Greek - Masquerading Made Simple HOWTO
John Tapsell
<tapselj0@cs.man.ac.uk>
Thomas Spellman
<thomas@resonance.org>
Matthias Grimm
<DeadBull@gmx.net>
ÌåôÜöñáóç óôá åëëçíéêÜ áðü: Sotiris Ganouris
<topgan1@clug.gr>
Éóôïñéêü ÁíáèåùñÞóåùí
Áíáèåþñçóç 0.08 2002-07-11 ÅðéìÝëåéá áðüjpt
Áíáèåþñçóç 0.07 2002-02-27 ÅðéìÝëåéá áðüjpt
Áíáèåþñçóç 0.06 2001-09-08 ÅðéìÝëåéá áðüjpt
Áíáèåþñçóç 0.05 2001-09-07 ÅðéìÝëåéá áðüjpt
Áíáèåþñçóç 0.04 2001-09-01 ÅðéìÝëåéá áðüjpt
Áíáèåþñçóç 0.03 2001-07-06 ÅðéìÝëåéá áðüjpt
¼ëïé ïé óõããñáöåßò åßíáé äéáèÝóéìïé óôï êáíÜëé #debian óôïí
irc.opensource.net
Ï John Tapsell (JohnFlux) åßíáé ï åðßóçìïò óõíôçñçôÞò ôïõ
how-to.
Óôåßëôå ìïõ Email (John Tapsell) ãéá ïðïéáäÞðïôå áðïñßá,
âñéóéÜ, ó÷üëéá, ñáíôåâïý êôë.
Ç êëïðÞ Ýãéíå ìå íôñïðÞ áðï ôç äïõëåéÜ ôïõ David Ranch -
<dranch@trinnet.net>.
Áõôü ÄÅÍ åßíáé áíôéêáôÜóôáóç ãéá ôïõ IP-Masquerading HOWTO
åßíáé Ýíá óõìðëÞñùìá óå áõôü, êáé ôá äýï ôïõò èá ðñÝðåé íá
äéáâáóôïýí ìáæß. Äåí ãñÜöù ðñÜãìáôá åäþ ðïõ äåí êáëýðôïíôáé
áðï ôï Üëëï HOWTO, ïýôå êáé åîçãþ ôé óçìáßíïõí üëá áõôÜ, Þ
ãéáôß ãßíïíôáé üëá áõôÜ. Äåßôå åäþ http://ipmasq.cjb.net êáé
ôï ðñþôï Masq-HOWTO ïðïõ åßíáé áñêåôÜ êáëýôåñá guides ïðïõ èá
óáò âïçèÞóïõí ðåñéóóüôåñï.
Ôï êåßìåíï áõôü ðåñéãñÜöåé ôï ðùò íá åíåñãïðïéÞóåôå ôï IP
Masquerade feature óå Ýíá óõãêåêñéìÝíï Linux host. Ôï IP Masq
åßíáé ìßá ìïñöÞ ôïõ Network Address Translation Þ åí óõíôïìßá
NAT ïðïõ åðéôñÝðåé åóùôåñéêÜ óõíäåäåìÝíïõò õðïëïãéóôÝò óå
äßêôõï ðïõ äåí Ý÷ïõí ìßá Þ ðåñéóóüôåñåò êáôá÷ùñçìÝíåò Internet
IP äéåõèýíóåéò íá áðïêôÞóïõí ôçí äõíáôüôçôá íá óõíäåèïýí óôï
Internet ìÝóù ìßáò Internet IP (óýíäåóçò) åíüò Linux Box.
