Linux IP Masquerade HOWTO David Ranch, dranch@trinnet.net; Ambrose Au, ambrose@writeme.com v1.79, 21 October 1999 ÀÌ ¹®¼­´Â ¸®´ª½º È£½ºÆ®¿¡¼­ IP ¸¶½ºÄ¿·¹À̵å¶ó´Â ±â´ÉÀ» »ç¿ëÇÏ´Â ¹æ¹ýÀ» ±â¼úÇÏ°í ÀÖ´Ù. IP ¸¶½ºÄ¿·¹À̵å´Â Network Address Translation(NAT)ÀÇ ÇÑ ÇüÅ·Î, ¸®´ª½º box¿¡ ¿¬°áµÈ ÇÑ°³ÀÇ ÀÎÅÍ³Ý IP ÁÖ¼Ò¸¦ ÅëÇؼ­ µî·ÏµÈ IP ÁÖ¼Ò°¡ ¾ø´Â ³»ºÎÀÇ ÄÄÇ»Å͵éÀÌ ÀÎÅͳÝÀ» ÀÌ¿ëÇϵµ·Ï ÇÏ´Â ±â´ÉÀÌ´Ù. ______________________________________________________________________ ¸ñÂ÷ 1. ¼Ò°³ 1.1 IP Masquerading(ÁÙ¿©¼­ IP MASQ) ¿¡ ´ëÇÑ ¼Ò°³ 1.2 ¸Ó¸®¸», ÀÇ°ß ¹× °ø·Î 1.3 ÆDZǰú Æ÷±â 2. ¹è°æ Áö½Ä 2.1 IP ¸¶½ºÄ¿·¹À̵å¶õ ¹«¾ùÀΰ¡? 2.2 ÇöÀç »óȲ 2.3 ´©°¡ IP ¸¶½ºÄ¿·¹À̵带 »ç¿ëÇؼ­ À̵æÀ» ¾ò´Â°¡? 2.4 ´©±¸¿¡°Ô IP ¸¶½ºÄ¿·¹À̵尡 ÇÊ¿ä ¾ø´Â°¡? 2.5 IP ¸¶½ºÄ¿·¹À̵å´Â ¾î¶»°Ô µ¿ÀÛÇϴ°¡? 2.6 ¸®´ª½º 2.0.x ¹öÁ¯¿¡¼­ IP Masqeurade¸¦ »ç¿ëÇϱâ À§ÇÑ ¿ä±¸»çÇ×µé 2.7 ¸®´ª½º 2.2.x ¹öÁ¯¿¡¼­ IP Masqeurade¸¦ »ç¿ëÇϱâ À§ÇÑ ¿ä±¸»çÇ×µé 3. IP ¸¶½ºÄ¿·¹ÀÌµå ¼³Á¤ 3.1 Ä¿³Î¿¡¼­ IP ¸¶½ºÄ¿·¹À̵带 Áö¿øÇϵµ·Ï ÄÄÆÄÀÏ Çϱâ 3.1.1 ¸®´ª½º 2.0.x Ä¿³Î 3.1.2 ¸®´ª½º 2.2.x Ä¿³Î 3.2 ³»ºÎ LAN¿¡ ºñ°ø½ÄÀûÀÎ ³»ºÎ IP ÁÖ¼Ò¸¦ ÇÒ´çÇϱâ 3.3 IP Æ÷¿öµù Á¤Ã¥ ¼³Á¤Çϱâ 3.3.1 ¸®´ª½º 2.0.x Ä¿³Î 3.3.2 ¸®´ª½º 2.2.x Ä¿³Î 4. ¸¶½ºÄ¿·¹À̵ù ³»ºÎÀÇ ÄÄÇ»Å͵éÀ» ¼³Á¤Çϱâ 4.1 Microsoft Windows 95 ¼³Á¤ 4.2 Windows NT ¼³Á¤ 4.3 Windows¿¡¼­ Workgroup 3.11 ¼³Á¤ 4.4 UNIX ±â¹Ý ½Ã½ºÅÛÀÇ ¼³Á¤ 4.5 NCSA ÅÚ³Ý ÆÐÅ°Áö¸¦ »ç¿ëÇÏ´Â DOSÀÇ ¼³Á¤ 4.6 MacTCP¸¦ »ç¿ëÇÏ´Â MacOS ±â¹Ý ½Ã½ºÅÛÀÇ ¼³Á¤ 4.7 Open Transport¸¦ »ç¿ëÇÏ´Â MacOS ±â¹Ý ½Ã½ºÅÛÀÇ ¼³Á¤ 4.8 DNS¸¦ »ç¿ëÇÏ´Â Novell ³×Æ®¿÷ÀÇ ¼³Á¤ 4.9 OS/2 WarpÀÇ ¼³Á¤ 4.10 ±×¿Ü ´Ù¸¥ ½Ã½ºÅÛÀÇ ¼³Á¤ 5. IP ¸¶½ºÄ¿·¹À̵åÀÇ ½ÃÇè 6. ±×¿ÜÀÇ IP ¸¶½ºÄ¿·¹ÀÌµå °ü·Ã »çÇ×°ú ¼ÒÇÁÆ®¿þ¾î Áö¿ø 6.1 IP ¸¶½ºÄ¿·¹À̵åÀÇ ¹®Á¦Á¡ 6.2 ¿ÜºÎ·ÎºÎÅÍ µé¾î¿À´Â ¼­ºñ½º 6.3 Áö¿øµÇ´Â Ŭ¶óÀ̾ðÆ® ¼ÒÇÁÆ®¿þ¾î¿Í ±×¿Ü ¼³Á¤¿¡ ´ëÇØ ¾Ë¾ÆµÑ Á¡ 6.3.1 IP ¸¶½ºÄ¿·¹À̵å¿Í ÇÔ²² -µ¿ÀÛÇÏ´Â- ³×Æ®¿÷ Ŭ¶óÀ̾ðÆ®µé 6.3.2 µ¿ÀÛÇÏÁö ¾Ê´Â Ŭ¶óÀ̾ðÆ®: 6.4 º¸¾È °­µµ°¡ º¸´Ù ³ôÀº IP ¹æÈ­º®(IPFWADM) Á¤Ã¥ 6.5 º¸¾È °­µµ°¡ º¸´Ù ³ôÀº IP ¹æÈ­º®(IPCHAINS) Á¤Ã¥ 6.6 ¿©·¯°³ÀÇ ³»ºÎ ³×Æ®¿÷À» IP ¸¶½ºÄ¿·¹À̵ùÇÏ´Â ¹ý 6.7 IP ¸¶½ºÄ¿·¹À̵å¿Í ÀüÈ­ Á¢¼Ó 6.8 IPPORTFW, IPMASQADM, IPAUTOFW, REDIR, UDPRED µî°ú ±âŸÀÇ Æ÷Æ® Æ÷¿öµù µµ±¸µé 6.8.1 2.0.x Ä¿³Î¿¡¼­ IPPORTFW »ç¿ë 6.8.2 2.2.x Ä¿³Î¿¡¼­ IPPORTFW¿Í ÇÔ²² IPMASQADM »ç¿ë 6.9 CU-SeeMe¿Í ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵å 6.10 Mirabilis ICQ 6.11 °ÔÀÓ: LooseUDP ÆÐÄ¡ 7. ÀÚÁÖ ¹¯´Â Áú¹®µé(FAQ) 7.1 IP ¸¶½ºÄ¿·¹À̵带 ¹Ù·Î »ç¿ëÇÒ ¼ö ÀÖ´Â ¸®´ª½º ¹èÆ÷º»Àº ¾î¶² °ÍÀԴϱî? 7.2 IP ¸¶½ºÄ¿·¹À̵尡 µ¿ÀÛÇϱâ À§ÇÑ ÃÖ¼ÒÇÑÀÇ Çϵå¿þ¾î »ç¾ç°ú Á¦ÇÑ»çÇ×Àº ¹«¾ùÀԴϱî? ¼º´ÉÀº ¾î´ÀÁ¤µµÀԴϱî? 7.3 ¸ðµç ¼³Á¤À» È®ÀÎÇßÁö¸¸, ¿©ÀüÈ÷ IP ¸¶½ºÄ¿·¹À̵尡 µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù. ¾î¶»°Ô ÇØ¾ß Çմϱî? 7.4 IP ¸¶½ºÄ¿·¹À̵峪 IP ¸¶½ºÄ¿·¹ÀÌµå °³¹ßÀÚ ¸ÞÀϸµ ¸®½ºÆ®¿¡ Âü°¡Çϰųª º¸±â À§Çؼ­´Â ¾î¶»°Ô ÇØ¾ß Çմϱî? 7.5 IP ¸¶½ºÄ¿·¹À̵尡 ÇÁ·Ï½Ã(Proxy)³ª NAT ¼­ºñ½º¿Í ´Ù¸¥ Á¡Àº ¹«¾ùÀԴϱî? 7.6 GUI ¹æ½ÄÀÇ ¹æÈ­º® »ý¼º/°ü¸® µµ±¸°¡ ÀÖ½À´Ï±î? 7.7 IP ¸¶½ºÄ¿·¹À̵尡 µ¿ÀûÀ¸·Î ÇÒ´ç¹ÞÀº IP Áּҿ͵µ µ¿ÀÛÇմϱî? 7.8 ÀÎÅͳݿ¡ ¿¬°áÇϱâ À§ÇØ ÄÉÀÌºí ¸ðµ©(¾ç¹æÇâ°ú ¸ðµ© ÀÀ´äÀ» »ç¿ëÇÏ´Â °Í ¸ðµÎ), DSL, À§¼º Á¢¼Ó µîÀÇ ¹æ¹ýÀ» »ç¿ëÇϸ鼭 IP ¸¶½ºÄ¿·¹À̵带 »ç¿ëÇÒ ¼ö ÀÖ½À´Ï±î? 7.9 Diald³ª PPPdÀÇ ÀüÈ­Á¢¼Ó ±â´ÉÀ» IP ¸¶½ºÄ¿·¹À̵å¿Í ÇÔ²² »ç¿ëÇÒ ¼ö ÀÖ½À´Ï±î? 7.10 IP ¸¶½ºÄ¿·¹À̵å¿Í ÇÔ²² »ç¿ëÇÒ ¼ö ÀÖ´Â ÀÀ¿ëÇÁ·Î±×·¥Àº ¾î¶² °ÍµéÀԴϱî? 7.11 Redhat, Debian, Slackware³ª ±âŸÀÇ ¹èÆ÷º»¿¡¼­´Â ¾î¶»°Ô IP ¸¶½ºÄ¿·¹À̵带 »ç¿ëÇմϱî? 7.12 TELNET Á¢¼ÓÀ» ÀÚÁÖ »ç¿ëÇÏÁö ¾ÊÀ¸¸é µ¿ÀÛÇÏÁö ¾Ê´Â °Í °°½À´Ï´Ù. ¿Ö ±×·¸½À´Ï±î? 7.13 ÀÎÅÍ³Ý Á¢¼ÓÀÌ Ã³À½ ÀÌ·ç¾îÁú ¶§´Â ¾Æ¹«°Íµµ µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù. ÇÏÁö¸¸, ´Ù½Ã ½ÃµµÇÏ¸é ¸ðµç °ÍÀÌ Àß µ¿ÀÛÇÕ´Ï´Ù. ¿Ö ±×·¸½À´Ï±î? 7.14 IP ¸¶½ºÄ¿·¹À̵尡 Àß µ¿ÀÛÇÏ´Â °Í °°Áö¸¸ ¸î¸î »çÀÌÆ®¿¡ ´ëÇؼ­´Â µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù. ÁÖ·Î À¥°ú FTP¿¡¼­ ±×·¸½À´Ï´Ù. 7.15 IP ¸¶½ºÄ¿·¹À̵ùÀÌ ´À¸° °Í °°½À´Ï´Ù. 7.16 ÀÌÁ¦ IP ¸¶½ºÄ¿·¹À̵ùÀº µ¿ÀÛÇÏÁö¸¸, SYSLOGÀÇ ·Î±× È­ÀÏ¿¡ °®°¡ÁöÀÇ ÀÌ»óÇÑ ¸Þ½ÃÁöµé°ú ¿¡·¯°¡ »ý±é´Ï´Ù. IPFWADM/IPCHAINS ¹æÈ­º®ÀÇ ¿¡·¯ ¸Þ½ÃÁöÀÇ Àǹ̵éÀ» ¾Ë ¼ö ÀÖÀ»±î¿ä? 7.17 ¿ÜºÎÀÇ ÀÎÅÍ³Ý »ç¿ëÀÚµéÀÌ ³»ºÎ¿¡ ¸¶½ºÄ¿·¹À̵åµÇ´Â ¼­¹öµé¿¡ Á÷Á¢ Á¢¼ÓÇÒ ¼ö ÀÖµµ·Ï IP ¸¶½ºÄ¿·¹À̵带 ¼³Á¤ÇÒ ¼ö ÀÖ½À´Ï±î? 7.18 SYSLOG È­ÀÏ¿¡ "kernel: ip_masq_new(proto=UDP): no free ports."¶ó´Â ¸Þ½ÃÁö°¡ ³²½À´Ï´Ù. ¿Ö ±×·±°¡¿ä? 7.19 IPPORTFW¸¦ »ç¿ëÇÏ·Á°í Çϸé "ipfwadm: setsockopt failed: Protocol not available"¶ó´Â ¿¡·¯°¡ ³³´Ï´Ù! 7.20 Microsoft È­ÀÏ ÇÁ¸°Æ® °øÀ¯¿Í Microsoft µµ¸ÞÀΠŬ¶óÀ̾ðÆ®µé(SAMBA)ÀÌ IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ­ µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù! 7.21 ¸¶½ºÄ¿·¹À̵åµÇ´Â IRC »ç¿ëÀÚµéÀº IRC¸¦ Á¦´ë·Î »ç¿ëÇÒ ¼ö ¾ø½À´Ï´Ù. ¿Ö ±×·±°¡¿ä? 7.22 mIRC°¡ DCC Àü¼ÛÀ» ÇÏÁö ¸øÇÕ´Ï´Ù. 7.23 ÇÑ°³ÀÇ ÀÌ´õ³Ý ³×Æ®¿÷ Ä«µå¸¸ À־ (IP AliasingÀ» ÅëÇؼ­) IP ¸¶½ºÄ¿·¹À̵带 »ç¿ëÇÒ ¼ö ÀÖ½À´Ï±î? 7.24 ¸¶½ºÄ¿·¹À̵åµÇ´Â ¿¬°áµéÀ» º¸±âÀ§Çؼ­ NETSTAT ¸í·ÉÀ» »ç¿ëÇÏ·Á°í Çϴµ¥ µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù. 7.25 IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ­ Microsoft PPTP (GRE tunnels)À̳ª IPSEC (Linux SWAN) tunnels µîÀ» »ç¿ëÇÏ°í ½Í½À´Ï´Ù. 7.26 IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ­ XYZ ³×Æ®¿÷ °ÔÀÓÀ» ½ÇÇàÇÏ°í ½ÍÁö¸¸ µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù. µµ¿ÍÁÖ¼¼¿ä! 7.27 IP ¸¶½ºÄ¿·¹À̵尡 ¾ó¸¶°£Àº Àß µ¿ÀÛÇÏÁö¸¸ °©Àڱ⠸ØÃä´Ï´Ù. ÀçºÎÆÃÇÏ°í ³ª¸é Çѵ¿¾È ¶Ç Àß µ¿ÀÛÇÕ´Ï´Ù. ¿Ö ±×·±°¡¿ä? 7.28 ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»Å͵éÀÌ SMTP³ª POP-3 ¸ÞÀÏÀ» º¸³»Áö ¸øÇÕ´Ï´Ù! 7.29 ³»ºÎÀÇ ¼­·Î ´Ù¸¥ ¸¶½ºÄ¿·¹ÀÌµå ³×Æ®¿÷Àº °¢°¢ÀÇ ¿ÜºÎ IP ÁÖ¼Ò¸¦ ÅëÇؼ­ ³ª°¡µµ·Ï ÇÏ°í ½Í½À´Ï´Ù. (IPROUTE2) 7.30 Why do the new 2.1.x and 2.2.x kernels use IPCHAINS instead of IPFWADM? 7.31 I've just upgraded to the 2.2.x kernels, why isn't IP Masquerade working? 7.32 I've just upgraded to a 2.0.36+ kernels later, why isn't IP Masquerade working? 7.33 I need help with EQL connections and IP Masq 7.34 I can't get IP Masquerade to work! What options do I have for Windows Platforms? 7.35 I want to help on IP Masquerade development. What can I do? 7.36 Where can I find more information on IP Masquerade? 7.37 I want to translate this HOWTO to another language, what should I do? 7.38 This HOWTO seems out of date, are you still maintaining it? Can you include more information on ...? Are there any plans for making this better? 7.39 I got IP Masquerade working, it's great! I want to thank you guys, what can I do? 8. ±âŸ »çÇ×µé 8.1 À¯¿ëÇÑ ÀÚ·áµé 8.2 Linux IP ¸¶½ºÄ¿·¹À̵å ÀÚ·á(Linux IP Masquerade Resource) 8.3 °¨»ç¸¦ µå·Á¾ß ÇÒ »ç¶÷µé.. 8.4 Âü°íÇÑ ÀÚ·á 8.5 Changes ______________________________________________________________________ 1. ¼Ò°³ 1.1. IP Masquerading(ÁÙ¿©¼­ IP MASQ) ¿¡ ´ëÇÑ ¼Ò°³ (¿ªÀÚÁÖ: [ masquerade ] n, °¡Àå ¹«µµÈ¸, °¡Àå, ±¸½Ç [ masquerade ] v, °¡Àå ¹«µµ¸¦ ÇÏ´Ù, °¡ÀåÇÏ´Ù, üÇÏ´Ù) ÀÌ ¹®¼­´Â ¸®´ª½º È£½ºÆ®¿¡¼­ IP ¸¶½ºÄ¿·¹À̵å¶ó´Â ±â´ÉÀ» »ç¿ëÇÏ´Â ¹æ¹ýÀ» ±â¼úÇÏ°í ÀÖ´Ù. IP ¸¶½ºÄ¿·¹À̵å´Â Network Address Translation(NAT)ÀÇ ÇÑ ÇüÅ·Î, ¸®´ª½º box¿¡ ¿¬°áµÈ ÇÑ°³ÀÇ ÀÎÅÍ³Ý IP ÁÖ¼Ò¸¦ ÅëÇؼ­ µî·ÏµÈ IP ÁÖ¼Ò°¡ ¾ø´Â ³»ºÎÀÇ ÄÄÇ»Å͵éÀÌ ÀÎÅͳÝÀ» ÀÌ¿ëÇϵµ·Ï ÇÏ´Â ±â´ÉÀÌ´Ù. ³»ºÎÀÇ ÄÄÇ»Å͵éÀº ÀÌ´õ³Ý(Ethernet), ÅäÅ« ¸µ(TokenRing), FDDI°°Àº LAN ¿¬°áÀ̳ª ´ÙÀ̾ó¾÷ PPP(¿ªÀÚÁÖ: À©µµ¿ìÁîÀÇ ÀüÈ­Á¢¼Ó ³×Æ®¿öÅ·), ȤÀº SLIP °°Àº ¹æ¹ýÀ» ÅëÇؼ­ ¸®´ª½º È£½ºÆ®¿¡ ¿¬°áÇÒ ¼ö ÀÖ´Ù. ÀÌ ¹®¼­´Â ÀÌ´õ³Ý(Ethernet)À» ÀÌ¿ëÇÏ´Â ¹æ¹ýÀ» ¿ì¼±ÀûÀ¸·Î ´Ù·é´Ù. ÀÌ ¹®¼­´Â IBM ȣȯ PC¿¡¼­ 2.0.36ÀÌ»ó, 2.2.9ÀÌ»óÀÇ ¾ÈÁ¤ Ä¿³ÎÀ» »ç¿ëÇÏ´Â »ç¿ëÀÚµéÀ» À§Çؼ­ ¾²¿©Á³´Ù. 1.2.x ³ª 1.3.xÀÇ ¿À·¡µÈ Ä¿³ÎÀº ´Ù·çÁö ¾Ê°í, ¾î¶² ¹öÁ¯ÀÇ Ä¿³Î¿¡¼­´Â À߸øµÈ °á°ú¸¦ ³¾ ¼öµµ ÀÖ´Ù. IP ¸¶½ºÄ¿·¹À̵带 »ç¿ëÇϱâ ÀÌÀü¿¡ »õ·Î¿î ¾ÈÁ¤ Ä¿³Î·Î ¾÷±×·¹À̵åÇϱ⠹ٶõ´Ù. IP ¸¶½ºÄ¿·¹À̵带 ¸ÅŲÅä½Ã¿¡¼­ »ç¿ëÇÏ°íÀÚ ÇÑ´Ù¸é, Taro Fukunaga, tarozax@earthlink.net ¿¡°Ô ¸ÞÀÏÀ» º¸³»¼­ ÀÌ HOWTOÀÇ °£·«ÇÑ MkLinux¿ë ¹öÁ¯À» ¾ò±æ ¹Ù¶õ´Ù.. 1.2. ¸Ó¸®¸», ÀÇ°ß ¹× °ø·Î »õ·Î¿î »ç¿ëÀڵ鿡°Ô´Â ¸®´ª½º Ä¿³Î(1.2.x ÀÌÀü ¹öÁ¯ Æ÷ÇÔ)¿¡¼­ IP Masq¸¦ ¼³Á¤ÇÏ´Â °ÍÀÌ ¸Å¿ì È¥µ¿½º·´´Ù. FAQ¿Í ¸ÞÀϸµ ¸®½ºÆ®°¡ ÀÖÁö¸¸, IP Masq¸¦ À§Çؼ­ ¾²¿©Áø ¹®¼­´Â ¾ø¾ú´Ù. ±×¸®°í, ¸ÞÀϸµ ¸®½ºÆ®¿¡µµ IP Masq¸¦ À§ÇÑ HOWTO¸¦ ¿äûÇÏ´Â ±ÛÀÌ ÀÖ¾ú´Ù. ±×·¡¼­, »õ·Î¿î »ç¿ëÀÚµéÀÌ Ãâ¹ßÁ¡À¸·Î »ïÀ» ¼ö ÀÖµµ·Ï ÀÌ HOWTO¸¦ ¾²±â·Î °áÁ¤Çß°í, ¼÷·ÃµÈ »ç¿ëÀÚµéÀÌ ÃßÈÄ¿¡ ´õ Ãß°¡ÇÒ ¼ö ÀÖ±æ ¹Ù¶õ´Ù. ÀÌ ¹®¼­¿¡ ´ëÇØ ¾î¶² Á¾·ùÀÇ ¾ÆÀ̵ð¾î³ª, ¼öÁ¤»çÇ׵鵵 ȯ¿µÇÑ´Ù. ±×·¡¼­ ÀÌ ¹®¼­°¡ ´õ ÁÁÀº ¹®¼­°¡ µÇ±æ ¹Ù¶õ´Ù. ÀÌ ¹®¼­´Â Ken EvesÀÇ FAQ¿Í IP ¸¶½ºÄ¿·¹ÀÌµå ¸ÞÀϸµ ¸®½ºÆ®ÀÇ ¼ö¸¹Àº ¸Þ½ÃÁöµéÀ» Âü°íÇÏ¿© ¸¸µé¾îÁ³´Ù. ³»°¡ IP Masq¸¦ ¼³Á¤Çϴµ¥ µµ¿òÀ» ÁÖ°í, ¸¶Ä§³»´Â ÀÌ ¹®¼­¸¦ ¾²´Âµ¥ ¿µ°¨À» ÁØ Mr. Matthew Driver ¿¡°Ô Ưº°ÇÑ °¨»ç¸¦ Ç¥ÇÑ´Ù. ÃÖ±Ù¿¡´Â David Ranch°¡ HOWTO¸¦ ÀçÀÛ¼ºÇßÀ¸¸ç ,HOWOT¿¡ ¸¹Àº sectionµéÀ» Ãß°¡ÇÏ¿© ÀÌ ¹®¼­°¡ ´õ¿í ¿Ïº®ÇØ Áöµµ·Ï Çß´Ù. ¼öÁ¤ÇØ¾ß ÇÒ Á¡À̳ª, Á¤º¸, URL, ±âŸÀÇ ¾î¶°ÇÑ ÀÇ°ßÀÌ¶óµµ ±âź¾øÀÌ ambrose@writeme.com °ú dranch@trinnet.net·Î º¸³»Áֱ⠹ٶõ´Ù. ¿©·¯ºÐÀÇ Âü¿©°¡ ÀÌ HOWTO¿¡ ¸¹Àº µµ¿òÀ» ÁÙ °ÍÀÌ´Ù. ÀÌ HOWTO´Â ¿©·¯ºÐÀÌ °¡´ÉÇÑ ºü¸¥ ½Ã°£¾È¿¡ ¸®´ª½º IP ¸¶½ºÄ¿·¹ÀÌµå ³×Æ®¿÷À» ÀÛµ¿Çϵµ·Ï Çϴµ¥ µµ¿òÀ» ÁÙ Àǵµ·Î ¾²¿©Á³´Ù. Ambrose³ª David°¡ Á÷¾÷ÀûÀÎ ÀúÀÚ°¡ ¾Æ´Ï±â ¶§¹®¿¡, ¿©·¯ºÐÀº ÀÌ ¹®¼­¿¡¼­ ÀϹÝÀûÀÌÁö ¾Ê°Å³ª ¾ÖÃÊÀÇ ¸ñÀûÀÌ ¸ÂÁö ¾Ê´Â ³»¿ëÀ» ¹ß°ß ÇÒ ¼ö ÀÖÀ» °ÍÀÌ´Ù. ÀÌ HOWTO¿¡ °üÇÑ ÃֽŠÁ¤º¸³ª ±âŸ IP ¸¶½ºÄ¿·¹À̵忡 °üÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº ¿ì¸®°¡ ÀÇ¿åÀûÀ¸·Î °ü¸®ÇÏ°í ÀÖ´Â web page IP Masquerade Resource ¿¡¼­ ¾òÀ» ¼ö ÀÖ´Ù. ¿©·¯ºÐÀÌ IP ¸¶½ºÄ¿·¹À̵忡 ´ëÇؼ­ ±â¼úÀûÀÎ Àǹ®»çÇ×ÀÌ ÀÖ´Ù¸é, Amrose³ª David¿¡°Ô ¸ÞÀÏÀ» º¸³»´Â ´ë½Å¿¡ IP ¸¶½ºÄ¿·¹ÀÌµå ¸ÞÀϸµ ¸®½ºÆ®¿¡ Âü°¡Çϱ⠹ٶõ´Ù. IP ¸¶½ºÄ¿·¹À̵忡 °üÇÑ ¸ðµç ¹®Á¦Á¡Àº ´ëºÎºÐÀÇ À¯Àúµé¿¡°Ô °øÅëµÈ °ÍÀÌ°í, ¸ÞÀϸµ ¸®½ºÆ®ÀÇ ´©±º°¡¿¡°Ô¼­ °£´ÜÇÑ ´äÀ» ¾òÀ» ¼öµµ ÀÖÀ» °ÍÀÌ´Ù. µ¡ºÙ¿©¼­, Ambrose³ª David·ÎºÎÅÍ ´äÀåÀ» ¹Þ´Â ½Ã°£º¸´Ù ¸ÞÀϸµ ¸®½ºÆ®·ÎºÎÅÍ ´äÀ» ¾ò´Â ½Ã°£ÀÌ ÈξÀ Àû°Ô °É¸± °ÍÀÌ´Ù. ÀÌ ¹®¼­ÀÇ ÃֽŠ¹öÁ¯Àº ´ÙÀ½ »çÀÌÆ®¿¡¼­ ¾òÀ» ¼ö ÀÖ°í, ±×°÷¿¡¼­ HTMLÀ̳ª postscript¹öÁ¯ÀÇ ¹®¼­µµ ¾òÀ» ¼ö ÀÖ´Ù. o http://ipmasq.cjb.net/: The IP Masquerade Resources o http://ipmasq2.cjb.net/: The IP Masquerade Resources MIRROR o The Linux Documentation Project o Dranch's Linux page o IP Masquerade Resource Mirror Sites Listing ¿¡¼­ ¹Ì·¯ »çÀÌÆ®¸¦ È®ÀÎÇÒ ¼ö ÀÖ´Ù. 1.3. ÆDZǰú Æ÷±â ÀÌ ¹®¼­´Â Ambrose Au¿Í David Ranch¿¡°Ô ÆDZÇÀÌ ÀÖ°í, ÀÚÀ¯·Ó°Ô ÀÌ¿ë °¡´ÉÇÑ ¹®¼­ÀÌ´Ù. ÀÌ ¹®¼­´Â GNU General Public License¿¡ ÀÇÇؼ­ Àç ¹èÆ÷ÇÒ ¼ö ÀÖ´Ù. This document is copyright(c) 1999 Ambrose Au and David Ranch and it is a FREE document. You may redistribute it under the terms of the GNU General Public License. ÀÌ ¹®¼­´Â Ambrose¿Í David°¡ ÃÖ¼±À» ´ÙÇÑ ¹®¼­·Î¼­, ¿Ç¹Ù¸¥ ³»¿ëÀ» ´ã°í ÀÖ´Ù. ±×·¯³ª, ¸®´ª½º IP ¸¶½ºÄ¿·¹ÀÌµå ±â´ÉÀº »ç¶÷¿¡ ÀÇÇؼ­ °³¹ßµÈ °ÍÀ̹ǷÎ, ¶§¶§·Î ½Ç¼ö³ª ¹ö±×µîÀÌ ÀÖÀ» ¼ö ÀÖ´Ù. ÀÌ ¹®¼­¿¡ ¾²¿©Áø Á¤º¸¸¦ »ç¿ëÇؼ­ »ý±â´Â, ¿©·¯ºÐÀÇ ÄÄÇ»ÅÍÀÇ ¼Õ»óÀ̳ª ¾î¶°ÇÑ ¼Õ½Ç¿¡ ´ëÇؼ­µµ ¾Æ¹«µµ Ã¥ÀÓÀ» ÁöÁö ¾Ê´Â´Ù. ÀÌ ¹®¼­ÀÇ Á¤º¸¿¡ ÀÇÇØ ÇàÇØÁø ÇàÀ§ ¶§¹®¿¡ ¹ß»ýµÈ ¾î¶² ¼Õ»óµµ ÀúÀڴ åÀÓÁöÁö ¾Ê´Â´Ù. No person, group, or other body is responsible for any damage on your computer(s) and any other losses by using the information on this document. i.e. THE AUTHORS AND ALL MAINTAINERS ARE NOT RESPONSIBLE FOR ANY DAMAGES INCURRED DUE TO ACTIONS TAKEN BASED ON THE INFORMA­ TION IN THIS DOCUMENT. ÀÚ, ÀÌ »óÀÇ ³»¿ëÀ» ¼÷ÁöÇÏ°í... ½ÃÀÛÇØ º¸µµ·Ï ÇÏÀÚ.. 2. ¹è°æ Áö½Ä 2.1. IP ¸¶½ºÄ¿·¹À̵å¶õ ¹«¾ùÀΰ¡? IP ¸¶½ºÄ¿·¹À̵å´Â ¸®´ª½ºÀÇ ³×Æ®¿öÅ· ±â´ÉÀ¸·Î, »ó¿ë ¹æÈ­º®(firewall)À̳ª ³×Æ®¿÷ ¶ó¿ìÅÍ(network router)¿¡¼­ ÈçÈ÷ º¼ ¼ö ÀÖ´Â 1 ´ë ´Ù(one-to-many) ¹æ½ÄÀÇ NAT(Network Address Translation: ³×Æ®¿÷ ÁÖ¼Ò Çؼ®)¿Í À¯»çÇÏ´Ù. ¿¹À» µé¾î¼­, ¾î¶² ¸®´ª½º È£½ºÆ®°¡ PPP(¿ªÀÚÁÖ: À©µµ¿ìÁîÀÇ ÀüÈ­Á¢¼Ó ³×Æ®¿öÅ·¿¡ ÇØ´çÇÔ), ÀÌ´õ³Ý(Ethernet), ±âŸµîµîÀÇ ¹æ¹ýÀ¸·Î ÀÎÅͳݿ¡ ¿¬°áµÇ¾î ÀÖ´Ù¸é, ÀÌ ¸®´ª½º ¹Ú½º¿¡ ¿¬°áµÈ(PPP, Ethernet, ±âŸµîµî) ³»ºÎÀÇ ÄÄÇ»Å͵鵵 IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ­ ÀÎÅͳݿ¡ ¿¬°áÇÒ ¼ö ÀÖ´Ù. ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵带 ÅëÇϸé, ³»ºÎÀÇ ÄÄÇ»Å͵éÀÌ °ø½ÄÀûÀ¸·Î ÇÒ´çµÈ IP ÁÖ¼Ò°¡ ¾ø´õ¶óµµ °¡´ÉÇÏ´Ù. MASQ¸¦ »ç¿ëÇϸé, MASQ °ÔÀÌÆ®¿þÀÌ(gateway: Åë·Î°¡ µÇ´Â ÄÄÇ»ÅÍ)¸¦ ÅëÇؼ­ ¸î´ëÀÇ ÄÄÇ»Å͵éÀÌ ¼û¾î¼­ ÀÎÅͳÝÀ» »ç¿ëÇÒ ¼ö ÀÖ´Ù. Áï, ÀÎÅͳݿ¡ ÀÖ´Â ´Ù¸¥ ÄÄÇ»Å͵鿡°Ô´Â, IP MASQ¸¦ ÅëÇؼ­ ¹Ù±ùÀ¸·Î ³ª¿À´Â Á¤º¸µéÀº IP MASQ Linux ¼­¹ö ÀÚü°¡ º¸³»´Â °Íó·³ º¸ÀδÙ. ÀÌ·¯ÇÑ ±â´É¿¡ µ¡ºÙ¿©¼­, IP ¸¶½ºÄ¿·¹À̵å´Â ´ë´ÜÈ÷ ¾ÈÀüÇÑ ³×Æ®¿÷ ȯ°æÀ» Á¦°øÇÑ´Ù. Àß ±¸¼ºµÈ ¸¶½ºÄ¿·¹À̵ù ½Ã½ºÅÛ°ú ³»ºÎ LANÀÇ º¸¾ÈÀ» ±ú´Â °ÍÀº, Àß ±¸¼ºµÈ ¹æÈ­º®ÀÇ º¸¾ÈÀ» ±ú´Â °Í ¸¸Å­À̳ª ¾î·Æ´Ù. 2.2. ÇöÀç »óȲ IP ¸¶½ºÄ¿·¹À̵å´Â óÀ½ °³¹ßµÈÁö ¼ö³âÀÌ Áö³µ°í, ¸®´ª½º Ä¿³ÎÀÌ 2.2.x ·Î µé¾î¼­¸é¼­ ¸Å¿ì ¼º¼÷ÇØÁ³´Ù. ¸®´ª½º Ä¿³ÎÀº 1.3.x ¹öÁ¯ºÎÅÍ MASQ ±â´ÉÀ» ÀÚü Áö¿øÇß´Ù. ÇöÀç´Â ¼ö¸¹Àº °³ÀÎ, ¶Ç´Â »ó¾÷ ±â°üµéÀÌ ÈǸ¢ÇÏ°Ô »ç¿ëÇÏ°í ÀÖ´Ù. À¥ ÆäÀÌÁö º¸±â, TELNET Á¢¼Ó, FTP, PING, TRACEROUTE, ±âŸµîµîÀÇ Åë»óÀûÀÎ ³×Æ®¿÷ ±â´ÉÀº IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ­ Àß ÀÛµ¿ÇÑ´Ù. FTP, IRC¿Í Real Audio¿Í °°Àº °Íµµ, ÀûÀýÇÑ IP MASQ ¸ðµâÀ» ÀûÀçÇϸé Àß ÀÛµ¿ÇÑ´Ù. MP3³ª Æ®·ç ½ºÇÇÄ¡(True Speech)µîÀÇ ½ºÆ®¸®¹Ö ¿Àµð¿À(streaming audio)¿Í °°Àº ³×Æ®¿÷ °ü·Ã ÇÁ·Î±×·¥µéµµ ¿ª½Ã ÀÛµ¿ÇÑ´Ù. ¸ÞÀϸµ ¸®½ºÆ®ÀÇ ¾î¶² µ¿·á »ç¿ëÀÚµéÀº È­»óȸÀÇ ¼ÒÇÁÆ®¿þ¾î¿¡¼­±îÁö ÁÁÀº °á°ú¸¦ ¾òÀº ¹Ù ÀÖ´Ù. Áö¿øµÇ´Â Àüü ¼ÒÇÁÆ® ¿þ¾î ¸ñ·ÏÀº ``'' section¿¡¼­ È®ÀÎÇϱ⠹ٶõ´Ù. IP ¸¶½ºÄ¿·¹À̵å´Â ¿©·¯°¡Áö ´Ù¸¥ OS¿Í Çϵå¿þ¾î Ç÷§ÆûÀ» »ç¿ëÇÏ´Â »ç¿ëÀÚ ÄÄÇ»Å͵é(client machines)¿¡°Ôµµ ¼­¹ö·Î¼­ Àß µ¿ÀÛÇÑ´Ù. MASQ ³»ºÎ¿¡¼­ ¼º°øÀûÀ¸·Î µ¿ÀÛÇÑ ½Ã½ºÅÛµéÀº ´ÙÀ½°ú °°´Ù : o Unix: Sun Solaris, *BSD, Linux, Digital UNIX, ±âŸµîµî o Microsoft Windows 95/98, Windows NT¿Í Windows for Workgroups (TCP/IP ÆÐÅ°Áö°¡ ¼³Ä¡µÈ »óÅÂ) o IBM OS/2 o MacTCP or Open Transport¸¦ »ç¿ëÇÏ´Â Apple Macintosh MacOS machineµé o packet µå¶óÀ̹ö¿Í NCSA Telnet ÆÐÅ°Áö¸¦ »ç¿ëÇÏ´Â DOS ±â¹Ý ½Ã½ºÅÛ o VAXen o ¸®´ª½º³ª NT¸¦ »ç¿ëÇÏ´Â Compaq/Digital Alpha ½Ã½ºÅÛ o AmiTCP ³ª AS225-stackÀ» »ç¿ëÇÏ´Â Amiga ÄÄÇ»ÅͱîÁö.. ¸®½ºÆ®´Â ´õ °è¼ÓµÉ ¼ö ÀÖÁö¸¸ ¿äÁ¡Àº ´ÙÀ½°ú °°´Ù. TCP/IP·Î Åë½ÅÇÒ ¼ö ÀÖ´Â OS¸¦ »ç¿ëÇÑ´Ù¸é ¹Ýµå½Ã IP ¸¶½ºÄ¿·¹À̵å¿Í ÇÔ²² µ¿ÀÛÇÒ ¼ö ÀÖ¾î¾ß ÇÑ´Ù! 2.3. ´©°¡ IP ¸¶½ºÄ¿·¹À̵带 »ç¿ëÇؼ­ À̵æÀ» ¾ò´Â°¡? o ´ç½ÅÀÌ ÀÎÅͳݿ¡ ¿¬°áµÈ ¸®´ª½º È£½ºÆ®¸¦ °¡Áö°í ÀÖ°í, o TCP/IP°¡ ¼³Ä¡µÇ¾î ÀÖ°í ·ÎÄà ¼­ºê³Ý(local subnet)À» ÅëÇؼ­ ¸®´ª½º È£½ºÆ®¿¡ ¿¬°áµÈ ÄÄÇ»ÅÍ ¸î´ë¸¦ °¡Áö°í Àְųª, o ´ç½ÅÀÇ ¸®´ª½º È£½ºÆ®°¡ µÎ°³ ÀÌ»óÀÇ ¸ðµ©À» °¡Áö°í PPP³ª SLIP¼­¹ö·Î µ¿ÀÛÇÏ¸é ³»ºÎÀÇ ´Ù¸¥ ÄÄÇ»Å͵é°ú ¿¬°áµÇ¾î ÀÖ°í, o ±× ´Ù¸¥ ÄÄÇ»Å͵éÀÌ °ø½ÄÀûÀÎ IP ÁÖ¼Ò¸¦ ÇÒ´ç¹ÞÁö ¾Ê¾Ò´Ù¸é, o ±×¸®°í ¹°·Ð, ISP·ÎºÎÅÍ °ø½ÄÀûÀÎ IP ÁÖ¼Ò¸¦ ÇÒ´ç¹Þ°í ¸®´ª½º¸¦ ¶ó¿ìÅÍ(router)·Î ¼³Á¤Çϰųª ¿ÜºÎ ¶ó¿ìÅ͸¦ ±¸ÀÔÇϴµîÀÇ Ãß°¡ºñ¿ëÀ» µéÀÌÁö ¾Ê°í ±× ´Ù¸¥ ÄÄÇ»Å͵éÀÌ ÀÎÅͳÝÀ» »ç¿ëÇϵµ·Ï ÇÏ°í ½Í´Ù¸é. 2.4. ´©±¸¿¡°Ô IP ¸¶½ºÄ¿·¹À̵尡 ÇÊ¿ä ¾ø´Â°¡? o ´ç½ÅÀÇ ÄÄÇ»ÅÍ°¡ ´Üµ¶À¸·Î ¼³Ä¡µÇ¾î ÀÖ°í ÀÎÅͳݿ¡ ¿¬°áµÇ¾î Àְųª (±×·¯³ª ´Üµ¶À¸·Î Á¸ÀçÇÏ´õ¶óµµ ¹æÈ­º®À» ¼³Á¤ÇÏ´Â °ÍÀº ÁÁÀº »ý°¢ÀÏ ¼ö ÀÖ´Ù), o ´Ù¸¥ ÄÄÇ»Å͵éÀ» À§Çؼ­ ÇÒ´çµÈ ¿©·¯°³ÀÇ IP ÁÖ¼Ò¸¦ °¡Áö°í ÀÖ´Ù¸é, o ±×¸®°í ¹°·Ð, ´ç½ÅÀÌ ¸®´ª½ºÀ» »ç¿ëÇÏ´Â '¹«ÀÓ ½ÂÂ÷'¶ó´Â °ÍÀ» ÁÁ¾ÆÇÏÁö ¾Ê°í, ¿ÀÈ÷·Á °°Àº ÀÏÀ» Çϱâ À§ÇØ ºñ½Ñ ´ë°¡¸¦ ÁöºÒÇÏ´Â °ÍÀ» ´õ ÆíÇÏ°Ô »ý°¢ÇÑ´Ù¸é. 2.5. IP ¸¶½ºÄ¿·¹À̵å´Â ¾î¶»°Ô µ¿ÀÛÇϴ°¡? >Ken EvesÀÇ IP ¸¶½ºÄ¿·¹À̵å FAQ·ÎºÎÅÍ : °¡Àå °£´ÜÇÑ ¼³Ä¡ÀÇ ¿¹´Â ´ÙÀ½ ±×¸²°ú °°´Ù: SLIP/PPP +------------+ +-------------+ ISP Á¦°øÀÚ·Î | Linux | SLIP/PPP | ´Ù¸¥ ÄÄÇ»ÅÍ | <---------- modem1| #1 |modem2 ----------- modem3| | 111.222.333.444 | | 192.168.0.100 | | +------------+ +-------------+ À§ÀÇ ±×¸²¿¡¼­, IP_MASQUERADINGÀÌ ¼³Ä¡µÈ ¸®´ª½º box°¡ Linux #1À¸·Î ¼³Á¤µÇ¾î ÀÖ°í modem1À» ÅëÇÑ SLIP ȤÀº PPP·Î ÀÎÅͳݿ¡ ¿¬°áµÇ¾î ÀÖ´Ù. Linux #1Àº 111.222.333.444¶ó´Â IP ÁÖ¼Ò°¡ ÇÒ´çµÇ¾î ÀÖ´Ù. Linux #1Àº modom2¸¦ ÅëÇؼ­ ´Ù¸¥ ÄÄÇ»ÅÍ°¡ SLIP ȤÀº PPP·Î Á¢¼ÓÇÒ ¼ö ÀÖµµ·Ï µÇ¾î ÀÖ´Ù. µÎ¹ø° ½Ã½ºÅÛ(´Ù¸¥ ÄÄÇ»ÅÍ: ¹Ýµå½Ã ¸®´ª½º¸¦ »ç¿ëÇÒ ÇÊ¿ä´Â ¾ø´Ù) Linux #1À¸·Î SLIP ȤÀº PPP Á¢¼ÓÀ» ÇÑ´Ù. ´Ù¸¥ ÄÄÇ»ÅÍ´Â °ø½ÄÀûÀ¸·Î ÇÒ´çµÈ IP ÁÖ¼Ò¸¦ °¡Áö°í ÀÖÁö ¾Ê´Ù. ±×·¡¼­ ³»ºÎ ÁÖ¼ÒÀÎ 192.168.0.100À̶ó´Â ÁÖ¼Ò°¡ ÇÒ´çµÇ¾î ÀÖ´Ù. (¾Æ·¡ ÂüÁ¶) ¶ó¿ìÆà Á¤º¸°¡ Á¦´ë·Î ¼³Á¤µÇ¾î ÀÖÀ¸¸é IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ­ "´Ù¸¥ ÄÄÇ»ÅÍ"´Â ¸¶Ä¡ ÀÎÅͳݿ¡ Á÷Á¢ ¿¬°áµÇ¾î ÀÖ´Â °Íó·³(¸î°¡Áö¸¦ Á¦¿ÜÇÏ°í) ÀÎÅͳÝÀ» »ç¿ë ÇÒ ¼ö ÀÖ´Ù. Pauline Middelink¿¡ ÀÇÇϸé: "´Ù¸¥ ÄÄÇ»ÅÍ"´Â Linux #1À» °ÔÀÌÆ®¿þÀÌ(gateway)·Î ¼³Á¤ÇØ¾ß ÇÑ´Ù´Â »ç½ÇÀ» ÀØÁö ¸»¾Æ¾ß ÇÑ´Ù(±âº» ¶ó¿ìÅÍ(default route)Àΰ¡ ´ÜÁö ¼­ºê³Ý(subnet)Àΰ¡´Â »ó°ü¾ø´Ù.) ¸¸¾à "´Ù¸¥ ÄÄÇ»ÅÍ"°¡ Linux #1À» °ÔÀÌÆ®¿þÀÌ·Î ¼³Á¤ÇÏÁö ¾Ê´Â´Ù¸é, Linux #1Àº proxy arp¸¦ Áö¿øÇϵµ·Ï ¼³Á¤µÇ¾î¾ß Çϴµ¥, proxy arp¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼­ÀÇ ¹üÁÖ¸¦ ¹þ¾î³ª´Â ³»¿ëÀÌ´Ù. ´ÙÀ½Àº comp.os.linux.networking¿¡ Æ÷½ºÆÃµÈ ±Û¿¡¼­ ¹ßÃéÇÑ °ÍÀ¸·Î À§ÀÇ ¿¹¿¡¼­ÀÇ À̸§¿¡ ¸Âµµ·Ï ¼öÁ¤µÈ °ÍÀÌ´Ù: o ³ª´Â "´Ù¸¥ ÄÄÇ»ÅÍ"°¡ PPPȤÀº SLIPÀ¸·Î ¿¬°áµÈ ³ªÀÇ Linux #1À» gateway·Î ÀÎ½Ä Çϵµ·Ï ÇÏ¿´´Ù. o "´Ù¸¥ ÄÄÇ»ÅÍ"·ÎºÎÅÍ Linux #1À¸·Î ÆÐŶÀÌ Àü´ÞµÉ ¶§, Linux #1Àº ±× ÆÐŶ¿¡ »õ·Î¿î ¹ß½ÅÆ÷Æ®¹øÈ£(source port number)¸¦ ÇÒ´çÇÏ°í ¿ø·¡ÀÇ ÁÖ¼Ò´Â µû·Î ÀúÀåÇØ µÐ´Ù. MASQ¼­¹ö´Â ¼öÁ¤µÈ ÆÐŶÀ» SLIP/PPP¸¦ ÅëÇؼ­ ÀÎÅͳÝÀ¸·Î Àü¼ÛÇÑ´Ù. o ÀÎÅͳÝÀ¸·ÎºÎÅÍ Linux #1À¸·Î ÆÐŶÀÌ µÇµ¹¾Æ¿Ã ¶§, Linux #1Àº Æ÷Æ®¹øÈ£(port number)¸¦ °Ë»çÇؼ­ "´Ù¸¥ ÄÄÇ»ÅÍ"·ÎºÎÅÍ ¿äûµÇ¾ú´ø °ÍÀÎÁö È®ÀÎÇÑ´Ù. ¸Â´Ù¸é, MASQ ¼­¹ö´Â ÀúÀåÇص״ø ¿ø·¡ÀÇ Æ÷Æ®¹øÈ£¿Í IP ÁÖ¼Ò¸¦ ÀÎÅͳÝÀ¸·ÎºÎÅÍ ¿Â ÆÐŶ¿¡ ´Ù½Ã ÇÒ´çÇÏ°í "´Ù¸¥ ÄÄÇ»ÅÍ"·Î º¸³»ÁØ´Ù. o ÀÎÅͳݿ¡¼­ ÆÐŶÀ» º¸³½ È£½ºÆ®´Â ÀÌ·± ÀÏÀÌ ÀϾ´Â °ÍÀ» ÀüÇô ¾Ë ¼ö ¾ø´Ù. IP MasqueradingÀÇ ¶Ç´Ù¸¥ ¿¹: ¾Æ·¡ ±×¸²¿¡ ÀüÇüÀûÀÎ ¿¹°¡ ÀÖ´Ù: +----------+ | | Ethernet | A-box |:::::: | |.2 : 192.168.0.x +----------+ : : +----------+ +----------+ : .1 | Linux | PPP Á¢¼Ó | | :::::::| Masq-Gate|:::::::::::::::::::// Internet | B-box |:::::: | | 111.222.333.444 | |.3 : +----------+ +----------+ : : +----------+ : | | : | C-box |:::::: | |.4 +----------+ | | | | <----³»ºÎ ³×Æ®¿÷----> | | <------¿ÜºÎ ³×Æ®¿÷------> | | | ÀÌ ¿¹¿¡¼­´Â ¸ðµÎ ³×°³ÀÇ ÄÄÇ»ÅÍ°¡ ÀÖ´Ù. ÀÌ °æ¿ì¿¡µµ ¸¶Âù°¡Áö·Î ¿À¸¥ÂÊ ³¡¿¡´Â PPPÁ¢¼ÓÀ» ÇÒ ¼ö ÀÖ´Â ¼­¹ö°¡ ÀÖ°í, ´õ ¿À¸¥Á·¿¡´Â Á¤º¸¸¦ ±³È¯ÇÏ°íÀÚ ÇÏ´Â ÀÎÅͳݻóÀÇ È£½ºÆ®µéÀÌ ÀÖ´Ù°í °¡Á¤ÇÑ´Ù. ¸®´ª½º ½Ã½ºÅÛÀÎ Masq-Gate°¡ ³»ºÎ ³×Æ®¿÷ÀÇ A-box, B-box, C-box¸¦ ¿ÜºÎÀÇ ÀÎÅͳÝÀ¸·Î ¿¬°áÇϵµ·Ï ÇØÁÖ´Â IP Masquerading °ÔÀÌÆ®¿þÀÌÀÌ´Ù. ³»ºÎ ³×Æ®¿÷Àº RFC-1918¿¡ Á¤ÇØÁø ¸î°¡Áö ³»ºÎ ³×Æ®¿÷ ÁÖ¼ÒÁß ÇÑ°¡Áö¸¦ »ç¿ë´Âµ¥, ÀÌ °æ¿ì¿¡´Â C Ŭ·¡½º ³×Æ®¿÷ÀÎ 192.168.0.0ÀÌ´Ù. ¸®´ª½º ¹Ú½º°¡ 192.168.0.1ÀÇ IP ÁÖ¼Ò¸¦ »ç¿ëÇϸç, ´Ù¸¥ ½Ã½ºÅÛµéÀº ´ÙÀ½°ú °°Àº ÁÖ¼Ò¸¦ °®´Â´Ù: o A-Box: 192.168.0.2 o B-Box: 192.168.0.3 o C-Box: 192.168.0.4 ¼¼ °³ÀÇ ÄÄÇ»ÅÍ, A-box, B-box and C-box´Â TCP/IP¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù¸é ¾î¶² OS¸¦ »ç¿ëÇÏ°í ÀÖ´õ¶óµµ »ó°ü ¾ø´Ù. À©µµ¿ìÁî 95, ¸ÅŲÅä½Ã MacTCP ¶Ç´Â OpenTransport³ª ´Ù¸¥ ¸®´ª½º ¹Ú½º¶óµµ IP MASQ¸¦ ÅëÇؼ­ ÀÎÅͳݿ¡ ¿¬°áµÉ ¼ö ÀÖ´Ù. ¿¬°áµÇ´Â µ¿¾È, ¸¶½ºÄ¿·¹À̵ùÀ» ÇÏ´Â ½Ã½ºÅÛ, ȤÀº MASQ- gate´Â ³»ºÎ·ÎºÎÅÍÀÇ ¿¬°áÀ» ¸ðµÎ MASQ-gate ÀÚü¿¡¼­ º¸³»´Â °Íó·³ ÀüȯÇÏ°Ô µÈ´Ù. MASQ´Â ¿ÜºÎ·ÎºÎÅÍ ½ÅÈ£(¶Ç´Â Á¤º¸)°¡ ¿À¸é, ³»ºÎ¿¡ ÀÖ´Â ¿ø·¡ÀÇ ÄÄÇ»ÅÍ·Î °¡µµ·Ï ÀçÁ¤·ÄÇÑ´Ù. ±×·¡¼­ ³»ºÎ ³×Æ®¿÷¿¡°Ô´Â ¸¶Ä¡ ÀÎÅͳݿ¡ Á÷Á¢ ¿¬°áµÇ¾î ÀÖ´Â °Íó·³ º¸¿©Áö°í, ¸¶½ºÄ¿·¹À̵ùÀ» »ç¿ëÇÏ°í ÀÖ´ÂÁö ¾Æ´ÑÁö¸¦ ±¸º°ÇÒ ¼ö ¾ø°Ô µÈ´Ù. ÀÌ°ÍÀ» "Åõ¸íÇÑ" ¿¬°áÀ̶ó ÇÑ´Ù. NOTE: ´ÙÀ½ »çÇ׿¡ ´ëÇÑ ÀÚ¼¼ÇÑ °ÍÀº ``''¸¦ ÂüÁ¶Çϱ⠹ٶ÷: o NAT, MASQ, proxy ¼­¹ö°£ÀÇ Â÷ÀÌÁ¡. o ÆÐŶ ¹æÈ­º®ÀÌ µ¿ÀÛÇÏ´Â ¹æ¹ý. 2.6. ¸®´ª½º 2.0.x ¹öÁ¯¿¡¼­ IP Masqeurade¸¦ »ç¿ëÇϱâ À§ÇÑ ¿ä±¸»çÇ×µé ** °¡Àå ÃÖ±ÙÀÇ Á¤º¸´Â IP Masquerade Resource ¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù. ** o °¡´ÉÇÑ Çϵå¿þ¾î»ç¾ç. ÀÚ¼¼ÇÑ »çÇ×Àº ``''ÂüÁ¶. o Ä¿³Î 2.0.x ¼Ò½º´Â http://www.kernel.org/¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Ù. (·¹µåÇÞ 5.2¿Í °°Àº ÃÖ±ÙÀÇ ¸®´ª½º ``''¿¡¼­´Â IP ¸¶½ºÄ¿·¹ÀÌµå ¸ðµÎ ¸ðµâ·Î Áö¿øµÇµµ·Ï ÄÄÆÄÀϵǾî ÀÖ´Â Ä¿³ÎÀ» Á¦°øÇÑ´Ù. ±×·± °æ¿ì¿¡´Â Ä¿³ÎÀ» »õ·Î ÄÄÆÄÀÏÇÒ ÇÊ¿ä°¡ ¾ø´Ù. ¸¸¾à ÇöÀç »ç¿ëÇÏ´Â Ä¿³ÎÀ» ¾÷±×·¹À̵å ÇÏ·Á ÇÑ´Ù¸é, °ü·ÃµÈ ´Ù¸¥ ÇÁ·Î±×·¥µéµµ ¾÷±×·¹À̵åÇØ¾ß ÇÑ´Ù.(ÃßÈÄ¿¡ ¾ð±ÞµÊ) o ÀûÀç°¡´ÉÇÑ Ä¿³Î ¸ðµâµé, 2.1.85ÀÌ»ó ±ÇÀå. http://www.pi.se/blox/modules/¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Ù. (modules-1.3.57°¡ ÃÖÀú ¿ä±¸»çÇ×ÀÌ´Ù) o TCP/IP ³×Æ®¿÷À̳ª LAN ±¸¼ºÀº Linux NET-3 HOWTO ¿Í Network Administrator's Guide ¿¡¼­ ´Ù·ç°í ÀÖ´Ù. TrinityOS µµ È®ÀÎÇØ º¸±â ¹Ù¶õ´Ù. TrinityOS´Â ¸®´ª½º»ó¿¡¼­ÀÇ ³×Æ®¿öÅ·¿¡ ´ëÇÑ ¾ÆÁÖ ÁÁÀº ¾È³»¼­À̸ç, IP MASQ, security, DNS, DHCP, Sendmail, PPP, Diald, NFS, IPSEC±â¹ÝÀÇ VPNs, ±×¸®°í °¢°¢ÀÇ ¼º´É¿¡ °üÇÑ °ÍµéÀ» ´Ù·ç°í ÀÖ´Ù. ¾à 50°³ °¡·®ÀÇ ¼½¼ÇµéÀÌ ÀÖ´Ù!! o ¸®´ª½º È£½ºÆ®¸¦ ÀÎÅͳݿ¡ ¿¬°áÇÏ´Â °Í¿¡ °üÇÑ ³»¿ëÀº Linux ISP Hookup HOWTO , Linux PPP HOWTO , TrinityOS , Linux DHCP mini-HOWTO , Linux Cable Modem mini-HOWTO ¿¡¼­ È®ÀÎÇÒ ¼ö ÀÖ´Ù. o Ipfwadm 2.3 ȤÀº ±× ÀÌ»óÀÇ ¹öÁ¯Àº ftp://ftp.xos.nl/pub/linux/ipfwadm/ipfwadm-2.3.tar.gz¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Ù. °¢ ÇÁ·Î±×·¥ÀÇ ¹öÁ¯ ¿ä±¸»çÇ׿¡ ´ëÇÑ Ãß°¡Á¤º¸´Â Linux IPFWADM page ¿¡¼­ È®ÀÎÇÒ ¼ö ÀÖ´Ù. o 2.0.36ÀÌ»óÀÇ Ä¿³Î¿¡¼­ IPCHAINS¸¦ »ç¿ëÇÏ·Á ÇÑ´Ù¸é Willy Tarreau's IPCHAINS enabler for 2.0.36 À̳ª Rusty's IPCHAINS for 2.0.x kernels¸¦ Âü°íÇ϶ó. o »õ·Î¿î Ä¿³ÎÀÇ ¼³Á¤, ÄÄÆÄÀÏ, ¼³Ä¡ÇÏ´Â °ÍÀº Linux Kernel HOWTO ¿¡¼­ È®ÀÎÇÒ ¼ö ÀÖ´Ù. o ´ÙÀ½¿¡ ¾ð±ÞµÈ ¿©·¯°¡Áö ÆÐÄ¡¸¦ »ç¿ëÇؼ­ IP ¸¶½ºÄ¿·¹À̵忡 ´Ù¸¥ ±â´ÉµéÀ» Ãß°¡ÇÒ ¼öµµ ÀÖ´Ù: o TCP/IP port-forwarders ¶Ç´Â re-directors: ÀÌ ÅøµéÀ» »ç¿ëÇؼ­, ´ë°³´Â MASQ¿Í °°ÀÌ µ¿ÀÛÇÏÁö ¾Ê´Â ÇÁ·Î±×·¥µéÀ» ÀÛµ¿Çϵµ·Ï ÇÒ ¼ö ÀÖ´Ù. ÀÌ ¿Ü¿¡µµ, ¿ÜºÎÀÇ ÀÎÅÍ³Ý »ç¿ëÀÚµéÀÌ ³»ºÎÀÇ WWW, TELNET, SMTP, FTP(ÆÐÄ¡ ÇÊ¿ä) µîµîÀÇ ¼­¹ö¿¡ ¿¬°áÇϵµ·Ï MASQ¼­¹ö¸¦ ¼³Á¤ÇÒ ¼öµµ ÀÖ´Ù. ´õ ÀÚ¼¼ÇÑ »çÇ×Àº ÀÌ HOWTOÀÇ ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. 2.0.x Ä¿³ÎÀ» À§ÇÑ IP Masquerading ÆÐÄ¡ ¸®½ºÆ®: o Steven ClarkeÀÌ ¸¸µç IP PortForwarding (IPPORTFW) - ÃßõÇÔ o IP AutoForward¿Í a mirror (IPAUTOFW) - ÃßõÇÏÁö ¾ÊÀ½ o TCP¿¡ °üÇؼ­ REDIR (REDIR) - ÃßõÇÏÁö ¾ÊÀ½ o UDP redirector (UDPRED) - ÃßõÇÏÁö ¾ÊÀ½ PORTFWed FTP: o ¿ÜºÎ·ÎºÎÅÍÀÇ FTPÁ¢¼ÓÀ» ³»ºÎÀÇ FTP ¼­¹ö·Î ¿¬°áÇÏ°í ½Í´Ù¸é Fred Viles's FTP server patch¸¦ ³»·Á¹Þ¾Æ »ç¿ëÇ϶ó. ÀÌ¿¡ °üÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº ÀÌ HOWTOÀÇ ``'' ¼½¼Ç¿¡¼­ È®ÀÎÇÒ ¼ö ÀÖ´Ù. X-Windows¿¡¼­ÀÇ display ¿¬°á(forwarders): o X-windows forwarding (DXCP) MASQ¸¦ ÅëÇÑ ICQ¸¦ »ç¿ëÇϱâ À§ÇÑ ¸ðµâ o Andrew Deryabin's ICQ MASQ module PPTP (GRE)¿Í SWAN (IPSEC) VPNsÀÇ Åͳθµ ¿¬°á(tunneling forwarders): o John Hardin's VPN Masquerade forwarders, ȤÀº ¿À·¡µÈ ÆÐÄ¡·Î¼­ PPTP Support . °ÔÀÓ °ü·Ã ÆÐÄ¡µé: o Glenn LambÀÇ LooseUDP for 2.0.36+ ÆÐÄ¡. WWW ºê¶ó¿ìÀú¿¡ µû¶ó¼­, .gz È®ÀåÀÚÀÇ È­ÀÏÀ» ÀÚµ¿À¸·Î ¿­¼öµµ ÀÖ´Ù. ´Ù¿î·Îµå¸¸ Çϱâ À§Çؼ­´Â SHIFTÅ°¸¦ ´©¸¥»óÅ¿¡¼­ À§ÀÇ URLÀ» Ŭ¸¯Ç϶ó. ´õ ÀÚ¼¼ÇÑ »çÇ×À» ¾Ë·Á¸é Dan KegelÀÇ NAT Page À» È®ÀÎÇϱ⠹ٶõ´Ù. ``'' ¼½¼Ç°ú ``'' ¼½¼Ç¿¡¼­ ´Ù¸¥ Á¤º¸µµ È®ÀÎÇÒ ¼ö ÀÖ´Ù. À§ÀÇ ÆÐÄ¡µé¿¡ ´ëÇÑ ´õ ¸¹Àº Á¤º¸¿Í ±×¿ÜÀÇ ´Ù¸¥ Á¤º¸µéÀ» IP Masquerade Resource ¿¡¼­ È®ÀÎÇÒ ¼ö ÀÖ´Ù. 2.7. ¸®´ª½º 2.2.x ¹öÁ¯¿¡¼­ IP Masqeurade¸¦ »ç¿ëÇϱâ À§ÇÑ ¿ä±¸»çÇ×µé ** °¡Àå ÃÖ±ÙÀÇ Á¤º¸´Â IP Masquerade Resource ¸¦ Âü°íÇϱ⠹ٶõ´Ù. ** o Ä¿³Î 2.2.xÀÇ ¼Ò½º´Â http://www.kernel.org/¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Ù. NOTE #1: ¸®´ª½º 2.2.x ¹öÁ¯Áß¿¡¼­ 2.2.11 ÀÌÇÏÀÇ ¹öÁ¯Àº IPCHAINS fragmentation bug¸¦ °¡Áö°í ÀÖ´Ù. ÀÌ·± ÀÌÀ¯·Î, °­·ÂÇÑ IPCHAINS rulesetµéÀ» ÁöÁ¤ÇÏ¸é °ø°Ý¿¡ ³ëÃâµÇ°Ô µÈ´Ù. Ä¿³ÎÀ» ¾÷±×·¹À̵åÇÏ¿© ¹®Á¦¸¦ ÇØ°áÇϱ⠹ٶõ´Ù. NOTE #2: Redhat 5.2¿Í °°Àº ÃÖ±ÙÀÇ ``''Àº 2.2.x Ä¿³ÎÀ» »ç¿ëÇÒ ¼ö ¾øÀ»Áöµµ ¸ð¸¥´Ù. DHCP, NetUtils¿Í °°Àº ÅøµéÀ» ¾÷±×·¹À̵åÇØ¾ß ÇÒ °ÍÀÌ´Ù. ´õ ÀÚ¼¼ÇÑ »çÇ×Àº ÀÌ HOWTO¿¡¼­ ¾ð±ÞµÉ °ÍÀÌ´Ù. o ÀûÀç°¡´ÉÇÑ Ä¿³Î ¸ðµâµé, 2.1.121 ÀÌ»ó ±ÇÀå. http://www.pi.se/blox/modules/¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Ù. o TCP/IP ³×Æ®¿÷À̳ª LAN ±¸¼ºÀº Linux NET-3 HOWTO ¿Í Network Administrator's Guide ¿¡¼­ ´Ù·ç°í ÀÖ´Ù. o ¸®´ª½º È£½ºÆ®¸¦ ÀÎÅͳݿ¡ ¿¬°áÇÏ´Â °Í¿¡ °üÇÑ ³»¿ëÀº Linux ISP Hookup HOWTO , Linux PPP HOWTO , TrinityOS , Linux DHCP mini-HOWTO , Linux Cable Modem mini-HOWTO ¿¡¼­ È®ÀÎÇÒ ¼ö ÀÖ´Ù. o IP Chains 1.3.9 ȤÀº ±× ÀÌ»óÀÇ ¹öÁ¯Àº http://www.rustcorp.com/linux/ipchains/¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Ù. °¢ ÇÁ·Î±×·¥ÀÇ ¹öÁ¯ ¿ä±¸»çÇ׿¡ ´ëÇÑ Ãß°¡Á¤º¸´Â Linux IP Firewalling Chains page ¿¡¼­ È®ÀÎÇÒ ¼ö ÀÖ´Ù. o »õ·Î¿î Ä¿³ÎÀ» ¼³Á¤, ÄÄÆÄÀÏ, ¼³Ä¡ÇÏ´Â °ÍÀº Linux Kernel HOWTO ¿¡¼­ È®ÀÎÇÒ ¼ö ÀÖ´Ù. o ´ÙÀ½¿¡ ¾ð±ÞµÈ ¿©·¯°¡Áö ÆÐÄ¡¸¦ »ç¿ëÇؼ­ IP ¸¶½ºÄ¿·¹À̵忡 ´Ù¸¥ ±â´ÉµéÀ» Ãß°¡ÇÒ ¼öµµ ÀÖ´Ù: o TCP/IP port-forwarders ¶Ç´Â re-directors: o IP PortForwarding (IPMASQADM) - Ãßõ ¶Ç´Â ¿¹Àü ÆäÀÌÁö mirror. o ICQ MASQ module o Andrew Deryabin's ICQ MASQ module À§ÀÇ ÆÐÄ¡µé¿¡ ´ëÇÑ ´õ ¸¹Àº Á¤º¸¿Í ±×¿ÜÀÇ ´Ù¸¥ Á¤º¸µéÀ» IP Masquerade Resource ¿¡¼­ È®ÀÎÇÒ ¼ö ÀÖ´Ù. 3. IP ¸¶½ºÄ¿·¹ÀÌµå ¼³Á¤ ¸¸¾à ´ç½ÅÀÇ ³×Æ®¿÷¿¡ Áß¿äÇÑ Á¤º¸°¡ ÀÖ´Ù¸é, IP ¸¶½ºÄ¿·¹À̵带 ±¸ÇöÇϱâ ÀÌÀü¿¡ "º¸¾È"À̶ó´Â °ÍÀ» »ý°¢ÇØ º¸±æ ¹Ù¶õ´Ù. ±âº»ÀûÀ¸·Î, IP MASQ´Â ´ç½ÅÀÌ ÀÎÅͳݿ¡ ¿¬°áÇÒ ¼ö ÀÖµµ·Ï ÇÏ´Â Åë·ÎÀÌÁö¸¸, ÀÎÅͳݻóÀÇ ´©±º°¡°¡ ´ç½ÅÀÇ ³»ºÎ ³×Æ®¿÷À¸·Î µé¾î¿À´Â Åë·Î°¡ µÉ ¼öµµ ÀÖ´Ù. ÀÏ´Ü IP MASQ°¡ µ¿ÀÛÇÏ°Ô µÇ¸é, IPFWADM/IPCHAINS ¹æÈ­º®¿¡ ¸Å¿ì °­·ÂÇÑ Á¤Ã¥(ruleset)À» »ç¿ëÇÒ °ÍÀ» °­·ÂÈ÷ ±Ç°íÇÑ´Ù. ´õ ÀÚ¼¼ÇÑ Á¤º¸´Â ``'' °ú ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. 3.1. Ä¿³Î¿¡¼­ IP ¸¶½ºÄ¿·¹À̵带 Áö¿øÇϵµ·Ï ÄÄÆÄÀÏ Çϱ⠸¸¾à ´ç½ÅÀÇ ¸®´ª½º ¹èÆ÷º»ÀÌ ´ÙÀ½Ç׸ñµéÀ» Áö¿øÇϵµ·Ï ÄÄÆÄÀÏ µÇ¾îÁ® ÀÖ°í ¸¶½ºÄ¿·¹À̵忡 °ü°èµÈ ¸ðµâµéÀÌ ÄÄÆÄÀϵǾ Á¦°øµÇ°í ÀÖ´Ù¸é Ä¿³Î ÄÄÆÄÀÏÀ» ÇÒ ÇÊ¿ä°¡ ¾ø´Ù(´ëºÎºÐÀÇ ¹èÆ÷º»¿¡ Æ÷ÇԵǾî ÀÖÀ» °ÍÀÌ´Ù.): o IPFWADM/IPCHAINS o IP forwarding o IP masquerading o IP Firewalling o ±âŸ µîµî ´ç½ÅÀÇ ¹èÆ÷º»ÀÌ ¸¶½ºÄ¿·¹À̵带 Áö¿øÇÏ´ÂÁö È®½ÇÇÏÁö ¾Ê´Ù¸é, ``'' ¼½¼ÇÀ̳ª IP Masquerade Resource ¿¡¼­ ÀÚ¼¼ÇÑ »çÇ×À» È®ÀÎÇÒ ¼ö ÀÖ´Ù. ´ç½ÅÀÇ ÆÐÆ÷º»ÀÌ IP ¸¶½ºÄ¿·¹À̵ùÀ» Áö¿øÇÏ´ÂÁö ¾Ë ¼ö°¡ ¾ø´Ù¸é, Áö¿øÇÏÁö ¾Ê´Â´Ù°í »ý°¢ÇÏ°í ´ÙÀ½ ´Ü°è·Î ³Ñ¾î°¡¶ó. Áö¿øÇϵµ·Ï µÇ¾î ÀÖµçÁö ¾Æ´ÏµçÁö »ó°ü¾øÀÌ, ÀÌ ¼½¼Ç¿¡´Â ´Ù¸¥ À¯¿ëÇÑ Á¤º¸µéÀÌ ¸¹ÀÌ ÀÖÀ¸¹Ç·Î ÀоîµÎ±â¸¦ ±ÇÀåÇÑ´Ù. 3.1.1. ¸®´ª½º 2.0.x Ä¿³Î ÇÊ¿äÇÑ ¼ÒÇÁÆ®¿þ¾î¿Í ÆÐÄ¡ µîÀº ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. o ¿ì¼±, Ä¿³Î ¼Ò½º°¡ ÇÊ¿äÇÏ´Ù.