´ÙÀ½ ÀÌÀü Â÷·Ê

15. Networking optionS

³×Æ®¿öÅ© ¼³Á¤Àº Á¶±Ý ±î´Ù·Ó½À´Ï´Ù. ½Ã½ºÅÛÀ» Á¤È®È÷ ÀÌÇØÇÏ°í ¹Ù¸¥ ¼³Á¤À» ÇØ¾ß ÇÕ´Ï´Ù. 

<*>   Packet Socket
[ ]   Packet socket: mmapped IO
[ ] KerneL/USer netLink Socket
[ ]   Routing meSSageS
< >   NetLink device emuLation
[*] Network packet filtering (replaces ipchains)
[ ]   Network packet filtering debugging (NEW)
[ ] Socket FiLtering
<*> Unix domain SocketS
[*] TCP/IP networking
[*]   IP: muLticaSting
[ ]   IP: advanced router
[ ]     IP: equal cost multipath (NEW)
[ ]     IP: use TOS value as routing key (NEW)
[ ]     IP: verbose route monitoring (NEW)
[ ]     IP: large routing tables (NEW)
[ ]   IP: kerneL LeveL autoconfiguration
<M>   IP: tunneLing
< >   IP: GRE tunneLS over IP
[ ]   IP: multicast routing
[ ]     IP: PIM-SM version 1 support (NEW)
[ ]     IP: PIM-SM version 2 support (NEW)
[ ]   IP: ARP daemon Support (EXPERIMENTAL)
[ ]   IP: TCP Explicit Congestion Notification support
[ ]   IP: TCP syncookie support (disabled per default)
IP: Netfilter Configuration  --->
< >   The IPv6 protocoL (EXPERIMENTAL)
[ ]     IPv6: enable EUI-64 token format
IPv6: Netfilter Configuration  --->
< >   Kernel httpd acceleration (EXPERIMENTAL) 
[ ] Asynchronous Transfer Mode (ATM) (EXPERIMENTAL)
---
< > IPX: SPX networking (EXPERIMENTAL)
<M> Appletalk protocol support 
< > DECnet Support
< > 802.1d Ethernet Bridging
< > CCITT X.25 Packer Layer (EXPERIMENTAL)
< > LAPB Data Link Driver (EXPERIMENTAL)
[ ] 802.2 LLC (EXPERIMENTAL)
[ ] Frame Diverter (EXPERIMENTAL)
< > Acorn Econet/AUN protocols (EXPERIMENTAL)
< > WAN router
[ ] Fast Switching (read help!)
[ ] Forwarding between high Speed interfaceS
QoS and/or fair sueing --->

Packet Socket : tcpdumpó·³ ¸Å°³ ÇÁ·ÎÅäÄÝ ¾øÀÌ Á÷Á¢ ³×Æ®¿öÅ© ÀåÄ¡¿Í Åë½ÅÇÏ´Â ¾îÇø®ÄÉÀ̼ǿ¡¼­ »ç¿ëµË´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [Y]¸¦ ¼±ÅÃÇÕ´Ï´Ù.

Packet socket: mmapped IO : ÀÌ ¿É¼ÇÀ» È°¼ºÈ­Çϸé ÆÐŶ ÇÁ·ÎÅäÄÝ µå¶óÀ̹ö´Â ´õ ºü¸¥ Åë½ÅÀ» Áö¿øÇÏ´Â IO ¸ÞÄ¿´ÏÁòÀ» »ç¿ëÇÒ °ÍÀÔ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é, [N]

KerneL/USer netLink Socket : Ä¿³ÎÀÇ ¾î¶² ºÎºÐµé ¶Ç´Â ¸ðµâ°ú À¯Àú ÇÁ·Î¼¼ ½º »çÀÌÀÇ ¾ç¹æÇâ Åë½ÅÀ» Çã¶ôÇÕ´Ï´Ù. À¯Àú ÇÁ·Î¼¼½º´Â /dev µð·ºÅ丮·ÎºÎÅÍ Àаųª ¾µ ¼ö ÀÖ½À´Ï´Ù. routing meSSage ±â´É°ú ÇÔ²² ³×Æ®¿öÅ© °ü·Ã Á¤º¸¸¦ ¾Ë¸®±â À§ÇØ »ç¿ëÇÏ°í IP: firewaLL packet netLink device ±â´É°ú ÇÔ²² °¡´ÉÇÑ °ø°Ý¿¡ ´ëÇÑ Á¤º¸¸¦ ¾Ë¸®±â À§ÇØ ¹æÈ­º® Äڵ忡¼­ »ç¿ëÇÕ´Ï´Ù. arpd µ¥¸ó, ³×Æ®¿öÅ© ¸µÅ© µå¶óÀ̹ö¸¦ »ç¿ëÇϱâ À§Çؼ­´Â [Y]¸¦ ¼±ÅÃÇØ¾ß ÇÕ´Ï´Ù. È®½ÇÇÏÁö ¾ÊÀ¸¸é [Y]¸¦ ¼±ÅÃÇÕ´Ï´Ù.

Routing meSSageS : ³×Æ®¿öÅ© °ü·Ã ¶ó¿ìÆà Á¤º¸¸¦ /dev/route¿¡¼­ ÀÐÀ» ¼ö ÀÖ°Ô ÇÏ´Â ±â´ÉÀÔ´Ï´Ù. mknod("man mknod")·Î ¸ÞÀÌÀú ³Ñ¹ö 36, ¸¶ÀÌ³Ê ³Ñ¹ö 0ÀÎ ½ºÆä¼È ij¸¯ÅÍ ÆÄÀÏ·Î /dev/route¸¦ ¸¸µé¸é ÀÌ ÆÄÀÏÀ» Àо ¶ó¿ìÆà Á¤º¸¿¡ ´ëÇØ ¾Ë¾Æ³¾ ¼ö ÀÖ½À´Ï´Ù. ÇÏÁö¸¸ ÀÌ ÆÄÀÏ¿¡ ¾²´Â °ÍÀº ¸ðµÎ ¹ö·ÁÁö¹Ç·Î ±â·ÏÇÏ´Â °ÍÀº Àǹ̰¡ ¾ø½À´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

Netlink device emulation (NEW) : ÀÌ ¿É¼ÇÀº °ð »ç¶óÁö°í ÁøÂ¥ ³Ý¸µÅ© ¼ÒÄÏÀ¸·Î ¹Ù²ð °ÍÀÔ´Ï´Ù. ¿©·¯ºÐÀÌ »ç¿ëÇÏ´Â ¿À·¡µÈ ÇÁ·Î±×·¥ °¡¿îµ¥ ÀÌ ±â´ÉÀÌ ÇÊ¿äÇÑ °ÍÀÌ ÀÖ´Ù¸é [Y]¸¦ ¼±ÅÃÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

Network packet filtering (replaces ipchains) : ³ÝÇÊÅÍ´Â ÀÌÀü Ä¿³Î¿¡¼­ ¹æÈ­º®, ȤÀº ¸Þ½ºÄ¿·¹À̵ùÀ̶õ À̸§À¸·Î ºÒ¸®´ø ¿É¼ÇµéÀÇ »õ À̸§ÀÔ´Ï´Ù. ³ÝÇÊÅÍ´Â ¸®´ª½º ¹Ú½º¸¦ Áö³ª°¡´Â ³×Æ®¿öÅ© ÆÐŶÀ» °É·¯³»°í(filtering) Á¶°¢³»±â(mangling) À§ÇÑ ±¸Á¶(üÁ¦)ÀÔ´Ï´Ù. ÆÐŶ ÇÊÅ͸µÀÇ ÀϹÝÀûÀÎ »ç¿ëÀº ¿©·¯ºÐÀÇ ¸®´ª½º ¹Ú½º¸¦ ¹æÈ­º®À¸·Î ¸¸µé¾î ·ÎÄà ³×Æ®¿öÅ©¸¦ ÀÎÅͳÝÀ¸·ÎºÎÅÍ º¸È£ÇÏ´Â °ÍÀÔ´Ï´Ù. ¹æÈ­º®À¸·Î ¾²ÀÏ ¶§ ÀÌ ±â´ÉÀ» "ÆÐŶ ÇÊÅÍ"¶ó ºÎ¸£¸ç, ÀÌ °ÍÀº »çÀûÀÎ ³×Æ®¿öÅ© ÆÐŶÀ» ÇüÅÂ(type), ±Ù¿ø(source), ¸ñÀûÁö(destination) µîÀ» ±âÃÊ·Î °ÅÀýÇÒ ¼ö ÀÖÀ½À» ¶æÇÕ´Ï´Ù. ¹æÈ­º®ÀÇ ¶Ç ´Ù¸¥ ÇüÅ´ "ÇÁ·Ï½Ã-±â¹Ý(proxy-based one)"Àε¥, ´õ ¾ÈÀüÇÏÁö¸¸ ħÀÔÇϱ⠽±°í ¼³Á¤ÀÌ ±î´Ù·Ó½À´Ï´Ù; ÇÁ·Ï½Ã´Â ³×Æ®¿öÅ© Æ®·¡ÇÈÀ» ÈξÀ ´õ ÀÚ¼¼ÇÏ°Ô »ìÆì¼­ ¼Õº¸¸ç, ÆÐŶ ÇÊÅÍ´Â Áö¿øÇÏÁö ¾Ê´Â »óÀ§ ·¹ºí ÇÁ·ÎÅäÄÝ¿¡ ´ëÇؼ­µµ Àß ¾Ë°í ÀÖ½À´Ï´Ù. °Ô´Ù°¡ ÇÁ·Ï½Ã ±â¹Ý ¹æÈ­º®Àº Á¾Á¾ ·ÎÄà Ŭ¶óÀ̾ðÆ®¿¡¼­ ½ÇÇàÁßÀÎ ÇÁ·Î±×·¥À» ¹Ù²Ü °ÍÀ» ¿ä±¸ÇÕ´Ï´Ù. ÇÁ·Ï½Ã ±â¹Ý ¹æÈ­º®Àº Ä¿³Î¿¡¼­ Áö¿øÇÏ´Â °ÍÀÌ ¾Æ´ÏÁö¸¸, ÀÚÁÖ ÆÐŶ ÇÊÅÍ¿Í Á¶ÇÕÇؼ­ ¾²À̹ǷÎ, ¾Æ¹«Æ° ÀÌ ¿É¼ÇÀº È°¼ºÈ­ÇÏ´Â °ÍÀÌ ÁÁ½À´Ï´Ù. ÀÌ ¿É¼ÇÀº ¶Ç Çϳª °øÀÎ IP ÁÖ¼Ò°¡ ¾ø´Â ·ÎÄà ³×Æ®¿öÅ© ¸Ó½ÅµéÀ» ÀÎÅͳݿ¡ ¿¬°áÇÒ ¶§ ¿©·¯ºÐÀÇ ¸®´ª½º ¹Ú½º¸¦ °ÔÀÌÆ®¿þÀÌ(gateway)·Î ¸¸µé±â À§ÇØ ¾²ÀÔ´Ï´Ù. ÀÌ °ÍÀº "¸Å½ºÄ¿·¹À̵ù(masquerading)"À̶ó ºÎ¸£´Âµ¥: ¿©·¯ºÐÀÇ ·ÎÄà ³×Æ®¿öÅ©¿¡ ¹°·Á ÀÖ´Â ÄÄÇ»ÅÍµé °¡¿îµ¥ Çϳª°¡ ¹Ù±ù¿¡(±×·¯´Ï±î ÀÎÅͳݿ¡) ¹«¾ùÀΰ¡¸¦ º¸³»·ÁÇÕ´Ï´Ù¸é °øÀÎ IP ÁÖ¼Ò¸¦ °¡Áö°í ÀÖ´Â ¿©·¯ºÐÀÇ °ÔÀÌÆ®¿þÀÌ ¹Ú½º´Â ±× ÄÄÇ»Å͸¦ "°¡Àå(masquerade)"Çؼ­ ´ë½Å ÁÖ°í ¹ÞÀ» ¼ö ÀÖ½À´Ï´Ù. ´Ù½Ã ¸»ÇÏ¸é ¹Ù±ù ¸ñÀûÁö·Î Æ®·¡ÇÈÀ» º¸³»Áö¸¸, ÆÐŶÀÌ ¹æÈ­º® ¹Ú½º ÀÚ½ÅÀ¸·ÎºÎÅÍ ³ª¿Â °Íó·³ º¸ÀÌ°Ô ÇÏ·Á°í ÆÐŶÀ» Á¶±Ý ¼Õº¾´Ï´Ù. µÎ °¡Áö ¹æ¹ýÀÌ Àִµ¥: ¹Ù±ùÂÊ È£½ºÆ®°¡ ÀÀ´äÇÑ´Ù¸é ¸®´ª½º ¹Ú½º´Â Á¶¿ëÈ÷ Æ®·¡ÇÈÀ» ¿Ã¹Ù¸¥ ·ÎÄà ÄÄÇ»ÅÍ·Î º¸³À´Ï´Ù. ÀÌ ¹æ¹ýÀº ¿©·¯ºÐÀÇ ·ÎÄà ³×Æ®¿öÅ©¿¡ ÀÖ´Â ÄÄÇ»Å͵éÀ» ºñ·Ï, ¹Ù±ùÂÊ¿¡ ´ê¾Æ ¿øÇÏ´Â °ÍµéÀ» ÁÖ°í ¹ÞÀ» ¼ö ÀÖ´õ¶óµµ, ¹Ù±ù ¼¼»ó¿¡¼­´Â ¿ÏÀüÈ÷ º¼ ¼ö ¾ø°Ô ÇÕ´Ï´Ù. ½ÉÁö¾î´Â Æ÷Æ® Æ÷¿öµùÀ̶ó´Â ¸ÞÄ¿´ÏÁòÀ» »ç¿ëÇÏ¸é ¼­¹öµé±îÁöµµ ¸Þ½ºÄ¿·¹À̵ùÀ» ÅëÇØ ¹Ù±ùÂÊ¿¡ ¼­ºñ½º¸¦ Á¦°øÇÒ ¼ö ÀÖ½À´Ï´Ù. ¿äÁòÀº ¸Þ½ºÄ¿·¹À̵ùÀ» NAT¶ó°í ºÎ¸£±âµµ ÇÕ´Ï´Ù (Network Address Translation). ³ÝÇÊÅÍ´Â Åõ¸íÇÑ ÇÁ·Ï½Ã(transparent proxying)¿¡µµ ¾²ÀÔ´Ï´Ù: ·ÎÄà ³×Æ®¿öÅ©¿¡ ¹°¸° ¸Ó½ÅÀÌ ¹Ù±ùÂÊ È£½ºÆ®¿¡ ¿¬°áÇÏ·Á ÇÒ ¶§, ¿©·¯ºÐÀÇ ¸®´ª½º¹Ú½º°¡ ±× Æ®·¡ÇÈÀ» ¸ô·¡ ·ÎÄà ¼­¹ö·Î º¸³»¼­ ÇÁ·Ï½Ã ¼­¹ö¿¡ Àִ ij½Ã¸¦ º¸¿©ÁÝ´Ï´Ù. ³ÝÇÊÅÍ¿¡´Â ÀÌÀü¿¡ ¸Þ½ºÄ¿·¹À̵ù(ipmasqadm)À̶ó ºÎ¸£´ø µµ±¸, ÆÐŶ ÇÊÅ͸µ(ipchains), Åõ¸íÇÑ ÇÁ·Ï½Ã(transparent proxying), Æ÷Æ®Æ÷¿öµù ¸ÞÄ¿´ÏÁò(portforwarding mechanisms, ipfwadm) µî ´Ù¾çÇÑ ¸ðµâµéÀÌ ÀÖ½À´Ï´Ù. ÀÌÁ¦ ipchains´Â "iptables"·Î ¹Ù²î¾ú½À´Ï´Ù. ¿©·¯ºÐÀÌ ³ÝÇÊÅ͸¦ »ç¿ëÇÏ·Á¸é ¾Æ·¡¿¡ "Fast switching"¿¡´Â ²À [N]À» ´äÇÏ°í ÀÌ °÷¿¡ [Y]¸¦ ´äÇØ¾ß ÇÕ´Ï´Ù. ºü¸¥ ½ºÀ§ÄªÀº ³ÝÇÊÅ͸¦ ¿ìȸÇϱ⠶§¹®ÀÔ´Ï´Ù. ¿©·¯ºÐÀÇ ¸®´ª½º ¹Ú½º¸¦ ¶ó¿ìÅͳª °ÔÀÌÆ®¿þÀÌ·Î ¾²·Á¸é [Y]¸¦ ´äÇÏ°í ±×³É º¸Åë È£½ºÆ®·Î »ç¿ëÇÑ´Ù¸é [N]À» ´äÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