Ïëï ôï êåßìåíï âñßóêåôáé êÜôù áðï ôçí Üäåéá GNU Free
Documentation License.
http://www.gnu.org/copyleft/fdl.html
_________________________________________________________
Ðßíáêáò Ðåñéå÷ïìÝíùí
1. ÅéóáãùãÞ
2. Ðåñßëçøç: (Ìïõ áñÝóåé íá êÜíù ôéò ðåñéëÞøåéò ðñþôá)
3. Ëßãï âáèýôåñç Ýêäïóç
4. Post-install Ïäçãßåò
5. FAQ's - Frequently Asked Compla Questions, Óõ÷íÜ ÐáñÜð
ÅñùôÞóåéò
1. ÅéóáãùãÞ
Ôá ðáñáêÜôù åßíáé åðßôçäåò ìéêñÜ áëëÜ ìÝóá óôï íüçìá.
ÅÜí Ý÷åôå Ýíá äßêôõï ðïõ èÝëåôå íá ôï åíóùìáôþóåôå ìå ôï
Internet:
[network.png]
_________________________________________________________
2. Ðåñßëçøç: (Ìïõ áñÝóåé íá êÜíù ôéò ðåñéëÞøåéò ðñþôá)
ÕðïèÝôùíôáò ïôé ç êÜñôá äéêôýïõ ðïõ äßíåé åîùôåñéêü äßêôõï
(ÉÍÔÅÑÍÅÔ) åßíáé ç eth0, êáé ç åîùôåñéêÞ ìáò IP åßíáé ç
123.12.23.43 êáé ç åóùôåñéêÞ êÜñôá äéêôýïõ (åóùôåñéêü äßêôõï)
åßíáé ç eth1, ôüôå Ý÷ïõìå:
$> modprobe ipt_MASQUERADE # ÅÜí áõôü áðïôý÷åé óõíå÷ßóôå Ýôóé êáé áëëéþ
ò
$> iptables -F; iptables -t nat -F; iptables -t mangle -F
$> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 123.12.23.43
$> echo 1 > /proc/sys/net/ipv4/ip_forward
Ç ãéá ìßá óýíäåóç dial-up:
$> modprobe ipt_MASQUERADE # ÅÜí áõôü áðïôý÷åé óõíå÷ßóôå Ýôóé êáé áëëéþ
ò
$> iptables -F; iptables -t nat -F; iptables -t mangle -F
$> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
$> echo 1 > /proc/sys/net/ipv4/ip_forward
ÌåôÜ ãéá íá ôçí ðñïöõëÜîïõìå:
$> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$> iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
$> iptables -P INPUT DROP # ìüíï åÜí ôá äýï ðñþôá åßíáé åðéôõ÷çìÝíá
$> iptables -A FORWARD -i eth0 -o eth0 -j REJECT
¹ ãéá ìßá óýíäåóç dial-up (ìå ôçí eth0 óáí åóùôåñéêÞ êÜñôá
äéêôýïõ):
$> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$> iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
$> iptables -P INPUT DROP #only if the first two are succesful
$> iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT
Êáé áõôü Þôáí! Ãéá íá äåßôå ôïõò êáíüíåò ôùí iptables ãñÜøôå
"iptables -t nat -L"
_________________________________________________________
3. Ëßãï âáèýôåñç Ýêäïóç
ÊÜíùíôáò compile ôïí ðõñÞíá: (×ñçóéìïðïéÞóôå Ýíáí 2.4.x ðõñÞíá
Þ ìåãáëýôåñï)
×ñåéÜæåóôå ôéò ðáñáêÜôù ñõèìßóåéò óôïí ðõñÞíá:
* ÊÜôù áðï ôï Networking Options
+ Network packet filtering (CONFIG_NETFILTER)
* ÊÜôù áðï ôï Networking Options->Netfilter Configuration
+ Connection tracking (CONFIG_IP_NF_CONNTRACK)
+ FTP Protocol support (CONFIG_IP_NF_FTP)
+ IP tables support (CONFIG_IP_NF_IPTABLES)
+ Connection state match support
(CONFIG_IP_NF_MATCH_STATE)
+ Packet filtering (CONFIG_IP_NF_FILTER)
o REJECT target support
(CONFIG_IP_NF_TARGET_REJECT)
+ Full NAT (CONFIG_IP_NF_NAT)
o MASQUERADE target support
(CONFIG_IP_NF_TARGET_MASQUERADE)
o REDIRECT target support
(CONFIG_IP_NF_TARGET_REDIRECT)
+ Packet mangling (CONFIG_IP_NF_MANGLE)
+ LOG target support (CONFIG_IP_NF_TARGET_LOG)
Ðñþôá, åÜí ôá iptables êáé ôï masq module äåí Ý÷ïõí ãßíåé
compile óôïí ðõñÞíá êáé äåí åßíáé åãêáôåóôçìÝíá, áëëÜ õðÜñ÷ïõí
óáí modules, ÷ñåéáæüìáóôå íá ôá åãêáôáóôÞóïõìå. Åáí êÜíåôå Ýíá
insmod ipt_MASQUERADE èá öïñôþóåé ôá ip_tables, ip_conntrack
êáé ôï iptable_nat.