(°¡Àå ÃÖ±Ù ¹öÁ¯ÀÎ 2.0.36À̳ª ±× ÀÌ»ó ¹öÁ¯) o ¸¸¾à Ä¿³Î ÄÄÆÄÀÏÀÌ Ã³À½ÀÌ¶óµµ °Ì¸ÔÁö ¸»±â ¹Ù¶õ´Ù. ½ÇÁ¦·Î ÇØ º¸¸é, ±×´ÙÁö ¾î·ÆÁö ¾Ê°í ``'' ¼½¼Ç¿¡ ³ª¿À´Â ¸î¸î URL¿¡¼­ ÄÄÆÄÀÏ ¹æ¹ý¿¡ ´ëÇØ ¼³¸íÇÏ°í ÀÖ´Ù. o tar xvzf linux-2.0.x.tar.gz -C /usr/src ¶ó°í ¸í·ÉÇÏ¿© Ä¿³ÎÀ» /usr/src/ ¿¡ Ǭ´Ù.(2.0.x´Â Ä¿³Î ¹öÁ¯) ¾ÐÃàÀ» Ǭ ´ÙÀ½¿¡, /usr/src/linux/ ¶ó´Â µð·ºÅ丮³ª ½Éº¼¸¯ ¸µÅ©°¡ ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. o ÆÐÄ¡¸¦ °¡ÇÒ °ÍÀÌ ÀÖÀ¸¸é ¾ÐÃàÀ» Ǭ Ä¿³Î ¼Ò½º¿¡ ÆÐÄ¡¸¦ °¡ÇÑ´Ù. 2.0.36 ÀÌ»ó ¹öÁ¯¿¡¼­´Â, IP ¸¶½ºÄ¿·¹À̵ùÀ» Çϱâ À§ÇØ Æ¯º°ÇÑ ÆÐÄ¡°¡ ÇÊ¿äÇÏÁö´Â ¾Ê´Ù. IPPORTFW, PPTP, Xwindows forwarders ¿Í °°Àº ±â´ÉµéÀº ²À ÇÊ¿äÇÏÁö´Â ¾ÊÀº ¼±ÅûçÇ×µéÀÌ´Ù. URLµéÀº ``'' ¼½¼ÇÀ» ÂüÁ¶ÇÏ°í, ÃֽŠÁ¤º¸¿Í ±×¿ÜÀÇ ÆÐÄ¡¿¡ °ü·ÃµÈ URLµéÀº IP Masquerade Resources À» ÂüÁ¶ÇÏ±æ ¹Ù¶õ´Ù. o ¾Æ·¡¿¡ Ä¿³Î¿¡ Æ÷ÇԵǾî¾ß ÇÏ´Â ÃÖ¼ÒÇÑÀÇ ¿É¼ÇµéÀÇ ¸ñ·ÏÀÌ ÀÖ´Ù. ÇöÀç ¼³Ä¡µÇ¾î ÀÖ´Â ³×Æ®¿÷ ÀÎÅÍÆäÀ̽º(LAN Ä«µå, ¸ðµ© µîµî)¸¦ »ç¿ëÇÒ ¼ö ÀÖµµ·Ï ¼³Á¤ÇÏ´Â °Íµµ ÀØÁö ¸»¾Æ¾ß ÇÑ´Ù. Ä¿³ÎÀ» ÄÄÆÄÀÏÇÏ´Â ´õ ÀÚ¼¼ÇÑ ¹æ¹ý¿¡ ´ëÇؼ­´Â Linux Kernel HOWTO ¿Í Ä¿³Î ¼Ò½º µð·ºÅ丮 ³»ÀÇ README È­ÀÏÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. ´ÙÀ½ÀÇ ¿É¼Çµé¿¡¼­ YESÀΰ¡ ¶Ç´Â NOÀΰ¡¸¦ È®ÀÎÇϱ⠹ٶõ´Ù. ÀÌ HOWTO¿¡¼­ ³ªÁß¿¡ ¼³¸íÇÏ´Â ÀûÀýÇÑ ÆÐÄ¡¸¦ °¡ÇÏÁö ¾Ê´Â´Ù¸é ¾Æ·¡ÀÇ ¿É¼ÇµéÀÌ ¸ðµÎ º¸ÀÌÁö ¾ÊÀ» ¼öµµ ÀÖ´Ù: * Prompt for development and/or incomplete code/drivers (CONFIG_EXPERIMENTAL) [Y/n/?] - YES: ÀÌ·¸°Ô ÇØ¾ß ³ªÁß¿¡ IP ¸¶½ºÄ¿·¹ÀÌµå ±â´ÉÀ» ¼±ÅÃÇÒ ¼ö ÀÖ´Ù. * Enable loadable module support (CONFIG_MODULES) [Y/n/?] - YES: IP ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâµéÀ» ÀûÀçÇÒ ¼ö ÀÖµµ·Ï ÇÑ´Ù. * Networking support (CONFIG_NET) [Y/n/?] - YES: ³×Æ®¿÷À» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù. * Network firewalls (CONFIG_FIREWALL) [Y/n/?] - YES: IPFWADM ¹æÈ­º®À» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù. * TCP/IP networking (CONFIG_INET) - YES: TCP/IP ÇÁ·ÎÅäÄÝÀ» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù. * IP: forwarding/gatewaying (CONFIG_IP_FORWARD) - YES: ¸®´ª½º ³×Æ®¿÷ ÆÐŶ Æ÷¿öµù°ú ¶ó¿ìÆÃÀ» °¡´ÉÇÏ°Ô ÇÑ´Ù. - IPFWADM ¿¡ ÀÇÇؼ­ Á¦¾îµÈ´Ù. * IP: syn cookies (CONFIG_SYN_COOKIES) [Y/n/?] - YES: ±âº»ÀûÀÎ ³×Æ®¿÷ º¸¾ÈÀ» À§Çؼ­ °­·ÂÈ÷ ±ÇÀåÇÑ´Ù. * IP: firewalling (CONFIG_IP_FIREWALL) [Y/n/?] - YES: ¹æÈ­º® ±â´ÉÀ» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù. * IP: firewall packet logging (CONFIG_IP_FIREWALL_VERBOSE) [Y/n/?] - YES: (²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸ °­·ÂÈ÷ ±ÇÀå): ¹æÈ­º®ÀÇ Á¢±Ù ±â·ÏÀ» ³²±æ ¼ö ÀÖµµ·Ï ÇÑ´Ù. * IP: masquerading (CONFIG_IP_MASQUERADE [Y/n/?] - YES: IP ¸¶½ºÄ¿·¹À̵ù ±â´ÉÀ» »ç¿ëÇÏ¿© ³»ºÎ ³×Æ®¿÷ÀÇ Æ¯Á¤ ÁּҷκÎÅÍÀÇ ÆÐŶÀ» ÁÖ¼Ò¸¦ º¯°æÇÏ¿© ¿ÜºÎÀÇ TCP/IP³×Æ®¿÷À¸·Î ³»º¸³»°Ô ÇÑ´Ù. * IP: ipautofw masquerade support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_IPAUTOFW) [Y/n/?] - NO: IPautofw Àº TCP/IP Æ÷Å並 Æ÷¿öµùÇÏ´Â ±¸½Ã´ëÀûÀÎ ¹æ¹ýÀÌ´Ù. ¹°·Ð ÀÛµ¿Çϱâ´Â ÇÏÁö¸¸, IPPORTFW °¡ ´õ ³ªÀº ¹æ¹ýÀÌ´Ù. ±×·¯¹Ç·Î IPAUTOFWÀº ÃßõÇÏÁö ¾Ê´Â´Ù. * IP: ipportfw masq support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_IPPORTFW) [Y/n/?] - YES: ÀÌ ¿É¼ÇÀ» 2.0.x Ä¿³Î¿¡¼­ »ç¿ëÇϱâ À§Çؼ­´Â ÆÐÄ¡¸¦ ÇØ¾ß ÇÑ´Ù. ÀÌ ¿É¼ÇÀ» ¼³Á¤Çϸé, ÀÎÅͳݿ¡ ÀÖ´Â ¿ÜºÎ ÄÄÇ»ÅÍ°¡ ¸¶½ºÄ¿·¹À̵åµÈ ³»ºÎÀÇ Æ¯Á¤ ÄÄÇ»ÅÍ·Î Á÷Á¢ ¿¬°áÇÒ ¼ö ÀÖ°Ô µÈ´Ù. ÀÌ ±â´ÉÀº Åë»óÀûÀ¸·Î ³»ºÎÀÇ SMTP, TELNET, WWW ¼­¹ö¿¡ Á¢±ÙÇÏ´Â µ¥ »ç¿ëµÈ´Ù. FTP Æ÷Æ® Æ÷¿öµùÀ» Çϱâ À§Çؼ­´Â FAQ¼½¼Ç¿¡ ¾ð±ÞµÇ¾î ÀÖ´Â Ãß°¡ÀûÀÎ ÆÐÄ¡¸¦ Àû¿ë ÇØ¾ß ÇÑ´Ù. Æ÷Æ® Æ÷¿öµù¿¡ ´ëÇÑ Ãß°¡ÀûÀÎ Á¤º¸´Â ÀÌ HOWTOÀÇ Forwards ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. * IP: ICMP masquerading (CONFIG_IP_MASQUERADE_ICMP) [Y/n/?] - YES: ICMP ÆÐŶÀ» ¸¶½ºÄ¿·¹À̵ùÇÒ ¼ö ÀÖµµ·Ï ÇÑ´Ù. ²À ÇÊ¿äÇÏÁö ¾ÊÀ» ¼öµµ ÀÖÀ¸³ª, ICMP Áö¿ø ¾øÀÌ´Â ¸¹Àº ÇÁ·Î±×·¥µéÀÌ Á¦´ë·Î µ¿ÀÛÇÏÁö ¾ÊÀ» ¼ö ÀÖ´Ù. * IP: loose UDP port managing (EXPERIMENTAL) (CONFIG_IP_MASQ_LOOSE_UDP) [Y/n/?] - YES: ÀÌ ¿É¼ÇÀ» 2.0.x Ä¿³Î¿¡¼­ »ç¿ëÇϱâ À§Çؼ­´Â ÆÐÄ¡¸¦ ÇØ¾ß ÇÑ´Ù. ÀÌ ¿É¼ÇÀ» ÅëÇؼ­, ³»ºÎÀÇ ÄÄÇ»Å͵鿡¼­ NAT¿Í °°Àº ½ÄÀ¸·Î ÀÛµ¿ÇÏ´Â ³×Æ®¿÷ °ÔÀÓµéÀ» ÀÎÅͳÝÀ» ÅëÇØ Áñ±æ ¼ö ÀÖ´Ù. ´õ ÀÚ¼¼ÇÑ »çÇ×Àº ÀÌ HOWTOÀÇ FAQ¼½¼Ç¿¡¼­ È®ÀÎÇÒ ¼ö ÀÖ´Ù. * IP: always defragment (CONFIG_IP_ALWAYS_DEFRAG) [Y/n/?] - YES: ÀÌ ±â´ÉÀº IP ¸¶½ºÄ¿·¹À̵ù Á¢¼ÓÀ» ÃÖÀûÈ­ ÁØ´Ù. - °­·ÂÈ÷ Ãßõ * IP: optimize as router not host (CONFIG_IP_ROUTER) [Y/n/?] - YES: ÀÌ ±â´ÉÀº Ä¿³ÎÀÇ ³×Æ®¿÷ ±â´ÉÀ» ÃÖÀûÈ­ ÁØ´Ù. * IP: Drop source routed frames (CONFIG_IP_NOSR) [Y/n/?] - YES: ±âº»ÀûÀÎ ³×Æ®¿÷ º¸¾ÈÀ» À§Çؼ­ °­·ÂÈ÷ ÃßõÇÑ´Ù. * Dummy net driver support (CONFIG_DUMMY) [M/n/y/?] - YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ÀÌ ¿É¼ÇÀº ¹®Á¦°¡ ¹ß»ýÇؼ­ µð¹ö±ëÀ» ÇÒ ¶§ µµ¿òÀ» ÁÙ °ÍÀÌ´Ù. * /proc filesystem support (CONFIG_PROC_FS) [Y/n/?] - YES: ¸®´ª½º ³×Æ®¿÷ Æ÷¿öµùÀ» »ç¿ëÇϱâ À§Çؼ­ ÇÊ¿äÇÏ´Ù. NOTE: ÀÌ ¿É¼ÇµéÀº ´ÜÁö IP ¸¶½ºÄ¿·¹µùÀÌ µ¿ÀÛÇϱâ À§ÇÑ ¿ä¼ÒµéÀÌ´Ù. ƯÁ¤ÇÑ ³×Æ®¿÷°ú ƯÁ¤ Çϵå¿þ¾î¸¦ ¼³Á¤Çϱâ À§Çؼ­´Â ÇÊ¿äÇÑ ´Ù¸¥ ¿É¼ÇµéÀ» ´õ ¼±ÅÃÇØ¾ß ÇÑ´Ù. o Ä¿³Î ÀÚü¸¦ ÄÄÆÄÀÏÇÏ°í ³ª¼­´Â, ´ÙÀ½°ú °°Àº ¸í·ÉÀ¸·Î Ä¿³ÎÀÇ IP ¸¶½ºÄ¿·¹µù °ü·Ã ¸ðµâµéÀ» ÄÄÆÄÀÏÇÏ°í ¼³Ä¡ÇØ¾ß ÇÑ´Ù: make modules; make modules_install o ´ÙÀ½¿¡´Â, /etc/rc.d/rc.local È­ÀÏ¿¡ ´ÙÀ½°ú °°ÀÌ ¸îÁÙÀ» Ãß°¡Çؼ­ IP ¸¶½ºÄ¿·¹À̵带 »ç¿ëÇϱâ À§ÇÑ ½ºÅ©¸³Æ®¸¦ loadÇϵµ·Ï ÇØ¾ß ÇÑ´Ù. ÀÌ·¸°Ô ÇÏ¸é ¸®ºÎÆÃÀ» ÇÒ ¶§¸¶´Ù ÀÚµ¿ÀûÀ¸·Î IP ¸¶½ºÄ¿·¹À̵ù ±â´ÉÀ» »ç¿ëÇÒ ¼ö ÀÖ´Ù: . . . #rc.firewall script - Start IPMASQ and the firewall /etc/rc.d/rc.firewall . . . 3.1.2. ¸®´ª½º 2.2.x Ä¿³Î ÇÊ¿äÇÑ ¼ÒÇÁÆ®¿þ¾î¿Í ÆÐÄ¡ µîÀº ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. o ¿ì¼±, 2.2.x ¹öÁ¯ÀÇ Ä¿³Î ¼Ò½º°¡ ÇÊ¿äÇÏ´Ù. (ÃÖ±Ù ¹öÁ¯ÀÎ 2.2.11À̳ª ±× ÀÌ»óÀÇ ¹öÁ¯) NOTE #1: ¸®´ª½º 2.2.x ¹öÁ¯Áß¿¡¼­ 2.2.11 ÀÌÇÏÀÇ ¹öÁ¯Àº IPCHAINS fragmentation bug¸¦ °¡Áö°í ÀÖ´Ù. ÀÌ·± ÀÌÀ¯·Î, °­·ÂÇÑ IPCHAINS rulesetµéÀ» ÁöÁ¤ÇÏ¸é °ø°Ý¿¡ ³ëÃâµÇ°Ô µÈ´Ù. Ä¿³ÎÀ» ¾÷±×·¹À̵åÇÏ¿© ¹®Á¦¸¦ ÇØ°áÇϱ⠹ٶõ´Ù. o ¸¸¾à Ä¿³Î ÄÄÆÄÀÏÀÌ Ã³À½ÀÌ¶óµµ °Ì¸ÔÁö ¸»±â ¹Ù¶õ´Ù. ½ÇÁ¦·Î ÇØ º¸¸é, ±×´ÙÁö ¾î·ÆÁö ¾Ê°í ``'' ¼½¼Ç¿¡ ³ª¿À´Â ¸î¸î URL¿¡¼­ ÄÄÆÄÀÏ ¹æ¹ý¿¡ ´ëÇØ ¼³¸íÇÏ°í ÀÖ´Ù. o tar xvzf linux-2.2.x.tar.gz -C /usr/src ¶ó°í ¸í·ÉÇÏ¿© Ä¿³ÎÀ» /usr/src/ ¿¡ Ǭ´Ù.(2.2.x´Â Ä¿³Î ¹öÁ¯) ¾ÐÃàÀ» Ǭ ´ÙÀ½¿¡, /usr/src/linux/ ¶ó´Â µð·ºÅ丮³ª ½Éº¼¸¯ ¸µÅ©°¡ ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. o ÆÐÄ¡¸¦ °¡ÇÒ °ÍÀÌ ÀÖÀ¸¸é ¾ÐÃàÀ» Ǭ Ä¿³Î ¼Ò½º¿¡ ÆÐÄ¡¸¦ °¡ÇÑ´Ù. 2.2.1 ÀÌ»ó ¹öÁ¯¿¡¼­´Â, IP ¸¶½ºÄ¿·¹À̵ùÀ» Çϱâ À§ÇØ Æ¯º°ÇÑ ÆÐÄ¡°¡ ÇÊ¿äÇÏÁö´Â ¾Ê´Ù. PPTP, Xwindows forwarders ¿Í °°Àº ±â´ÉµéÀº ²À ÇÊ¿äÇÏÁö´Â ¾ÊÀº ¼±ÅûçÇ×ÀÌ´Ù. URLµéÀº ``'' ¼½¼ÇÀ» ÂüÁ¶ÇÏ°í, ÃֽŠÁ¤º¸¿Í ±×¿ÜÀÇ ÆÐÄ¡¿¡ °ü·ÃµÈ URLµéÀº IP Masquerade Resources À» ÂüÁ¶ÇÏ±æ ¹Ù¶õ´Ù. o ¾Æ·¡¿¡ Ä¿³Î¿¡ Æ÷ÇԵǾî¾ß ÇÏ´Â ÃÖ¼ÒÇÑÀÇ ¿É¼ÇµéÀÇ ¸ñ·ÏÀÌ ÀÖ´Ù. ÇöÀç ¼³Ä¡µÇ¾î ÀÖ´Â ³×Æ®¿÷ ÀÎÅÍÆäÀ̽º(LAN Ä«µå, ¸ðµ© µîµî)¸¦ »ç¿ëÇÒ ¼ö ÀÖµµ·Ï ¼³Á¤ÇÏ´Â °Íµµ ÀØÁö ¸»¾Æ¾ß ÇÑ´Ù. Ä¿³ÎÀ» ÄÄÆÄÀÏÇÏ´Â ´õ ÀÚ¼¼ÇÑ ¹æ¹ý¿¡ ´ëÇؼ­´Â Linux Kernel HOWTO ¿Í Ä¿³Î ¼Ò½º µð·ºÅ丮 ³»ÀÇ README È­ÀÏÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. ´ÙÀ½ÀÇ ¿É¼Çµé¿¡¼­ YESÀΰ¡ ¶Ç´Â NOÀΰ¡¸¦ È®ÀÎÇϱ⠹ٶõ´Ù. ÀÌ HOWTO¿¡¼­ ³ªÁß¿¡ ¼³¸íÇÏ´Â ÀûÀýÇÑ ÆÐÄ¡¸¦ °¡ÇÏÁö ¾Ê´Â´Ù¸é ¾Æ·¡ÀÇ ¿É¼ÇµéÀÌ ¸ðµÎ º¸ÀÌÁö ¾ÊÀ» ¼öµµ ÀÖ´Ù: * Prompt for development and/or incomplete code/drivers (CONFIG_EXPERIMENTAL) [Y/n/?] - YES: IP ¸¶½ºÄ¿·¹À̵带 À§ÇØ ²À ÇÊ¿äÇÑ °ÍÀº ¾Æ´ÏÁö¸¸, ÀÌ ¿É¼ÇÀ» ¼±ÅÃÇÏ¸é ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀ» »ý¼ºÇÏ°í Æ÷Æ® Æ÷¿öµù(port forwarding)À» ÇÒ ¼ö°¡ ÀÖ´Ù. * Enable loadable module support (CONFIG_MODULES) [Y/n/?] - YES: IP ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâµéÀ» ÀûÀçÇÒ ¼ö ÀÖµµ·Ï ÇÑ´Ù. * Networking support (CONFIG_NET) [Y/n/?] - YES: ³×Æ®¿÷À» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù. * Packet socket (CONFIG_PACKET) [Y/m/n/?] - YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ÀÌ ±â´ÉÀº TCPDUMP¸¦ »ç¿ëÇؼ­ IP ¸¶½ºÄ¿·¹À̵ù°ú °ü·ÃÇÑ ¹®Á¦µéÀ» µð¹ö±ëÇÒ ¼ö ÀÖÀ¸¹Ç·Î ¼±ÅÃÇÒ °ÍÀ» ±ÇÀåÇÑ´Ù. * Kernel/User netlink socket (CONFIG_NETLINK) [Y/n/?] - YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ÀÌ ±â´ÉÀº ¹æÈ­º®ÀÇ Á¢±Ù ±â·ÏÀ» ³²±æ ¼ö ÀÖµµ·Ï ÇÑ´Ù. * Routing messages (CONFIG_RTNETLINK) [Y/n/?] - NO: ÀÌ ¿É¼ÇÀº ÆÐŶ ¹æÈ­º®ÀÌ ±â·ÏÀ» ³²±â´Â °Í°ú ¾Æ¹« »ó°üÀÌ ¾ø´Ù. * Network firewalls (CONFIG_FIREWALL) [Y/n/?] - YES: IPCHAINS ¹æÈ­º® µµ±¸¸¦ »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù. * TCP/IP networking (CONFIG_INET) [Y/n/?] - YES: TCP/IP ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù. * IP: advanced router (CONFIG_IP_ADVANCED_ROUTER) [Y/n/?] - NO: CONFIG_IP_ROUTE_VERBOSE ¸¦ ¼³Á¤Çϱâ À§Çؼ­ ÇÊ¿äÇÏ°í ±ò²ûÇÑ ¶ó¿ìÆÃÀ» À§Çؼ­ ÇÊ¿äÇÏ´Ù. (ipchains/¸¶½ºÄ¿·¹ÀÌµå ¿Í´Â °ü°è¾ø´Ù.) * IP: verbose route monitoring (CONFIG_IP_ROUTE_VERBOSE) [Y/n/?] - YES: ÀÌ ±â´ÉÀº IP ½ºÇªÇÎ(¼ÓÀÓ) ÆÐŶÀ» Á¦°ÅÇÏ°í ±× ±â·ÏÀ» ³²±â´Â Äڵ带 »ç¿ëÇÑ´Ù¸é ¸Å¿ì À¯¿ëÇÒ °ÍÀÌ´Ù. * IP: firewalling (CONFIG_IP_FIREWALL) [Y/n/?] - YES: ¹æÈ­º® ±â´ÉÀ» »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù. * IP: firewall packet netlink device (CONFIG_IP_FIREWALL_NETLINK) [Y/n/?] - YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ÀÌ ±â´ÉÀº ¹æÈ­º®ÀÇ Á¢±Ù ±â·ÏÀ» ³²±â´Â ±â´ÉÀ» Çâ»ó½ÃÄÑ ÁÙ °ÍÀÌ´Ù. * IP: always defragment (required for masquerading) (CONFIG_IP_ALWAYS_DEFRAG) [Y/n/?] - YES: ÀÌ ±â´ÉÀ» ¼±ÅÃÇؾßÁö IP ¸¶½ºÄ¿·¹À̵å¿Í Åõ¸íÇÑ ÇÁ·Ï½Ã ±â´ÉÀ» ¼±ÅÃÇÒ ¼ö ÀÖ´Ù. ÀÌ ±â´ÉÀº IP ¸¶½ºÄ¿·¹À̵å Á¢¼ÓÀ» ÃÖÀûÈ­ Çϱ⵵ ÇÑ´Ù. * IP: masquerading (CONFIG_IP_MASQUERADE) [Y/n/?] - YES: ³»ºÎ ÁÖ¼Ò¸¦ ¿ÜºÎ·Î ³»º¸³¾ ÆÐŶÀ¸·Î º¯È¯ÇØ ÁÖ´Â IP ¸¶½ºÄ¿·¹À̵ù ±â´ÉÀ» »ç¿ë °¡´ÉÇÏ°Ô ÇÑ´Ù. * IP: ICMP masquerading (CONFIG_IP_MASQUERADE_ICMP) [Y/n/?] - YES: ICMP ÇÎ ÆÐŶÀ» ¸¶½ºÄ¿·¹À̵å Çϱâ À§ÇØ »ç¿ëµÈ´Ù. (¼±ÅÃÇÏÁö ¾Ê´õ¶óµµ ICMP ¿¡·¯ ÄÚµå ÀÚü´Â ¸¶½ºÄ¿·¹ÀÌµå µÉ °ÍÀÌ´Ù.) Á¢¼Ó¿¡ ¹®Á¦°¡ »ý°åÀ» ¶§ ÇØ°áÇϱâ À§ÇØ »ç¿ëµÇ´Â Áß¿äÇÑ ±â´ÉÀÌ´Ù. * IP: masquerading special modules support (CONFIG_IP_MASQUERADE_MOD) [Y/n/?] - YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ÀÌ ±â´ÉÀº ³ªÁß¿¡ TCP/IP Æ÷Æ® Æ÷¿öµùÀ» »ç¿ë °¡´ÉÇÏ°Ô Çϱâ À§Çؼ­ ¼±ÅÃÇØ¾ß ÇÑ´Ù. Æ÷Æ® Æ÷¿öµùÀ» ÅëÇؼ­ ¿ÜºÎ·ÎºÎÅÍ ¸¶½ºÄ¿·¹À̵åµÇ´Â ³»ºÎÀÇ ÄÄÇ»ÅÍ·Î Á÷Á¢ ¿¬°áÇÒ ¼ö ÀÖ´Ù. * IP: ipautofw masq support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_IPAUTOFW) [N/y/m/?] - NO: IPautofw ±â´ÉÀº Æ÷Æ® Æ÷¿öµùÀ» »ç¿ëÇϱâ À§Çؼ­ »ç¿ëµÇ´ø ±¸½Ã´ëÀûÀÎ ¹æ¹ýÀÌ´Ù. ÀÌ ±â´ÉÀº ÇÁ·ÎÅäÄÝ ´ÜÀ§ÀÇ ¸ðµâÀ» »ç¿ëÇÏ´Â °ÍÀÌ ´õ ³´´Ù. * IP: ipportfw masq support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_IPPORTFW) [Y/m/n/?] - YES: IPPORTFW¸¦ »ç¿ë°¡´ÉÇÏ°Ô ÇÑ´Ù. ÀÌ ¿É¼ÇÀ» ¼±ÅÃÇϸé, ÀÎÅͳݻóÀÇ ¿ÜºÎÀÇ ÄÄÇ»Å͵éÀÌ ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»ÅÍ¿Í Á÷Á¢ Åë½ÅÇÒ ¼ö ÀÖ°Ô µÈ´Ù. ÀÌ ±â´ÉÀº Åë»óÀûÀ¸·Î ³»ºÎÀÇ SMTP, TELNET, WWW ¼­¹ö¿¡ Á¢¼ÓÇϱâ À§Çؼ­ »ç¿ëµÈ´Ù. FTP Æ÷Æ® Æ÷¿öµùÀº FAQ ¼½¼Ç¿¡ ¼³¸íµÇ´Â Ãß°¡ ÆÐÄ¡¸¦ »ç¿ëÇØ¾ß ÇÑ´Ù. Æ÷Æ® Æ÷¿öµù¿¡ ´ëÇÑ Ãß°¡ÀûÀÎ Á¤º¸´Â ÀÌ HOWTOÀÇ Forwards ¼½¼Ç¿¡¼­ ´Ù·ç°í ÀÖ´Ù. * IP: ip fwmark masq-forwarding support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_MFW) [Y/m/n/?] - NO: IPCHAINS·Î ºÎÅÍ Á÷Á¢ IP Æ÷¿öµùÀ» ÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù. ÇöÀç ÀÌ ÄÚµå´Â ½ÃÇè¿ëÀ̸ç, ±ÇÀåÇÏ´Â ¹æ¹ýÀº IPMASQADM ¿Í IPPORTFW¸¦ »ç¿ëÇÏ´Â °ÍÀÌ´Ù. * IP: optimize as router not host (CONFIG_IP_ROUTER) [Y/n/?] - YES: ÀÌ ±â´ÉÀº Ä¿³ÎÀÇ ³×Æ®¿÷ ±â´ÉÀ» ÃÖÀûÈ­ ÇØ ÁØ´Ù. * IP: GRE tunnels over IP (CONFIG_NET_IPGRE) [N/y/m/?] - NO: ÀÌ ±â´ÉÀº ²À ÇÊ¿äÇÏÁö´Â ¾ÊÀ¸¸ç, IP ¸¶½ºÄ¿·¹À̵ùÀ» ÅëÇؼ­ PPTP¿Í GRE ÅͳÎÀ» »ç¿ë°¡´ÉÇÏ°Ô ÇÑ´Ù. * IP: TCP syncookie support (not enabled per default) (CONFIG_SYN_COOKIES) [Y/n/?] - YES: ±âº»ÀûÀÎ ³×Æ®¿÷ º¸¾ÈÀ» À§Çؼ­ ¼±ÅÃÇÒ °ÍÀ» °­·ÂÈ÷ ±ÇÀåÇÑ´Ù. * Network device support (CONFIG_NETDEVICES) [Y/n/?] - YES: ¸®´ª½ºÀÇ ³×Æ®¿÷ ÀåÄ¡¸¦ »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù. * Dummy net driver support (CONFIG_DUMMY) [M/n/y/?] - YES: ²À ÇÊ¿äÇÏÁö´Â ¾ÊÁö¸¸, ¹®Á¦°¡ ¹ß»ýÇßÀ» ¶§ µð¹ö±ë ÇÒ ¶§ µµ¿òÀÌ µÉ °ÍÀÌ´Ù. * /proc filesystem support (CONFIG_PROC_FS) [Y/n/?] - YES: ¸®´ª½ºÀÇ ³×Æ®¿÷ Æ÷¿öµù ½Ã½ºÅÛÀ» »ç¿ëÇϱâ À§Çؼ­ ÇÊ¿äÇÏ´Ù. NOTE: ÀÌ ¿É¼ÇµéÀº ´ÜÁö IP ¸¶½ºÄ¿·¹À̵ùÀÌ µ¿ÀÛÇϱâ À§ÇÑ ¿ä¼ÒµéÀÌ´Ù. ƯÁ¤ÇÑ ³×Æ®¿÷°ú ƯÁ¤ Çϵå¿þ¾î¸¦ ¼³Á¤Çϱâ À§Çؼ­´Â ÇÊ¿äÇÑ ´Ù¸¥ ¿É¼ÇµéÀ» ´õ ¼±ÅÃÇØ¾ß ÇÑ´Ù. o Ä¿³Î ÀÚü¸¦ ÄÄÆÄÀÏÇÏ°í ³ª¼­´Â, ´ÙÀ½°ú °°Àº ¸í·ÉÀ¸·Î Ä¿³ÎÀÇ IP ¸¶½ºÄ¿·¹À̵ù °ü·Ã ¸ðµâµéÀ» ÄÄÆÄÀÏÇÏ°í ¼³Ä¡ÇØ¾ß ÇÑ´Ù: make modules; make modules_install o ´ÙÀ½¿¡´Â, /etc/rc.d/rc.local È­ÀÏ¿¡ ´ÙÀ½°ú °°ÀÌ ¸îÁÙÀ» Ãß°¡Çؼ­ IP ¸¶½ºÄ¿·¹À̵带 »ç¿ëÇϱâ À§ÇÑ ½ºÅ©¸³Æ®¸¦ loadÇϵµ·Ï ÇØ¾ß ÇÑ´Ù. ÀÌ·¸°Ô ÇÏ¸é ¸®ºÎÆÃÀ» ÇÒ ¶§¸¶´Ù ÀÚµ¿ÀûÀ¸·Î IP ¸¶½ºÄ¿·¹À̵ù ±â´ÉÀ» »ç¿ëÇÒ ¼ö ÀÖ´Ù: . . . #rc.firewall script - Start IPMASQ and the firewall /etc/rc.d/rc.firewall . . . 