Network packet filtering debugging : ³ÝÇÊÅÍ Äڵ带 µð¹ö±ëÇϴµ¥ À¯¿ëÇÑ Á¤º¸µéÀ» Ãß°¡ÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

Socket Filtering : ¸®´ª½º ¼ÒÄÏ ÇÊÅÍ´Â ¹öŬ¸®ÀÇ ÆÐŶ ÇÊÅͷκÎÅÍ ÆÄ»ýµÈ °ÍÀÔ´Ï´Ù. ÀÌ °÷¿¡ [Y]¸¦ ´äÇÏ¸é »ç¿ëÀÚ-°ø°£ ÇÁ·Î±×·¥µéÀÌ ¾Æ¹« ¼ÒÄÏ¿¡³ª ÇÊÅ͸¦ ºÙÀÏ ¼ö ÀÖ°í ±×·¡¼­ ¼ÒÄÏÀ» ÅëÇØ ¾òÀº µ¥ÀÌÅÍ¿¡ ´ëÇØ Çü½ÄÀ» Á¤ÇÏ°í Çã°¡/ºÒ°¡ µî Á¤Ã¥À» Ä¿³Î¿¡ ¸»ÇÕ´Ï´Ù. ¸®´ª½º ¼ÒÄÏ ÇÊÅ͸µÀº Áö±Ý ICP¸¦ Á¦¿ÜÇÑ ¸ðµç ¼ÒÄÏ¿¡¼­ µ¿ÀÛÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

Network aLiaSing : ³×Æ®¿öÅ© µå¶óÀ̹ö°¡ ¿©·¯ °³ÀÇ IP ÁÖ¼Ò¸¦ °¡Áú ¼ö ÀÖµµ·Ï ÇÏ´Â ¼³Á¤ÀÔ´Ï´Ù. ¾ÆÆÄÄ¡ À¥ ¼­¹ö¸¦ ÀÌ¿ëÇÑ À¥ È£½ºÆà ¼­ºñ½º µî¿¡ ¾²ÀÔ´Ï´Ù. ¶Ç´Â ÀÌ´õ³Ý Ä«µå Çϳª·Î ¿©·¯°³ÀÇ ³í¸®ÀûÀÎ ³×Æ®¿öÅ©¿¡ ¿¬°áÇÒ ¶§ ¾²ÀÔ´Ï´Ù. ¼Óµµ°¡ ´À·ÁÁöÁö¸¸, ÇϳªÀÇ ÀÌ´õ³Ý Ä«µå·Î ¸Å½ºÄ¿·¹À̵ù ¼­ºñ½º¸¦ Á¦°øÇÒ ¼öµµ ÀÖ½À´Ï´Ù.

Socket FiLtering : ¸®´ª½º ¼ÒÄÏÇÊÅÍ´Â ¹öŬ¸® ÆÐŶÇÊÅÍ¿¡¼­ ÆÄ»ýµÇ¾ú½À´Ï´Ù. Unix ½Ã½ºÅÛÀº ¼ÒÄÏÀ» ÅëÇØ ÇÁ·Î¼¼½º »çÀÌ Åë½ÅÀÌ ÀÌ·ç¾îÁý´Ï´Ù. ÀÌ ±â´ÉÀ» ¼±ÅÃÇϸé Ä¿³Î ¼öÁØ¿¡¼­ ¼ÒÄÏÀ» Á¶»çÇÏ°í, Çã¿ëÇÏ´ÂÁö ¸¶´ÂÁö ÁöÁ¤ÇÒ ¼ö ÀÖ½À´Ï´Ù. ¸®´ª½º ¼ÒÄÏ ÇÊÅ͸µÀº TCP¸¦ Á¦¿ÜÇÑ ¸ðµç Á¾·ùÀÇ ¼ÒÄÏ¿¡ µ¿ÀÛÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

Unix domain SocketS :¼ÒÄÏÀº ³×Æ®¿öÅ© ¿¬°áÀ» °³¼³ÇÏ°í ¾×¼¼½ÌÇϱâ À§ÇÑ Ç¥ÁØ ÀåÄ¡(mechanism)ÀÔ´Ï´Ù. ¸®´ª½º ¹Ú½º°¡ ¾î¶² ³×Æ®¿öÅ©¿¡µµ ¿¬°áµÇÁö ¾Ê¾Æµµ X À©µµ¿ì ½Ã½ºÅÛÀ̳ª syslog °°Àº ¸¹Àº ÀϹÝÀûÀÎ ÇÁ·Î±×·¥ÀÌ ¼ÒÄÏÀ» »ç¿ëÇÕ´Ï´Ù. ÀÌ ±â´ÉÀ» ¸ðµâ·Î ¼³Á¤ÇÏ°í ¸ðµâ ÀûÀ縦 ÀØÀ¸¸é(neglect to load the module) ¸î °¡Áö Áß¿äÇÑ ¼­ºñ½ºµéÀÌ Á¦´ë·Î µ¿ÀÛÇÏÁö ¾ÊÀ» °ÍÀÔ´Ï´Ù. [Y]¸¦ ±ÇÀåÇÕ´Ï´Ù.

TCP/IP networking : ÀÎÅͳݰú ÀÌ´õ³Ý µî °ÅÀÇ ´ëºÎºÐ ³×Æ®¿öÅ©¿¡¼­ »ç¿ëÇϴ ǥÁØ ÇÁ·ÎÅäÄÝÀÔ´Ï´Ù. ÀÎÅÍ³Ý Á¢¼Ó»Ó¸¸ ¾Æ´Ï¶ó ´Ù¸¥ ¸¹Àº ÇÁ·Î±×·¥¿¡ ²À ÇÊ¿äÇϹǷΠ´õ ¸»ÇÒ °Íµµ ¾øÀÌ ¹Ýµå½Ã [Y]¸¦ ¼±ÅÃÇÕ´Ï´Ù. TCP/IP´Â µ¥ÀÌÅÍ Åë½Å ÇÁ·ÎÅäÄÝ ¸ðÀ½À» °¡¸®Å°´Â °ÍÀ¸·Î, ±× °¡¿îµ¥ °¡Àå Áß¿äÇÑ Àü¼Û Á¦¾î ÇÁ·ÎÅäÄÝ(transmission control protocol)°ú ÀÎÅÍ³Ý ÇÁ·ÎÅäÄÝ(internet protocol)¿¡¼­ À̸§À» µû ¿Â °ÍÀÔ´Ï´Ù.

IP: muLticaSting : ¸Þ½ÃÁö¸¦ ¹Ì¸® Á¤ÇÑ ¿©·¯ ¸ñÀûÁö¿¡ º¸³»´Â ±â´ÉÀÔ´Ï´Ù. ÀÌ¿Í ´Ù¸£°Ô broadcaSt´Â ³×Æ®¿öÅ© ¾ÈÀÇ ¸ðµç ÀåÄ¡°¡ ÆÐŶÀ» ¼ö½ÅÇÕ´Ï´Ù. ¸ÖƼij½ºÆÃÀº ºÎ¼­º° °øÁö, ´º½º Ǫ½Ã µî¿¡ »ç¿ëµÇ±âµµ ÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N]. 

[ ]   IP: multicasting
[ ]   IP: muLticaSt routing
[ ]     IP: PIM-SM verSion 1 Support
[ ]     IP: PIM-SM verSion 2 Support

IP: multicast routing : ¸®´ª½º ¹Ú½º°¡ ´Ù¼öÀÇ ¸Ó½Å¿¡ IP ÆÐŶÀ» Àü¼ÛÇÒ ¶§ »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù. MBONE, ¿Àµð¿À³ª ºñµð¿À broadcast¸¦ ¸ñÀûÀ¸·Î ±¸¼ºµÈ ³ôÀº ´ë¿ªÀÇ ÀÎÅͳݿ¡¼­ »ç¿ëµË´Ï´Ù. Multicast¿ë ³×Æ®¿öÅ© Ä«µå Á¤º¸´Â x Documentation/networking/multicast.txt¿¡ ÀÖ½À´Ï´Ù. ´ëºÎºÐÀÇ »ç¿ëÀÚ¿¡°Ô ÀÌ ±â´ÉÀº ÇÊ¿ä ¾ø½À´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

IP: advanced router : ¸®´ª½º ¹Ú½º¸¦ ÁÖ·Î ¶ó¿ìÅÍ·Î »ç¿ëÇÒ °èȹÀ̶ó¸é ¼³Á¤ÇÕ´Ï´Ù. ¶ó¿ìÅÍ´Â ÆÐŶ °æ·Î¸¦ Á¦¾îÇÏ´Â °ÍÀ¸·Î ÆÐŶÀ» ¾î¶² °ÔÀÌÆ®¿þÀÌ·Î º¸³¾ °ÍÀÎÁö¸¦ °áÁ¤ÇÕ´Ï´Ù. ¶ó¿ìÅÍ°¡ °ÔÀÌÆ®¿þÀÌ ¿ªÇÒ±îÁö ÇÏ´Â °æ¿ì°¡ ¸¹±â ¶§¹®¿¡ ¶§·Î´Â °ÔÀÌÆ®¿þÀ̶ó ºÒ¸®±âµµ ÇÕ´Ï´Ù. ÀÌ ¿É¼ÇÀº ÀϹÝÀûÀÎ ¶ó¿ìÆà ±â´É¿¡ ÇÊÅ͸µ, º¸¾È(¿¹¸¦ µé¾î IP ¼ÓÀ̱⠿¹¹æ) µî ¸î °¡Áö Çâ»óµÈ ±â´ÉÀ» Áö¿øÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N]. 