$> modprobe ipt_MASQERADE
ÁíåîáñôÞôùò Üí ôï Intranet (åóùôåñéêü äßêôõï) óáò åßíáé
ìåãÜëï, Þ áðëþò èÝëåôå äýï ôñåéò õðïëïãéóôÝò íá óõíäåèïýí ìå
ôï Internet äåí õðÜñ÷åé ìåãÜëç äéáöïñÜ.
ÕðïèÝôùíôáò ïôé äåí õðÜñ÷ïõí Üëëïé êáíüíåò óôá iptables, êÜíôå
Ýíá:
$> iptables -F; iptables -t nat -F; iptables -t mangle -F
ÅÜí ðáßñíåôå Ýíá ëÜèïò ïðïõ ëÝåé ïôé äåí âñßóêåé ôá iptables,
ðçãáßíôå êáôåâÜóôå ôá êáé åãêáôáóôÞóôå ôá. ÅÜí óáò ðåé ïôé äåí
õðÜñ÷åé ï ðßíáêáò 'nat', êÜíôå recompile ôïí ðõñÞíá ìå nat
support. Åáí óáò ðåé ïôé äåí õðÜñ÷åé ðßíáêáò 'mangle', ìçí
óôåíá÷ùñéÝóôå, äåí ÷ñåéÜæåôå ãéá ôï ìáóêÜñéóìá. ÅÜí óáò ðåé
ïôé ôá iptables åßíáé áóýìâáôá ìå ôïí ðõñÞíá óáò, ðçãáßíôå
êáôåâÜóôå Ýíáí ðõñÞíá 2.4.x Þ ìåãáëýôåñï êáé êÜíôå ôïõ compile
ìå iptables support.
Áí Ý÷åôå ÓÔÁÈÅÑÇ (static) ip êÜíôå (ð.÷. Óå êÜñôá äéêôýïõ ðïõ
äåí ÷ñçóéìïðïéåß DHCP):
$> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 123.12.23.43
Ç ãéá äõíáìéêÞ (dynamic) (ð.÷. ¸íá modem ðïõ ÷ñåéÜæåôå íá
êáëÝóåôå Ýíáí áñéèìï ðñþôá (dialup):
$> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
ÔåëéêÜ ðñÝåðé íá ðåéôå óôïí ðõñÞíá ðùò íáé, èÝëåôå íá
îåêéíÞóåé ôï forwarding (ç ðñïþèçóç) ôùí ðáêÝôùí: (Áõôü
÷ñåéÜæåôå íá ãßíåé ìüíï ìéá öïñÜ óå êÜèå reboot áëëÜ äåí
ðåéñÜæåé íá ôï êÜíåôå êáé ðáñáðÜíù öïñÝò)
$> echo 1 > /proc/sys/net/ipv4/ip_forward
Ïôáí èá Ý÷åôå óéãïõñåõôåß ïôé üëá áõôÜ äïõëåýïõí (äåßôå ôéò
ïäçãßåò Post-install ðñþôá) áöÞóôå íá äïõëåýåé ôï ìáóêÜñéóìá
ìüíï ôïõ åóùôåñéêïý äéêôýïõ äåí èÝëåôå íá áöÞóåôå üëï ôïí
êüóìï óôï Internet íá ôï ÷ñçóéìïðïéïýí öõóéêÜ :)
Ðñþôá, áöÞóôå ôéò Þäç õðÜñ÷ïõóåò óõíäÝóåéò, Þ ïôéäÞðïôå
ó÷åôßæåôå ìå áõôÝò (ð.÷. Ôçí óýíäåóç óå Ýíáí server ftp ðïõ
Ý÷åôå óõíäåèåß åóåßò)
$> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
ÅÜí áõôü óáò âãÜëåé ìýíçìá ëÜèïõò, ôüôå ôï ðéï ðéèáíü åßíáé íá