3.2. ³»ºÎ LAN¿¡ ºñ°ø½ÄÀûÀÎ ³»ºÎ IP ÁÖ¼Ò¸¦ ÇÒ´çÇϱ⠸ðµç ³»ºÎÀÇ ¸¶½ºÄ¿·¹ÀÌµå µÈ ÄÄÇ»Å͵鿡 °ø½ÄÀûÀÎ ÀÎÅÍ³Ý ÁÖ¼Ò°¡ ÇÒ´çµÇ¾îÁ® ÀÖÁö ¾Ê±â ¶§¹®¿¡, ¿ÜºÎÀÇ ÀÎÅÍ³Ý ÁÖ¼Ò¿Í Ãæµ¹ÇÏÁö ¾Êµµ·Ï ±× ÄÄÇ»Å͵鿡 ÁÖ¼Ò¸¦ ÇÒ´çÇÒ ¹æ¹ýÀÌ ÀÖ¾î¾ß ÇÑ´Ù. >IP ¸¶½ºÄ¿·¹À̵å FAQÀÇ ¿øº»À¸·ÎºÎÅÍ Àοë: RFC 1918 Àº ¿ÜºÎ¿Í ¿¬°áµÇÁö ¾Ê´Â "°³Àοë" ³×Æ®¿÷¿¡ »ç¿ëµÇ´Â IP Áּҵ鿡 °üÇÑ °ø½ÄÀûÀÎ ¹®¼­ÀÌ´Ù. ÀÌ·¯ÇÑ °æ¿ì¿¡ »ç¿ëµÇ±â À§Çؼ­ ¼¼ °¡ÁöÀÇ ÁÖ¼Ò ¿µ¿ªÀÌ ÀÖ´Ù. Section 3: °³Àοë ÁÖ¼Ò ¿µ¿ª ÀÎÅÍ³Ý ÁÖ¼Ò ÇÒ´ç ±â±¸(The Internet Assigned Numbers Authority : IANA)´Â IP ÁÖ¼ÒÁß¿¡¼­ ´ÙÀ½ ¼¼°¡Áö ¿µ¿ªÀ» °³ÀÎ¿ë ³×Æ®¿÷À» À§Çؼ­ ¿¹¾àÇØ µÎ¾ú´Ù: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 ù¹ø° ¿µ¿ªÀº "24-bit ¿µ¿ª", µÎ¹ø°´Â "20-bit ¿µ¿ª", ¼¼¹ø°´Â "16-bit ¿µ¿ª"À¸·Î ºÎ¸£±â·Î ÇÑ´Ù. ù¹ø° ¿µ¿ªÀº class A ³×Æ®¿÷ ÁÖ¼Ò ¿µ¿ªÀ̸ç, µÎ¹ø°´Â class B ³×Æ®¿÷ ÁÖ¼ÒÀÇ ¿¬¼ÓµÈ 16°³ÀÇ ¹øÈ£µéÀÌ°í, ¼¼¹ø°´Â class C ³×Æ®¿÷ ÁÖ¼ÒÀÇ ¿¬¼ÓµÈ 255°³ÀÇ ¹øÈ£µéÀÌ´Ù. ¼³¸íÀ» À§Çؼ­, ÇÊÀÚ´Â 192.168.0.0 ³×Æ®¿÷°ú 255.255.255.0ÀÇ class-C ¼­ºê³Ý ¸¶½ºÅ©¸¦ »ç¿ëÇß°í, ÀÌ HOWTO¿¡¼­µµ ÀÌ ÁÖ¼Ò¸¦ »ç¿ëÇÒ °ÍÀÌ´Ù. ±×·¯³ª, À§¿¡ ÀÖ´Â °³ÀÎ¿ë ³×Æ®¿÷ ÁÖ¼ÒÁß¿¡¼­ ¾î¶² °ÍÀ» »ç¿ëÇصµ ¹«¹æÇÏ´Ù. ´Ü, °¢°¢ÀÇ °æ¿ì¿¡ ÀûÀýÇÑ ¼­ºê³Ý ¸¶½ºÅ©¸¦ »ç¿ëÇØ¾ß ÇÑ´Ù. ¸¸¾à Class-C ³×Æ®¿÷À» »ç¿ëÇÑ´Ù¸é, ¸¶½ºÄ¿·¹À̵ùÀ» »ç¿ëÇÒ ÄÄÇ»Å͵鿡 192.168.0.1, 192.168.0.2, 192.168.0.3, ..., 192.168.0.x µî°ú °°ÀÌ ÁÖ¼Ò¸¦ ÇÒ´çÇØ¾ß ÇÑ´Ù. 192.168.0.1 Àº º¸Åë ³»ºÎ °ÔÀÌÆ®¿þÀÌ È¤Àº ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¸Ó½ÅÀÇ Áּҷμ­ ¿ÜºÎ·Î ¿¬°áµÇ´Â Åë·ÎÀÌ´Ù. 192.168.0.0°ú 192.168.0.255´Â °¢°¢ "³×Æ®¿÷" ÀÚüÀÇ ÁÖ¼Ò¿Í "ºê·Îµåij½ºÆ®" ÁÖ¼ÒÀÌ´Ù. (ÀÌ ÁÖ¼ÒµéÀº ¿¹¾àµÈ ÁÖ¼ÒµéÀÌ´Ù.) ÀÌ ÁÖ¼ÒµéÀ» ÄÄÇ»Å͵鿡°Ô ÇÒ´ç¸é, ³×Æ®¿÷ÀÌ Á¦´ë·Î µ¿ÀÛÇÏÁö ¾ÊÀ» °ÍÀÌ´Ù. 3.3. IP Æ÷¿öµù Á¤Ã¥ ¼³Á¤Çϱâ ÀÌÁ¦, Ä¿³Î°ú ±âŸ ÇÊ¿äÇÑ ÆÐÅ°ÁöµéÀÌ ÁغñµÇ¾î ÀÖ¾î¾ß ÇÑ´Ù. ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö¿¡µµ ¸ðµç ³×Æ®¿÷ IP ÁÖ¼Òµé°ú, °ÔÀÌÆ®¿þÀÌ, DNS ÁÖ¼ÒµéÀ» ¼³Á¤ÇØ¾ß ÇÑ´Ù. ³×Æ®¿÷ Ä«µåµéÀ» ¼³Á¤ÇÏ´Â ¹æ¹ýÀ» ¸ð¸¥´Ù¸é, ``'' ȤÀº ``'' ¼½¼Ç¿¡ ¾ð±ÞµÈ HOWTOµéÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. ÀÌÁ¦ ³²Àº °ÍÀº IP ¹æÈ­º® µµ±¸µéÀ» ¼³Á¤Çؼ­ Æ÷¿öµù°ú ¸¶½ºÄ¿·¹À̵ùÀ» Çϵµ·Ï ÇÏ´Â °ÍÀÌ´Ù: ** ¼³Á¤Àº ¿©·¯°¡Áö ¹æ¹ýÀ¸·Î ÇÒ ¼ö°¡ ÀÖÁö¸¸, ÇÊÀÚ´Â ´ÙÀ½¿¡ ¿¹·Î µç ¹æ¹ýÀ» »ç¿ëÇؼ­ ¼º°øÇß´Ù. ÇÏÁö¸¸, ¿©·¯ºÐÀº ´Ù¸¥ ¹æ¹ýÀ» »ç¿ëÇÒ ¼öµµ ÀÖÀ» °ÍÀÌ´Ù. ** ÀÌ ¼½¼Ç¿¡¼­ Á¦°øÇÏ´Â °ÍÀº IP ¸¶½ºÄ¿·¹ÀÌµå ±â´ÉÀÌ ÀÛµ¿Çϱâ À§ÇÑ ÃÖ¼ÒÇÑÀÇ ¹æÈ­º® Á¤Ã¥ÀÌ´Ù. ÀÏ´Ü IP ¸¶½ºÄ¿·¹À̵尡 Á¦´ë·Î µ¿ÀÛÇϸé(ÀÌ HOWTO¿¡¼­ ³ªÁß¿¡ ¾ð±ÞÇÑ´Ù) ``'' ¿Í ``'' ¼½¼Ç¿¡¼­ º¸¾È °­µµ°¡ º¸´Ù ³ôÀº Á¤Ã¥µé¿¡ ´ëÇØ ¾Ë¾Æº¸±â ¹Ù¶õ´Ù. ´õ ÀÚ¼¼ÇÑ »çÇ×Àº IPFWADM (2.0.x) ȤÀº IPCHAINS(2.2.x) man ÆäÀÌÁö¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù. 3.3.1. ¸®´ª½º 2.0.x Ä¿³Î ´ÙÀ½°ú °°Àº "°£´ÜÇÑ" Ãʱâ Á¤Ã¥À¸·Î /etc/rc.d/rc.firewall È­ÀÏÀ» »ý¼ºÇÑ´Ù: # rc.firewall - Initial SIMPLE IP Masquerade setup for 2.0.x kernels using IPFWADM # # Load all required IP MASQ modules # # NOTE: Only load the IP MASQ modules you need. All current available IP MASQ modules # are shown below but are commented out from loading. # Needed to initially load modules # /sbin/depmod -a # Supports the proper masquerading of FTP file transfers using the PORT method # /sbin/modprobe ip_masq_ftp # Supports the masquerading of RealAudio over UDP. Without this module, # RealAudio WILL function but in TCP mode. This can cause a reduction # in sound quality # #/sbin/modprobe ip_masq_raudio # Supports the masquerading of IRC DCC file transfers # #/sbin/modprobe ip_masq_irc # Supports the masquerading of Quake and QuakeWorld by default. This modules is # for for multiple users behind the Linux MASQ server. If you are going to play # Quake I, II, and III, use the second example. # #Quake I / QuakeWorld (ports 26000 and 27000) #/sbin/modprobe ip_masq_quake # #Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960) #/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960 # Supports the masquerading of the CuSeeme video conferencing software # #/sbin/modprobe ip_masq_cuseeme #Supports the masquerading of the VDO-live video conferencing software # #/sbin/modprobe ip_masq_vdolive #CRITICAL: Enable IP forwarding since it is disabled by default since # # Redhat Users: you may try changing the options in /etc/sysconfig/network from: # # FORWARD_IPV4=false # to # FORWARD_IPV4=true # echo "1" > /proc/sys/net/ipv4/ip_forward # Dynamic IP users: # # If you get your Internet IP address dynamically from SLIP, PPP, or DHCP, enable this following # option. This enables dynamic-ip address hacking in IP MASQ, making the life # with DialD, PPPd, and similar programs much easier. # #echo "1" > /proc/sys/net/ipv4/ip_dynaddr # MASQ timeouts # # 2 hrs timeout for TCP session timeouts # 10 sec timeout for traffic after the TCP/IP "FIN" packet is received # 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users) # /sbin/ipfwadm -M -s 7200 10 160 # DHCP: For people who receive their external IP address from either DHCP or BOOTP # such as ADSL or Cablemodem users, it is necessary to use the following # before the deny command. The "bootp_client_net_if_name" should be replaced # the name of the link that the DHCP/BOOTP server will put an address on to? # This will be something like "eth0", "eth1", etc. # # This example is currently commented out. # # #/sbin/ipfwadm -I -a accept -S 0/0 67 -D 0/0 68 -W bootp_clients_net_if_name -P udp # Enable simple IP forwarding and Masquerading # # NOTE: The following is an example for an internal LAN address in the 192.168.0.x # network with a 255.255.255.0 or a "24" bit subnet mask. # # Please change this network number and subnet mask to match your internal LAN setup # /sbin/ipfwadm -F -p deny /sbin/ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0 /etc/rc.d/rc.firewall È­ÀÏÀ» ÆíÁýÇؼ­ Á¤Ã¥À» »ý¼ºÇÏ°í ³ª¸é, "chmod 700 /etc/rc.d/rc.firewall" ¶ó°í ¸í·ÉÇؼ­ ½ÇÇà°¡´ÉÇÑ È­ÀÏ·Î ¸¸µç´Ù. À§ÀÇ ¹æ¹ýó·³ Àüü TCP/IP ³×Æ®¿÷¿¡ ´ëÇؼ­°¡ ¾Æ´Ï¶ó, °¢°¢ÀÇ ¸Ó½Åº°·Î IP ¸¶½ºÄ¿·¹À̵ùÀ» ¼³Á¤ÇÒ ¼öµµ ÀÖ´Ù. ¿¹¸¦ µé¾î¼­, 192.168.0.2¿Í 192.168.0.8ÀÇ ÁÖ¼Ò¸¦ °®´Â È£½ºÆ®´Â ÀÎÅͳݿ¡ Á¢±Ù°¡´ÉÇϵµ·Ï ÇÏ°í ´Ù¸¥ ³»ºÎÀÇ ¸Ó½ÅµéÀº Á¢±ÙÇÏÁö ¸øÇϵµ·Ï ÇÏ°íÀÚ ÇÑ´Ù¸é, À§ÀÇ /etc/rc.d/rc.firewall È­ÀÏ¿¡¼­ "Enable simple IP forwarding and Masquerading" À̶ó°í µÇ¾î ÀÖ´Â ºÎºÐÀ» ¹Ù²ãÁÖ¸é µÈ´Ù. # Enable simple IP forwarding and Masquerading # # NOTE: The following is an example to only allow IP Masquerading for the 192.168.0.2 # and 192.168.0.8 machines with a 255.255.255.0 or a "24" bit subnet mask. # # Please use the following in ADDITION to the simple ruleset above for specific # MASQ networks. Also change the network numbers and subnet masks to match your # internal LAN setup # /sbin/ipfwadm -F -p deny /sbin/ipfwadm -F -a m -S 192.168.0.2/32 -D 0.0.0.0/0 /sbin/ipfwadm -F -a m -S 192.168.0.8/32 -D 0.0.0.0/0 IP ¸¶½ºÄ¿·¹À̵ùÀ» óÀ½ »ç¿ëÇÏ´Â »ç¶÷µéÀÌ ÈçÈ÷ ÀúÁö¸£´Â ½Ç¼ö´Â ´ÙÀ½°ú °°ÀÌ ¸í·ÉÇÏ´Â °ÍÀÌ´Ù: ipfwadm -F -p masquerade µðÆúÆ®·Î ¸¶½ºÄ¿·¹À̵ùÀ» Çϵµ·Ï Çؼ­´Â ¾ÈµÈ´Ù. ¸¸¾à ±×·¸°Ô ¼³Á¤ÇÏ¸é ¶ó¿ìÆà Å×À̺íÀ» ´Ù·ê ÁÙ ¾Æ´Â ¾î¶² ´©±º°¡°¡ ¿©·¯ºÐÀÇ °ÔÀÌÆ®¿þÀ̸¦ ÅëÇؼ­ ÀÚ½ÅÀÇ ½ÅºÐÀ» ¼û±â°í¼­ ¾îµò°¡·Î Á¢¼ÓÇÒ ¼ö°¡ ÀÖ°Ô µÈ´Ù! À§ÀÇ ¼³Á¤È­ÀÏ ³»¿ëÀº, /etc/rc.d/rc.firewall È­ÀÏÀ̳ª ȤÀº ¿øÇÏ´Â ´Ù¸¥ rc È­ÀÏ¿¡ ³ÖÀ» ¼öµµ ÀÖ°í, ¾Æ´Ï¸é IP ¸¶½ºÄ¿·¹À̵尡 ÇÊ¿äÇÒ ¶§¸¶´Ù ¼öµ¿À¸·Î ¸í·ÉÇÒ ¼öµµ ÀÖ´Ù. ``'' °ú ``'' ¼½¼Ç¿¡¼­ IPFWADM¿¡ °üÇÑ ÀÚ¼¼ÇÑ ¾È³»¿Í ´õ °­·ÂÇÑ IPFWADM Á¤Ã¥µéÀÇ ¿¹¸¦ º¼¼ö°¡ ÀÖ´Ù. 3.3.2. ¸®´ª½º 2.2.x Ä¿³Î 2.1.x ³ª 2.2.x Ä¿³Î¿¡¼­ IP ¸¶½ºÄ¿·¹À̵ù Á¤Ã¥µéÀ» ´Ù·ç±â À§ÇÑ ¹æÈ­º® µµ±¸·Î¼­ IPFWADMÀº ´õÀÌ»ó »ç¿ëµÇÁö ¾Ê´Â´Ù ÀÌ »õ ¹öÁ¯ÀÇ Ä¿³ÎµéÀº ÀÌÁ¦ IPCHAINS¶ó´Â µµ±¸¸¦ »ç¿ëÇÑ´Ù. ÀÌ·¸°Ô µÈ ÀÚ¼¼ÇÑ ÀÌÀ¯´Â ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. ´ÙÀ½°ú °°Àº "°£´ÜÇÑ" Ãʱâ Á¤Ã¥À¸·Î /etc/rc.d/rc.firewall È­ÀÏÀ» »ý¼ºÇÑ´Ù: #!/bin/sh # # rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x and 2.2.x kernels using IPCHAINS # # Load all required IP MASQ modules # # NOTE: Only load the IP MASQ modules you need. All current IP MASQ modules # are shown below but are commented out from loading. # Needed to initially load modules # /sbin/depmod -a # Supports the proper masquerading of FTP file transfers using the PORT method # /sbin/modprobe ip_masq_ftp # Supports the masquerading of RealAudio over UDP. Without this module, # RealAudio WILL function but in TCP mode. This can cause a reduction # in sound quality # #/sbin/modprobe ip_masq_raudio # Supports the masquerading of IRC DCC file transfers # #/sbin/modprobe ip_masq_irc # Supports the masquerading of Quake and QuakeWorld by default. This modules is # for for multiple users behind the Linux MASQ server. If you are going to play # Quake I, II, and III, use the second example. # #Quake I / QuakeWorld (ports 26000 and 27000) #/sbin/modprobe ip_masq_quake # #Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960) #/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960 # Supports the masquerading of the CuSeeme video conferencing software # #/sbin/modprobe ip_masq_cuseeme #Supports the masquerading of the VDO-live video conferencing software # #/sbin/modprobe ip_masq_vdolive #CRITICAL: Enable IP forwarding since it is disabled by default since # # Redhat Users: you may try changing the options in /etc/sysconfig/network from: # # FORWARD_IPV4=false # to # FORWARD_IPV4=true # echo "1" > /proc/sys/net/ipv4/ip_forward # Dynamic IP users: # # If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following # option. This enables dynamic-ip address hacking in IP MASQ, making the life # with Diald and similar programs much easier. # #echo "1" > /proc/sys/net/ipv4/ip_dynaddr # MASQ timeouts # # 2 hrs timeout for TCP session timeouts # 10 sec timeout for traffic after the TCP/IP "FIN" packet is received # 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users) # /sbin/ipchains -M -S 7200 10 160 # DHCP: For people who receive their external IP address from either DHCP or BOOTP # such as ADSL or Cablemodem users, it is necessary to use the following # before the deny command. The "bootp_client_net_if_name" should be replaced # the name of the link that the DHCP/BOOTP server will put an address on to? # This will be something like "eth0", "eth1", etc. # # This example is currently commented out. # # #/sbin/ipchains -A input -j ACCEPT -i bootp_clients_net_if_name -s 0/0 67 -d 0/0 68 -p udp # Enable simple IP forwarding and Masquerading # # NOTE: The following is an example for an internal LAN address in the 192.168.0.x # network with a 255.255.255.0 or a "24" bit subnet mask. # # Please change this network number and subnet mask to match your internal LAN setup # /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ /etc/rc.d/rc.firewall È­ÀÏÀ» ÆíÁýÇؼ­ Á¤Ã¥À» »ý¼ºÇÏ°í ³ª¸é, chmod 700 /etc/rc.d/rc.firewall¶ó°í ¸í·ÉÇؼ­ ½ÇÇà°¡´ÉÇÑ È­ÀÏ·Î ¸¸µç´Ù. À§ÀÇ ¹æ¹ýó·³ Àüü TCP/IP ³×Æ®¿÷¿¡ ´ëÇؼ­°¡ ¾Æ´Ï¶ó, °¢°¢ÀÇ ¸Ó½Åº°·Î IP ¸¶½ºÄ¿·¹À̵ùÀ» ¼³Á¤ÇÒ ¼öµµ ÀÖ´Ù. ¿¹¸¦ µé¾î¼­, 192.168.0.2¿Í 192.168.0.8ÀÇ ÁÖ¼Ò¸¦ °®´Â È£½ºÆ®´Â ÀÎÅͳݿ¡ Á¢±Ù°¡´ÉÇϵµ·Ï ÇÏ°í ´Ù¸¥ ³»ºÎÀÇ ¸Ó½ÅµéÀº Á¢±ÙÇÏÁö ¸øÇϵµ·Ï ÇÏ°íÀÚ ÇÑ´Ù¸é, À§ÀÇ /etc/rc.d/rc.firewall È­ÀÏ¿¡¼­ "Enable simple IP forwarding and Masquerading" À̶ó°í µÇ¾î ÀÖ´Â ºÎºÐÀ» ¹Ù²ãÁÖ¸é µÈ´Ù. #!/bin/sh # # Enable simple IP forwarding and Masquerading # # NOTE: The following is an example to only allow IP Masquerading for the 192.168.0.2 # and 192.168.0.8 machines with a 255.255.255.0 or a "24" bit subnet mask. # # Please change this network number and subnet mask to match your internal LAN setup # /sbin/ipchains -P forward deny /sbin/ipchains -A forward -s 192.168.0.2/32 -j MASQ /sbin/ipchains -A forward -s 192.168.0.8/32 -j MASQ IP ¸¶½ºÄ¿·¹À̵ùÀ» óÀ½ »ç¿ëÇÏ´Â »ç¶÷µéÀÌ ÈçÈ÷ ÀúÁö¸£´Â ½Ç¼ö´Â ´ÙÀ½°ú °°ÀÌ ¸í·ÉÇÏ´Â °ÍÀÌ´Ù: /sbin/ipchains -P forward masquerade µðÆúÆ®·Î ¸¶½ºÄ¿·¹À̵ùÀ» Çϵµ·Ï Çؼ­´Â ¾ÈµÈ´Ù. ¸¸¾à ±×·¸°Ô ¼³Á¤ÇÏ¸é ¶ó¿ìÆà Å×À̺íÀ» ´Ù·ê ÁÙ ¾Æ´Â ¾î¶² ´©±º°¡°¡ ¿©·¯ºÐÀÇ °ÔÀÌÆ®¿þÀ̸¦ ÅëÇؼ­ ÀÚ½ÅÀÇ ½ÅºÐÀ» ¼û±â°í¼­ ¾îµò°¡·Î Á¢¼ÓÇÒ ¼ö°¡ ÀÖ°Ô µÈ´Ù! À§ÀÇ ¼³Á¤È­ÀÏ ³»¿ëÀº, /etc/rc.d/rc.firewall È­ÀÏÀ̳ª ȤÀº ¿øÇÏ´Â ´Ù¸¥ rc È­ÀÏ¿¡ ³ÖÀ» ¼öµµ ÀÖ°í, ¾Æ´Ï¸é IP ¸¶½ºÄ¿·¹À̵尡 ÇÊ¿äÇÒ ¶§¸¶´Ù ¼öµ¿À¸·Î ¸í·ÉÇÒ ¼öµµ ÀÖ´Ù. ``'' °ú ``'' ¼½¼Ç¿¡¼­ IPCHAINS¿¡ °üÇÑ ÀÚ¼¼ÇÑ ¾È³»¿Í ´õ °­·ÂÇÑ IPCHAINS Á¤Ã¥µéÀÇ ¿¹¸¦ º¼ ¼ö°¡ ÀÖ´Ù. IPCHAINSÀÇ »ç¿ë¹ý¿¡ °üÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº Linux IP CHAINS HOWTOÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. 