[ ]     IP: poLicy routing
[ ]     IP: faSt network addreSS tranSLation
[ ]     IP: equaL coaSt muLtipath
[ ]     IP: uSe TOS vaLue aS routing key
[ ]     IP: verboSe route monitoring
[ ]     IP: Large routing tabLeS

IP: policy routing : ÀϹÝÀûÀ¸·Î, ¶ó¿ìÅÍ´Â ¼ö½ÅÇÑ ÆÐŶÀÇ ¸ñÀûÁö ÁÖ¼Ò¿¡ µû¶ó ¹«¾ùÀ» ÇÒ Áö °áÁ¤ÇÕ´Ï´Ù. ¸¸ÀÏ ÀÌ ¿É¼Ç¿¡ [Y]¶ó°í ´äÇÑ´Ù¸é ¸®´ª½º ¶ó¿ìÅÍ°¡ ÆÐŶÀÇ ¼Û½ÅÁö ÁÖ¼Ò¸¦ °í·ÁÇÒ ¼öµµ ÀÖ°Ô µË´Ï´Ù. ¾Æ·¡ "IP: TOS °ªÀ» ¶ó¿ìÆà Ű·Î »ç¿ëÇϱâ"µµ [Y]¶ó°í ´äÇÑ´Ù¸é ÆÐŶÀÇ TOS(Type-Of-Service¼­ºñ½º ŸÀÔ) ºÎºÐÀº ¶ó¿ìÆà °áÁ¤À» À§Çؼ­ »ç¿ëÇÒ ¼ö ÀÖ°Ô µË´Ï´Ù. "IP: ºü¸¥ ³×Æ®¿÷ ÁÖ¼Ò ¹ø¿ª"¿¡ [Y]¶ó°í ÇÑ´Ù¸é ¸®´ª½º ¶ó¿ìÅÍ´Â Àü¼ÛµÈ ÆÐŶÀÇ ¼Û½ÅÁö¿Í ¸ñÀûÁö Áּҵ鸶Àúµµ ¼öÁ¤ÇÒ ¼ö ÀÖ°Ô µË´Ï´Ù.

IP: fast network address translation : [Y]¸¦ ¼±ÅÃÇϸé, Åë°úÇÏ´Â ÆÐŶµéÀÇ Ãâ¹ßÁö ÁÖ¼Ò¿Í ¸ñÀûÁö ÁÖ¼Ò¸¦ ¸¶À½´ë·Î º¯°æÇÒ¼ö ÀÖ°Ô µË´Ï´Ù. ³×Æ®¿÷ ÁÖ¼Ò Çؼ®¿¡ ´ëÇÑ ÀϹÝÀûÀÎ Á¤º¸¸¦ ¿øÇÏ¸é ´ÙÀ½ÀÇ ÁÖ¼Ò·Î °¡º¾´Ï´Ù: http://www.csn.tu-chemnitz.de/ mha/linux-ip-nat/diplom/nat.html

IP: equal cost multipath : ÀϹÝÀûÀ¸·Î, ¶ó¿ìÆà Å×À̺íÀº ÁÖ¾îÁø ÆÐŶ¿¡ ´ëÇÑ ÇϳªÀÇ ÇൿÀ» ±¸Ã¼ÀûÀ¸·Î ¾Ë·ÁÁÝ´Ï´Ù. ±×·¯³ª, ¿©±â¿¡ ¸¸¾à [Y]¶ó°í ´äÇÑ´Ù¸é ÆÐŶ ÆÐÅÏ¿¡ ¿©·¯ °³ÀÇ ÇൿÀ» µ¡ºÙÀÌ´Â °ÍÀÌ °¡´ÉÇØ Áö°í, ±× ÆÐŶÀÌ Àü´ÞµÇ±â À§ÇØ ½ÇÁ¦·Î °ÅÃÄ¾ß ÇÒ ´ëü °æ·ÎµéÀ» ±¸Ã¼ÀûÀ¸·Î ¾Ë·ÁÁÝ´Ï´Ù. ¶ó¿ìÅÍ´Â ÀÌ·± °æ·ÎµéÀ» µ¿ÀÏÇÑ "ºñ¿ë"À¸·Î ¿©°Ü¼­, ¸¸ÀÏ ÀÏÄ¡ÇÏ´Â ÆÐŶÀÌ µµÂøÇϸé, À¯µ¿ÀûÀ¸·Î(non-deterministic fashion) ±× °æ·Îµé Áß¿¡ Çϳª¸¦ ¼±ÅÃÇÏ°Ô µË´Ï´Ù.

IP: use TOS value as routing key : ¸ðµç IP ÆÐŶÀÇ Çì´õºÎºÐÀº ±× ÆÐŶÀÌ ¿ä±¸Çϴ ƯÁ¤ 󸮺κÐÀ» ´ã°í ÀÖ´Â TOS(Type of Service ¼­ºñ½ºÇüÅÂ)°ªÀ» °¡Áö°í ÀÖ½À´Ï´Ù. ¿¹¸¦ µé¾î, (»óÈ£ÀÛ¿ëÇÏ´Â Æ®·¡ÇÈÀ» À§ÇÑ) low latency, ³ôÀº 󸮷®, ³ôÀº ½Å·Úµµ °°Àº °Íµé. ¸¸ÀÏ ¿©·¯ºÐÀÌ ¿©±â¿¡ [Y]¶ó°í ´äÇϸé, ¼­·Î ´Ù¸¥ TOS°ªµéÀ» °¡Áø ÆÐŶµéÀ» À§ÇØ ¼­·Î ´Ù¸¥ ¶ó¿ìÆ®¸¦ ÁöÁ¤ÇÒ ¼ö ÀÖ°Ô µË´Ï´Ù.

IP: verbose route monitoring : ¸¸ÀÏ ¿©·¯ºÐÀÌ ¿©±â¿¡ [Y]¶ó°í ´äÇϸé(±ÇÀå»çÇ×ÀÔ´Ï´Ù), Ä¿³ÎÀÌ ¶ó¿ìÆÿ¡ °üÇؼ­ ÀÚ¼¼ÇÑ ¸Þ½ÃÁöµéÀ» Ãâ·ÂÇÒ °ÍÀÔ´Ï´Ù. ¿¹¸¦ µé¾î, ÀÌ»óÇÏ°Ô º¸ÀÌ´Â ¼ö½Å ÆÐŶµéÀ̳ª, ½Ã½ºÅÛ ¼³Á¤ ¾îµò°¡ÀÇ ¿À·ù, ¶Ç´Â °ø°ÝÀÇ Áõ°Å°¡ µÉ ¼ö ÀÖ´Â °Íµé¿¡ ´ëÇؼ­ °æ°í ¸Þ½ÃÁöµéÀ» ¸»ÇØ ÁÝ´Ï´Ù. Á¤º¸´Â Ä¿³Î ¸Þ½ÃÁöºÎºÐÀ» ´ã´çÇÏ´Â klogdµ¥¸óÀÌ ´Ù·ç°íÀÖ½À´Ï´Ù. ("man klogd")

IP: large routing tables : ¶ó¿ìÆà Á¸¿¡ 64 Ç׸ñ ÀÌ»óÀÌ ÇÊ¿äÇÏ´Ù¸é [Y]¸¦ ¼±ÅÃÇؼ­ ¶ó¿ìÆà ÇÁ·Î¼¼½º ¼Óµµ¸¦ ³ôÀÔ´Ï´Ù.

IP: kerneL LeveL autoconfiguration : Ŭ¶óÀ̾ðÆ® ½Ã½ºÅÛÀÌ ºÎÆÃÇÒ¶§ BOO TP ¼­¹ö·ÎºÎÅÍ ³×Æ®¿öÅ© ¼³Á¤ Á¤º¸¸¦ °¡Á®¿À´Â ±â´ÉÀÔ´Ï´Ù. µð½ºÅ©°¡ ¾øÀÌ ºÎÆ®ÇÏ´Â ½Ã½ºÅÛ¿¡ ¾²À̸ç, "NFS¸¦ ÅëÇÑ ·çÆ® ÆÄÀϽýºÅÛ" Ç׸ñµµ ¿ª½Ã [Y]¸¦ ¼±ÅÃÇØ¾ß ÇÕ´Ï´Ù. º¸´Ù »õ·Î¿î ¹æ¹ýÀº DHCP¸¦ »ç¿ëÇÏ´Â °ÍÀÔ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N]. 

[ ]      IP: BOOTP Support
[ ]      IP: RARP Support

IP: tunneLing : ÇÑ ÇÁ·ÎÅäÄÝ ¾È¿¡ ´Ù¸¥ ÇÁ·ÎÅäÄÝÀÇ ÀڷḦ ĸ½¶È­ÇÏ¿© ¼­·Î ´Ù ¸¥ ÇÁ·ÎÅäÄÝ »çÀÌ¿¡¼­ Àü¼ÛÇÏ´Â ±â´ÉÀÔ´Ï´Ù. IP ÁÖ¼Ò º¯°æ ¾øÀÌ ³×Æ®¿öÅ© »çÀÌ ¸¦ ¿Å°Ü ´Ù´Ï´Â MobiLe IPµî ±â´É°ú °ü·ÃµÈ ¿É¼ÇÀÔ´Ï´Ù. ´ëºÎºÐ ÀÌ ±â´ÉÀÌ ÇÊ¿ä ¾ø½À´Ï´Ù. [N]

IP: GRE tunneLS over IP : GRE(generic routing encapSuLation)´Â ¸ÖƼij½º Æ®, IPv6¸¦ Áö¿øÇÕ´Ï´Ù. CiSco ¶ó¿ìÅÍ¿¡ ¿¬°áµÉ ¶§ À¯¿ëÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

IP: ARP daemon Support (EXPERIMENTAL) : ÀϹÝÀûÀ¸·Î Ä¿³ÎÀº ·ÎÄà ³×Æ®¿öÅ©¿¡¼­ IP ÁÖ¼Ò¿Í Çϵå¿þ¾î ÁÖ¼Ò MAPÀ» ³»ºÎ ij½Ã·Î °¡Áö°í ÀÖ½À´Ï´Ù. ¼ö¹é°³ ÀÌÇÏÀÇ È£½ºÆ®°¡ ¿¬°áµÈ ¼Ò±Ô¸ð ³×Æ®¿öÅ©¿¡¼­´Â ARP(Address Resolution Protocol) ij½Ã¸¦ Ä¿³Î Â÷¿ø¿¡¼­ °ü¸®ÇÏÁö¸¸, ¸Å¿ì Å« ³×Æ®¿öÅ©(switched network)¿¡¼­´Â º°·Î ÁÁÁö¾Ê½À´Ï´Ù. ¸¸ÀÏ ³×Æ®¿öÅ© ¿¬°á(TCP/IP)µéÀÌ ¸¹´Ù¸é Ä¿³Î ¸Þ¸ð¸®ÀÇ ¸¹Àº ºÎºÐÀ» ARP ij½Ã·Î »ç¿ëÇÏ°Ô µË´Ï´Ù. ÀÌ ¿É¼Ç¿¡¼­ [Y]¸¦ ¼±ÅÃÇϸé, Ä¿³Î ³»ºÎ ARP ij½¬°¡ 256 ¿£Æ®¸®(entry)ÀÌÇÏ·Î À¯ÁöµË´Ï´Ù. (°¡Àå ¿À·¡µÈ ¿£Æ®¸®´Â LIFOÀ» ÅëÇØ °»½ÅµË´Ï´Ù.) ±×¸®°í ¿¬°áÀº À¯Àú °ø°£ÀÇ arpd¸¦ ÅëÇØ ÀÌ·ç¾îÁý´Ï´Ù. ARP³ª RARP´Â ³×Æ®¿öÅ©¿¡ ÀÚ½ÅÀÇ IP ÁÖ¼Ò³ª ¹°¸®ÁÖ¼Ò¸¦ ¹¯°Å³ª(broadcast), ÀÚ½ÅÀÇ Ä³½Ã¿¡¼­ È®ÀÎÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

