÖ¼Ò¸¦ °®´Â È£½ºÆ®´Â ÀÎÅͳݿ¡ Á¢±Ù°¡´ÉÇϵµ·Ï ÇÏ°í ´Ù¸¥ ³»ºÎÀÇ ¸Ó½ÅµéÀº Á¢±ÙÇÏÁö ¸øÇϵµ·Ï ÇÏ°íÀÚ ÇÑ´Ù¸é, À§ÀÇ /etc/rc.d/rc.firewall È­ÀÏ¿¡¼­ "Enable simple IP forwarding and Masquerading" À̶ó°í µÇ¾î ÀÖ´Â ºÎºÐÀ» ¹Ù²ãÁÖ¸é µÈ´Ù. 


#!/bin/sh
#
# Enable simple IP forwarding and Masquerading
#
#  NOTE:  The following is an example to only allow IP Masquerading for the 192.168.0.2
#         and 192.168.0.8 machines with a 255.255.255.0 or a "24" bit subnet mask.
#
#         Please change this network number and subnet mask to match your internal LAN setup
#
/sbin/ipchains -P forward deny
/sbin/ipchains -A forward -s 192.168.0.2/32 -j MASQ
/sbin/ipchains -A forward -s 192.168.0.8/32 -j MASQ

IP ¸¶½ºÄ¿·¹À̵ùÀ» óÀ½ »ç¿ëÇÏ´Â »ç¶÷µéÀÌ ÈçÈ÷ ÀúÁö¸£´Â ½Ç¼ö´Â ´ÙÀ½°ú °°ÀÌ ¸í·ÉÇÏ´Â °ÍÀÌ´Ù:

/sbin/ipchains -P forward masquerade

µðÆúÆ®·Î ¸¶½ºÄ¿·¹À̵ùÀ» Çϵµ·Ï Çؼ­´Â ¾ÈµÈ´Ù. ¸¸¾à ±×·¸°Ô ¼³Á¤ÇÏ¸é ¶ó¿ìÆà Å×À̺íÀ» ´Ù·ê ÁÙ ¾Æ´Â ¾î¶² ´©±º°¡°¡ ¿©·¯ºÐÀÇ °ÔÀÌÆ®¿þÀ̸¦ ÅëÇؼ­ ÀÚ½ÅÀÇ ½ÅºÐÀ» ¼û±â°í¼­ ¾îµò°¡·Î Á¢¼ÓÇÒ ¼ö°¡ ÀÖ°Ô µÈ´Ù!

À§ÀÇ ¼³Á¤È­ÀÏ ³»¿ëÀº, /etc/rc.d/rc.firewall È­ÀÏÀ̳ª ȤÀº ¿øÇÏ´Â ´Ù¸¥ rc È­ÀÏ¿¡ ³ÖÀ» ¼öµµ ÀÖ°í, ¾Æ´Ï¸é IP ¸¶½ºÄ¿·¹À̵尡 ÇÊ¿äÇÒ ¶§¸¶´Ù ¼öµ¿À¸·Î ¸í·ÉÇÒ ¼öµµ ÀÖ´Ù.

Strong-IPFWADM-Rulesets °ú Strong-IPCHAINS-Rulesets ¼½¼Ç¿¡¼­ IPCHAINS¿¡ °üÇÑ ÀÚ¼¼ÇÑ ¾È³»¿Í ´õ °­·ÂÇÑ IPCHAINS Á¤Ã¥µéÀÇ ¿¹¸¦ º¼ ¼ö°¡ ÀÖ´Ù. IPCHAINSÀÇ »ç¿ë¹ý¿¡ °üÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº Linux IP CHAINS HOWTOÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.

´ÙÀ½ ÀÌÀü Â÷·Ê