4. ¸¶½ºÄ¿·¹À̵ù ³»ºÎÀÇ ÄÄÇ»Å͵éÀ» ¼³Á¤Çϱ⠳»ºÎÀÇ ¸¶½ºÄ¿·¹ÀÌµå µÇ´Â ÄÄÇ»Å͵éÀÇ IP ÁÖ¼Ò¸¦ ÀûÀýÈ÷ ¼³Á¤ÇÏ´Â °Í ¿Ü¿¡, ³»ºÎÀÇ °¢ ÄÄÇ»Å͵éÀÌ ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼­¹öÀÇ ÁÖ¼Ò¸¦ °ÔÀÌÆ®¿þÀÌ ÁÖ¼Ò·Î ¼³Á¤ÇÏ°í DNS ¼­¹ö ÁÖ¼Ò¸¦ ÀûÀýÈ÷ ¼³Á¤ÇØ¾ß ÇÑ´Ù. ´ë°³ÀÇ °æ¿ì¿¡ ÀÌ°ÍÀº ²Ï ¼ö¿ùÇÏ´Ù. °£´ÜÈ÷, °ÔÀÌÆ®¿þÀÌ ÁÖ¼Ò¿¡ ¸®´ª½º È£½ºÆ®ÀÇ ÁÖ¼Ò(ÀϹÝÀûÀ¸·Î 192.168.0.1)¸¦ ÀÔ·ÂÇÏ¸é µÈ´Ù. µµ¸ÞÀÎ ³×ÀÓ ¼­ºñ½º(DNS)ÀÇ °æ¿ì¿¡´Â, »ç¿ë °¡´ÉÇÑ ¾î¶² DNS ¼­¹öÀÇ ÁÖ¼Ò¶óµµ Ãß°¡ÇÒ ¼ö ÀÖ´Ù. °¡Àå ±ú²ýÇÑ ¹æ¹ýÀº ¸®´ª½º ¼­¹ö°¡ »ç¿ëÇÏ°í ÀÖ´Â DNS ¼­¹ö¸¦ ÀÔ·ÂÇÏ´Â °ÍÀÌ´Ù. Ãß°¡·Î, "µµ¸ÞÀÎ °Ë»ö" Á¢¹Ì»ç¸¦ Ãß°¡ÇÒ ¼öµµ ÀÖ´Ù. ¸¶½ºÄ¿·¹ÀÌµå µÇ´Â ³»ºÎÀÇ ÄÄÇ»Å͵éÀ» Á¦´ë·Î ¼³Á¤ÇÏ°í ³ª¸é, ÇØ´ç ÄÄÇ»ÅÍÀÇ ³×Æ®¿÷À» Àç½Ãµ¿ÇϵçÁö ¾Æ´Ï¸é ÀçºÎÆÃÇÑ´Ù. ´ÙÀ½ÀÇ ¼³Á¤ °úÁ¤¿¡¼­´Â, ¿©·¯ºÐÀÌ Class C ³×Æ®¿÷ ÁÖ¼ÒµéÀ» »ç¿ëÇÏ°í, ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼­¹öÀÇ ÁÖ¼Ò°¡ 192.168.0.1À̶ó°í °¡Á¤ÇÑ´Ù. 192.168.0.0°ú 192.168.0.255´Â ¿¹¾àµÈ ÁÖ¼ÒÀÌ´Ï °¢ ÄÄÇ»ÅÍÀÇ ÁÖ¼Ò·Î »ç¿ëÇؼ­´Â ¾ÈµÈ´Ù. ´ÙÀ½°ú °°Àº Ç÷§ÆûµéÀÌ ¸¶½ºÄ¿·¹À̵ù ³»ºÎ¿¡¼­ Å×½ºÆ®µÇ¾ú´Ù: o Linux 1.2.x, 1.3.x, 2.0.x, 2.1.x, 2.2.x o Solaris 2.51, 2.6, 7 o Windows 95, OSR2, 98 o Windows NT 3.51, 4.0, 2000 (¿÷½ºÅ×À̼ǰú ¼­¹ö ¸ðµÎ) o Windows For Workgroup 3.11 (TCP/IP ÆÐÅ°Áö ¼³Ä¡) o Windows 3.1 (Netmanage Chameleon ÆÐÅ°Áö ¼³Ä¡) o TCP/IP ¼­ºñ½º¸¦ ¼³Ä¡ÇÑ Novell 4.01 ¼­¹ö o OS/2 (Warp v3 Æ÷ÇÔ) o Macintosh OS (MacTCP ȤÀº Open Transport ¼³Ä¡) o DOS (NCSA Telnet ÆÐÅ°Áö ¼³Ä¡, DOS TrumpetÀº ºÎºÐÀûÀ¸·Î µ¿ÀÛ) o Amiga (AmiTCP ȤÀº AS225-stack ¼³Ä¡) o UCX¸¦ ¼³Ä¡ÇÑ VAX Stations 3520°ú 3100 (VMSÀÇ °æ¿ì¿¡´Â TCP/IP stack) o Linux/RedhatÀ» ¼³Ä¡ÇÑ Alpha/AXP o SCO Openserver (v3.2.4.2¿Í 5) o AIX¸¦ ¼³Ä¡ÇÑ IBM RS/6000 4.1. Microsoft Windows 95 ¼³Á¤ 1. ³×Æ®¿÷ ÀåÄ¡ µå¶óÀ̹ö¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´Ù¸é Áö±Ý ¼³Ä¡ÇÑ´Ù. µå¶óÀ̹ö ¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼­¿¡¼­ ´Ù·çÁö ¾Ê´Â´Ù. 2. 3. TCP/IP ÇÁ·ÎÅäÄÝÀÌ ¼³Ä¡µÇÁö ¾Ê¾Ò´Ù¸é, Ãß°¡ --> ÇÁ·ÎÅäÄÝ --> Á¦Á¶È¸»ç: Microsoft --> ÇÁ·ÎÅäÄÝ: 'TCP/IP ÇÁ·ÎÅäÄÝ' À» Â÷·Ê·Î ¼±ÅÃÇؼ­ ¼³Ä¡ÇÑ´Ù. 4. TCP/IP Ç׸ñÀ» Windows95 ³×Æ®¿÷ Ä«µå·Î ¿¬°á(bound)µÇµµ·Ï ÇÏ°í 'µî·ÏÁ¤º¸'¸¦ ¼±Ã¥ÇÑ´Ù. 'IP ÁÖ¼Ò' ÅÇÀ» Ŭ¸¯ÇÏ°í IP ÁÖ¼Ò¸¦ 192.168.0.x(1 < x < 255)·Î ¼³Á¤ÇÑ´Ù. ±×¸®°í ¼­ºê³Ý ¸¶½ºÅ©¸¦ 255.255.255.0À¸·Î ¼³Á¤ÇÑ´Ù. 5. "°ÔÀÌÆ®¿þÀÌ" ÅÇÀ» Ŭ¸¯ÇÏ°í '°ÔÀÌÆ®¿þÀÌ'¿¡ 192.168.0.1À̶ó°í ÀÔ·ÂÇÑÈÄ "Ãß°¡"¸¦ Ŭ¸¯ÇÑ´Ù. 6. 7. ³ª¸ÓÁö ¼³Á¤µéÀº Àß ¾ËÁö ¸øÇÑ´Ù¸é ±×´ë·Î µÎµµ·Ï ÇÑ´Ù. 8. ¸ðµç ´ëÈ­»óÀÚ¿¡¼­ 'È®ÀÎ(OK)' À» Ŭ¸¯ÇÏ°í ÀçºÎÆÃÇÑ´Ù. 9. ³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇØ º¸±â À§Çؼ­ ¸®´ª½º È£½ºÆ®·Î Ping À» Çغ»´Ù: '½ÃÀÛ/½ÇÇà', ping 192.168.0.1¶ó°í ÀÔ·Â. (ÀÌ°ÍÀº ´ÜÁö ³»ºÎ LAN ¿¬°áÀ» ½ÃÇèÇÏ´Â °ÍÀÌ´Ù. ¾ÆÁ÷Àº ¹Ù±ù ¼¼°è·Î ping À» ÇÒ ¼ö°¡ ¾ø´Ù.) PING ÇÑ °Í¿¡ ´ëÇØ ÀÀ´äÀÌ ¾ø´Ù¸é ³×Æ®¿÷ ¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù. 10. C:\Windows µð·ºÅ丮¿¡ HOSTS È­ÀÏÀ» ¸¸µé¸é, DNS ¼­¹ö°¡ ¾ø¾îµµ "È£½ºÆ®¸í"À¸·Î LAN ¾È¿¡ ÀÖ´Â ÄÄÇ»Å͵鿡°Ô PINGÀ» ÇÒ ¼ö°¡ ÀÖ´Ù. C:\windows µð·ºÅ丮¿¡ HOSTS.SAM ¶ó´Â ¿¹Á¦ È­ÀÏÀÌ ÀÖÀ» °ÍÀÌ´Ù. 4.2. Windows NT ¼³Á¤ 1. ³×Æ®¿÷ ÀåÄ¡ µå¶óÀ̹ö¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´Ù¸é Áö±Ý ¼³Ä¡ÇÑ´Ù. µå¶óÀ̹ö ¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼­¿¡¼­ ´Ù·çÁö ¾Ê´Â´Ù. 2. 3. TCP/IP ¼­ºñ½º°¡ ¾ÆÁ÷ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù¸é '¼ÒÇÁÆ®¿þ¾î Ãß°¡' ¸Þ´º¿¡¼­ TCP/IP ÇÁ·ÎÅäÄÝ°ú ±×¿Ü Ç׸ñµéÀ» Ãß°¡ÇÑ´Ù. 4. 5. 6. Windows NT µµ¸ÞÀÎ ³»¿¡ ÀÖÁö ¾Ê°Å³ª °¢ Ç׸ñÀÌ ¹«¾ùÀ» ÀǹÌÇÏ´ÂÁö Àß ¸ð¸¦ ¶§¿¡´Â 'Automatic DHCP Configuration'ÀÇ È°¼ºÈ­¸¦ ÇØÁ¦ÇÏ°í, 'WINS Server' ºÎºÐ¿¡ ¾Æ¹«°Íµµ ÀÔ·ÂÇÏÁö ¸»°í, Enable IP ForwardingsÀÇ È°¼ºÈ­¸¦ ÇØÁ¦ÇÑ´Ù. 7. 8. 9. ¸ðµç ´ëÈ­»óÀÚ¿¡¼­ 'È®ÀÎ'À» Ŭ¸¯ÇÏ°í ½Ã½ºÅÛÀ» Àç½ÃÀÛÇÑ´Ù. 10. ³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇØ º¸±â À§Çؼ­ ¸®´ª½º È£½ºÆ®·Î Ping À» Çغ»´Ù: 'È­ÀÏ/½ÇÇà', ping 192.168.0.1¶ó°í ÀÔ·Â. (ÀÌ°ÍÀº ´ÜÁö ³»ºÎ LAN ¿¬°áÀ» ½ÃÇèÇÏ´Â °ÍÀÌ´Ù. ¾ÆÁ÷Àº ¹Ù±ù ¼¼°è·Î ping À» ÇÒ ¼ö°¡ ¾ø´Ù.) PING ÇÑ °Í¿¡ ´ëÇØ ÀÀ´äÀÌ ¾ø´Ù¸é ³×Æ®¿÷ ¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù. 4.3. Windows¿¡¼­ Workgroup 3.11 ¼³Á¤ 1. ³×Æ®¿÷ ÀåÄ¡ µå¶óÀ̹ö¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´Ù¸é Áö±Ý ¼³Ä¡ÇÑ´Ù. µå¶óÀ̹ö ¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼­¿¡¼­ ´Ù·çÁö ¾Ê´Â´Ù. 2. TCP/IP 32b ÆÐÅ°Áö°¡ ¾ÆÁ÷ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù¸é ¼³Ä¡ÇÑ´Ù. 3. 4. 5. IP ÁÖ¼Ò¸¦ 192.168.0.x (1 < x < 255)·Î ¼³Á¤ÇÑ´Ù. ±×¸®°í ¼­ºê³Ý ¸¶½ºÅ©¸¦ 255.255.255.0À¸·Î µðÆúÆ® °ÔÀÌÆ®¿þÀ̸¦ 192.168.0.1·Î ¼³Á¤ÇÑ´Ù. 6. Windows NT µµ¸ÞÀÎ ³»¿¡ ÀÖÁö ¾Ê°Å³ª °¢ Ç׸ñÀÌ ¹«¾ùÀ» ÀǹÌÇÏ´ÂÁö Àß ¸ð¸¦ ¶§¿¡´Â 'Automatic DHCP Configuration'ÀÇ È°¼ºÈ­¸¦ ÇØÁ¦ÇÏ°í, 'WINS Server' ºÎºÐ¿¡ ¾Æ¹«°Íµµ ÀÔ·ÂÇÏÁö ¸»µµ·Ï ÇÑ´Ù. 7. 8. 9. ¸ðµç ´ëÈ­»óÀÚ¿¡¼­ 'È®ÀÎ'À» Ŭ¸¯ÇÏ°í ½Ã½ºÅÛÀ» Àç½ÃÀÛÇÑ´Ù. 10. ³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇØ º¸±â À§Çؼ­ ¸®´ª½º È£½ºÆ®·Î Ping À» Çغ»´Ù: 'È­ÀÏ/½ÇÇà', ping 192.168.0.1¶ó°í ÀÔ·Â. 4.4. UNIX ±â¹Ý ½Ã½ºÅÛÀÇ ¼³Á¤ 1. ¾ÆÁ÷ ³×Æ®¿÷ Ä«µå¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò°Å³ª ÇØ´ç µå¶óÀ̹ö¸¦ Áö¿øÇϵµ·Ï Ä¿³ÎÀ» ´Ù½Ã ÄÄÆÄÀÏ ÇÏÁö ¾Ê¾Ò´Ù¸é Áö±Ý ÇÑ´Ù. ÀÌ ¹®¼­¿¡¼­ ÀÌ ³»¿ëÀº ´Ù·çÁö ¾Ê´Â´Ù. 2. TCP/IP ³×Æ®¿÷ÀÌ ¾ÆÁ÷ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù¸é, net-tools ÆÐÅ°Áö¿Í °°Àº TCP/IP ³×Æ®¿÷ ÅøÀ» ¼³Ä¡ÇÑ´Ù. 3. IPADDR¸¦ 192.168.0.x (1 < x < 255)·Î ¼³Á¤ÇÑ´Ù. NETMASK¸¦ 255.255.255.0, GATEWAY¸¦ 192.168.0.1, ±×¸®°í BROADCAST¸¦ 192.168.0.255·Î ¼³Á¤ÇÑ´Ù. ¿¹¸¦ µé¾î¼­ ·¡µåÇÞ ¸®´ª½º ½Ã½ºÅÛÀ̶ó¸é, /etc/sysconfig/network- scripts/ifcfg-eth0È­ÀÏÀ» ÆíÁýÇϰųª, °£´ÜÇÏ°Ô Control Panel¿¡¼­ ÇØ°áÇÒ ¼ö ÀÖ´Ù. SunOS, BSDi, Slackware Linux, Solaris, SuSe, Debian µîµî.. ´Ù¸¥ UNIX¿¡¼­´Â ¹æ¹ýÀÌ ´Ù¸¦ ¼öµµ ÀÖ´Ù. Á¤º¸¸¦ ´õ ¾ò°íÀÚ ÇÑ´Ù¸é ¿©·¯ºÐÀÇ ÇØ´ç UNIX ¹®¼­¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù. 4. /etc/resolv.confÈ­ÀÏ¿¡ µµ¸ÞÀÎ ³×ÀÓ ¼­ºñ½º(DNS)¸¦ Ãß°¡ÇÏ°í µµ¸ÞÀÎ °Ë»ö Á¢¹Ì»ç¸¦ Ãß°¡ÇÑ´Ù. UNIX ¹öÁ¯°ú Á¾·ù¿¡ µû¶ó¼­´Â, /etc/nsswitch.conf È­ÀÏÀ» ÆíÁýÇؼ­ DNS ¼­ºñ½º¸¦ »ç¿ë°¡´ÉÇÏ°Ô ÇÑ´Ù. 5. ¼³Á¤¿¡ µû¶ó¼­´Â /etc/networks È­ÀÏÀ» ÆíÁýÇؼ­ ¹Ù²Ù¾îÁà¾ß ÇÒ ¼öµµ ÀÖ´Ù. 6. ÀûÀýÇÑ ¼­ºñ½ºµéÀ» Àç½Ãµ¿Çϰųª, ȤÀº °£´ÜÇÏ°Ô ¾Æ¿¹ ½Ã½ºÅÛ ÀÚü¸¦ Àç½ÃÀÛÇÑ´Ù. 7. °ÔÀÌÆ®¿þÀÌ°¡ µÇ´Â ÄÄÇ»ÅÍ·ÎÀÇ ¿¬°áÀ» ½ÃÇèÇϱâ À§Çؼ­ ´ÙÀ½°ú °°ÀÌ ping ¸í·ÉÀ» ³»¸°´Ù: ping 192.168.0.1. (ÀÌ°ÍÀº ´ÜÁö ³»ºÎ LAN ¿¬°áÀ» ½ÃÇèÇÏ´Â °ÍÀÌ´Ù. ¾ÆÁ÷Àº ¹Ù±ù ¼¼°è·Î ping À» ÇÒ ¼ö°¡ ¾ø´Ù.) PING ÇÑ °Í¿¡ ´ëÇØ ÀÀ´äÀÌ ¾ø´Ù¸é ³×Æ®¿÷ ¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù. 4.5. NCSA ÅÚ³Ý ÆÐÅ°Áö¸¦ »ç¿ëÇÏ´Â DOSÀÇ ¼³Á¤ 1. ¾ÆÁ÷ ³×Æ®¿÷ Ä«µå¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´Ù¸é Áö±Ý ¼³Ä¡ÇÑ´Ù. ³×Æ®¿÷ Ä«µå ¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼­¿¡¼­ ´Ù·çÁö ¾Ê´Â´Ù. 2. ÀûÀýÇÑ ÆÐŶ µå¶óÀ̹ö¸¦ ·ÎµåÇÑ´Ù. ¿¹¸¦ µé¾î¼­: NE2000 ÀÌ´õ³Ý Ä«µå¸¦ I/O Æ÷Æ® 300, IRQ 10À¸·Î »ç¿ëÇÑ´Ù¸é, nwpd 0x60 10 0x300¶ó°í ¸í·ÉÇÑ´Ù. 3. »õ·Î¿î µð·ºÅ丮¸¦ ¸¸µé°í, ±× µð·ºÅ丮¿¡ NCSA ÅÚ³Ý ÆÐÅ°Áö¸¦ Ç®¾î ³õ´Â´Ù: pkunzip tel2308b.zip 4. ÅؽºÆ® ¿¡µðÅÍ·Î config.tel È­ÀÏÀ» ¿¬´Ù. 5. myip=192.168.0.x (1 < x < 255)·Î, netmask=255.255.255.0·Î ¼³Á¤ÇÑ´Ù. 6. ÀÌ ¿¹¿¡¼­´Â, hardware=packet, interrupt=10, ioaddr=60¶ó°í ¼³Á¤ÇØ¾ß ÇÑ´Ù. 7. °ÔÀÌÆ® ¿þÀ̷μ­ Àû¾îµµ ÇÑ°³ÀÇ ÄÄÇ»ÅÍ¿¡ ´ëÇÑ ¼³Á¤ÀÌ ÀÖ¾î¾ß ÇÑ´Ù(¿¹¸¦ µé¸é ÀÌ °æ¿ì¿¡´Â ¸®´ª½º È£½ºÆ®): name=default host=¸®´ª½ºÈ£½ºÆ®À̸§ hostip=192.168.0.1 gateway=1 8. µµ¸ÞÀÎ ³×ÀÓ ¼­ºñ½º¸¦ À§Çؼ­ ¶Ç ÇϳªÀÇ ¼³Á¤À» ÇØÁà¾ß ÇÑ´Ù: name=dns.domain.com ; hostip=123.123.123.123; nameserver=1 Note: ¸®´ª½º È£½ºÆ®°¡ »ç¿ëÇÏ°í ÀÖ´Â Á¤º¸´ë·Î À§ÀÇ ³»¿ëÀ» ¼öÁ¤ÇØ ÁØ´Ù. 9. config.tel È­ÀÏÀ» ÀúÀåÇÑ´Ù. 10. ³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇϱâ À§Çؼ­ ¸®´ª½º È£½ºÆ®·Î ÅÚ³Ý ¿¬°áÀ» ÇØ º»´Ù: telnet 192.168.0.1 ¸¸¾à ·Î±ä ÇÁ·ÒÇÁÆ®°¡ ³ª¿ÀÁö ¾Ê´Â´Ù¸é, ³×Æ®¿÷ ¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù. 4.6. MacTCP¸¦ »ç¿ëÇÏ´Â MacOS ±â¹Ý ½Ã½ºÅÛÀÇ ¼³Á¤ 1. ÀÌ´õ³Ý ¾î´ðÅ͸¦ À§ÇÑ ¼ÒÇÁÆ®¿þ¾î¸¦ ¾ÆÁ÷ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´Ù¸é Áö±Ý ¼³Ä¡ÇÑ´Ù. ¾î´ðÅÍ ¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼­¿¡¼­ ´Ù·çÁö ¾Ê´Â´Ù. 2. MacTCP control panelÀ» ¿¬´Ù. ÀûÀýÇÑ ³×Æ®¿÷ µå¶óÀ̹ö¸¦ ¼±ÅÃÇÑ´Ù(EtherTalkÀÌ ¾Æ´Ï°í EthernetÀ» ¼±ÅÃ). ±×¸®°í 'More...' ¹öÆ°À» Ŭ¸¯ÇÑ´Ù. 3. 4. Address:' 5. 6. 7. 8. MacTCP control panelÀ» ´Ý´Â´Ù. Àç½ÃÀÛÀ» ¹¯´Â ´ëÈ­»óÀÚ°¡ ³ªÅ¸³ª¸é ½Ã½ºÅÛÀ» Àç½ÃÀÛÇÑ´Ù. 9. ³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇϱâ À§Çؼ­ ¸®´ª½º È£½ºÆ®¿¡ pingÀ» º¸³¾ ¼ö ÀÖ´Ù. MacTCP Watcher¶ó´Â ÇÁ¸®¿þ¾î ¼ÒÇÁÆ®¿þ¾î°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù¸é, 'Ping' ¹öÆ°À» ´©¸£°í, ³ªÅ¸³ª´Â ´ëÈ­»óÀÚ¿¡¼­ ¸®´ª½º È£½ºÆ®ÀÇ ÁÖ¼Ò(192.168.0.1)¸¦ ÀÔ·ÂÇÑ´Ù. (ÀÌ°ÍÀº ´ÜÁö ³»ºÎ LAN ¿¬°áÀ» ½ÃÇèÇÏ´Â °ÍÀÌ´Ù. ¾ÆÁ÷Àº ¹Ù±ù ¼¼°è·Î ping À» ÇÒ ¼ö°¡ ¾ø´Ù.) PING ÇÑ °Í¿¡ ´ëÇØ ÀÀ´äÀÌ ¾ø´Ù¸é ³×Æ®¿÷ ¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù. 10. ³»ºÎ LAN¿¡¼­ IP ÁÖ¼Ò ´ë½Å È£½ºÆ® À̸§À» »ç¿ëÇϱâ À§Çؼ­, ½Ã½ºÅÛ Æú´õ¿¡ Hosts È­ÀÏÀ» ¸¸µé ¼öµµ ÀÖ´Ù. ½Ã½ºÅÛ Æú´õ¿¡´Â ÀÌ È­ÀÏÀÌ ÀÌ¹Ì Á¸ÀçÇÏ°í ÀÖÀ» °ÍÀÌ´Ù. ÀÌ È­ÀÏ¿¡´Â ¿©·¯ºÐÀÇ °æ¿ì¿¡ ¸ÂÃç¼­ ¼öÁ¤Çؼ­ »ç¿ëÇÒ ¼öÀÖ´Â »ùÇÃÀÌ µé¾î ÀÖÀ» °ÍÀÌ´Ù. 4.7. Open Transport¸¦ »ç¿ëÇÏ´Â MacOS ±â¹Ý ½Ã½ºÅÛÀÇ ¼³Á¤ 1. ÀÌ´õ³Ý ¾î´ðÅ͸¦ À§ÇÑ ÀûÀýÇÑ µå¶óÀ̹ö°¡ ¾ÆÁ÷ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù¸é, Áö±Ý ¼³Ä¡ÇÑ´Ù. µå¶óÀ̹ö ¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼­¿¡¼­ ´Ù·çÁö ¾Ê´Â´Ù. 2. TCP/IP Control PanelÀ» ¿­¾î¼­ Edit ¸Þ´º¿¡¼­ 'User Mode ...'¸¦ ¼±ÅÃÇÑ´Ù. user mode °¡ ÃÖ¼ÒÇÑ 'Advanced' ÀÌ»ó¿¡ ¼³Á¤µÇ¾î ÀÖ´ÂÁö È®ÀÎÇÏ°í 'OK' ¹öÆ°À» ´©¸¥´Ù. 3. File ¸Þ´º¿¡¼­ 'Configurations...'¸¦ ¼±ÅÃÇÑ´Ù. 'Default' ·Î µÇ¾î ÀÖ´Â ¼³Á¤À» ¼±ÅÃÇÏ°í 'Duplicate...' ¹öÆ°À» Ŭ¸¯ÇÑ´Ù. 'Duplicate Configuration' ´ëÈ­»óÀÚ¿¡¼­, 'IP Masq' (ȤÀº º¸ÅëÀÇ °æ¿ì¿¡¼­ÀÇ ¼³Á¤ÀÌ ¾Æ´Ï¶ó´Â °ÍÀ» ÀǹÌÇÏ´Â °Í)À» ÀÔ·ÂÇÑ´Ù. ÀÌ·¸°Ô Çϸé 'Default copy'¿Í °°Àº °ÍÀÌ ³ªÅ¸³¯ °ÍÀÌ´Ù. ±×·¯¸é 'OK' ¹öÆ°À» Ŭ¸¯ÇÏ°í, 'Make Active' ¹öÆ°À» Ŭ¸¯ÇÑ´Ù. 4. 5. 6. Address:' 7. 8. 9. 10. 11. ´ÙÀ½ °úÁ¤Àº ¼±ÅÃÀûÀÌ´Ù. À߸ø ¼³Á¤Çϸé Á¤»ó µ¿ÀÛÇÏÁö ¾ÊÀ» ¼öµµ ÀÖ´Ù. Àß ¸ð¸£°Ú´Ù¸é, ¾Æ¹«°Íµµ ÀÔ·ÂÇÏÁö ¸»°í ºñ¿öµÎ°Å³ª, ¾Æ¹«°Íµµ ¼±ÅõÇÁö ¾ÊÀº ä·Î µÎ´Â °ÍÀÌ ÁÁÀ» °ÍÀÌ´Ù. ÇÊ¿äÇÏ´Ù¸é, ÀԷµǾî ÀÖ´Â Á¤º¸¸¦ ¸ðµÎ ¾ø¾Öµµ·Ï ÇÑ´Ù. ÇÊÀÚ°¡ ¾Æ´Â ÇÑ, TCP/IP ´ëÈ­»óÀÚ¸¦ ÅëÇؼ­ ½Ã½ºÅÛÀÌ ÀÌÀü¿¡ ¼±ÅõǾî ÀÖ´Â ´Ù¸¥ "Hosts" È­ÀÏÀ» »ç¿ëÇÏÁö ¾Êµµ·Ï ÇÏ´Â ¹æ¹ýÀº ¾ø´Ù. ¸¸¾à ¿©·¯ºÐÀÌ ±× ¹æ¹ýÀ» ¾Ë°í ÀÖ´Ù¸é, ÇÊÀÚ¿¡°Ô ¾Ë·ÁÁÖ±æ ¹Ù¶õ´Ù. ¿©·¯ºÐÀÇ ³×Æ®¿÷ÀÌ 802.3 ŸÀÔÀÇ ÇÁ·¹ÀÓÀ» ÇÊ¿ä·Î ÇÑ´Ù¸é '802.3'À» üũÇÑ´Ù. 12. 13. ³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇϱâ À§Çؼ­ ¸®´ª½º È£½ºÆ®¿¡ pingÀ» º¸³¾ ¼ö ÀÖ´Ù. MacTCP Watcher¶ó´Â ÇÁ¸®¿þ¾î ¼ÒÇÁÆ®¿þ¾î°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù¸é, 'Ping' ¹öÆ°À» ´©¸£°í, ³ªÅ¸³ª´Â ´ëÈ­»óÀÚ¿¡¼­ ¸®´ª½º È£½ºÆ®ÀÇ ÁÖ¼Ò(192.168.0.1)¸¦ ÀÔ·ÂÇÑ´Ù. (ÀÌ°ÍÀº ´ÜÁö ³»ºÎ LAN ¿¬°áÀ» ½ÃÇèÇÏ´Â °ÍÀÌ´Ù. ¾ÆÁ÷Àº ¹Ù±ù ¼¼°è·Î ping À» ÇÒ ¼ö°¡ ¾ø´Ù.) PING ÇÑ °Í¿¡ ´ëÇØ ÀÀ´äÀÌ ¾ø´Ù¸é ³×Æ®¿÷ ¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù. 14. ³»ºÎ LAN¿¡¼­ IP ÁÖ¼Ò ´ë½Å È£½ºÆ® À̸§À» »ç¿ëÇϱâ À§Çؼ­, ½Ã½ºÅÛ Æú´õ¿¡ Hosts È­ÀÏÀ» ¸¸µé ¼öµµ ÀÖ´Ù. ÀÌ È­ÀÏÀº ½Ã½ºÅÛ Æú´õ¿¡ ÀÖÀ» ¼öµµ ÀÖ°í ¾øÀ» ¼öµµ ÀÖ´Ù. ÀÌ È­ÀÏÀÌ Á¸ÀçÇÑ´Ù¸é, ¿©·¯ºÐÀÇ °æ¿ì¿¡ ¸ÂÃç¼­ ¼öÁ¤Çؼ­ »ç¿ëÇÒ ¼öÀÖ´Â »ùÇÃÀÌ µé¾î ÀÖÀ» °ÍÀÌ´Ù. Á¸ÀçÇÏÁö ¾Ê´Â´Ù¸é, MacTCP¸¦ »ç¿ëÇÏ°í ÀÖ´Â ½Ã½ºÅÛÀ¸·ÎºÎÅÍ º¹»çÇØ ¿Í¼­ ¼öÁ¤ÇØ ¾²°Å³ª, ±×³É ¿©·¯ºÐ ÀÚ½ÅÀÌ ¸¸µé¾î¼­ »ç¿ëÇصµ µÈ´Ù(ÀÌ È­ÀÏÀÇ Çü½ÄÀº UNIXÀÇ /etc/hosts È­ÀÏ Çü½ÄÀÇ ÀϺθ¦ »ç¿ëÇϸç, RFC952¿¡ ¼³¸íµÇ¾î ÀÖ´Ù). ÀÏ´Ü È­ÀÏÀ» ¸¸µé°í ³ª¸é, TCP/IP control panelÀ» ¿­¾î¼­, 'Select Hosts File...' ¹öÆ°À» ´©¸£°í Hosts È­ÀÏÀ» ¿¬´Ù. 15. ´Ý±â »óÀÚ¸¦ Ŭ¸¯Çϰųª File ¸Þ´º¿¡¼­ 'Close' ȤÀº 'Quit' À» ¼±ÅÃÇÑ´Ù. ±×¸®°í 'Save' ¹öÆ°À» Ŭ¸¯Çؼ­ º¯°æ»çÇ×À» ÀúÀåÇÑ´Ù. 16. º¯°æ »çÇ×Àº Áï½Ã ¹Ý¿µµÇÁö¸¸, ½Ã½ºÅÛÀ» ÀçºÎÆÃÇÏ´Â °Íµµ ÁÁ´Ù. 4.8. DNS¸¦ »ç¿ëÇÏ´Â Novell ³×Æ®¿÷ÀÇ ¼³Á¤ 1. ÀÌ´õ³Ý ¾î´ðÅÍÀ» À§ÇÑ µå¶óÀ̹ö ¼ÒÇÁÆ®¿þ¾î°¡ ¾ÆÁ÷ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù¸é, Áö±Ý ¼³Ä¡ÇÑ´Ù. µå¶óÀ̹ö ¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼­¿¡¼­ ´Ù·çÁö ¾Ê´Â´Ù. 2. The Novell LanWorkPlace page ¿¡¼­ tcpip16.exe¸¦ ´Ù¿î·ÎµåÇÑ´Ù. 3. c:\nwclient\startnet.bat¸¦ ÆíÁýÇÑ´Ù SET NWLANGUAGE=ENGLISH LH LSL.COM LH KTC2000.COM LH IPXODI.COM LH tcpip LH VLM.EXE F: 4. c:\nwclient\net.cfg¸¦ ÆíÁýÇÑ´Ù Link Driver KTC2000 Protocol IPX 0 ETHERNET_802.3 Frame ETHERNET_802.3 Frame Ethernet_II FRAME Ethernet_802.2 NetWare DOS Requester FIRST NETWORK DRIVE = F USE DEFAULTS = OFF VLM = CONN.VLM VLM = IPXNCP.VLM VLM = TRAN.VLM VLM = SECURITY.VLM VLM = NDS.VLM VLM = BIND.VLM VLM = NWP.VLM VLM = FIO.VLM VLM = GENERAL.VLM VLM = REDIR.VLM VLM = PRINT.VLM VLM = NETX.VLM Link Support Buffers 8 1500 MemPool 4096 Protocol TCPIP PATH SCRIPT C:\NET\SCRIPT PATH PROFILE C:\NET\PROFILE PATH LWP_CFG C:\NET\HSTACC PATH TCP_CFG C:\NET\TCP ip_address 192.168.0.xxx ip_router 192.168.0.1 À§ÀÇ "ip_address" ºÎºÐÀº ¿©·¯ºÐÀÇ IP ÁÖ¼Ò·Î ÇÑ´Ù (192.168.0.x, 1 < x < 255) ±×¸®°í ¸¶Áö¸·À¸·Î c:\bin\resolv.cfg¸¦ ÆíÁýÇÑ´Ù: SEARCH DNS HOSTS SEQUENTIAL NAMESERVER xxx.xxx.xxx.xxx NAMESERVER yyy.yyy.yyy.yyy 5. À§ÀÇ "NAMESERVER" ºÎºÐÀº ¿©·¯ºÐÀÌ »ç¿ëÇÏ´Â DNS ¼­¹ö·Î ´ëüÇÑ´Ù. 6. °ÔÀÌÆ®¿þÀÌ ÄÄÇ»ÅÍ·ÎÀÇ ³×Æ®¿÷ ¿¬°áÀ» ½ÃÇèÇϱâ À§Çؼ­ ping ¸í·ÉÀ» ÇÑ´Ù: ping 192.168.0.1 (ÀÌ°ÍÀº ´ÜÁö ³»ºÎ LAN ¿¬°áÀ» ½ÃÇèÇÏ´Â °ÍÀÌ´Ù. ¾ÆÁ÷Àº ¹Ù±ù ¼¼°è·Î ping À» ÇÒ ¼ö°¡ ¾ø´Ù.) PING ÇÑ °Í¿¡ ´ëÇØ ÀÀ´äÀÌ ¾ø´Ù¸é ³×Æ®¿÷ ¼³Á¤À» ´Ù½Ã È®ÀÎÇÑ´Ù. 4.9. OS/2 WarpÀÇ ¼³Á¤ 1. ÀÌ´õ³Ý ¾î´ðÅ͸¦ À§ÇÑ ÀûÀýÇÑ µå¶óÀ̹ö ¼ÒÇÁÆ®¿þ¾î°¡ ¾ÆÁ÷ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù¸é Áö±Ý ¼³Ä¡ÇÑ´Ù. µå¶óÀ̹ö ¼³Ä¡¿¡ °üÇÑ °ÍÀº ÀÌ ¹®¼­¿¡¼­ ´Ù·çÁö ¾Ê´Â´Ù. 2. TCP/IP ÇÁ·ÎÅäÄÝÀÌ ¾ÆÁ÷ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù¸é Áö±Ý ¼³Ä¡ÇÑ´Ù. 3. Programs/TCP/IP (LAN) / TCP/IP ¼³Á¤À¸·Î °£´Ù. 4. 