ìçí Ý÷åôå åíåñãïðïéÞóåé ôï state tracking óôïí ðõñÞíá êÜíôå
recompile. ÌåôÜ áöÞóôå êáéíïýñéåò óõíäÝóåéò ìüíï áðï ôï
intranet (ôïðéêü/åóùôåñéêü äßêôõï). ÁíôéêáôáóôÞóôå ôï ppp0 ìå
eth0 Þ ìå ïôéäÞðïôå åßíáé ç åîùôåñéêÞ óáò óõóêåõÞ. (Ôï !
óçìáßíåé ïôéäÞðïôå åêôüò áðï)
$> iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
Êáé ôþñá áñíçèåßôå ïôéäÞðïôå Üëëï:
$> iptables -P INPUT DROP #only if the first two are succesful
ÅÜí ïðïéïóäÞðïôå áðï ôïõò äýï ðñþôïõò êáíüíåò áðïôý÷åé, ôüôå
áõôüò ï ôåëåõôáßïò êáíüíáò èá åìðïäßóåé ôï ìáóêÜñéóìá íá
äïõëÝøåé åíôåëþò. Ãéá íá áíáéñÝóåôå áõôüí ôïí êáíüíá ìðïñåßôå
íá ãñÜøåôå "iptables -P INPUT ACCEPT".
_________________________________________________________
4. Post-install Ïäçãßåò
Ïëá èá ðñÝðåé íá ëåéôïõñãïýí ôþñá. Ìçí îå÷Üóåôå íá:
* Ñõèìßóôå üëïõò ôïõò õðïëïãéóôÝò ôïõ õðïäéêôýïõ óáò íá
äåß÷íïõí óôçí ÉP ôïõ Linux server óáí gateway. (Óôá
windows äåîß-êëéê óôï network
neighbourhood->properties->gateway êáé ìåôÜ ôïí áëëÜæåôå
óôçí IP ôïõ Linux server(gateway)).
* Ñõèìßóôå üëïõò ôïõò õðïëïãéóôÝò óáò íá ÷ñçóéìïðïéïýí ôïí
proxy ôïõ ISP óáò (áí õðÜñ÷åé ÷ñçóéìïðïéåßóôå transparent
proxy), (ÐÑÏÓÏ×Ç Å÷ù áêïýóåé ãéá áíáöïñÝò ïôé ôï
transparent proxying åéíáé ðïëý áñãü óå ðïëý ìåãÜëá
äßêôõá), Þ ôñÝîôå ôïí squid óôïí linux server óáò. (Áõôü
åßíáé ðñïáéñåôéêü áëëÜ óõíéóôÜôáé ãéá ìåãÜëá äßêôõá).
* ÓéãïõñåõôÞôå ïôé âÜæåôå óùóôÜ ôïí DNS üôáí ñõèìßæåôáé ôïõò
õðïëïãéóôÝò óáò. ÅéäÜëùò èá ðáßñíåôå ìõíÞìáôá ëÜèïõò óå
áõôïýò ãéáôß äåí èá ãßíåôå óùóôÜ ôï resolving ôçò IP
address.
[Offtopic] I wonder if you could simply send out a dhcp
broadcast that just forwards on the dns server (and
http_proxy while you're at it) without having to setup a
dhcp server (or even if you do). Can someone mail me about
this? :)
Thanks to Richard Atcheson for pointing this out.