IP: TCP Explicit Congestion Notification support : ÀÌ ¿É¼ÇÀº Àåºñµé¿¡°Ô Àü¼Û¼Óµµ¸¦ ³·Ãß¾î ÁÙ °ÍÀ» ¿ä±¸ÇÏ´Â ¸í¹éÇÑ È¥Àâ °øÁö(ECN) ºñÆ®¸¦ Çã¿ëÇÕ´Ï´Ù. ³×Æ®¿öÅ©°¡ È¥ÀâÇϸé ÀÀ´ä½Ã°£ÀÌ ´Ê¾îÁö°í 󸮷®ÀÌ °¨¼ÒÇÏ°Ô µË´Ï´Ù(³×Æ®¿öÅ©°¡ È¥ÀâÇÏ¸é ±³È¯±â´Â µ¥ÀÌÅ͸¦ ´Ü¼øÈ÷ »èÁ¦Çϱ⠶§¹®ÀÔ´Ï´Ù). ÀÌ·² ¶§ Ŭ¶óÀ̾ðÆ®°¡ üÁõ¿¡ ´ëÇØ ¶ó¿ìÅÍ¿¡ ¾Ë¸®µµ·Ï ÇÏ¸é °á°úÀûÀ¸·Î ¹ö·ÁÁö´Â ÆÐŶÀÌ ÁÙ¾îµé°Ô µÇ¹Ç·Î ³×Æ®¿öÅ© ÆÛÆ÷¸Õ½º°¡ ³ô¾ÆÁý´Ï´Ù. ÀÎÅͳݿ¡´Â ECNÀ» º¸³»´Â ¸Ó½ÅÀ¸·ÎºÎÅÍÀÇ ¿¬°áÀ» °ÅºÎÇÏ´Â °íÀå³­ ¹æÈ­º®µéÀÌ ¸¹ÀÌ Àִµ¥, ±×·± ¹æÈ­º® µÚ¿¡ ÀÖ´Â »çÀÌÆ®¿¡ Á¢¼ÓÇÏ·Á¸é ÀÌ ¿É¼ÇÀ» ²¨¾ßÇÕ´Ï´Ù. ±×·± °æ¿ì ÀÌ °÷¿¡ [N]À» ´äÇϰųª, sysctlÀ» ÀÌ¿ëÇØ ½ÇÇà½Ã°£¿¡ ²ø ¼ö ÀÖ½À´Ï´Ù. (/proc/sys/net/ipv4/tcp_ecn) Àß ¸ð¸£°ÚÀ¸¸é [N].

IP: TCP SyncookeS Support (not enabLedper deauLt) : TCP/IPÀÇ ¾àÁ¡À» ÀÌ¿ëÇØ ¼­¹ö¿¡ Á¢¼ÓÀ» ÇÒ ¼ö ¾øµµ·Ï ÇÏ´Â SYN attack(ÀÌ ¾àÁ¡À» ÀÌ¿ëÇØ TC P/IP hijackµî °ø°ÝÀ» ÇÕ´Ï´Ù)À» ¸·¾ÆÁÝ´Ï´Ù. ¼­ºñ½º °ÅºÎ °ø°Ý(Denial-of-service)À» ´çÇÏ´Â µ¿¾È¿¡´Â ÇÕ¹ýÀûÀÎ ¿ø°Ý »ç¿ëÀÚµéÀÌ Á¢¼ÓÇϱ⠾î·Á¿öÁö´Âµ¥, ÀÌ·± °ø°ÝÀº ÀÎÅͳݿ¡ ¿¬°áµÈ ¸Ó½ÅÀÌ ÀÖ´Ù¸é ´©±¸µçÁö ½±°Ô ½ÃµµÇÒ ¼ö ÀÖ½À´Ï´Ù. ±×·¯³ª ÀÌ ¿É¼ÇÀ» »ç¿ëÇϸé, TCP/IP ½ºÅÿ¡¼­ "SYN cookies"¶ó°í ºÒ¸®´Â ¾ÏȣȭµÈ ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇϹǷÎ, ÄÄÇ»ÅÍ°¡ °ø°ÝÀ» ¹Þ°í ÀÖ´õ¶óµµ ÇÕ¹ýÀûÀÎ »ç¿ëÀÚ°¡ °è¼ÓÇؼ­ Á¢¼ÓÇÒ ¼ö ÀÖµµ·Ï º¸È£ÇÕ´Ï´Ù. SYN cookies´Â ¼ÒÇÁÆ®¿þ¾îµé¿¡ ´ëÇØ Åõ¸íÇÏ°Ô µ¿ÀÛÇϹǷΠ»ç¿ëÀÚµéÀº ÀÚ½ÅÀÇ TCP/IP ¼ÒÇÁÆ®¿þ¾îµéÀ» º¯°æÇÒ ÇÊ¿ä°¡ ¾ø½À´Ï´Ù. ¸¸¾à ¿©·¯ºÐÀÌ SYN flood °ø°ÝÀ» ¹Þ°í ÀÖ´Ù¸é, Ä¿³ÎÀÌ ¾Ë·ÁÁÖ´Â °ø°ÝÀÚÀÇ ÁÖ¼Ò´Â À§Á¶ µÇ¾úÀ» °¡´É¼ºÀÌ ³ô½À´Ï´Ù;±× ÁÖ¼Ò´Â ÆÐŶµéÀÇ ½ÇÁ¦ ÁÖ¼Ò¸¦ ÃßÀûÇϴµ¥ µµ¿òÀÌ µÉ »ÓÀ̸ç, Àý´ëÀûÀÎ °ÍÀ¸·Î Ãë±ÞÇؼ­´Â ¾È µË´Ï´Ù. SYN cookies´Â ¸¸¾à ¼­¹ö°¡ ¸Å¿ì °úÁßÇÑ ºÎÇÏ¿¡ ½Ã´Þ¸®°í À־, Ŭ¶óÀ̾ðÆ®¿¡ ´ëÇÑ ¿¡·¯¸¦ ¿Ã¹Ù·Î ¾Ë¸± ¼ö ¾øÀ» Áö°æÀ̶ó¸é ÀÌ ¿É¼ÇÀ» ¼±ÅÃÇÏÁö ¸»¾Æ¾ß ÇÕ´Ï´Ù. "/proc filesystem support"¿Í "Sysctl support"¿É¼Ç¿¡µµ [Y]¸¦ ¼±ÅÃÇÏ°í, ½Ã½ºÅÛÀ» proc ÆÄÀÏ ½Ã½ºÅÛÀÌ ¸¶¿îÆ®µÇ°í ³ª¼­ ´ÙÀ½ ¸í·ÉÀ» ½ÇÇàÇØ¾ß SYN cookies°¡ µ¿ÀÛÇÕ´Ï´Ù: echo 1 > /proc/sys/net/ipv4/tcp_syncookies SYN cookies¿¡ ´ëÇÑ ±â¼úÀûÀÎ Á¤º¸: ftp://koobera.math.uic.edu/pub/docs/syncookies-archive. Àß ¸ð¸£°ÚÀ¸¸é [Y]¸¦ ¼±ÅÃÇÕ´Ï´Ù.

The IPv6 protocoL (EXPERIMENTAL) : Internet ProtocolÀÇ ´ÙÀ½ ¹öÀü¿¡ ´ëÇÑ ½ÇÇèÀûÀÎ Áö¿øÀÔ´Ï´Ù. »õ·Î¿î ÇÁ·ÎÅäÄÝÀº (IP version 6: IPng¶Ç´Â "IP next generation"À̶ó°í ºÒ¸®±âµµ ÇÏ´Â) ´ÙÀ½°ú °°Àº Ư¡À» °®½À´Ï´Ù. ÁÖ¼Ò °ø°£ÀÌ 128 ºñÆ®·Î(ÇöÀç´Â 32ºñÆ®) Ä¿Á®¼­ ÁÖ¼Ò°¡ °í°¥µÇ´Â ÀÏÀÌ (¾Æ¸¶) ¾øÀ» °ÍÀÔ´Ï´Ù. ÇÁ·ÎÅäÄÝ ³»ºÎ¿¡ ÀÎÁõ°ú ºñ¹Ð À¯Áö µî º¸¾È¼ºÀÌ Çâ»óµË´Ï´Ù. Çì´õ°¡ ´õ ÇÕ¸®ÀûÀ¸·Î ±¸¼ºµÇ¾î 󸮼ӵµ°¡ »¡¶óÁý´Ï´Ù. ±× ¹Û¿¡ Áß°£ ¿¬°á¹æ¹ý ¾øÀÌ ÇöÀç ¹öÀü IP (IP version 4) ÇÁ·ÎÅäÄÝ°ú »óÈ£ ÀÛ¿ëÀÌ °¡´ÉÇÕ´Ï´Ù. ¾ÆÁ÷Àº [N]À» ¼±ÅÃÇÏ´Â °ÍÀÌ ¾ÈÀüÇÕ´Ï´Ù.

Kernel httpd acceleration (EXPERIMENTAL) : Ä¿³Î httpd °¡¼Ó ´ë¸ó(kHTTPd)Àº Ä¿³Î ¼Ó¿¡ ¸¸µé¾î ³ÖÀº (Á¦ÇѵÈ) À¥¼­¹öÀÔ´Ï´Ù. ÀÌ ¼­¹ö´Â ¿ÀÁ÷ ÆÄÀϽýºÅÛÀ¸·ÎºÎÅÍ ÆÄÀϵéÀ» Á¦°øÇÒ ¼ö ÀÖÀ¸¸ç CGI ½ºÅ©¸³Æ®Ã³·³ ½ÇÇàÇÒ ¼ö ÀÖ´Â ¸ñ·ÏÀº ´Ù·ê ¼ö ¾ø½À´Ï´Ù. kHTTPd¸¦ »ç¿ëÇÑ´Ù¸é ÆÄÀÏÀ» ¼­ºñ½ºÇÏ´Â ¼Óµµ°¡ »¡¶óÁý´Ï´Ù. ¸¸¾à kHTTPd°¡ Ŭ¶óÀ̾ðÆ®ÀÇ ¿äûÀ» ¸¶Ä¥ ¼ö ¾ø´Ù¸é, ¾ÆÆÄÄ¡ µî À¯Àú °ø°£(user space; kernel°ú ¹Ý´ëµÇ´Â Àǹ̷Î)ÀÇ À¥ ¼­¹ö¿¡ Åõ¸íÇÏ°Ô ÀüÇØÁÝ´Ï´Ù. ¸ðµâ·Î ¼³Á¤ÇÒ ¼öµµ ÀÖÁö¸¸; kHTTPd°¡ µ¹¾Æ°¡´Âµ¥ ¸¸Á·½º·´Áö ¾ÊÀ» °ÍÀÔ´Ï´Ù. ¾ÈÀüÀ» ÀÌÀ¯·Î, ¸ðµâÀÌ ¿Ã¶ó°£ µÚ¿¡ ´ÙÀ½ ¸í·ÉÀ» ³»·Á¾ß ¸ðµâÀÌ È°¼ºÈ­µË´Ï´Ù: "echo 1 > /proc/sys/net/khttpd/start". kHTTPd´Â ¾ÆÁ÷ ½ÇÇèÀûÀÎ ¼öÁØÀ̹ǷΠÀÌ ¿É¼ÇÀ» »ç¿ëÇÏ´Â Á¦Ç°À» ¸¸µé ¶§¿¡´Â Á¶½ÉÇØ¾ß ÇÕ´Ï´Ù. ±×¸®°í Çϳª ´õ, ¾ÆÁ÷ °¡»ó ¼­¹ö´Â Áö¿øÇÏÁö ¾Ê½À´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

Asynchronous Transfer Mode (ATM) : ATMÀº LAN ȤÀº WAN( Wide Area Networks)¿¡¼­ ¾²ÀÌ´Â °í¼Ó ³×Æ®¿öÅ· ±â¼úÀÔ´Ï´Ù. ATMÀº °íÁ¤µÈ ÆÐŶ Å©±â¸¦ »ç¿ëÇÏ¸ç ¿¬°á ÁöÇâ, ´õ ÀÛÀº ´ë¿ªÆøÀ» »ç¿ëÇϵµ·Ï Çù»óÇÒ ¼ö ÀÖ½À´Ï´Ù. ATMÀ» »ç¿ëÇÏ·Á¸é ¿©·¯ºÐÀÇ ¸®´ª½º ¹Ú½º¿¡ ATM ³×Æ®¿öÅ· Ä«µå°¡ ÇÊ¿äÇÕ´Ï´Ù. ¸¸¾à ATM Ä«µå°¡ ÀÖ´Ù¸é ÀÌ °÷¿¡¼­ [Y]¸¦ ¼±ÅÃÇÏ°í ¾Æ·¡¿¡¼­ ¸Â´Â µå¶óÀ̹ö¸¦ °í¸¨´Ï´Ù. ±×¸®°í, Ä¿³Î Áö¿ø ¿Ü¿¡µµ À¯Àú °ø°£ÀÇ ÇÁ·Î±×·¥µéÀÌ ÇÊ¿äÇÕ´Ï´Ù. ATM(Asynchronous Transfer Mode : ºñµ¿±âÀü¼Û¸ðµå)¿¡¼­´Â º¸³»·Á´Â Á¤º¸¸¦ ¹Ì¸® ¾à¼ÓÇÑ Å©±âÀÇ ÆÐŶÀ¸·Î ³ª´« ´ÙÀ½, ÆÐŶÀÇ Çì´õ ºÎºÐ¿¡ ¸ñÀûÁö Á¤º¸¸¦ µ¡ºÙ¿© Àü¼ÛÇÕ´Ï´Ù. ÆÐŶµéÀÌ ¸ñÀûÁö¿¡ ´Ù´Ù¸£¸é ±ÔÄ¢¿¡ µû¶ó ´Ù½Ã ¿ø·¡ÀÇ Á¤º¸·Î ȯ¿øÇÕ´Ï´Ù.