5. 6. 7. TCP/IP control panelÀ» ´Ý°í µÚÀÌ¾î ³ª¿À´Â Áú¹®µé¿¡ yes¸¦ ´äÇÑ´Ù. 8. ½Ã½ºÅÛÀ» ÀçºÎÆÃÇÑ´Ù. 9. ³×Æ®¿÷ ¼³Á¤À» ½ÃÇèÇϱâ À§Çؼ­ ¸®´ª½º È£½ºÆ®¸¦ ping ÇÒ ¼öµµ ÀÖ´Ù. 'OS/2 Command prompt Window'¿¡¼­ 'ping 192.168.0.1'¶ó°í ÀÔ·ÂÇÑ´Ù. ping ÆÐŶÀÌ µ¹¾Æ¿À¸é ¸ðµç°Ô Á¦´ë·Î ¼³Á¤µÈ °ÍÀÌ´Ù. 4.10. ±×¿Ü ´Ù¸¥ ½Ã½ºÅÛÀÇ ¼³Á¤ ±×¿Ü ´Ù¸¥ ½Ã½ºÅÛÀ» ¼³Á¤ÇÒ ¶§¿¡µµ Áö±Ý±îÁö¿Í °°Àº ¹æ½ÄÀ» »ç¿ëÇÑ´Ù. À§ÀÇ ¼½¼ÇµéÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. À§¿¡¼­ ´Ù·çÁö ÀÖÁö ¾Ê´Â ½Ã½ºÅÛ¿¡¼­ÀÇ ¼³Á¤¿¡ ´ëÇؼ­ ±ÛÀ» ½á ÁÖ½Ç ºÐÀº, ±× ÀÚ¼¼ÇÑ ¼³Á¤°úÁ¤À» ambrose@writeme.com°ú dranch@trinnet.netÀ¸·Î º¸³»Áֱ⠹ٶõ´Ù. 5. IP ¸¶½ºÄ¿·¹À̵åÀÇ ½ÃÇè ÀÌÁ¦ ¸¶Áö¸·À¸·Î, IP ¸¶½ºÄ¿·¹À̵ùÀ» ½ÃÇèÇÒ ¶§´Ù. ¸®´ª½º È£½ºÆ®¸¦ ¾ÆÁ÷ ÀçºÎÆÃÇغ¸Áö ¾Ê¾Ò´Ù¸é, Áö±Ý ÀçºÎÆÃÇÏ°í ºÎÆÃÀÌ ¼º°øÇÏ´ÂÁö È®ÀÎÇÏ°í, /etc/rc.d/rc.firewall Á¤Ã¥À» ½ÇÇàÇÑ´Ù. ´ÙÀ½À¸·Î, ³»ºÎ LAN°úÀÇ ¿¬°á°ú ¿ÜºÎ ÀÎÅͳÝÀ¸·ÎÀÇ ¿¬°áÀÌ Á¦´ë·Î µÇ¾î ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. ÀÌÁ¦ ´ÙÀ½°ú °°ÀÌ ÇÑ´Ù: o ù¹ø°: ¸¶½ºÄ¿·¹À̵ù ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡¼­, ³»ºÎÀÇ ´Ù¸¥ ÄÄÇ»ÅÍ·Î pingÀ» Çغ»´Ù(¿¹¸¦ µé¸é ping 192.168.0.10 °ú °°ÀÌ). ÀÌ°ÍÀ¸·Î ³»ºÎ LANÀÇ ÄÄÇ»ÅÍ¿¡¼­ TCP/IP°¡ Á¦´ë·Î µ¿ÀÛÇÏ´ÂÁö È®ÀÎÇÒ ¼ö ÀÖ´Ù. ¸¸¾à Á¦´ë·Î µÇÁö ¾Ê´Â´Ù¸é, ³»ºÎ ÄÄÇ»Å͵鿡¼­ TCP/IP ¼³Á¤À» ÀÌ HOWTO¿¡¼­ ¼³¸íÇÑ ´ë·Î Á¦´ë·Î Çß´ÂÁö ´Ù½Ã È®ÀÎÇÑ´Ù. o µÎ¹ø°: ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö ÀÚü¿¡¼­, ¸¶½ºÄ¿·¹ÀÌµå ³»Æ®¿÷ ³»ºÎÀÇ IP ÁÖ¼Ò·Î pingÀ» Çغ»´Ù(¿¹¸¦ µé¸é ping 192.168.0.1°ú °°ÀÌ). ÀÌÁ¦ ÀÎÅÍ³Ý »óÀÇ ¿ÜºÎ IP ÁÖ¼Ò·Î pingÀ» Çغ»´Ù. ÀÌ ¿ÜºÎÀÇ ÁÖ¼Ò´Â ISP¿¡ ¿¬°áµÈ ÀÚ±â ÀÚ½ÅÀÇ PPP, ÀÌ´õ³Ý µîÀÇ ÁÖ¼Ò¿©µµ µÈ´Ù. ÀÌ IP ÁÖ¼Ò¸¦ ¸ð¸¥´Ù¸é, "/sbin/ifconfig"¶ó°í ¸í·ÉÇؼ­ ÀÎÅÍ³Ý ÁÖ¼Ò¸¦ ¾Ë¾Æ³½´Ù. ÀÌ°ÍÀ¸·Î ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö¿¡ ³×Æ®¿÷ÀÌ ¿ÂÀüÈ÷ ¿¬°áµÇ¾î ÀÖ´ÂÁö ¾Ë ¼ö°¡ ÀÖ´Ù. o ¼¼¹ø°: ´Ù½Ã ¸¶½ºÄ¿·¹À̵ù µÇ´Â ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡¼­, ¸¶½ºÄ¿·¹À̵ù ¸®´ª½º È£½ºÆ®ÀÇ ³»ºÎ ÀÌ´õ³Ý Ä«µå¿¡ ¿¬°áµÈ IP ÁÖ¼Ò·Î pingÀ» Çغ»´Ù(¿¹¸¦ µé¸é ping 192.168.0.1°ú °°ÀÌ). ÀÌ°ÍÀ¸·Î ³»ºÎ ³×Æ®¿÷°ú ¶ó¿ìÆÃÀÌ Á¦´ë·Î µÇ°í ÀÖ´ÂÁö È®ÀÎÇÒ ¼ö ÀÖ´Ù. ¸¸¾à ÀÌ°ÍÀÌ ½ÇÆÐÇÑ´Ù¸é, ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö¿Í ³»ºÎ ÄÄÇ»ÅÍÀÇ ÀÌ´õ³Ý Ä«µå°¡ "¹°¸®ÀûÀ¸·Î" ¿¬°áµÇ¾î ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. ÀÌ´Â ÀÌ´õ³Ý Ä«µå µÞ¸éÀ̳ª ÀÌ´õ³Ý Çãºê/½ºÀ§Ä¡(¸¸¾à ÀÖ´Ù¸é)ÀÇ LED°¡ Á¡µîÇÏ´ÂÁö È®ÀÎÇÏ¸é µÈ´Ù. o ³×¹ø°: ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡¼­, ¸¶½ºÄ¿·¹ÀÌµå ¼­¹öÀÇ ¿ÜºÎ·Î ¿¬°áµÈ TCP/IP ÁÖ¼Ò·Î pingÀ» Çغ»´Ù. ÀÌ ÁÖ¼Ò´Â ISP¿¡ ¿¬°áµÈ ¿©·¯ºÐÀÇ PPP, ÀÌ´õ³Ý µîÀÇ ÁÖ¼ÒÀÏ °ÍÀÌ´Ù. ÀÌ ping Å×½ºÆ®·Î, ¸¶½ºÄ¿·¹À̵ù(ƯÈ÷ ICMP ¸¶½ºÄ¿·¹À̵ù)ÀÌ Á¦´ë·Î ÀÛµ¿ÇÏ°í ÀÖ´ÂÁö È®ÀÎÇÒ ¼ö ÀÖ´Ù. ¸¸¾à ÀÌ°ÍÀÌ Á¦´ë·Î µ¿ÀÛÇÏÁö ¾Ê´Â´Ù¸é, Ä¿³ÎÀÌ "ICMP Masquerading"À» Áö¿øÇϵµ·Ï µÇ¾î ÀÖ´ÂÁö¿Í /etc/rc.d/rc.firewall ½ºÅ©¸³Æ®¿¡¼­ "IP Forwarding"À» Çã¿ëÇß´ÂÁö È®ÀÎÇÑ´Ù. /etc/rc.d/rc.firewall Á¤Ã¥ÀÌ Á¦´ë·Î ·ÎµåµÇ¾ú´ÂÁöµµ È®ÀÎÇÑ´Ù. /etc/rc.d/rc.firewall ½ºÅ©¸³Æ®¸¦ ¼öµ¿À¸·Î ½ÇÇàÇؼ­ Á¦´ë·Î µ¿ÀÛÇÏ´ÂÁöµµ È®ÀÎÇÑ´Ù. ¿©ÀüÈ÷ Á¦´ë·Î ÀÛµ¿ÇÏÁö ¾Ê´Â´Ù¸é, ´ÙÀ½ ¸í·ÉÀÇ Ãâ·ÂÀ» Àß È®ÀÎÇØ º»´Ù. o "ifconfig" : ÀÎÅÍ³Ý ¿¬°áÀÌ UP µÇ¾î ÀÖ´ÂÁö¿Í ÀÎÅÍ³Ý ¿¬°á¿¡ Á¦´ë·Î µÈ IP ÁÖ¼Ò°¡ ¼³Á¤µÇ¾î ÀÖ´ÂÁö¸¦ È®ÀÎÇÑ´Ù. o "netstat -rn" : µðÆúÆ® °ÔÀÌÆ®¿þÀÌ(Gateway ºÎºÐ¿¡ 0.0.0.0ÀÌ ¾Æ´Ñ IP ÁÖ¼Ò°¡ ÀÖ´Â °Í)°¡ ¼³Á¤µÇ¾î ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. o "cat /proc/sys/net/ipv4/ip_forward" : "1"À» Ãâ·ÂÇÏ¸é ¸®´ª½º Æ÷¿öµùÀÌ Çã¿ëµÇ¾î ÀÖ´Â °ÍÀε¥ ÀÌ·¸°Ô ³ª¿À´ÂÁö È®ÀÎÇÑ´Ù. o Ä¿³Î 2.0.x¿¡¼­´Â "/sbin/ipfwadm -F -l", Ä¿³Î 2.2.x¿¡¼­´Â "/sbin/ipchains -F -L" : ¸¶½ºÄ¿·¹À̵ùÀÌ È°¼ºÈ­ µÇ¾î ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. o ´Ù¼¸¹ø°: ¸¶½ºÄ¿·¹À̵ùµÇ´Â ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡¼­, ÀÎÅÍ³Ý»ó¿¡ ÀÖ´Â °íÁ¤ IP ÁÖ¼Ò·Î pingÀ» Çغ»´Ù (¿¹¸¦ µé¸é, ping 152.19.254.81 ¿Í °°ÀÌ (ÀÌ ÁÖ¼Ò´Â LDP ȨÆäÀÌÁöÀÎ http://metalab.unc.edu ÀÇ ÁÖ¼ÒÀÌ´Ù). ÀÌ°ÍÀÌ µ¿ÀÛÇϸé, ÀÎÅͳÝÀ» ÇâÇÑ ICMP ¸¶½ºÄ¿·¹À̵ùÀÌ Á¦´ë·Î ÀÌ·ç¾îÁö°í ÀÖ´Ù´Â °ÍÀ» ÀǹÌÇÑ´Ù. ¸¸¾à µ¿ÀÛÇÏÁö ¾ÊÀ¸¸é, ÀÎÅÍ³Ý ¿¬°áÀ» ´Ù½Ã È®ÀÎÇÑ´Ù. ´Ù½Ã È®ÀÎÇߴµ¥µµ µ¿ÀÛÇÏÁö ¾ÊÀ¸¸é, ¿¹·Î µç °£´ÜÇÑ rc.firewall Á¤Ã¥À» »ç¿ëÇÏ°í ÀÖ´ÂÁö¿Í Ä¿³ÎÀ» ICMP ¸¶½ºÄ¿·¹À̵ùÀ» Æ÷ÇÔÇÏ¿© ÄÄÆÄÀÏÇß´ÂÁö È®ÀÎÇÑ´Ù. o ¿©¼¸¹ø°: ÀÌÁ¦ ¿ÜºÎÀÇ "IP ÁÖ¼Ò"·Î telnetÀ» Çغ»´Ù(¿¹¸¦ µé¸é telnet 152.2.254.81 (metalab.unc.edu - ÀÌ ¼­¹ö´Â ºÎÇÏ°¡ ¸¹ÀÌ °É¸®±â ¶§¹®¿¡ ·Î±ä ÇÁ·ÒÇÁÆ®¸¦ ¹Þ±â±îÁö ½Ã°£ÀÌ °É¸± ¼öµµ ÀÖ´Ù). ¾î´ÀÁ¤µµ ½Ã°£ÀÌ Áö³­ ÈÄ¿¡ ·Î±ä ÇÁ·ÒÇÁÆ®¸¦ ¹Þ´Â°¡? ÀÌ°ÍÀÌ ¼º°øÇϸé, TCP ¸¶½ºÄ¿·¹À̵ùÀÌ Á¦´ë·Î µ¿ÀÛÇÏ°í ÀÖ´Â °ÍÀÌ´Ù. ¸¸¾à ¼º°øÇÏÁö ¸øÇß´Ù¸é, telnetÀ» Áö¿øÇÏ´Â °Í Áß¿¡¼­ ¿©·¯ºÐÀÌ ¾Ë°í ÀÖ´Â °÷À» ½ÃµµÇØ º»´Ù. (¿¹¸¦ µé¸é 198.182.196.55 (www.linux.org). ¿©ÀüÈ÷ µ¿ÀÛÇÏÁö ¾Ê´Â´Ù¸é, ÇöÀç ¿¹·Î µç °£´ÜÇÑ rc.firewall Á¤Ã¥À» »ç¿ëÇÏ°í ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. o ÀÏ°ö¹ø°: ÀÌÁ¦ ¿ÜºÎÀÇ "È£½ºÆ® À̸§"À¸·Î telnetÀ» Çغ»´Ù(¿¹¸¦ µé¸é "telnet metalab.unc.edu" (152.2.254.81). ÀÌ°ÍÀÌ ¼º°øÇϸé, DNS°¡ Á¦´ë·Î µ¿ÀÛÇÏ°í ÀÖ´Â °ÍÀÌ´Ù. ÀÌ°ÍÀº ¼º°øÇÏÁö ¸øÇßÁö¸¸ "³×¹ø°" ´Ü°è´Â ¼º°øÇß´Ù¸é, ¸¶½ºÄ¿·¹À̵ù ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡ DNS ¼­¹ö°ü·Ã ¼³Á¤À» Á¦´ë·Î Çß´ÂÁö È®ÀÎÇÑ´Ù. o ¿©´ü¹ø°: ¸¶Áö¸· ½ÃÇèÀ¸·Î½á, ¸¶½ºÄ¿·¹À̵ù ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡¼­ À¥ ºê¶ó¿ìÁ®¸¦ ÅëÇؼ­ 'INTERNET'»óÀÇ WWW »çÀÌÆ®¸¦ ¿­¾îº¸°í ºê¶ó¿ìÁ®¿¡ Ç¥½Ã°¡ µÇ´ÂÁö È®ÀÎÇÑ´Ù. ¿¹¸¦ µé¾î¼­, Linux Documentation Project site¸¦ Á¢¼ÓÇØ º»´Ù. ÀÌ°ÍÀÌ ¼º°øÇϸé, ¸ðµç °ÍÀÌ ÈǸ¢ÇÏ°Ô µ¿ÀÛÇÏ°í ÀÖ´Â °ÍÀÌ´Ù! ¸®´ª½º ¹®¼­ ÇÁ·ÎÁ§Æ®ÀÇ È¨ÆäÀÌÁö¸¦ º¼ ¼ö ÀÖ´Ù¸é, ÃàÇÏÇÑ´Ù! ¼º°øÇß´Ù! ÀÌ À¥ »çÀÌÆ®¸¦ Á¦´ë·Î º¼ ¼ö ÀÖ´Ù¸é, PING, TELNET, SSHµîÀÇ Ç¥ÁØ ³×Æ®¿÷ Åë½Åµé°ú, °ü·ÃµÈ IP ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀ» ÀûÀçÇϸé FTP, Real Audio, IRC DCCs, Quake I/II/III, CuSeeme, VDOLiveµîµµ Á¦´ë·Î µ¿ÀÛÇÒ °ÍÀÌ´Ù! FTP, IRC, RealAudio, Quake I/II/IIIµîÀÌ Á¦´ë·Î µ¿ÀÛÇÏÁö ¾Ê°Å³ª ºÎ½ÇÇÏ°Ô µ¿ÀÛÇÑ´Ù¸é, "lsmod"¸í·ÉÀ¸·Î °ü·ÃµÈ ¸¶½ºÄ¿·¹À̵ù ¸ðµâµéÀÌ Á¦´ë·Î ÀûÀçµÇ¾î ÀÖ´ÂÁö È®ÀÎÇϰųª ºÎÀûÀýÇÑ ¼­¹ö Æ÷Æ®·Î ÀûÀçµÇ¾î ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. ÇÊ¿äÇÑ ¸ðµâÀÌ ÀûÀçµÇ¾î ÀÖÁö ¾Ê´Ù¸é, /etc/rc.d/rc.firewall ½ºÅ©¸³Æ®°¡ ±× ¸ðµâµéÀ» ÀûÀçÇϵµ·Ï µÇ¾î ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. (¿¹¸¦ µé¸é ÇØ´ç IP ¸¶½ºÄ¿·¹À̵ù ¸ðµâÀÌ ÀÖ´Â ºÎºÐÀÌ "#" ¹®ÀÚ¸¦ Á¦°Å) 6. ±×¿ÜÀÇ IP ¸¶½ºÄ¿·¹ÀÌµå °ü·Ã »çÇ×°ú ¼ÒÇÁÆ®¿þ¾î Áö¿ø 6.1. IP ¸¶½ºÄ¿·¹À̵åÀÇ ¹®Á¦Á¡ ¾î¶² TCP/IP ÀÀ¿ë ÇÁ·Î±×·¥µéÀÇ ÇÁ·ÎÅäÄÝÀº, Æ÷Æ® ¹øÈ£¿¡ ´ëÇÑ °ÍµéÀ» Àڱ⠳ª¸§´ë·Î °¡Á¤Çϰųª ±×µé µ¥ÀÌÅÍÀÇ TCP/IP ÁÖ¼Ò³ª Æ÷Æ® ¹øÈ£¸¦ ¾ÏȣȭÇϱ⠶§¹®¿¡, ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵ùÀ» ÅëÇؼ­´Â Á¦´ë·Î µ¿ÀÛÇÏÁö ¾Ê´Â´Ù. ¾Ïȣȭ ¶§¹®¿¡ ¹®Á¦°¡ µÇ´Â ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇÏ´Â ÀÀ¿ëÇÁ·Î±×·¥µéÀº, ƯÁ¤ÇÑ ÇÁ·Ï½Ã ¼­¹ö¶óµç°¡, ¸¶½ºÄ¿·¹À̵ù ÄÚµå ³»¿¡ ƯÁ¤ IP ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀ» Ãß°¡ÇØ¾ß ÀÛµ¿ÇÑ´Ù. 6.2. ¿ÜºÎ·ÎºÎÅÍ µé¾î¿À´Â ¼­ºñ½º ±âº»ÀûÀ¸·Î, ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵ùÀº ¿ÜºÎ·ÎºÎÅÍ µé¾î¿À´Â ¼­ºñ½ºµéÀ» ÀüÇô ó¸®ÇÏÁö ¸øÇÑ´Ù. ÇÏÁö¸¸, ÀÌ°ÍÀ» ó¸®ÇÒ ¼ö ÀÖ´Â ¸î°¡Áö ¹æ¹ýÀÌ ÀÖ´Ù. ¸¸¾à ³ôÀº ¼öÁØÀÇ º¸¾ÈÀ» ÇÊ¿ä·Î ÇÏÁö ¾Ê´Â´Ù¸é, °£´ÜÈ÷ ¿äûÀÌ µé¾î¿À´Â IP Æ÷Æ®¸¦ Æ÷¿öµùÇØ ÁÖ¸é µÈ´Ù. À̸¦ ¼öÇàÇÏ´Â ¹æ¹ýÀº ¿©·¯°¡Áö°¡ ÀÖÁö¸¸, °¡Àå ¾ÈÁ¤ÀûÀÎ ¹æ¹ýÀº IPPORTFW¸¦ »ç¿ëÇÏ´Â °ÍÀÌ´Ù. ´õ ÀÚ¼¼ÇÑ Á¤º¸´Â ``'' ¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù. ¿ÜºÎ·ÎºÎÅÍ µé¾î¿À´Â ¼­ºñ½ºµé¿¡ ´ëÇؼ­ ¾î´ÀÁ¤µµÀÇ ÀÎÁõÀýÂ÷¸¦ °®°Ô ÇÏ·Á¸é, TCP-wrappers³ª Xinetd µîÀ» »ç¿ëÇؼ­ ƯÁ¤ÇÑ IP ÁÖ¼Ò¸¸ Åë°ú½Ãų ¼ö ÀÖ´Ù. ±× µµ±¸³ª Á¤º¸¸¦ ¾ò±â À§Çؼ­´Â TIS Firewall ToolkitÀ» »ìÆ캸¸é ÁÁÀ» °ÍÀÌ´Ù. ¿ÜºÎ·ÎºÎÅÍ µé¾î¿À´Â ¼­ºñ½ºÀÇ º¸¾È¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº TrinityOS ¹®¼­¿Í IP Masquerade Resource ¿¡¼­ ãÀ» ¼ö ÀÖÀ» °ÍÀÌ´Ù. 6.3. Áö¿øµÇ´Â Ŭ¶óÀ̾ðÆ® ¼ÒÇÁÆ®¿þ¾î¿Í ±×¿Ü ¼³Á¤¿¡ ´ëÇØ ¾Ë¾ÆµÑ Á¡ ** Linux Masquerade Application list ¿¡¼­ ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵ùÀ» ÅëÇؼ­ µ¿ÀÛÇÏ´Â ÀÀ¿ëÇÁ·Î±×·¥µé¿¡ °üÇÑ ´Ù·®ÀÇ ¿ì¼öÇÑ Á¤º¸µéÀ» ¾òÀ» ¼ö ÀÖ´Ù. ÀÌ »çÀÌÆ®´Â ÇöÀç Steve Grevemeyer°¡ °ü¸®ÇÏ°í ÀÖÀ¸¸ç, ±×´Â dzºÎÇÑ µ¥ÀÌŸº£À̽º¸¦ ±¸ÃàÇØ ³õ¾Ò´Ù. ¾ÆÁÖ ÈǸ¢ÇÑ Á¤º¸ÀÚ¿øÀÌ´Ù! ÀϹÝÀûÀ¸·Î, Ç¥ÁØ TCP¿Í UDP¸¦ »ç¿ëÇÏ´Â ÀÀ¿ëÇÁ·Î±×·¥µéÀº Àß ÀÛµ¿ÇÒ °ÍÀÌ´Ù. ¸¸¾à ¾î¶°ÇÑ Á¦¾ÈÀ̳ª ÈùÆ®µîÀÌ ÀÖ´Ù¸é IP Masquerade Resource ¸¦ È®ÀÎÇؼ­ ÀÚ¼¼ÇÑ »çÇ×À» È®ÀÎÇϱ⠹ٶõ´Ù. 6.3.1. IP ¸¶½ºÄ¿·¹À̵å¿Í ÇÔ²² -µ¿ÀÛÇÏ´Â- ³×Æ®¿÷ Ŭ¶óÀ̾ðÆ®µé ÀϹÝÀûÀΠŬ¶óÀ̾ðÆ®µé: Archie Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, È­ÀÏ °Ë»ö Ŭ¶óÀ̾ðÆ® (¸ðµç archie Ŭ¶óÀ̾ðÆ®°¡ Áö¿øµÇÁö´Â ¾Ê´Â´Ù). FTP Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, active FTP Á¢¼ÓÀ» À§Çؼ­ ip_masq_ftp.o Ä¿³Î ¸ðµâ »ç¿ë. Gopher client Áö¿øµÇ´Â ¸ðµç Ç÷§Æû. HTTP Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, À¥ ¼­ÇÎ. IRC Áö¿øµÇ´Â ¿©·¯°¡Áö Ç÷§Æû¿¡¼­ µ¿ÀÛÇÏ´Â ¸ðÀº IRC Ŭ¶óÀ̾ðÆ®, DCC´Â ip_masq_irc.o ¸ðµâÀ» ÅëÇؼ­ Áö¿ø. NNTP (USENET) Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, USENET ´º½º Ŭ¶óÀ̾ðÆ®. PING ¸ðµç Ç÷§Æû, ICMP ¸¶½ºÄ¿·¹À̵ù Ä¿³Î ¿É¼Ç »ç¿ë POP3 Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, À̸ÞÀÏ Å¬¶óÀ̾ðÆ®. SSH Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, º¸¾È»ó ¾ÈÀüÇÑ TELNET/FTP Ŭ¶óÀ̾ðÆ®. SMTP Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, Sendmail, Qmail, PostFixµîÀÇ À̸ÞÀÏ ¼­¹ö. TELNET Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, ¿ø°Ý Á¢¼Ó. TRACEROUTE UNIX¿Í Windows ±â¹Ý Ç÷§Æû, ¸î°¡Áö º¯Á¾µéÀº µ¿ÀÛÇÏÁö ¾ÊÀ» ¼ö ÀÖ´Ù. VRML Windows(Áö¿øµÇ´Â ¸ðµç Ç÷§Æû¿¡¼­µµ ¾î¼¸é °¡´É), °¡»ó Çö½Ç. WAIS client Áö¿øµÇ´Â ¸ðµç Ç÷§Æû. ¸ÖƼ¹Ìµð¾î¿Í Åë½Å Ŭ¶óÀ̾ðÆ®: Alpha Worlds Windows, Ŭ¶óÀ̾ðÆ®-¼­¹ö ¹æ½ÄÀÇ 3D äÆà ÇÁ·Î±×·¥. CU-SeeMe Áö¿øµÇ´Â ¸ðµç Ç÷§Æû, ip_masq_cuseeme ¸ðµâ »ç¿ë, ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼Ç ÂüÁ¶. ICQ Áö¿øµÇ´Â ¸ðµç Ç÷§Æû. ¸®´ª½º Ä¿³ÎÀÌ IPPORTFW¸¦ Áö¿øÇϵµ·Ï ÄÄÆÄÀϵǾî¾ß Çϸç, ICQ°¡ NON-SOCKS ÇÁ·Ï½Ã µÚÂÊ¿¡¼­ µ¿ÀÛÇϵµ·Ï ¼³Á¤µÇ¾î¾ß ÇÑ´Ù. ÀÌ ¼³Á¤¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ ¼³¸íÀº ``'' ¼½¼Ç¿¡¼­ È®ÀÎÇÒ ¼ö ÀÖ´Ù. Internet Phone 3.2 Windows, Peer-to-peer ¹æ½ÄÀÇ À½¼º Åë½Å, ´ç½ÅÀÌ ÅëÈ­¸¦ ¿äûÇÏ´Â °æ¿ì¿¡´Â Åë½ÅÀÌ °¡´ÉÇÏÁö¸¸, ´Ù¸¥ »ç¶÷µéÀÌ ´ç½Å¿¡°Ô ÅëÈ­¸¦ ¿äûÇÒ ¼ö ÀÖ°Ô ÇÏ·Á¸é ƯÁ¤ Æ÷Æ®¸¦ Æ÷¿öµùÇϵµ·Ï ¼³Á¤ÇØ¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù. Internet Wave Player Windows, ³×Æ®¿÷ ½ºÆ®¸®¹Ö ¿Àµð¿À(network streaming audio). Powwow Windows, Peer-to-peer ¹æ½ÄÀÇ ÅؽºÆ®, À½¼º, ÂÊÁö Åë½Å, ´ç½ÅÀÌ ÅëÈ­¸¦ ¿äûÇÏ´Â °æ¿ì¿¡´Â Åë½ÅÀÌ °¡´ÉÇÏÁö¸¸, ´Ù¸¥ »ç¶÷µéÀÌ ´ç½Å¿¡°Ô ÅëÈ­¸¦ ¿äûÇÒ ¼ö ÀÖ°Ô ÇÏ·Á¸é ƯÁ¤ Æ÷Æ®¸¦ Æ÷¿öµùÇϵµ·Ï ¼³Á¤ÇØ¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù. Real Audio Player Windows, ³×Æ®¿÷ ½ºÆ®¸®¹Ö ¿Àµð¿À(network streaming audio), ip_masq_raudio UDP ¸ðµâÀ» »ç¿ëÇÏ¸é ´õ ÁÁÀº À½ÁúÀ» ¾òÀ» ¼ö ÀÖ´Ù. True Speech Player 1.1b Windows, ³×Æ®¿÷ ½ºÆ®¸®¹Ö ¿Àµð¿À(network streaming audio) VDOLive Windows, ip_masq_vdolive ÆÐÄ¡ Àû¿ë. Worlds Chat 0.9a Windows, Ŭ¶óÀ̾ðÆ®-¼­¹ö ¹æ½ÄÀÇ 3D äÆà ÇÁ·Î±×·¥. °ÔÀÓ - LooseUDP ÆÐÄ¡¿¡ °üÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. Battle.net µ¿ÀÛÀº ÇÏÁö¸¸, TCP Æ÷Æ® 116°ú 118°ú UDP Æ÷Æ® 6112¸¦ °ÔÀÓÀ» ½ÇÇàÇÏ´Â ÄÄÇ»ÅÍ·Î IP Æ÷¿öµù(IPPORTFW)ÇØÁà¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. FSGS¿Í Bnetd ¼­¹ö´Â NAT¿Í Àß µ¿ÀÛÇϵµ·Ï ¸¸µé¾îÁ® ÀÖÁö ¾Ê±â ¶§¹®¿¡ IPPORTFW¸¦ ÇÊ¿ä·Î ÇÑ´Ù. BattleZone 1.4 LooseUDP ÆÐÄ¡¸¦ ÇÏ°í »õ·Î¿î NAT¿Í Àß µ¿ÀÛÇÏ´Â .DLLs from Activision¸¦ »ç¿ëÇÏ¸é µ¿ÀÛÇÑ´Ù. Dark Reign 1.4 LooseUDP ÆÐÄ¡¸¦ Çϰųª TCP Æ÷Æ® 116°ú 118°ú UDP Æ÷Æ® 6112¸¦ °ÔÀÓÀ» ½ÇÇàÇÏ´Â ÄÄÇ»ÅÍ·Î IP Æ÷¿öµù(IPPORTFW)ÇØÁà¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. Diablo LooseUDP ÆÐÄ¡¸¦ Çϰųª TCP Æ÷Æ® 116°ú 118°ú UDP Æ÷Æ® 6112¸¦ °ÔÀÓÀ» ½ÇÇàÇÏ´Â ÄÄÇ»ÅÍ·Î IP Æ÷¿öµù(IPPORTFW)ÇØÁà¾ß ÇÑ´Ù. DiabloÀÇ »õ·Î¿î ¹öÁ¯Àº TCP Æ÷Æ® 6112¿Í UDP Æ÷Æ® 6112¸¸À» »ç¿ëÇÑ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. Heavy Gear 2 LooseUDP ÆÐÄ¡¸¦ Çϰųª TCP Æ÷Æ® 116°ú 118°ú UDP Æ÷Æ® 6112¸¦ °ÔÀÓÀ» ½ÇÇàÇÏ´Â ÄÄÇ»ÅÍ·Î IP Æ÷¿öµù(IPPORTFW)ÇØÁà¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. Quake I/II/III ¹Ù·Î ÀÛµ¿ÇÏÁö¸¸, ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö µÚÂÊ¿¡ Quake I/II/III Ç÷¹À̾ µÎ ¸í ÀÌ»ó ÀÖÀ» ¶§¿¡´Â ip_masq_quake ¸ðµâÀÌ ÇÊ¿äÇÏ´Ù. ¶Ç,, ÀÌ ¸ðµâÀº ±âº»ÀûÀ¸·Î´Â Quake I°ú QuakeWorld¸¸ Áö¿øÇÑ´Ù. Quake II¸¦ Áö¿øÇÏ°Ô Çϰųª ¼­¹ö¿¡ ±âº»À¸·Î Á¤ÇØÁø ÀÌ¿ÜÀÇ Æ÷Æ®·Î Á¢¼ÓÇÏ°íÀÚ ÇÒ ¶§¿¡´Â, ``''¿Í ``''ÀÇ ¸ðµâ ¼³Ä¡ ¼½¼ÇÀ» ÂüÁ¶Ç϶ó. StarCraft LooseUDP ÆÐÄ¡¸¦ ÇÏ°í TCP¿Í UDPÀÇ 6112¹ø Æ÷Æ®¸¦ ¸¶½ºÄ¿·¹À̵ù ³»ºÎÀÇ °ÔÀÓÀ» ½ÇÇàÇÏ·Á´Â ÄÄÇ»ÅÍ·Î Æ÷¿öµù(IPPORTFW)ÇØÁÖ¾î¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. WorldCraft LooseUDP ÆÐÄ¡¸¦ ÇÏ¸é µ¿ÀÛÇÑ´Ù. ±×¿ÜÀÇ Å¬¶óÀ̾ðÆ®µé: Linux net-acct package Linux, ³×Æ®¿÷ °ü¸®-¾îÄ«¿îÆà °ü·Ã ÆÐÅ°Áö NCSA Telnet 2.3.08 DOS, TELNET, FTP, PINGµîÀÌ Æ÷ÇÔµÈ ÆÐÅ°Áö PC-anywhere for Windows MS-Windows, TCP/IP¸¦ ÅëÇؼ­ ¿ø°ÝÀ¸·Î PC¸¦ Á¦¾îÇÑ´Ù. ƯÁ¤ÇÑ Æ÷Æ®¸¦ Æ÷¿öµùÇϵµ·Ï ¼³Á¤ÇÏÁö ¾ÊÀ¸¸é, Ŭ¶óÀ̾ðÆ®·Î´Â µ¿ÀÛÇÏÁö¸¸ È£½ºÆ®(¼­¹ö)·Î´Â µ¿ÀÛÇÏÁö ¾Ê´Â´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. Socket Watch NTP »ç¿ë - ³×Æ®¿÷ ½Ã°£Á¶Àý ÇÁ·ÎÅäÄÝ 6.3.2. µ¿ÀÛÇÏÁö ¾Ê´Â Ŭ¶óÀ̾ðÆ®: All H.323 programs - MS Netmeeting, Intel Internet Phone Beta 2 - ¿¬°áÀº µÇÁö¸¸ ¸ñ¼Ò¸®´Â ÇÑÂÊÀ¸·Î¸¸(³ª°¡´Â ÂÊ) Àü´ÞµÈ´Ù. À̸¦ ÇØ°á °¡´ÉÇÑ ¹æ¹ýÀ¸·Î½á, Equivalence's PhonePatch H.323 gateway¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù. Intel Streaming Media Viewer Beta 1 ¼­¹ö¿¡ ¿¬°áÇÒ ¼ö ¾ø´Ù. Netscape CoolTalk »ó´ëÆí¿¡ ¿¬°áÇÒ ¼ö ¾ø´Ù. WebPhone ÇöÀç´Â µ¿ÀÛÇÏÁö ¾Ê´Â´Ù. (ÀÌ ÀÀ¿ëÇÁ·Î±×·¥Àº IP ÁÖ¼Ò¿¡ ´ëÇÑ À߸øµÈ °¡Á¤À» ÇÑ´Ù.) 6.4. º¸¾È °­µµ°¡ º¸´Ù ³ôÀº IP ¹æÈ­º®(IPFWADM) Á¤Ã¥ ÀÌ ¼½¼Ç¿¡´Â Ä¿³Î 2.0.x¿¡¼­ »ç¿ëµÇ´Â ¹æÈ­º® µµ±¸ÀÎ IPFWADM¿¡ ´ëÇÑ ´õ ½Éµµ ÀÖ´Â ¾È³»°¡ ½Ç·Á ÀÖ´Ù. IPCHAINS(2.2.x ¿ë)ÀÇ Á¤Ã¥µé¿¡ ´ëÇؼ­´Â ´ÙÀ½ ¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù. ÀÌ ¿¹´Â ¹æÈ­º®/¸¶½ºÄ¿·¹ÀÌµå ½Ã½ºÅÛÀ» °íÁ¤ ÁÖ¼Ò¸¦ °¡Áø PPP Á¢¼ÓÀ» ÅëÇؼ­ ±¸ÃàÇÏ´Â °ÍÀÌ´Ù.