* Ôþñá èá ðñÝðåé óéãÜ óéãÜ íá äéïñèþíåôáé ôçí áóöÜëåéá óå
áõôüí. Ðñþôá áðåíåñãïðïéÞóôå ãåíéêþò ôï forwarding:
"iptables -P FORWARD DROP", êáé ìåôÜ ìÜèåôå íá äïõëåýåôå
ìå ôá iptables êáé ôá áñ÷åßá /etc/hosts.allow êáé
/etc/hosts.deny ãéá íá áóöáëßóåôå ôï óýóôçìÜ óáò. ÐÑÏÓÏ×Ç
Ìçí äïêéìÜóåôå ôï ðñïçãïýìåíç êáíü ôùí iptables ìÝ÷ñé íá
Ý÷åôå ôï ìáóêÜñéóìá íá äïõëåýåé óùóôÜ ÐñÝðåé íá ïñßæåôáé
îå÷ùñéóôÜ ïðïéïäÞðïôå ðáêÝôï èÝëåôå íá ðåñÜóåé åÜí èá
÷ñçóéìïðïéÞóåôå ôçí ðñïçãïýìåíç åíôïëÞ (êáíüíáò iptables)
ìå DENY. (Ìðïñåßôå íá áíáéñÝóåôå áõôüí ôïí êáíüíá ìå
"iptables -P FORWARD ACCEPT")
* ÁöÞóôå üðïéá services èÝëåôå íá öáßíïíôáé óôï internet.
Ãéá ðáñÜäåéãìá ãéá íá áöÞóåôå access óôïí web server óáò
êÜíôå:
$> iptables -A INPUT --protocol tcp --dport 80 -j ACCEPT
$> iptables -A INPUT --protocol tcp --dport 443 -j ACCEPT
Ãéá íá áöÞóåôå ôï ident (ãéá óýíäåóç óôï irc êôë) êÜíôå
$> iptables -A INPUT --protocol tcp --dport 113 -j ACCEPT
Ãéá íá ôï äïêéìÜóåôå:
* ÄïêéìÜóôå íá óõíäåèåßôå áðï Ýíáí õðïëïãéóôÞ ðåëÜôç óôï web
÷ñçóéìïðïéþíôáò ìéá IP. Ç IP ôïõ Google åßíáé
216.239.33.100 (ìßá áðï üëåò ðïõ Ý÷ïõí) êáé èá ðñÝðåé íá
ðáñåôå ìßá áðÜíôçóç áðü áõôÞí ð.÷. "ping 216.239.33.100"
"lynx 216.239.33.100".
* ÄïêéìÜóôå ìéá óýíäåóç ìáæß ìå ôï resolve ôïõ hostname ð.÷.
"ping www.google.com" "lynx google.com" Þ áðï ôïí Internet
Explorer Þ ôïí netscape
Ïðïõ eth0 åßíáé ç êÜñôá äéêôýïõ ðïõ äßíåé Internet
(åîùôåñéêÞ), êáé ç 123.12.23.43 åßíáé ç åîùôåñéêÞ ip áõôïý ôïõ
ìç÷áíÞìáôïò.
_________________________________________________________
5. FAQ's - Frequently Asked Compla Questions, Óõ÷íÜ ÐáñÜð ÅñùôÞóåéò
* Ðùò âëÝðù ôïõ êáíüíåò ùò ôþñá?
- ÄïêéìÜóôå
$> iptables -L
$> iptables -t nat -L
* Äåí êÜíåé resolve ôéò IP! ÃñÜöù 'www.microsoft.com' êáé
ëÝåé ïôé äåí ôï âñßóêåé
- ÓéãïõñåõôÞôå ïôé Ý÷åôå âÜëåé ôéò ñõèìßóåéò dns óå üëïõò
ôïõò õðïëïãéóôÝò-ðåëÜôåò.