---

The IPX protocoL : NoveLL ³×Æ®¿öÅ©¿¡ ¿¬°áÇÒ ¶§ ¼³Á¤ÇÕ´Ï´Ù. ³ëº§ ³×Æ®¿öÅ©¿Í ¿¬°áµÇÁö ¾Ê´Â´Ù¸é [N]À» ¼±ÅÃÇÕ´Ï´Ù.

IPX: FuLL internaL IPX network, IPX:SPX networking (EXPERIMEN TAL) : ³ëº§ ³×Æ®¿öÅ·°ú °ü·ÃµÈ ±â´ÉÀÔ´Ï´Ù. [N]

Appletalk protocol support : AppLeÄÄÇ»Å͸¦ À§ÇÑ ³×Æ®¿öÅ©ÇÁ·ÎÅäÄÝÀÔ´Ï´Ù. ¸®´ª½º ¹Ú½º¸¦ ÀÌ ³×Æ®¿öÅ©¿¡ ¿¬°áÇϱâ À§Çؼ­´Â netatalk ÆÐÅ°Áö°¡ ÇÊ¿äÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

DECnet Support : (Áö±ÝÀº CompaqÀÎ)µðÁöƲ»ç¿¡¼­ ¸¸µç ¸¹Àº Á¦Ç°µéÀÌ DECnet ³×Æ®¿öÅ· ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

802.1d Ethernet Bridging : ¸®´ª½º¹Ú½º¸¦ ÀÌ´õ³Ý ºê¸®Áö·Î »ç¿ëÇÕ´Ï´Ù. ÀϹÝÀûÀ¸·Î ºê¸®Áöº¸´Ù È¿À²ÀûÀÎ ±â´ÉÀ» °¡Áø ¶ó¿ìÅÍ°¡ ´õ ¸¹ÀÌ ¾²ÀÔ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

CCITT X.25 Packer Layer (EXPERIMENTAL) : X.25 ÆÐŶ ·¹À̾î´Â Á¤ºÎ, ÀºÇà µî ±â°ü¿¡¼­ WA[N]À» ±¸¼ºÇϱâ À§ÇØ »ç¿ëÇϴ ǥÁØ ³×Æ®¿öÅ© ÇÁ·ÎÅäÄÝÀÔ´Ï ´Ù. PLP¿Í LAPB µÎ °³ÀÇ ÇÁ·ÎÅäÄÝ·Î ±¸¼ºµË´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

LAPB Data Link Driver (EXPERIMENTAL) : Link Access Prodedure for Ba Lanced´Â X.25 ÇÁ·ÎÅäÄÝÀÇ ÇÏÀ§ ·¹º§ ±¸¼º¿ä¼ÒÀÔ´Ï´Ù. ¸®´ª½º¿¡¼­´Â ÀÌ´õ³Ý Ä¿³Ø¼Ç¿¡ ´ëÇÑ LAPB¸¸À» Áö¿øÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

802.2 LLC (VERY EXPERIMENTAL) : ÀϹÝÀûÀÎ ÀÌ´õ³Ý Ä«µå¸¦ ÀÌ¿ëÇÏ´Â ³×Æ®¿öÅ©¿¡¼­ X.25 ³×Æ®¿öÅ©¿¡ ¿¬°áÇÏ´Â 802.2 Logical LinkLayer ÇÁ·ÎÅäÄÝÀÔ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

Acorn Econet/AUN protocols (EXPERIMENTAL) :EconetÀº Arcon ÄÄÇ»ÅÍ¿¡¼­ ÆÄÀÏ, ÇÁ¸°ÅÍ ¼­¹ö¿¡ ¾×¼¼½ºÇϱâ À§ÇØ »ç¿ëµÇ´ø ¾ÆÁÖ ¿À·¡µÇ°í ´À¸° ³×Æ®¿öÅ· ÇÁ·ÎÅäÄÝÀÔ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

WAN router :WANÀº Çϳª ÀÌ»óÀÇ LANÀ¸·Î ±¸¼ºµÈ ±¤¿ª³×Æ®¿öÅ©ÀÔ´Ï´Ù. WAN ¶ó¿ìÅ͸¦ ¸®´ª½º ¹Ú½º¸¦ ÀÌ¿ëÇÏ¿© »ó´ëÀûÀ¸·Î ¸Å¿ì Àú·ÅÇÏ°Ô ±¸¼ºÇÒ ¼ö ÀÖ½À´Ï´Ù. ÀÌ ±â´ÉÀ» À§Çؼ­´Â wan-tools ÆÐÅ°Áö°¡ ÇÊ¿äÇÕ´Ï´Ù.

Fast Switching (read help!) : tuLip µî ÀÌ ±â´ÉÀ» Áö¿øÇÏ´Â NIC(network int erface card)³¢¸® Á÷Á¢ µ¥ÀÌÅ͸¦ ºü¸£°Ô ±³È¯ÇÒ ¼ö ÀÖ½À´Ï´Ù. "advanced router" ±â´É°ú ÇÔ²² »ç¿ëÇÒ ¼ö ÀÖÁö¸¸ ¹æÈ­º®À» ±¸ÃàÇÑ´Ù¸é [N]À» ¼±ÅÃÇØ¾ß ÇÕ´Ï´Ù.

Forwarding between high Speed interfaceS : tuLip µî ÀÌ ±â´ÉÀ» Áö¿øÇÏ´Â NIC´Â ¿É¼ÇÀÌ È°¼ºÈ­µÇ¾úÀ» ¶§ Çϵå¿þ¾î ¼ÓµµÁ¶Àý ±â´ÉÀ» Áö¿øÇÕ´Ï´Ù. [N]À» ´äÇÏ´Â °ÍÀÌ ÁÁ½À´Ï´Ù.

15.1 Netfilter 

IP: Netfilter Configuration  --->
< > Connection tracking (required for masq/NAT)
<*>   FTP protocol support
< > Userspace queueing via NETLINK (EXPERIMENTAL)
< > IP tables support (required for filtering/masq/NAT)
< >   limit match support
< >   MAC address match support
< >   netfilter MARK match support
< >   Multiple port match support
< >   TOS match support
< >   Connection state match support
< >   Unclean match support (EXPERIMENTAL)
< >   Owner match support (EXPERIMENTAL)
< >   Packet filtering
<M>     REJECT target support
< >     MIRROR target support (EXPERIMENTAL)
< >   Full NAT
< >     MASQUERADE target support
< >     REDIRECT target support
< >   Packet mangling
< >     TOS target support
< >     MARK target support
< >   LOG target support
< > ipchains (2.2-style) support
< > ipfwadm (2.0-style) support

Connection tracking (required for masq/NAT) : ¿¬°á ÃßÀûÀº ¾î¶² ÆÐŶÀÌ ¿©·¯ºÐÀÇ ¸Ó½ÅÀ» °ÅÃÄ °¬´ÂÁö, ±×µéÀÌ ¾ó¸¶³ª ¿¬°á µÇ¾ú´ÂÁö ±× ±â·ÏÀ» À¯ÁöÇÕ´Ï´Ù. ÀÌ ¿É¼ÇÀº ¸Þ½ºÄ¿·¹À̵ù ȤÀº ´Ù¸¥ Á¾·ùÀÇ ³×Æ®¿öÅ© ÁÖ¼Ò º¯È¯(Fast NAT´Â »©°í)¿¡ ÇÊ¿äÇÕ´Ï´Ù. ±×¸®°í, Çâ»óµÃ ÆÐŶ ÇÊÅ͸µ¿¡µµ ¾²ÀÔ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

FTP protocol support : FTP ¿¬°áÀ» ÃßÀûÇÕ´Ï´Ù. È®½ÇÇÏÁö ¾Ê´Ù¸é [Y].

Userspace queueing via NETLINK (EXPERIMENTAL) : ³ÝÇÊÅÍ´Â À¯Àú °ø°£¿¡ ÆÐŶÀ» Å¥ÇÏ´Â ±â´ÉÀ» °¡Áý´Ï´Ù: ³Ý¸µÅ© ÀåÄ¡´Â ÀÌ µå¶óÀ̹ö¸¦ ÀÌ¿ëÇؼ­ ±×µé¿¡ ¿¢¼¼½º Çϵµ·Ï »ç¿ëµÉ ¼ö ÀÖ½À´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

IP tables support (required for filtering/masq/NAT) : iptableÀº ÀϹÝÀûÀ̸ç, È®ÀåÇÒ ¼ö ÀÖ´Â ÆÐŶ ½Äº° ±¸Á¶ÀÔ´Ï´Ù. ÆÐŶ ÇÊÅ͸µ°ú full NAT(masquerading, port forwarding, etc) ¼­ºê½Ã½ºÅÛÀº ÀÌÁ¦ ÀÌ °ÍÀ» »ç¿ëÇÕ´Ï´Ù: ±×·± ¼­ºñ½º °¡¿îµ¥ Çϳª¸¦ ¾²·Á¸é ÀÌ ¿É¼Ç¿¡¼­ [Y]³ª [M]À» ¼±ÅÃÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

limit match support : limit matchingÀº ¸ÅÄ¡µÇ´Â ·ê¿¡¼­ ¼Óµµ¸¦ Á¦¾îÇϵµ·Ï Çã¿ëÇÕ´Ï´Ù: LOG Ÿ±ê°ú (¾Æ·¡¿¡¼­ "LOG target support") ¼­ºñ½º °ÅºÎ °ø°Ý(DOS: Denial of Service) ȸÇÇ ±â´ÉÀ» Á¶ÇÕÇÒ ¶§ À¯¿ëÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

MAC address match support : MAC ¸ÅĪÀº Ãâ¹ßÁö ÀÌ´õ³Ý ÁÖ¼Ò¿¡ ±â¹ÝÇÑ ÆÐŶ ¸ÅÄ¡¸¦ Çã¿ëÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

netfilter MARK match support : ³ÝÇÊÅÍ ¸¶Å© ¸ÅĪÀº "nfmark" °ª¿¡ ±âÃÊÇÑ ÆÐŶ ¸ÅÄ¡¸¦ Çã¿ëÇÕ´Ï´Ù. MARK Ÿ±ê¿¡ ÀÇÇØ ¼³Á¤µË´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

Multiple port match support : ¸ÖƼÆ÷Æ® ¸ÅĪÀº Ãâ¹ßÁö³ª ¸ñÀûÁö Æ÷Æ®ÀÇ ½Ã¸®Áî¿¡ ±â¹ÝÇÑ TCP³ª UDP ÆÐŶ ¸ÅÄ¡¸¦ Çã¿ëÇÕ´Ï´Ù: ÀϹÝÀûÀ¸·Î ±ÔÄ¢ Çϳª´Â ÇÑ °¡Áö Æ÷Æ® ¹üÀ§¸¦ ¸ÅÄ¡ÇÒ ¼ö ÀÖ½À´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

TOS match support : TOS ¸ÅĪÀº IP ÆÐŶÀÇ ¼­ºñ½º ÇʵåÀÇ Çü½Ä¿¡ ±â¹ÝÇÑ ÆÐŶ ¸ÅÄ¡¸¦ Çã¿ëÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

Connection state match support : ¿¬°á »óÅ ¸ÅĪÀº ÃßÀûÇÑ Ä¿³Ø¼ÇÀÇ °ü°è¿¡ ±â¹ÝÇÑ(¿¹¸¦ µé¾î ÀÌÀü ÆÐŶµé) ÆÐŶ ¸ÅÄ¡¸¦ Çã¿ëÇÕ´Ï´Ù. ÀÌ ¿É¼ÇÀº ÆÐŶ ºÐ·ù¸¦ À§ÇÑ °­·ÂÇÑ µµ±¸ÀÔ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