(µ¿Àû PPP¿¡ °üÇÑ °Íµµ Æ÷ÇԵǾî ÀÖÁö¸¸ ÄÚ¸àÆ® 󸮵Ǿî ÀÖ´Ù.) »ç¿ëµÈ ÀÎÅÍÆäÀ̽º´Â 192.168.0.1ÀÌ°í, PPP ÀÎÅÍÆäÀ̽ºÀÇ IP ÁÖ¼Ò´Â À߸øµÈ »ç¿ëÀ» ¿ì·ÁÇؼ­ ½ÇÁ¦¿Í ´Ù¸¥ ÁÖ¼Ò·Î ´ëüµÇ¾ú´Ù :) IP ½ºÇªÇÎ(¼ÓÀÓ)°ú ºÎÁ¤ÀûÀÎ ¶ó¿ìÆÃÀ̳ª ¸¶½ºÄ¿·¹À̵ùÀ» °ËÃâÇϱâ À§Çؼ­ µé¾î¿À°í ³ª°¡´Â ÀÎÅÍÆäÀ̽º¸¦ µû·Î µû·Î Àû¾ú´Ù. ¸í½ÃÀûÀ¸·Î Çã¿ëµÇÁö ¾ÊÀº °ÍÀº ±ÝÁöµÇ¾î ÀÖ´Ù (½ÇÁ¦ÀûÀ¸·Î´Â °ÅºÎµÈ´Ù). ¿©±â¿¡ ³ª¿Â rc.firewall ½ºÅ©¸³Æ®¸¦ ½ÇÇàÇÏ°í ³ª¼­ IP ¸¶½ºÄ¿·¹ÀÌµå ¹Ú½º°¡ Á״´ٸé, ¿©·¯ºÐÀÇ »óȲ¿¡ ¸Âµµ·Ï ÆíÁýÀ» Çß´ÂÁö¸¦ È®ÀÎÇÏ°í, /var/log/messages³ª /var/adm/messagesÀÇ ½Ã½ºÅÛ ·Î±×È­ÀÏÀ» °ËÅäÇÑ´Ù. PPP, ÄÉÀ̺í¸ðµ© µî¿¡ ´ëÇؼ­ Á»´õ ÀÌÇØÇϱ⠽¬¿î, "°­µµ ³ôÀº IP ¸¶½ºÄ¿·¹À̵ùÀÇ IPFWADM Á¤Ã¥"¿¡ ´ëÇؼ­´Â, TrinityOS - Section 10 ¿Í GreatCircle's Firewall WWW page¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù. ÁÖÀÇ: ISP·ÎºÎÅÍ(PPP, ADSL, ÄÉÀÌºí ¸ðµ© µî) µ¿Àû TCP/IP ÁÖ¼Ò¸¦ ¹Þ¾Ò´Ù¸é ºÎÆýÿ¡ ÀÌ "°­µµ ³ôÀº" Á¤Ã¥À» ·ÎµåÇÒ ¼ö ¾ø´Ù. µ¿ÀûÀ¸·Î IP ÁÖ¼Ò¸¦ ÇÒ´ç¹ÞÀ» ¶§¸¶´Ù ¹æÈ­º® Á¤Ã¥È­ÀÏÀ» ´Ù½Ã ·ÎµåÇϰųª, /etc/rc.d/rc.firewall Á¤Ã¥È­ÀÏÀ» Á»´õ Áö´ÉÀûÀ¸·Î ¸¸µé ÇÊ¿ä°¡ ÀÖ´Ù. PPP À¯ÀúÀÇ °æ¿ì¿¡´Â, "Dynamic PPP IP fetch" ºÎºÐÀ» ÁÖÀÇ ±í°Ô ´Ù½Ã ÀÐ¾î º¸°í¼­ ÀûÀýÇÑ ºÎºÐÀÇ ÄÚ¸ÇÆ®¸¦ ÇØÁ¦ÇØ ÁØ´Ù. °­µµ ³ôÀº ¹æÈ­º® Á¤Ã¥µé°ú µ¿Àû IP ÁÖ¼Ò¿¡ °üÇÑ ´õ ÀÚ¼¼ÇÑ »çÇ×Àº TrinityOS - Section 10 ¹®¼­¸¦ ÂüÁ¶ÇÑ´Ù. ¶ÇÇÑ ¸î°¡ÁöÀÇ GUI ¹æ½ÄÀÇ ¹æÈ­º® ¼³Á¤ µµ±¸°¡ ÀÖ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù. ¸¶Áö¸·À¸·Î, °íÁ¤ PPP IP ÁÖ¼Ò¸¦ »ç¿ëÇÏ°í ÀÖ´Ù¸é, "ppp_ip = "your.static.PPP.address"" ¶ó°í µÇ¾î ÀÖ´Â ÁÙÀ» ¿©·¯ºÐÀÇ IP ÁÖ¼Ò¿¡ ¸Â°Ô ¹Ù²Û´Ù. ---------------------------------------------------------------- #!/bin/sh # # /etc/rc.d/rc.firewall: An example of a semi-STRONG IPFWADM firewall ruleset # PATH=/sbin:/bin:/usr/sbin:/usr/bin # testing, wait a bit then clear all firewall rules. # uncomment following lines if you want the firewall to automatically # disable after 10 minutes. # (sleep 600; \ # ipfwadm -I -f; \ # ipfwadm -I -p accept; \ # ipfwadm -O -f; \ # ipfwadm -O -p accept; \ # ipfwadm -F -f; \ # ipfwadm -F -p accept; \ # ) & # Load all required IP MASQ modules # # NOTE: Only load the IP MASQ modules you need. All current IP MASQ modules # are shown below but are commented from loading. # Needed to initially load modules # /sbin/depmod -a # Supports the proper masquerading of FTP file transfers using the PORT method # /sbin/modprobe ip_masq_ftp # Supports the masquerading of RealAudio over UDP. Without this module, # RealAudio WILL function but in TCP mode. This can cause a reduction # in sound quality # #/sbin/modprobe ip_masq_raudio # Supports the masquerading of IRC DCC file transfers # #/sbin/modprobe ip_masq_irc # Supports the masquerading of Quake and QuakeWorld by default. This modules is # for for multiple users behind the Linux MASQ server. If you are going to play # Quake I, II, and III, use the second example. # #Quake I / QuakeWorld (ports 26000 and 27000) #/sbin/modprobe ip_masq_quake # #Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960) #/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960 # Supports the masquerading of the CuSeeme video conferencing software # #/sbin/modprobe ip_masq_cuseeme #Supports the masquerading of the VDO-live video conferencing software # #/sbin/modprobe ip_masq_vdolive #CRITICAL: Enable IP forwarding since it is disabled by default since # # Redhat Users: you may try changing the options in /etc/sysconfig/network from: # # FORWARD_IPV4=false # to # FORWARD_IPV4=true # echo "1" > /proc/sys/net/ipv4/ip_forward # Dynamic IP users: # # If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following # option. This enables dynamic-ip address hacking in IP MASQ, making the life # with Diald and similar programs much easier. # #echo "1" > /proc/sys/net/ipv4/ip_dynaddr # Specify your Static IP address here. # # If you have a DYNAMIC IP address, you need to make this ruleset understand your # IP address everytime you get a new IP. To do this, enable the following one-line # script. (Please note that the different single and double quote characters MATTER). # # You will also need to either create the following link or have your existing # /etc/ppp/ip-up script run the /etc/rc.d/rc.firewall script. # # ln -s /etc/rc.d/rc.firewall /etc/ppp/ip-up # # If the /etc/ppp/ip-up file already exists, you should edit it and add a line # containing "/etc/rc.d/rc.firewall" near the end of the file. # # If you aren't already aware, the /etc/ppp/ip-up script is always run when a PPP # connection comes up. Because of this, we can make the ruleset go and get the # new PPP IP address and update the strong firewall ruleset. # # PPP users: If your Internet connect is via a PPP connection, the following one-line script will work fine. # # DHCP users: If you get your TCP/IP address via DHCP, you will need to replace # the word "ppp0" with the name of your external Internet connection # (eth0, eth1, etc). It should be also noted that DHCP can change # IP addresses on you. To fix this, users should configure their # DHCPc or DHCP client to re-run the firewall ruleset when their # DHCP lease is renewed. For DHCPcd users, use the "-c" option. # #ppp_ip = "`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`" # ppp_ip = "your.static.PPP.address" # MASQ timeouts # # 2 hrs timeout for TCP session timeouts # 10 sec timeout for traffic after the TCP/IP "FIN" packet is received # 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec firewall timeout in ICQ itself) # /sbin/ipfwadm -M -s 7200 10 60 ############################################################################# # Incoming, flush and set default policy of reject. Actually the default policy # is irrelevant because there is a catch all rule with deny and log. # /sbin/ipfwadm -I -f /sbin/ipfwadm -I -p reject # local interface, local machines, going anywhere is valid # /sbin/ipfwadm -I -a accept -V 192.168.0.1 -S 192.168.0.0/24 -D 0.0.0.0/0 # remote interface, claiming to be local machines, IP spoofing, get lost # /sbin/ipfwadm -I -a reject -V $ppp_ip -S 192.168.0.0/24 -D 0.0.0.0/0 -o # remote interface, any source, going to permanent PPP address is valid # /sbin/ipfwadm -I -a accept -V $ppp_ip -S 0.0.0.0/0 -D $ppp_ip/32 # loopback interface is valid. # /sbin/ipfwadm -I -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0 # catch all rule, all other incoming is denied and logged. pity there is no # log option on the policy but this does the job instead. # /sbin/ipfwadm -I -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o ############################################################################# # Outgoing, flush and set default policy of reject. Actually the default policy # is irrelevant because there is a catch all rule with deny and log. # /sbin/ipfwadm -O -f /sbin/ipfwadm -O -p reject # local interface, any source going to local net is valid # /sbin/ipfwadm -O -a accept -V 192.168.0.1 -S 0.0.0.0/0 -D 192.168.0.0/24 # outgoing to local net on remote interface, stuffed routing, deny # /sbin/ipfwadm -O -a reject -V $ppp_ip -S 0.0.0.0/0 -D 192.168.0.0/24 -o # outgoing from local net on remote interface, stuffed masquerading, deny # /sbin/ipfwadm -O -a reject -V $ppp_ip -S 192.168.0.0/24 -D 0.0.0.0/0 -o # outgoing from local net on remote interface, stuffed masquerading, deny # /sbin/ipfwadm -O -a reject -V $ppp_ip -S 0.0.0.0/0 -D 192.168.0.0/24 -o # anything else outgoing on remote interface is valid # /sbin/ipfwadm -O -a accept -V $ppp_ip -S $ppp_ip /32 -D 0.0.0.0/0 # loopback interface is valid. # /sbin/ipfwadm -O -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0 # catch all rule, all other outgoing is denied and logged. pity there is no # log option on the policy but this does the job instead. # /sbin/ipfwadm -O -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o ############################################################################# # Forwarding, flush and set default policy of deny. Actually the default policy # is irrelevant because there is a catch all rule with deny and log. # /sbin/ipfwadm -F -f /sbin/ipfwadm -F -p deny # Masquerade from local net on local interface to anywhere. # /sbin/ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/24 -D 0.0.0.0/0 # # catch all rule, all other forwarding is denied and logged. pity there is no # log option on the policy but this does the job instead. # /sbin/ipfwadm -F -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o IPFWADMÀ» »ç¿ëÇϸé, ¿©·¯ºÐÀº -I, -O, -F µîÀÇ ¿É¼ÇÀ» ÀÌ¿ëÇؼ­ ƯÁ¤ »çÀÌÆ®·ÎÀÇ Á¢±ÙÀ» Á¦ÇÑÇÒ ¼ö ÀÖ´Ù. °¢ Á¤Ã¥ ¸í·ÉµéÀº À§¿¡¼­ºÎÅÍ ¾Æ·¡·Î ÀÐÇôÁö°í, "-a" ´Â ±âÁ¸ÀÇ Á¤Ã¥¿¡ "µ¡ºÙÀδÙ"´Â °ÍÀ» À¯³äÇÑ´Ù. ±×·¯¹Ç·Î, ƯÁ¤ÇÑ Á¦ÇÑ »çÇ×Àº Àü¹ÝÀûÀÎ Á¤Ã¥º¸´Ù ¾Õ¿¡ ¿Í¾ß ÇÑ´Ù. ¿¹¸¦ µé¸é: -I ¸¦ »ç¿ëÇϸé, °¡Àå ºü¸£Áö¸¸ Á¦ÇÑ »çÇ×Àº ³»ºÎÀÇ ÄÄÇ»Å͵鿡°Ô¸¸ Àû¿ëµÈ´Ù. ¹æÈ­º® ÄÄÇ»ÅÍ ÀÚü´Â ¿©ÀüÈ÷ "±ÝÁöµÈ" »çÀÌÆ®¿¡ Á¢¼ÓÇÒ ¼ö ÀÖ´Ù. ¹°·Ð ¿©·¯ºÐÀº À̰͵éÀ» Á¶ÇÕÇؼ­ »ç¿ëÇÒ ¼öµµ ÀÖ´Ù. /etc/rc.d/rc.firewall Á¤Ã¥ È­ÀÏ Áß¿¡¼­: ... start of -I rules ... # reject and log local interface, local machines going to 204.50.10.13 # /sbin/ipfwadm -I -a reject -V 192.168.0.1 -S 192.168.0.0/24 -D 204.50.10.13/32 -o # local interface, local machines, going anywhere is valid # /sbin/ipfwadm -I -a accept -V 192.168.0.1 -S 192.168.0.0/24 -D 0.0.0.0/0 ... end of -I rules ... -O ¸¦ »ç¿ëÇϸé, ÆÐŶµéÀÌ ¸¶½ºÄ¿·¹À̵ùÀ» ¸ÕÀú Åë°úÇϱ⠶§¹®¿¡ ¼Óµµ´Â °¡Àå ´À¸®Áö¸¸, ¹æÈ­º® ÄÄÇ»ÅÍ ÀÚüµµ ±ÝÁöµÈ »çÀÌÆ®¿¡ Á¢¼ÓÇÒ ¼ö ¾ø´Ù. ... start of -O rules ... # reject and log outgoing to 204.50.10.13 # /sbin/ipfwadm -O -a reject -V $ppp_ip -S $ppp_ip/32 -D 204.50.10.13/32 -o # anything else outgoing on remote interface is valid # /sbin/ipfwadm -O -a accept -V $ppp_ip -S $ppp_ip/32 -D 0.0.0.0/0 ... end of -O rules ... -F ¸¦ »ç¿ëÇϸé, -I ¸¦ »ç¿ëÇÑ °Íº¸´Ù´Â Á¶±Ý ´õ ´À¸®°í ¿ª½Ã ¸¶½ºÄ¿·¹ÀÌµå µÇ´Â (³»ºÎÀÇ) ÄÄÇ»Å͵鸸 Á¦ÇÑÇÏ°í ¹æÈ­º® ÄÄÇ»ÅÍ ÀÚü´Â ±ÝÁöµÈ »çÀÌÆ®¿¡ Á¢¼ÓÇÒ ¼ö ÀÖ´Ù. ... start of -F rules ... # Reject and log from local net on PPP interface to 204.50.10.13. # /sbin/ipfwadm -F -a reject -W ppp0 -S 192.168.0.0/24 -D 204.50.10.13/32 -o # Masquerade from local net on local interface to anywhere. # /sbin/ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/24 -D 0.0.0.0/0 ... end of -F rules ... 192.168.0.0/24°¡ 204.50.11.0·Î Á¢¼ÓÇÒ ¼ö ÀÖµµ·Ï Çã¿ëÇϱâ À§ÇØ Æ¯º°ÇÑ Á¤Ã¥ÀÌ ÇÊ¿äÇÏÁö´Â ¾Ê´Ù. Àü¹ÝÀûÀÎ Á¤Ã¥¿¡ Æ÷ÇԵǾî Àֱ⠶§¹®ÀÌ´Ù. À§ÀÇ Á¤Ã¥È­ÀÏ¿¡¼­ ÀÎÅÍÆäÀ̽º¸¦ ±¸¼ºÇÏ´Â ¹æ¹ýÀº ¿©·¯°¡Áö°¡ ÀÖÀ» ¼ö ÀÖ´Ù. ¿¹¸¦ µé¾î¼­, "-V 192.168.255.1" ´ë½Å¿¡ "-W eth0"¶ó°í ÀûÀ» ¼ö ÀÖ°í, "-V $ppp_ip" ´ë½Å¿¡ "-W ppp0"¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù. "-V" ¸¦ »ç¿ëÇÏ´Â °ÍÀº IPCHAINS¿ÍÀÇ È£È¯À» À§Çؼ­ »ç¿ëµÈ °ÍÀÌ°í, IPFWADM¸¸À» »ç¿ëÇÑ´Ù¸é ÀüÀûÀ¸·Î »ç¿ëÀÚÀÇ ¼±ÅÃÀÌ´Ù. 6.5. º¸¾È °­µµ°¡ º¸´Ù ³ôÀº IP ¹æÈ­º®(IPCHAINS) Á¤Ã¥ ÀÌ ¼½¼Ç¿¡´Â Ä¿³Î 2.2.x¿¡¼­ »ç¿ëµÇ´Â ¹æÈ­º® µµ±¸ÀÎ IPCHAINS¿¡ ´ëÇÑ ´õ ½Éµµ ÀÖ´Â ¾È³»°¡ ½Ç·Á ÀÖ´Ù. IPFWADM(2.0.x ¿ë)ÀÇ Á¤Ã¥µé¿¡ ´ëÇؼ­´Â ÀÌÀü ¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù. ÀÌ ¿¹´Â ¹æÈ­º®/¸¶½ºÄ¿·¹ÀÌµå ½Ã½ºÅÛÀ» °íÁ¤ ÁÖ¼Ò¸¦ °¡Áø PPP Á¢¼ÓÀ» ÅëÇؼ­ ±¸ÃàÇÏ´Â °ÍÀÌ´Ù.