* Äåí äïõëåýåé! Äåí ôïõ áñÝóïõí ôá iptables / NAT / SNAT /
MASQ
- ÊáôåâÜóôå ôïí ôåëåõôáßï ðõñÞíá, êÜíôå Ýíá compile ìå
õðïóôÞñéîç iptables êáé NAT
* Äåí äïõëåýåé! Ôï ìáóêÜñéóìá (masquerading) äåí äïõëåýåé
êáèüëïõ! Áåé ðíßîïõ âëÜêá
- ÄïêéìÜóôå echo 1 > /proc/sys/net/ipv4/ip_forward
* Äåí äïõëåýåé! Äåí ìðïñþ íá ÷ñçóéìïðïéÞóù ôï äßêôõï êáèüëïõ
ðëÝïí êáé óå ìéóþ!
- ÄïêéìÜóôå
$> iptables -F
$> iptables -t nat -F
$> iptables -t mangle -F
(üëïé ïé êáíüíåò Ýöõãáí Üíôå ãåéá). ÌåôÜ åðáíáöÝñåôå ôïõò
ðñïçãïýìåíïõò êáíüíåò ðïõ ôõ÷üí åß÷áôå.
- ÄïêéìÜóôå iptables -P FORWARD ACCEPT
* Áêüìá äåí äïõëåýåé
- H×ìì, ôï "dmesg | tail" óáò âãÜæåé êÜðïéï ëÜèïò? ÊÜíôå
êáé Ýíá "cat /var/log/messages | tail" ? Ï÷é ïôé íïéÜæïìáé
êáé ðïëõ :)
* Äåí êáôáëáâáßíù, ÄÅÍ ÄÏÕËÅÕÅÉ!
- Äåí ìðïñþ íá îÝñù.. áëëÜ èá ðñÝðåé íá åßóôå óå èÝóç íá:
1) ÐéíãêÜñåôå ôï åîùôåñéêü äßêôõï áðï ôï Linux box
2) ÐéíãêÜñåôå áðï ôï Linux Box ôï åóùôåñéêü äßêôõï
3) Áðï ôï åóùôåñéêü äßêôõï íá ðéíãêÜñåôå ôï Linux box
Êáé áõôÜ ðñéí áñ÷ßóïõí ïé êáíüíåò ãéá ôï ìáóêÜñéóìá.
* Where do I put this stuff?
- In the /etc/network/interfaces file, or firewall.rc. If
you put it in the interfaces file, then put it as a pre-up
to the external interface, and have "iptables -t nat -F"
as the post-down.
* Ðùò ìðïñþ íá ôï êÜíù íá áíïßãåé ôçí óýíäåóç ìüíï üôáí ôçí
÷ñåéÜæïìáé?(ppp up on demand)
- ÕðïèÝôùíôáò ïôé ï gateway ôïõ ISP óáò åßíáé áò ðïýìå
23.43.12.43 , ôüôå ðñïóèÝóôå ìßá ãñáììÞ óáí ôçí ðáñáêÜôù:
:23.43.12.43
óôï ôÝëïò ôïõ áñ÷åßïõ /etc/ppp/peers/provider. (áõôü åßíáé
ãéá dynamic IP - ãéá static IP èá Þôáí
my.external.ip.number:23.43.12.43 )
ÌåôÜ óôï ôÝëïò áõôïý ôïõ áñ÷åßïõ âÜëôå ìéá íÝá ãñáììÞ:
demand
* Ç óýíäåóç ðÝöôåé óõíå÷þò!
- Ðñþôá, Ý÷åôå åíåñãïðïéÞóåé ôï dialing on demand? ÊÜíåé
ôçí äïõëåéÜ ôïõ óùóôÜ? ÔóåêÜñåôå ôï
/etc/ppp/peers/provider, êáé óéãïõñåõôÞôå ïôé ç óýíäåóç
dial up äïõëåýåé êáíïíéêÜ ðñéí äïêéìÜóåôå ôï ìáóêÜñéóìá.