Unclean match support (EXPERIMENTAL) : ±ú²ýÇÏÁö ¾Ê´Â ÆÐŶ ¸ÅĪÀº IP, TCP, UDP¿Í ICMP Çì´õ¿¡¼­ ¿¬¼ÓµÈ ÇʵåµéÀ» »ìÆì¼­ ³¸¼³°Å³ª ¹«È¿ÇÑ ÆÐŶµéÀ» ¸ÅÄ¡ÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

Owner match support (EXPERIMENTAL) : ÆÐŶÀÇ ¼ÒÀ¯ÀÚ ¸ÅĪÀº ÆÐŶÀ» »ý¼ºÇÑ »ç¿ëÀÚ, ±×·ì, ÇÁ·Î¼¼½º³ª ¼¼¼Ç¿¡ ±â¹ÝÇÏ¿© Áö¿ªÀûÀ¸·Î-¹ß»ýµÈ ÆÐŶÀ» ¸ÅÄ¡ÇÏ´Â °ÍÀ» Çã¿ëÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

Packet filtering : ÆÐŶ ÇÊÅ͸µÀº ·ÎÄà input, Æ÷¿öµù°ú ·ÎÄà output¿¡¼­, ½ÉÇà ÆÐŶ ÇÊÅ͸µÀ» À§ÇÑ ¿¬¼ÓµÈ ·êÀ» ´ã´Â "ÇÊÅÍ" Å×À̺íÀ» ±ÔÁ¤ÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

REJECT target support : REJECT Ÿ±êÀº µé¾î¿À´Â ÆÐŶ¿¡ ´ëÇØ ICMP¿¡·¯ ¸Þ½ÃÁö·Î ÀÀ´äÇÏ´Â ´ë½Å ¾Æ¹« ¼Ò¸® ¾øÀÌ ¹ö¸®´Â ÇÊÅ͸µ ±ÔÄ¢À» Çã¿ëÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

MIRROR target support (EXPERIMENTAL) : MIRROR targetÀº µé¾î¿À´Â ÆÐŶÀÌ º¸³½ ÀÌ¿¡°Ô µÇµ¹¾Æ°¡´Â ±ÔÄ¢À» Çã¿ëÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

Full NAT : Full NAT ¿É¼ÇÀº ¸Þ½ºÄ¿·¹À̵ù, Æ÷Æ® Æ÷¿öµù, ±×¸®°í ´Ù¸¥ Çü½Äµé Ç® ³×Æ®¿öÅ© ÁÖ¼Ò Æ÷Æ® ÀüȯÀ» Çã¿ëÇÕ´Ï´Ù. ÀÌ ±â´ÉÀº iptables ¾È¿¡ "nat" Å×ÀÌºí¿¡ ÀÇÇØ Á¦¾îµË´Ï´Ù. "man iptables" Àß ¸ð¸£°ÚÀ¸¸é [N].

MASQUERADE target support : ¸Þ½ºÄ¿·¹À̵ùÀº NATÀÇ Æ¯º°ÇÑ ÄÉÀ̽ºÀÔ´Ï´Ù: ¸ðµç ³ª°¡´Â ¿¬°áµéÀº ƯÁ¤ÇÑ ÀÎÅÍÆäÀ̽ºÀÇ ÁּҷκÎÅÍ ¿Â °Íó·³ º¸À̵µ·Ï ¹Ù²ò´Ï´Ù, ±×¸®°í ±× ÀÎÅÍÆäÀ̽º¸¦ ³»¸®¸é, ±×°Íµé ¿¬°áµéÀ» ÀÒ¾î¹ö¸³´Ï´Ù. ÀÌ ¿É¼ÇÀº ´ÙÀ̳ª¹Í IP ÁÖ¼Ò¸¦ »ç¿ëÇÏ´Â ´ÙÀ̾ó¾÷ °èÁ¤¿¡¸¸ À¯¿ëÇÕ´Ï´Ù. (¿©·¯ºÐÀÇ IP ÁÖ¼Ò°¡ Á¢¼ÓÇÒ ¶§¸¶´Ù ´Þ¶óÁø´Ù¸é) Àß ¸ð¸£°ÚÀ¸¸é [N].

REDIRECT target support : REDIRECT´Â NATÀÇ Æ¯º°ÇÑ ÄÉÀ̽ºÀÔ´Ï´Ù: ¸ðµç µé¾î¿À´Â ¿¬°áµéÀº µé¾î¿À´Â ÀÎÅÍÆäÀ̽ºÀÇ ÁÖ¼Ò¿¡ »ç»óµÇ¹Ç·Î, ÆÐŶµéÀº Åë°úÇؼ­ Á÷Á¢ ¿¬°áµÇ´Â ´ë½Å ·ÎÄà ¸Ó½ÅÀ¸·ÎºÎÅÍ ¿À°Ô µË´Ï´Ù. ÀÌ ¿É¼ÇÀº Åõ¸íÇÑ ÇÁ·Ï½Ã¿¡¼­ À¯¿ëÇÕ´Ï´Ù.. Àß ¸ð¸£°ÚÀ¸¸é [N].

Packet mangling : ÀÌ ¿É¼ÇÀº iptables¿¡ "mangle" Å×À̺íÀ» Ãß°¡ÇÕ´Ï´Ù: ÀÌ Å×À̺íÀº ÆÐŶÀÌ ¾î¶»°Ô ¶ó¿ìÆ®µÉÁö¿¡ ¿µÇâÀ» ÁÙ ¼ö ÀÖ´Â ´Ù¾çÇÑ ÆÐŶ º¯È¯¿¡ »ç¿ëµË´Ï´Ù. iptables(8) ¸Ç ÆäÀÌÁö¸¦ ÂüÁ¶ÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

TOS target support : ÀÌ ¿É¼ÇÀº ¶ó¿ìÆÿ¡ ¾Õ¼­ "mangle"Å×ÀÌºí ¾È¿¡ IP ÆÐŶÀÇ Type Of Service Çʵ带 ¹Ù²Ù´Â ±ÔÄ¢µéÀ» ¸¸µéµµ·Ï "TOS" Ÿ±êÀ» Ãß°¡ÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

MARK target support : ÀÌ ¿É¼ÇÀº ¶ó¿ìÆÿ¡ ¾Õ¼­ "mangle"Å×ÀÌºí ¾È¿¡ ÆÐŶ ÆÐŶ°ú °ü·ÃµÈ netfilter mark(nfmark) Çʵ带 ¹Ù²Ù´Â ±ÔÄ¢µéÀ» ¸¸µéµµ·Ï Çã¿ëÇÏ´Â "MARK" Ÿ±êÀ» Ãß°¡ÇÕ´Ï´Ù. ÀÌ ±â´ÉÀº ¶ó¿ìÆà ¸Þ½îµå¸¦ ¹Ù²Ü ¼ö ÀÖ°í ´Ù¸¥ ¼­ºê½Ã½ºÅÛ¿¡ ÀÇÇØ ±×µéÀ» behavior¸¦ ¹Ù²Ùµµ·Ï ÀÌ¿ëµÉ ¼öµµ ÀÖ½À´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

LOG target support : ÀÌ ¿É¼ÇÀº syslog¿¡ ÆÐŶ Çì´õ¸¦ ±â·ÏÇÏ´Â ±ÔÄ¢À» ¸¸µéµµ·Ï Çã¿ëÇÏ´Â "LOG"Ÿ±êÀ» Ãß°¡ÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

ipchains (2.2-style) support : ÀÌ ¿É¼ÇÀº ÀÌÁ¦ iptables·Î ¹Ù²î¾ú½À´Ï´Ù. ipchains¸¦ »ç¿ëÇÏ´ø À̵éÀº ÀÌ ¿É¼ÇÀ» È°¼ºÈ­ÇØ ¿¹ÀüÀÇ ¸í·ÉµéÀ» °è¼Ó »ç¿ëÇÒ ¼öµµ ÀÖÁö¸¸, iptables¸¦ ÀÍÈ÷´Â°Ô ÁÁÀ» °ÍÀÔ´Ï´Ù.[N]

ipfwadm (2.0-style) support : ÀÌ µµ±¸´Â 2.2 Ä¿³Î¿¡¼­ ipchains·Î ¹Ù²î¾ú°í, ´Ù½Ã 2.4 Ä¿³Î¿¡¼­ iptables·Î ¹Ù²î¾ú½À´Ï´Ù. [N]

15.2 QoS and /or fair queueing

ÆÐŶ ½ºÄÉÁì·¯¿¡ µû¶ó ÆÐŶÀ» Á¦¾îÇÏ´Â ±â´ÉÀÔ´Ï´Ù. ³×Æ®¿öÅ© ÀåÄ¡°¡ ½Ç½Ã°£ ÀåÄ¡ÀÏ ¶§ ƯÈ÷ ÀÌ ±â´ÉÀÌ Áß¿äÇÕ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N]. 

[ ] QoS and/or fair queueing

QoS and/or fair queueing : ³×Æ®¿öÅ© µð¹ÙÀ̽ºµéÀ» ÅëÇؼ­ ³»º¸³»¾ß ÇÒ ÆÐŶµéÀÌ ÀÖÀ»¶§, Ä¿³ÎÀº ¾î¶² °ÍÀ» ¸ÕÀú º¸³»¾ß ÇÒ °ÍÀÎÁö ¼±ÅÃÇØ¾ß ÇÕ´Ï´Ù. ÀÌ·± ¼±ÅÃÀº ÃÖ¼ÒÇÑÀÇ data flow rate°¡ ÇÊ¿äÇÑ ½Ç½Ã°£ µð¹ÙÀ̽ºÀÎ °æ¿ì ´õ Áß¿äÇÕ´Ï´Ù. ÀÌ°ÍÀ» °øÁ¤ÇÏ°Ô ÇÏ´Â ¸î °¡Áö ´Ù¸¥ ±× ¼ø¼­¸¦ È¿À²ÀûÀ¸·Î Á¤Çϱâ À§ÇØ ¸î °¡Áö ¾Ë°í¸®µëÀÌ Àִµ¥ ±× °ÍµéÀ» ÆÐŶ ½ºÄÉÁì·¯¶ó ºÎ¸¨´Ï´Ù. ¸¸¾à ±âº»ÀûÀÎ ÆÐŶ ½ºÄÉÁì·¯(FIFO: first come, first served) ¸¦ ±×³É »ç¿ëÇÑ´Ù¸é [N]À» ´äÇÕ´Ï´Ù. º¸´Ù È¿À²ÀûÀ̶ó »ý°¢ÇÏ´Â ´Ù¸¥ ¾Ë°í¸®µëÀ¸·Î ¹Ù²ãº¸°í½Í´Ù¸é [Y]¸¦ ¼±ÅÃÇØ ÀÌ ¿É¼ÇÀ» È°¼ºÈ­ÇÕ´Ï´Ù. ³×Æ®¿öÅ© µð¹ÙÀ̽ºµé¸¶´Ù ¼­·Î ´Ù¸¥ ½ºÄÉÁÙ¸µ ¾Ë°í¸®ÁòÀ» ÇÒ´ç ÇÒ ¼öµµ ÀÖ½À´Ï´Ù. ´Ù¸¸, ÀÌ·± °Íµé¿¡ ´ëÇØ Àß ¾Ë°í ÀÖ´Â Àü¹®°¡µé¿¡°Ô¸¸ ÃßõµÇ´Â ±â´ÉÀÔ´Ï´Ù. ¾Æ¹«Æ° ÀÌ ¿É¼ÇµéÀ» È°¿ëÇÏ·Á ÇÑ´Ù¸é À¯Àú-·¹ºí À¯Æ¿¸®Æ¼µéÀÌ µé¾î ÀÖ´Â ftp://ftp.inr.ac.ru/ip-routing/ ¿¡¼­ iproute2+tc ÆÐÅ°Áö¸¦ °¡Á®¿Í¾ß ÇÕ´Ï´Ù. "/proc filesystem"ÀÌ È°¼ºÈ­µÇ¾î ÀÖ´Ù¸é /proc/net/psched ÆÄÀÏ¿¡¼­ ¿ì¼±¼øÀ§ ½ºÄÉÁÙ·¯¿¡ ´ëÇÑ »óÅ Á¤º¸¸¦ ¾òÀ» ¼ö ÀÖÀ» °ÍÀÔ´Ï´Ù. Àß ¸ð¸£°ÚÀ¸¸é [N].

BQ packet scheduler : Class-Based Queueing(CBQ) ÆÐŶ ½ºÄÉÁ층 ¾Ë°í¸®ÁòÀ» Áö¿øÇÕ´Ï´Ù. ÀÌ ¾Ë°í¸®ÁòÀº Àü¼ÛµÇ±â¸¦ ±â´Ù¸®´Â ÆÐŶÀ» Æ®¸®(tree)ÇüÅÂÀÇ °èÃþÀû ±¸Á¶·Î ºÐ·ùÇÕ´Ï´Ù.(net/sched/sch_cbq.c ÆÄÀÏÀÇ ½ÃÀۺκÐ) ÀÌ Æ®¸®ÀÇ ¸®ÇÁ(leaf) ³ëµåµéÀº ´Ù¸¥ ¾Ë°í¸®Áò¿¡ ÀÇÇØ ½ºÄÉÁ층µË´Ï´Ù. ÀÌ ¸®ÇÁ ³ëµå¿¡ Àû¿ëµÉ ½ºÄÉÁ층 ¾Ë°í¸®ÁòÀº ¾Æ·¡ÀÇ ¿©·¯°¡Áö Å¥À× ¾Ë°í¸®Áò Áß¿¡¼­ ¼±ÅÃÇÒ ¼ö ÀÖ½À´Ï´Ù.

CSZ packet scheduler : Clark-Shenker-Zhang(CSZ) ÆÐŶ ½ºÄÉÁ층 ¾Ë°í¸®ÁòÀ» Áö¿øÇÕ´Ï´Ù. ½Ç½Ã°£(real-time) ÀÀ¿ë ÇÁ·Î±×·¥¿¡ ´ëÇÑ ¼­ºñ½º¸¦ º¸ÀåÇØÁÙ ¼ö ÀÖ´Â ¾Ë°í¸®ÁòÀÔ´Ï´Ù(net/sched/sch_csz.cÀÇ ½ÃÀۺκÐ) ÁÖÀÇ: ÀÌ ½ºÄÉÁì·¯´Â ÇöÀç ¿Ïº®ÇÏÁö ¾Ê½À´Ï´Ù.

The simplest PRIO pseudo scheduler :

RED queue : net/sched/sch_red.cÀÇ ½ÃÀۺκРÂü°í.

SFQ queue : net/sched/sch_sfq.cÀÇ ½ÃÀۺκРÂü°í.

TEQL queue : net/sched/sch_sfq.cÀÇ ½ÃÀۺκРÂü°í.

TBF queue : net/sched/sch_tbf.cÀÇ ½ÃÀۺκРÂü°í

QoS support : QoS ½ºÄÉÁ층 ±â´ÉÀ» Áö¿øÇÕ´Ï´Ù. [N]À» ´äÇϸé QoS¿¡ ´ëÇؼ­ ´õÀÌ»ó ¹¯Áö ¾Ê½À´Ï´Ù.

Rate estimator : Quality of Service ½ºÄÉÁ층À» »ç¿ëÇϱâ À§ÇØ ³×Æ®¿öÅ© ÀåÄ¡¿¡ ´ëÇÑ ÇöÀç µ¥ÀÌŸ Àü¼Û¼ÓµµÀÇ ¿¹ÃøÇÏ´Â ±â´ÉÀ» Áö¿øÇÕ´Ï´Ù.

Packet classifier API : CBQ ½ºÄÉÁ층 ¾Ë°í¸®ÁòÀº ³×Æ®¿÷ ÀåÄ¡¸¦ ÅëÇØ Àü¼ÛµÇµµ·Ï ½ºÄÉÁìµÈ ³×Æ®¿÷ ÆÐŶÀÌ ¾î¶² ¹æ½ÄÀ¸·Î ºÐ·ùµÉ °ÍÀÎÁö ¹°¾îº»´Ù. ÀÌ ¿É¼ÇÀ» È°¼ºÈ­ÇÏ¸é ´Ù¾çÇÑ Á¾·ùÀÇ ÆÐŶ ºÐ·ùÀÚ¸¦ ¼±ÅÃÇÒ ¼ö ÀÖ½À´Ï´Ù.

15.3 »ç¶óÁø °Íµé..

IP: optimize aS router not hoSt : ³×Æ®¿öÅ© ÆÐŶµéÀ» Æ÷¿öµå ½ÃÅ°°Å³ª, ÀçºÐ¹èÇÏ´Â µî ¸®´ª½º¹Ú½º¸¦ ¶ó¿ìÅÍ·Î µ¿ÀÛÇϵµ·Ï ¼³Á¤ÇÏ´Â ±â´ÉÀÔ´Ï´Ù. IP forwarding°ú ÇÔ²² ¸Å½ºÄ¿·¹À̵ù¿¡ ÇÊ¿äÇÕ´Ï´Ù. ¾î¶² ¸®´ª½º ³×Æ®¿öÅ© µå¶óÀ̹öµéÀº copy and checksumÀ̶ó°í ºÒ¸®´Â ±â¼úÀ» »ç¿ëÇؼ­ È£½ºÆ® ¼º´ÉÀ» ÃÖÀûÈ­ ½Ãŵ´Ï´Ù. ´ëºÎºÐÀÇ ½Ã°£À» ¶ó¿ìÅÍ·Î ÀÛµ¿Çϸç ÆÐŶµéÀ» ´Ù¸¥ È£½ºÆ®·Î Àü´ÞÇÏ´Â Àϸ¸ ÇÏ´Â ½Ã½ºÅÛ¿¡¼­ ÀÌ·¯ÇÑ ÀÛ¾÷(copy and checksum)Àº ¼ÕÇØÀÔ´Ï´Ù. [Y]¸¦ ¼±ÅÃÇÑ´Ù¸é copy and checksum ±â´ÉÀº ÀÛµ¿ÇÏÁö ¾Ê°í, ¶ó¿ìÅÍÀÇ ÀÛµ¿¿¡ ´ëÇؼ­ ÃÖÀûÈ­ µÇµµ·Ï ¿©·¯ °¡Áö¸¦ º¯°æÇÕ´Ï´Ù. IP forwardingÀ» ÇÔ²² ¼±ÅÃÇؾ߸¸ ¸®´ª½º ¹Ú½º¸¦ ¶ó¿ìÅÍó·³ µ¿ÀÛÇÏ°Ô ÇÒ ¼ö ÀÖ½À´Ï´Ù; "/proc filesystem support" ¿É¼Ç°ú "Sysctl support" ¿É¼Ç¿¡¼­µµ [Y]¸¦ ¼±ÅÃÇÕ´Ï´Ù. ½Ã½ºÅÛÀÌ ºÎÆ®µÉ ¶§, ¸ÕÀú /proc ÆÄÀÏ ½Ã½ºÅÛ ¸¶¿îÆ® µÇ°í, ´ÙÀ½ ¸í·ÉÀ» ½ÇÇàÇϸé IP forwardingÀÌ °¡´ÉÇØÁý´Ï´Ù. echo "1" > /proc/sys/net/ipv4/ip_forward IP forwardingÀ» »ç¿ëÇÑ´Ù¸é rp_filter ±â´Éµµ ÇÔ²² ¾µ ¼ö ÀÖ½À´Ï´Ù. rp_filter´Â ÆÐŶÀÌ µµÂøÇßÀ» ¶§, ±× ÆÐŶÀÌ µµÂøÇÑ ÀÎÅÍÆäÀ̽º¿Í ¶ó¿ìÆà Å×À̺íÀÇ ¿£Æ®¸®¿¡¼­ ¹ß°ßÇÑ Ãâ¹ßÁö ¾îµå·¹½º°¡ ÀÏÄ¡ÇÏÁö ¾ÊÀ¸¸é, ÆÐŶ ¼ö½ÅÀ» ÀÚµ¿À¸·Î °ÅÀýÇÕ´Ï´Ù. IP spoofing µî ºÒ¸®´Â °ø°ÝÀ» ¹«·ÂÈ­ ½Ãų ¼ö ÀÖ½À´Ï´Ù. ±×·¯³ª, ºñ´ëĪ ¶ó¿ìÆÃ(½Ã½ºÅÛÀ¸·Î µé¾î¿À´Â ÆÐŶ°ú ³ª°¡´Â ÆÐŶµéÀÌ ¼­·Î ´Ù¸¥ °æ·Î¸¦ °ÅÄ¡´Â °Í)À» »ç¿ëÇϰųª, ¿©·¯ °³ÀÇ ÀÎÅÍÆäÀ̽ºµé¿¡ ´ëÇؼ­ ¿©·¯ °³ÀÇ IP ¾îµå·¹½ºµéÀ» °¡Áö´Â ºñ¶ó¿ìÆà ȣ½ºÆ®¸¦ ¿î¿µÇÏ°í ÀÖ´Ù¸é, ´ÙÀ½ ¸í·ÉÀ¸·Î rp_filter±â´ÉÀ» ÀÛµ¿ÇÏÁö ¾Êµµ·Ï ¼³Á¤ÇÕ´Ï´Ù. echo 0 > /proc/sys/net/ipv4/conf//rp_filter ¶Ç´Â echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter ´ëºÎºÐÀÇ À¯Àú´Â [N]À» ¼±ÅÃÇÕ´Ï´Ù.

IP: aLiaSing Support : ÇϳªÀÇ ¹°¸®Àû ³×Æ®¿öÅ© ÀÎÅÍÆäÀ̽º¿¡ IP ÁÖ¼Ò¸¦ ¿©·¯ °³ ÁÙ ¼ö ÀÖ½À´Ï´Ù. ¸ÖƼ È£½ºÆÃ, °¡»ó µµ¸ÞÀÎ, ¶Ç´Â °¡»ó È£½ºÆÃ(mirtuaL hoSti ng)À̶ó ºÎ¸£´Â ¼­ºñ½º¸¦ Á¦°øÇÏ·Á¸é ÇÊ¿äÇѱâ´ÉÀÔ´Ï´Ù. °¡»ó È£½ºÆÃÀº ¸®´ª ½º ¹Ú½º Çϳª·Î ´Ù¾çÇÑ ¼­ºñ½º¸¦ Á¦°øÇÒ ¼ö ÀÖ¾î À¥À̳ª ftp ¼­¹ö·Î »ç¿ëÇÏ´Â ½Ã ½ºÅÛÀ» ÃÖ´ëÇÑ È°¿ëÇÒ ¼ö ÀÖ´Ù´Â ÀåÁ¡µµ ÀÖ½À´Ï´Ù. ¶Ç, µÎ °³ÀÇ ³í¸®Àû ³×Æ®¿öÅ©¸¦ ÇϳªÀÇ ÀÌ´õ³ÝÄ«µå¸¦ ÅëÇØ ¿¢¼¼½ºÇÏ·Á°í ÇÑ´Ù¸é [Y]¸¦ ¼±ÅÃÇÕ´Ï´Ù. alias addressÀÇ ¼³Á¤Àº Doumentation/networking/alias.txt¿Í IP-Alias mini-HOWTO, http://www.thesphere.com/ dlp/TwoServers/, ftp://metalab.unc.edu/pub/Linux/docs/HOWTO/Virtual-Services-HOWTOÀ» Âü°íÇÕ´Ï´Ù.

IP: accounting : ¸®´ª½º ¹Ú½º¸¦ ¶ó¿ìÅͳª ¹æÈ­º®À¸·Î »ç¿ëÇÒ ¶§ ¼³Á¤ÇÕ´Ï´Ù.

IP: ReverSe ARP, IP: ALLow Large windowS (not recommended if <16 Mb of memory) : ¼Õ´ëÁö ¾Ê´Â °ÍÀÌ ¾ÈÀüÇÏ´Ù°í °æ°íÇÏ°í ÀÖ½À´Ï´Ù. RARP( Reverse Address Resolution Protcol)´Â ¸ðµç H/W Ethernet card°¡ °¢ÀÚ °¡Áö°í ÀÖ´Â °íÀ¯ÇÑ ¹øÈ£, Çϵå¿þ¾î ¾îµå·¹½º(6byte)¸¦ °¡Áö°í IP ÁÖ¼Ò¸¦ ¾Ë¾Æ ³¾ ¼ö ÀÖ´Â ÇÁ·ÎÅäÄÝÀÔ´Ï´Ù. µð½ºÅ©°¡ ¾ø´Â ¸Ó½Å¿¡¼­ ºÎÆÃÇÒ ¶§ IP ÁÖ¼Ò¸¦ ¾Ë¾Æ³»±â À§Çؼ­ ÁÖ·Î »ç¿ëµÇ¸ç Diskless Sun 3 ¸Ó½ÅÀ̳ª Linux Box¿¡¼­ »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù. À©µµ¿ì´Â TCP ¼¼±×¸ÕÆ® Æ÷¸ËÀÇ ÇÊµå °¡¿îµ¥ Çϳª·Î, À©µµ¿ì¸¦ ´ã°í Àְųª, ¿ø°Ý ½Ã½ºÅÛÀÌ ¼ö½ÅÇÒ ¼ö ÀÖ´Â ¹ÙÀÌÆ® Å©±â¸¦ ´ã°í ÀÖ½À´Ï´Ù.