- Äåýôåñïí, áí êÜôé ðçãáßíåé ôüóï ðåñßåñãá äïêéìÜóôå íá
ãõñßóåôå óå ðñïçãïýìåíï ðõñÞíá (Linux 2.4.3) êáé äåßôå áí
åêåé ëåéôïõñãåß Äåí îÝñù ãéáôß...
* Äåí ìðïñþ íá ôá êÜíù üëá áõôÜ ìüíïò ìïõ! ÈÝëù êÜôé
åôïéìáôæßäéêï ìå GUI.
- Óßãïõñá http://shorewall.sourceforge.net/
Ãéá äåßôå ôï...
* Ôá Cable modems Ý÷ïõí static Þ dynamic IP?
- ÊáëÞ åñþôçóç.. ôï ðéï ðéèáíü åßíáé íá åßíáé dynamic.
* Ïé êÜñôåò äéêôýïõ ðïõ óõíäÝïíôáé óå DHCP?
- Åßíáé dynamic.
* Ðùò äéá÷åéñßæïìáé ôá åóùôåñéêÜ services?
- Äïêßìáóôå íá êÜíåôå forwarding Þ redirecting ôéò ðüñôåò
ôùí IP îáíÜ óéãïõñåõôÞôå ïôé ôá Ý÷åôå áóöáëßóåé óùóôÜ
* Áðï ôïõò õðïëïãéóôÝò ôïõ åóùôåñéêïý äéêôýïõ ìðïñþ íá
ðéíãêÜñù ôçí ip ôïõ linux gateway, áëëÜ äåí ìðïñþ íá
óõíäåèþ óôï internet.
-Ïêåç, äïêéìÜóôå "rmmod iptable_filter" - more info on
this as I get it.
- ÓéãïõñåõôÞôå ïôé äåí ôñÝ÷åôå ôï routed Þ ôï gated ãéá íá
ôóåêÜñåôå ãñÜøôå "ps aux | grep -e routed -e gated".
- ÊïéôÜîôå óôï http://ipmasq.cjb.net
* Ðùò ìðïñþ íá äþ ðïéåò óõíäÝóåéò åßíáé óå éó÷ý áõôÞ ôçí
óôéãìÞ (established)? ÊÜôé óáí ôï netstat..
- ÄïêéìÜóôå cat /proc/net/ip_conntrack
* ×ñåéÜæïìáé ðåñéóóüôåñåò ðëçñïöïñßåò ãéá ôï squid ãéá ôï
routing êôë!
- Äïêßìáóôå íá äéáâÜóåôå ôï Advanced Routing HOWTO
http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html
* Áõôü ôï howto åßíáé ÷Üëéá! Ðùò èá ðáñáðïíåèþ óôá ðáëçêáñéá
ðïõ ôï Ýãñáøáí?
- Ðçãáßíôå óôï #debian óôï irc.opensource.net êáé âñåßôå
ôïí JohnFlux. - Óôåßëôå ìïõ Mail (JohnFlux) óôï
tapselj0@cs.man.ac.uk
* Áõôü ôï howto åßíáé ÷Üëéá! Èá äïýìå êáìéá êáëõôåñç Ýêäïóç
- ÄïêéìÜóôå http://ipmasq.cjb.net
- Áðåõèõíèåßôå óôï LDP Masq-HOWTO.
* Ìå ôé Üëëï áó÷ïëÞóå ôþñá?
ÁõôÞí ôçí óôéãìÞ ãñÜöù Ýíáí ïäçãü óôï linux ãéá
anti-missile-missiles-made-simple. Äåí õðÜñ÷ïõí êáëïß
ïäçãïß ðïõ íá óå ðñïóôáôåýïõí áðï ðõñçíéêÝò åêñÞîåéò. :)
distrib
>
Mandriva
>
2010.0
>
i586
>
media
>
contrib-release
>
by-pkgid
>
b64a0ed9abef7306f12de680983610ea
>
files
>
28