CPU iS too SLow to handLe fuLL bandwidth : CPU°¡ ³×Æ®¿öÅ©Àü´ë¿ªÆø (full-bandwidth)À» ´Ù·ç±â¿¡ ÃæºÐÈ÷ ºü¸£Áö ¾Ê´Ù°í »ý°¢µÇ¸é ¼³Á¤ÇÕ´Ï´Ù.

IP: aLwayS defragment (required for maSquerading) : µ¥ÀÌÅͱ׷¥ÀÌ ¼­·Î ´Ù¸¥ ³×Æ®¿öÅ©¸¦ ÅëÇØ Àü´ÞµÉ ¶§(¿¹¸¦ µé¾î °ÔÀÌÆ®¿þÀÌ°¡ ÀÌ´õ³Ý°ú X.25ó·³) MTU(maximum transmission unit)°¡ ¼­·Î ´Ù¸¦ ¼ö ÀÖ½À´Ï´Ù. ÀÌ·² ¶§ »ó´ëÀûÀ¸·Î ÆÐŶ Å©±â°¡ ÀÛÀº ³×Æ®¿öÅ©·Î Àü´ÞµÇ±â À§Çؼ­´Â »õ·Î¿î Å©±â·Î À߶óÁ®¾ßÇÕ´Ï´Ù. ÀÌ·¸°Ô À߶óÁø Á¶°¢µéÀº ¿ø·¡ÀÇ Å©±â·Î ´Ù½Ã Á¶ÇÕÇÒ ¼ö ÀÖ´Â Á¤º¸¸¦ °¡Áö°Ô µË´Ï´Ù. ÀÌ ±â´ÉÀ» ¼³Á¤ÇÏ¸é µé¾î¿À´Â ¸ðµç ÆÐŶ Á¶°¢À» Ç×»ó ´Ù½Ã Á¶ÇÕÇÕ´Ï´Ù. ƯÈ÷ IP: maSquerading, IP:tranSparent proxy, IP: firewalling ±â´ÉÀ» »ç¿ëÇÏ·Á¸é ¹Ýµå½Ã ÇÊ¿äÇÕ´Ï´Ù. ÀϹÝÀûÀÎ ¶ó¿ìÅͳª iÈ£½ºÆ®¿¡¼­´Â Àý´ë [Y]¸¦ ¼±ÅÃÇÏ¸é ¾ÈµË´Ï´Ù. ÀϹÝÀûÀ¸·Î °ÔÀÌÆ®¿þÀÌ¿Í ¶ó¿ìÅÍ°¡ °°Àº Àǹ̷Π¾²ÀÌÁö¸¸ °ÔÀÌÆ®¿þÀÌ´Â ´Ù¸¥ ÇÁ·ÎÅäÄÝ »çÀÌ¿¡¼­ µ¥ÀÌÅ͸¦ Áß°èÇÏ°í ¶ó¿ìÅÍ´Â ´Ù¸¥ ³×Æ®¿öÅ© »çÀÌ¿¡¼­ µ¥ÀÌÅ͸¦ ¿Å°ÜÁÖ´Â °ÍÀÔ´Ï´Ù.

IP: tranSparent proxy Support : ¸®´ª½º ¹æÈ­º®À» ¿ø°ÝÁö È£½ºÆ®Ã³·³ µ¿ÀÛÇϵµ·Ï °¡ÀåÇÏ´Â ±â´ÉÀÔ´Ï´Ù. Åõ¸íÇÏ´Ù´Â °ÍÀº ¹Ù±ùÂÊ¿¡¼­´Â ¹æÈ­º®À» º¼ ¼ö ¾ø°í ¸¶Ä¡ È£½ºÆ®¿Í Á÷Á¢ ¿¬°áµÈ °Íó·³ º¸Àδٴ °ÍÀ» ¶æÇÕ´Ï´Ù.

IP: maSquerading : ¸Å½ºÄ¿·¹À̵ùÀº IP(reaL IP)¸¦ °¡Áø ÇϳªÀÇ È£½ºÆ®¿¡ ÀÌ´õ³ÝÀ̳ª ¸ðµ©À¸·Î ¿¬°áµÈ ´Ù¸¥ ÄÄÇ»Å͵éÀÌ °ø½ÄÀûÀ¸·Î ÇÒ´çµÈ IP°¡ ¾ø´õ¶óµµ ÀÎÅͳݿ¡ ¿¬°áµÇµµ·Ï ÇÏ´Â ±â´ÉÀÔ´Ï´Ù. °¡»ó È£½ºÆ® ¼­ºñ½º¸¦ À§ÇØ ¹Ýµå½Ã ÇÊ¿äÇÕ´Ï´Ù. ¸Å½ºÄ¿·¹À̵ùÀº ¸Å¿ì È¿°úÀûÀÎ ³×Æ®¿öÅ© º¸¾È¹æ¹ýÀ̱⵵ ÇÕ´Ï´Ù. ¸®´ª½º ¹Ú½º°¡ ¹æÈ­º®ÀÎ Áö¿ª³×Æ®¿÷ÀÇ ÇÑ ÄÄÇ»ÅÍ°¡ ¹Ù±ùÀ¸·Î ¹«¾ð°¡¸¦ º¸³»°íÀÚ ÇÒ ¶§ ¸®´ª½º ¹Ú½º´Â ¸¶Ä¡ ÇØ´ç ÄÄÇ»ÅÍÀÎ °Íó·³ "°¡Àå masquerade"ÇÒ ¼ö ÀÖ½À´Ï´Ù. Áï ¸®´ª½º´Â ¹Ù±ùÀÇ Á¤ÇÑ ¸ñÀûÁö·Î Æ®·¡ÇÈÀ» ³»º¸³¾ ¶§, ±×°ÍÀÌ ¹æÈ­º® ÀÚ½ÅÀ¸·Î·ÎºÎÅÍ Ãâ¹ßÇÑ °Íó·³ ¸¸µì´Ï´Ù. ÀÌ°ÍÀº ¾ç ÂÊÀ¸·Î ÀÛ¿ëÇϴµ¥ ¹Ù±ùÀÇ È£½ºÆ®°¡ ÀÀ´äÇϸé, ¸®´ª½º ¹æÈ­º®Àº ±× Æ®·¡ÇÈÀ» °¡¸¸È÷ Áö¿ª³ÝÀÇ ÇÕ´çÇÑ ÄÄÇ»ÅÍ·Î º¸³»ÁÝ´Ï´Ù. ÀÌ °æ¿ì Áö¿ª³ÝÀÇ ÄÄÇ»ÅÍ´Â ¹Ù±ù¿¡ ´Ù´Ù¸¦ ¼ö ÀÖ°í ÀÀ´äÀ» ¹ÞÀ» ¼öµµ ÀÖÁö¸¸, ¹Ù±ù ¼¼°è¿¡¼­´Â ¿Ïº®ÇÏ°Ô º¸ÀÌÁö ¾Ê°Ô µË´Ï´Ù. PPP¸¦ ºñ·ÔÇØ ADSL, ISDN µî¿¡µµ »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù. "/proc filesystem support" ¿Í "Sysctl suppot"¿É¼Ç¿¡ [Y]¸¦ ¼±ÅÃÇÏ°í, ºÎÆÃÇÒ ¶§ /proc ÆÄÀÏ ½Ã½ºÅÛÀÌ ¸¶¿îÆ® µÇ°í ³ª¸é ´ÙÀ½ ¸í·ÉÀ» ½ÇÇàÇÕ´Ï´Ù. echo "1" > /proc/sys/net/ipv4/ip_forward

IP: ICMP maSquerading : ¸Å½ºÄ¿·¹À̵ù¿¡ ping µî ICMP ÆÐŶÀ» Áö¿øÇÕ´Ï´Ù. ICMP(Internet Control Message Protocol)Àº ¼Û½ÅÀÚ¿¡°Ô ¼ö½ÅµÈ µ¥ÀÌÅͱ׷¥ÀÇ ¹®Á¦Á¡À» ¾Ë·ÁÁÖ±â À§ÇØ È£½ºÆ®¿Í °ÔÀÌÆ®¿þÀÌ°¡ »ç¿ëÇÏ´Â IPÀÇ È®ÀåµÈ ¸ÞÄ¿´ÏÁòÀÔ´Ï´Ù. IP´Â ½Å·Ú¼ºÀÌ ¾øÁö¸¸ ICMP´Â ºñÁ¤»óÀûÀÎ »óȲÀ̳ª ³×Æ®¿öÅ© ¶§¹®¿¡ µ¥ÀÌÅÍ ±×·¥ÀÇ °æ·Î¸¦ ÁöÁ¤Çϰųª Àü¼ÛÇÒ ¼ö ¾øÀ¸¸é ¿ø·¡ ¹ß½ÅÁö¿¡ »óȲÀ» ¾Ë¸³´Ï´Ù. È帧À» Á¦¾îÇÏ°í, ¸ñÀûÁö¸¦ È®ÀÎÇϸç, ¶ó¿ìÆÃÀ» º¯°æÇÏ°í, ¿ø°Ý È£½ºÆ®¸¦ Á¡°ËÇÕ´Ï´Ù. ÀÌ ±â´ÉÀ» »ç¿ëÇÏ´Â ´ëÇ¥ÀûÀÎ ¸í·ÉÀ¸·Î ping(packet internet gopher)ÀÌ ÀÖ½À´Ï´Ù. ¸Å½ºÄ¿·¹À̵ùÀ» »ç¿ëÇÏ´Â ³×Æ®¿öÅ©¿¡¼­ ICMP¸¦ »ç¿ëÇÏ·Á¸é ÀÌ ±â´É¿¡ [Y]¸¦ ´äÇÕ´Ï´Ù.

IP: maSquerading SpeciaL moduLeS Support: ¾Æ·¡¿¡ ³ª¿À´Â Æ÷Æ® Æ÷¿öµù µî ±â´ÉÀ» Áö¿øÇÕ´Ï´Ù.

IP: ipautofw maSq Support (EXPERIMENTAL) : (¾ÆÁ÷)ÀÚ½ÅÀÇ ÇÁ·ÎÅäÄÝ helper°¡ ¾ø´Â ÇÁ·ÎÅäÄÝÀÇ ¸Å½ºÄ¿·¹À̵ùÀ» Çã¶ôÇÕ´Ï´Ù. ¾ÆÁ÷ °³¹ßÁßÀ̸ç ipmasqadm µµ±¸°¡ ÇÊ¿äÇÕ´Ï´Ù.

IP: ipportfw maSq Support (EXPERIMENTAL) : Æ÷Æ® Æ÷¿öµùÀº Á¦°øÇÑ Æ÷Æ®¸¦ ÅëÇؼ­ ÆÐŶÀÌ ¹æÈ­º® ¾ÈÂÊÀ¸·Î Àü¼ÛµÇµµ·Ï ÇÕ´Ï´Ù. À¥¼­¹ö´Â ¸Å½ºÄ¿·¹À̵ù È£½ºÆ®¸¦ ÅëÇØ ÀÎÅͳݿ¡ Á¢¼ÓµÇ¸ç ¿ÜºÎÀÇ Å¬¶óÀ̾ðÆ®¿¡°Ô´Â ¹æÈ­º® ÀÚü°¡ À¥ ¼­ºñ½º¸¦ Á¦°øÇÏ´Â °Íó·³ º¸ÀÔ´Ï´Ù. ÀÌ ±â´ÉÀº ¾ÆÁ÷ °³¹ßÁßÀ̸ç ipmasqadm µµ±¸°¡ ÇÊ¿äÇÕ´Ï´Ù.

IP: ipmarkfw maSquerade Support (EXPERIMENTAL) : Æ÷Æ® Æ÷¿öµù°ú À¯»çÇÑ ±â´ÉÀ» Á¦°øÇÕ´Ï´Ù. ´Ù¸¥ Á¡Àº ÆÐŶ¿¡ "firewaLLing mark"¸¦ »ç¿ë´Ù´Â °ÍÀÔ´Ï´Ù.

IP: masquerading virtual server support (EXPERIMENTAL) :

(12) IP masq - VS table size (the Nth power of 2)

IP: forwording/gatewaying : ÆÐŶÀ» Áß°èÇÏ´Â ±â´ÉÀÔ´Ï´Ù. ¸Å½ºÄ¿·¹À̵ùÀ» À§Çؼ­´Â ¹Ýµå½Ã ÄÕ´Ï´Ù. ÀÌ °æ¿ì ¸Å½ºÄ¿·¹À̵ù ¼­ºñ½º¸¦ Á¦°øÇÏ´Â ¸®´ª½º ¹Ú½º°¡ µðÆúÆ® °ÔÀÌÆ®¿þÀÌ°¡ µË´Ï´Ù.

´ÙÀ½ ÀÌÀü Â÷·Ê