(µ¿Àû PPP¿¡ °üÇÑ °Íµµ Æ÷ÇԵǾî ÀÖÁö¸¸ ÄÚ¸àÆ® 󸮵Ǿî ÀÖ´Ù.) »ç¿ëµÈ ÀÎ>ÅÍÆäÀ̽º´Â 192.168.0.1ÀÌ°í, PPP ÀÎÅÍÆäÀ̽ºÀÇ IP ÁÖ¼Ò´Â À߸øµÈ »ç¿ëÀ» ¿ì·ÁÇؼ­ ½ÇÁ¦¿Í ´Ù¸¥ ÁÖ¼Ò·Î ´ëüµÇ¾ú´Ù :) IP ½ºÇªÇÎ(¼ÓÀÓ)°ú ºÎÁ¤ÀûÀÎ ¶ó¿ìÆÃÀ̳ª ¸¶½ºÄ¿·¹À̵ùÀ» °ËÃâÇϱâ À§Çؼ­ µé¾î¿À°í ³ª°¡´Â ÀÎÅÍÆäÀ̽º¸¦ µû·Î µû·Î Àû¾ú´Ù. ¸í½ÃÀûÀ¸·Î Çã¿ëµÇÁö ¾ÊÀº °ÍÀº ±ÝÁöµÇ¾î ÀÖ´Ù (½ÇÁ¦ÀûÀ¸·Î´Â °ÅºÎµÈ´Ù). ¿©±â¿¡ ³ª¿Â rc.firewall ½ºÅ©¸³Æ®¸¦ ½ÇÇàÇÏ°í ³ª¼­ IP ¸¶½ºÄ¿·¹ÀÌµå ¹Ú½º°¡ Á״´ٸé, ¿©·¯ºÐÀÇ >»óȲ¿¡ ¸Âµµ·Ï ÆíÁýÀ» Çß´ÂÁö¸¦ È®ÀÎÇÏ°í, /var/log/messages³ª /var/adm/messagesÀÇ ½Ã½ºÅÛ ·Î±×È­ÀÏÀ» °ËÅäÇÑ´Ù. PPP, ÄÉÀ̺í¸ðµ© µî¿¡ ´ëÇؼ­ Á»´õ ÀÌÇØÇϱ⠽¬¿î, "°­µµ ³ôÀº IP ¸¶½ºÄ¿·¹À̵ùÀÇ IPFWADM Á¤Ã¥"¿¡ ´ëÇؼ­´Â, TrinityOS - Section 10 ¿Í GreatCircle's Firewall WWW page¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù. ÁÖÀÇ #1: 2.2.11º¸´Ù ¹öÁ¯ÀÌ ³·Àº ¸®´ª½º 2.2.x Ä¿³ÎÀº IPCHAINS fragmentation bug¸¦ °¡Áö°í ÀÖ´Ù. ÀÌ ¶§¹®¿¡, °­µµ ³ôÀº IPCHAINS Á¤Ã¥À» »ç¿ëÇÏ¸é °ø°Ý¿¡ ³ëÃâµÇ°Ô µÈ´Ù. ¹ö±×°¡ ¼öÁ¤µÈ Ä¿³Î·Î ¾÷±×·¹À̵åÇϱ⠹ٶõ´Ù. ÁÖÀÇ #2: ISP·ÎºÎÅÍ(PPP, ADSL, ÄÉÀÌºí ¸ðµ© µî) µ¿Àû TCP/IP ÁÖ¼Ò¸¦ ¹Þ¾Ò´Ù¸é ºÎÆýÿ¡ ÀÌ "°­µµ ³ôÀº" Á¤Ã¥À» ·ÎµåÇÒ ¼ö ¾ø´Ù. µ¿ÀûÀ¸·Î IP ÁÖ¼Ò¸¦ ÇÒ´ç¹ÞÀ» ¶§¸¶´Ù ¹æÈ­º® Á¤Ã¥È­ÀÏÀ» ´Ù½Ã ·ÎµåÇϰųª, /etc/rc.d/rc.firewall Á¤Ã¥È­ÀÏÀ» Á»´õ Áö´ÉÀûÀ¸·Î ¸¸µé ÇÊ¿ä°¡ ÀÖ´Ù. PPP À¯ÀúÀÇ °æ¿ì¿¡´Â, "Dynamic PPP IP fetch" >ºÎºÐÀ» ÁÖÀÇ ±í°Ô ´Ù½Ã ÀÐ¾î º¸°í¼­ ÀûÀýÇÑ ºÎºÐÀÇ ÄÚ¸ÇÆ®¸¦ ÇØÁ¦ÇØ ÁØ´Ù. °­µµ ³ôÀº ¹æÈ­º® Á¤Ã¥µé°ú µ¿Àû IP ÁÖ¼Ò¿¡ °üÇÑ ´õ ÀÚ¼¼ÇÑ »çÇ×Àº TrinityOS - Section 10 >¹®¼­¸¦ ÂüÁ¶ÇÑ´Ù. ¶ÇÇÑ ¸î°¡ÁöÀÇ GUI ¹æ½ÄÀÇ ¹æÈ­º® ¼³Á¤ µµ±¸°¡ ÀÖ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù. ¸¶Áö¸·À¸·Î, °íÁ¤ PPP IP ÁÖ¼Ò¸¦ »ç¿ëÇÏ°í ÀÖ´Ù¸é, "ppp_ip = "your.static.PPP.address"" ¶ó°í µÇ¾î ÀÖ´Â ÁÙÀ» ¿©·¯ºÐÀÇ IP ÁÖ¼Ò¿¡ ¸Â°Ô ¹Ù²Û´Ù. ---------------------------------------------------------------- #!/bin/sh # # /etc/rc.d/rc.firewall: An example of a Semi-Strong IPCHAINS firewall ruleset. # PATH=/sbin:/bin:/usr/sbin:/usr/bin # Load all required IP MASQ modules # # NOTE: Only load the IP MASQ modules you need. All current IP MASQ modules # are shown below but are commented from loading. # Needed to initially load modules # /sbin/depmod -a # Supports the proper masquerading of FTP file transfers using the PORT method # /sbin/modprobe ip_masq_ftp # Supports the masquerading of RealAudio over UDP. Without this module, # RealAudio WILL function but in TCP mode. This can cause a reduction # in sound quality # /sbin/modprobe ip_masq_raudio # Supports the masquerading of IRC DCC file transfers # #/sbin/modprobe ip_masq_irc # Supports the masquerading of Quake and QuakeWorld by default. This modules is # for for multiple users behind the Linux MASQ server. If you are going to play # Quake I, II, and III, use the second example. # #Quake I / QuakeWorld (ports 26000 and 27000) #/sbin/modprobe ip_masq_quake # #Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960) #/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960 # Supports the masquerading of the CuSeeme video conferencing software # #/sbin/modprobe ip_masq_cuseeme #Supports the masquerading of the VDO-live video conferencing software # #/sbin/modprobe ip_masq_vdolive #CRITICAL: Enable IP forwarding since it is disabled by default since # # Redhat Users: you may try changing the options in /etc/sysconfig/network from: # # FORWARD_IPV4=false # to # FORWARD_IPV4=true # echo "1" > /proc/sys/net/ipv4/ip_forward # Get the dynamic IP address assigned via DHCP # extip="`/sbin/ifconfig eth1 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`" extint="eth1" # Assign the internal IP intint="eth0" intnet="192.168.1.0/24" # MASQ timeouts # # 2 hrs timeout for TCP session timeouts # 10 sec timeout for traffic after the TCP/IP "FIN" packet is received # 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec firewall timeout in ICQ itself) # ipchains -M -S 7200 10 60 ############################################################################# # Incoming, flush and set default policy of reject. Actually the default policy # is irrelevant because there is a catch all rule with deny and log. # ipchains -F input ipchains -P input REJECT # local interface, local machines, going anywhere is valid # ipchains -A input -i $intint -s $intnet -d 0.0.0.0/0 -j ACCEPT # remote interface, claiming to be local machines, IP spoofing, get lost # ipchains -A input -i $extint -s $intnet -d 0.0.0.0/0 -l -j REJECT # remote interface, any source, going to permanent PPP address is valid # ipchains -A input -i $extint -s 0.0.0.0/0 -d $extip/32 -j ACCEPT # loopback interface is valid. # ipchains -A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT # catch all rule, all other incoming is denied and logged. pity there is no # log option on the policy but this does the job instead. # ipchains -A input -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT ############################################################################# # Outgoing, flush and set default policy of reject. Actually the default policy # is irrelevant because there is a catch all rule with deny and log. # ipchains -F output ipchains -P output REJECT # local interface, any source going to local net is valid # ipchains -A output -i $intint -s 0.0.0.0/0 -d $intnet -j ACCEPT # outgoing to local net on remote interface, stuffed routing, deny # ipchains -A output -i $extint -s 0.0.0.0/0 -d $intnet -l -j REJECT # outgoing from local net on remote interface, stuffed masquerading, deny # ipchains -A output -i $extint -s $intnet -d 0.0.0.0/0 -l -j REJECT # anything else outgoing on remote interface is valid # ipchains -A output -i $extint -s $extip/32 -d 0.0.0.0/0 -j ACCEPT # loopback interface is valid. # ipchains -A output -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT # catch all rule, all other outgoing is denied and logged. pity there is no # log option on the policy but this does the job instead. # ipchains -A output -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT ############################################################################# # Forwarding, flush and set default policy of deny. Actually the default policy # is irrelevant because there is a catch all rule with deny and log. # ipchains -F forward ipchains -P forward DENY # Masquerade from local net on local interface to anywhere. # ipchains -A forward -i $extint -s $intnet -d 0.0.0.0/0 -j MASQ # # catch all rule, all other forwarding is denied and logged. pity there is no # log option on the policy but this does the job instead. # ipchains -A forward -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT IPCHAINS¸¦ »ç¿ëÇϸé, ¿©·¯ºÐÀº "input", "output", "forward" ±ÔÄ¢À» ÅëÇؼ­ ƯÁ¤ »çÀÌÆ®¿ÍÀÇ Åë½ÅÀ» Á¦ÇÑÇÒ ¼ö ÀÖ´Ù. °¢ Á¤Ã¥ ¸í·ÉµéÀº À§¿¡¼­ºÎÅÍ ¾Æ·¡·Î ÀÐÇôÁö°í, "-A" ´Â ±âÁ¸ÀÇ Á¤Ã¥¿¡ "µ¡ºÙÀδÙ"´Â °ÍÀ» À¯³äÇÑ´Ù. ±×·¯¹Ç·Î, ƯÁ¤ÇÑ Á¦ÇÑ »çÇ×Àº Àü¹ÝÀûÀÎ Á¤Ã¥º¸´Ù ¾Õ¿¡ ¿Í¾ß ÇÑ´Ù. ¿¹¸¦ µé¸é: "input" ±ÔÄ¢: °¡Àå ºü¸£Áö¸¸ Á¦ÇÑÀº ³»ºÎÀÇ ÄÄÇ»Å͵鿡°Ô¸¸ Àû¿ëµÈ´Ù. ¹æÈ­º® ÄÄÇ»ÅÍ ÀÚü´Â ¿©ÀüÈ÷ "±ÝÁöµÈ" »çÀÌÆ®¿¡ Á¢¼ÓÇÒ ¼ö ÀÖ´Ù. ¹°·Ð ¿©·¯ºÐÀº À̰͵éÀ» Á¶ÇÕÇؼ­ »ç¿ëÇÒ ¼öµµ ÀÖ´Ù. /etc/rc.d/rc.firewall Á¤Ã¥ È­ÀÏ Áß¿¡¼­: ... start of "input" rules ... # reject and log local interface, local machines going to 204.50.10.13 # /sbin/ipfwadm -I -a reject -V 192.168.0.1 -S 192.168.0.0/24 -D 204.50.10.13/32 -o # local interface, local machines, going anywhere is valid # /sbin/ipfwadm -I -a accept -V 192.168.0.1 -S 192.168.0.0/24 -D 0.0.0.0/0 ... end of "input" rules ... "output"À» »ç¿ëÇϸé, ÆÐŶµéÀÌ ¸¶½ºÄ¿·¹À̵ùÀ» ¸ÕÀú Åë°úÇϱ⠶§¹®¿¡ ¼Óµµ´Â °¡Àå ´À¸®Áö¸¸, ¹æÈ­º® ÄÄÇ»ÅÍ ÀÚüµµ ±ÝÁöµÈ »çÀÌÆ®¿¡ Á¢¼ÓÇÒ ¼ö ¾ø´Ù. ... start of "output" rules ... # reject and log outgoing to 204.50.10.13 # /sbin/ipfwadm -O -a reject -V $ppp_ip -S $ppp_ip/32 -D 204.50.10.13/32 -o # anything else outgoing on remote interface is valid # /sbin/ipfwadm -O -a accept -V $ppp_ip -S $ppp_ip/32 -D 0.0.0.0/0 ... end of "output" rules ... "forward"¸¦ »ç¿ëÇϸé, "input"À» »ç¿ëÇÑ °Íº¸´Ù´Â Á¶±Ý ´õ ´À¸®°í ¿ª½Ã ¸¶½ºÄ¿·¹ÀÌµå µÇ´Â (³»ºÎÀÇ) ÄÄÇ»Å͵鸸 Á¦ÇÑÇÏ°í ¹æÈ­º® ÄÄÇ»ÅÍ ÀÚü´Â ±ÝÁöµÈ »çÀÌÆ®¿¡ Á¢¼ÓÇÒ ¼ö ÀÖ´Ù. ... start of "forward" rules ... # Reject and log from local net on PPP interface to 204.50.10.13. # /sbin/ipfwadm -F -a reject -W ppp0 -S 192.168.0.0/24 -D 204.50.10.13/32 -o # Masquerade from local net on local interface to anywhere. # /sbin/ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/24 -D 0.0.0.0/0 ... end of "forward" rules ... 192.168.0.0/24°¡ 204.50.11.0·Î Á¢¼ÓÇÒ ¼ö ÀÖµµ·Ï Çã¿ëÇϱâ À§ÇØ Æ¯º°ÇÑ Á¤Ã¥ÀÌ ÇÊ¿äÇÏÁö´Â ¾Ê´Ù. Àü¹ÝÀûÀÎ Á¤Ã¥¿¡ Æ÷ÇԵǾî Àֱ⠶§¹®ÀÌ´Ù. IPFWADM¿Í´Â ´Ù¸£°Ô, À§ÀÇ Á¤Ã¥È­ÀÏ¿¡¼­ ÀÎÅÍÆäÀ̽º¸¦ ±¸¼ºÇÏ´Â ¹æ¹ýÀº ¿ÀÁ÷ ÇÑ°¡Áö »ÓÀÌ´Ù. IPCHAINS´Â "-i eth0" ¿É¼ÇÀ» »ç¿ëÇÑ´Ù. "-V"´Â IPFWADMÀÇ ¹æ¹ýÀ¸·Î IPCHAINS¿ÍÀÇ È£È¯À» À§Çؼ­ »ç¿ëµÈ °ÍÀÌ°í, IPFWADM¸¸À» »ç¿ëÇÑ´Ù¸é ÀüÀûÀ¸·Î »ç¿ëÀÚÀÇ ¼±ÅÃÀÌ´Ù. 6.6. ¿©·¯°³ÀÇ ³»ºÎ ³×Æ®¿÷À» IP ¸¶½ºÄ¿·¹À̵ùÇÏ´Â ¹ý ¿©·¯°³ÀÇ ³»ºÎ ³×Æ®¿÷À» ¸¶½ºÄ¿·¹À̵ùÇÏ´Â °ÍÀÌ ¸Å¿ì °£´ÜÇÏ´Ù. ¿ì¼± ³»ºÎ¿Í ¿ÜºÎÀÇ ¸ðµç ³×Æ®¿÷ÀÌ Á¦´ë·Î µ¿ÀÛÇÏ´ÂÁö È®ÀÎÇØ¾ß ÇÑ´Ù. ±×·± ÈÄ¿¡ ³×Æ®¿÷ Æ®·¡ÇÈÀÌ ³»ºÎÀÇ ´Ù¸¥ ÄÄÇ»Å͵鿡°Ôµµ Àü´ÞµÇ°í ÀÎÅͳÝÀ¸·Î ¸¶½ºÄ¿·¹À̵ùµÇµµ·Ï ¸¸µé¾î¾ß ÇÑ´Ù. ´ÙÀ½À¸·Î, ³»ºÎÀÇ ÀÎÅÍÆäÀ̽º¿¡ ¸¶½ºÄ¿·¹À̵ùÀ» »ç¿ë°¡´ÉÇϵµ·Ï ÇØÁà¾ß ÇÑ´Ù. ÀÌ ¿¹´Â eth1 (192.168.0.1)¿Í eth2 (192.168.1.1)ÀÇ µÎ°³ÀÇ ³»ºÎ ÀÎÅÍÆäÀ̽º°¡ ¿ÜºÎ·Î ÇâÇÏ´Â eth0 ÀÎÅÍÆäÀ̽º·Î ¸¶½ºÄ¿·¹À̵ùµÇµµ·Ï ¼³Á¤ÇÏ´Â °ÍÀÌ´Ù. rc.firewall Á¤Ã¥È­ÀÏ¿¡ ´ÙÀ½ ³»¿ëÀ» Ãß°¡ÇÑ´Ù: o IPFWADMÀ» »ç¿ëÇÏ´Â 2.0.x Ä¿³Î¿ë #Enable internal interfaces to communication between each other /sbin/ipfwadm -F -a accept -V 192.168.0.1 -D 192.168.1.0/24 /sbin/ipfwadm -F -a accept -V 192.168.1.1 -D 192.168.0.0/24 #Enable internal interfaces to MASQ out to the Internet /sbin/ipfwadm -F -a masq -W eth0 -S 192.168.0.0/24 -D 0.0.0.0/0 /sbin/ipfwadm -F -a masq -W eth0 -S 192.168.1.0/24 -D 0.0.0.0/0 o IPCHAINS¸¦ »ç¿ëÇÏ´Â 2.2.x Ä¿³Î¿ë #Enable internal interfaces to communication between each other /sbin/ipchains -A forward -i eth1 -d 192.168.1.0/24 /sbin/ipchains -A forward -i eth2 -d 192.168.0.0/24 #Enable internal interfaces to MASQ out to the Internet /sbin/ipchains -A forward -j MASQ -i eth0 -s 192.168.0.0/24 -d 0.0.0.0/0 /sbin/ipchains -A forward -j MASQ -i eth0 -s 192.168.1.0/24 -d 0.0.0.0/0 6.7. IP ¸¶½ºÄ¿·¹À̵å¿Í ÀüÈ­ Á¢¼Ó 1. ÀÎÅͳݿ¡ ¿¬°áÇϱâ À§Çؼ­ ÀÚµ¿À¸·Î ÀüÈ­ Á¢¼ÓÀ» Çϵµ·Ï ¼³Á¤ÇÏ°íÀÚ ÇÑ´Ù¸é, Diald¸¦ »ç¿ëÇÑ ÀüÈ­°É±â³ª PPPdÀÇ »õ ¹öÁ¯À» »ç¿ëÇÏ´Â °ÍÀÌ ÁÁÀ» °ÍÀÌ´Ù. ±¸¼ºÀÌ ´õ ³ªÀº Diald¸¦ »ç¿ëÇÏ´Â °ÍÀ» ±ÇÀåÇÑ´Ù. 2. Diald¸¦ ¼³Á¤Çϱâ À§Çؼ­´Â, Setting Up Diald for Linux Page ³ª TrinityOS - Section 23 ¸¦ »ìÆ캸±â ¹Ù¶õ´Ù. 3. ÀÏ´Ü Diald¿Í IP ¸¶½ºÄ¿·¹À̵ùÀÌ Á¦´ë·Î ¼³Á¤µÇ°í ³ª¸é, ¸¶½ºÄ¿·¹À̵åµÇ´Â Ŭ¶óÀ̾ðÆ®µéÀÌ À¥À̳ª telnet, ftpµîÀÇ Á¢¼ÓÀ» ÇÏ·Á°í ÇÏ¸é ¸®´ª½º box°¡ ÀÚµ¿À¸·Î ÀÎÅÍ³Ý ¿¬°áÀ» ÇÒ °ÍÀÌ´Ù. 4. óÀ½ Á¢¼Ó ¶§´Â ½Ã°£ ÃÊ°ú°¡ ÀÖÀ» ¼öµµ Àִµ¥, ¾Æ³¯·Î±× ¸ðµ©À» »ç¿ëÇÑ´Ù¸é ¾î¿ ¼ö ¾ø´Ù. ¸ðµ© ÀÚüÀÇ Á¢¼Ó°ú PPP Á¢¼ÓÀ» À§ÇÑ ½Ã°£ ¶§¹®¿¡, Ŭ¶óÀ̾ðÆ® ÇÁ·Î±×·¥µé(À¥ ºê¶ó¿ìÀú µî)ÀÌ ½Ã°£ ÃÊ°ú¸¦ ÀÏÀ¸Å³ ¼ö ÀÖ´Ù. ÇÏÁö¸¸ ´Ã ±×·± °ÍÀº ¾Æ´Ï´Ù. ¸¸¾à ÀÌ·± Çö»óÀÌ ÀϾ¸é, ´ÜÁö Àç½Ãµµ(À̸¦Å׸é, À¥ ÆäÀÌÁö¸¦ ´Ù½Ã º¸±â)¸¦ ÇÏ¸é ±× ´ÙÀ½ºÎÅÍ´Â Àß µ¿ÀÛÇÒ °ÍÀÌ´Ù. ¶Ç´Â, echo "1" > /proc/sys/net/ipv4/ip_dynaddr¶ó°í Ä¿³Î¿¡ ¿É¼ÇÀ» Á־ ÀÌ·¯ÇÑ Ãʱ⠼³Á¤¿¡ °üÇÑ °ÍÀ» ÇØ°áÇÒ ¼öµµ ÀÖ´Ù. 6.8. IPPORTFW, IPMASQADM, IPAUTOFW, REDIR, UDPRED µî°ú ±âŸÀÇ Æ÷Æ® Æ÷¿öµù µµ±¸µé IPPORTFW, IPAUTOFW, REDIR, UDPRED µî°ú ±âŸ ´Ù¸¥ ÇÁ·Î±×·¥µéÀº ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵带 À§ÇÑ ÀϹÝÀûÀº TCP¶Ç´Â UDP Æ÷Æ® Æ÷¿öµù µµ±¸µéÀÌ´Ù. ÀÌ·¯ÇÑ µµ±¸µéÀº ÀϹÝÀûÀ¸·Î, ÇöÀçÀÇ FTP, Quake µîÀ» À§ÇÑ Æ¯Á¤ÇÑ IP ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâµé°ú ÇÔ²² »ç¿ëµÇ°Å³ª ´ëüÇؼ­ »ç¿ëµÈ´Ù. Æ÷Æ® Æ÷¿öµù µµ±¸µéÀ» »ç¿ëÇϸé, ÀÎÅͳÝÀ¸·ÎºÎÅÍ ¿À´Â Á¢¼ÓµéÀ», IP ¸¶½ºÄ¿·¹À̵ù µÚ¿¡¼­ ³»ºÎ ÁÖ¼Ò¸¸ °¡Áö°í ÀÖ´Â ÄÄÇ»ÅÍ·Î Àü´ÞÇØ ÁÙ ¼ö ÀÖ´Ù. ÀÌ·¯ÇÑ Æ÷¿öµù ±â´ÉÀº TELNET, WWW, SMTP, FTP (Ưº°ÇÑ ÆÐÄ¡¸¦ ÇÊ¿ä·Î ÇÑ´Ù - ¾Æ·¡¸¦ º¼ °Í), ICQ ¿Í ´Ù¸¥ ¸¹Àº ³×Æ®¿÷ ÇÁ·ÎÅäÄݵéÀ» ó¸®ÇÒ ¼ö ÀÖ´Ù. ÁÖÀÇ: ¸¸¾à IP ¸¶½ºÄ¿·¹À̵ù ¾øÀÌ ´ÜÁö Æ÷Æ® Æ÷¿öµù¸¸À» ÇÏ±æ ¿øÇÑ´Ù Çصµ, ¿©ÀüÈ÷ Ä¿³Î°ú IPFWADM³ª IPCHAINS Á¤Ã¥ ³»¿¡ IP ¸¶½ºÄ¿·¹À̵ù ±â´ÉÀ» Ãß°¡ÇÏ°í¼­ ¸®´ª½ºÀÇ Æ÷Æ® Æ÷¿öµù µµ±¸µéÀ» »ç¿ëÇØ¾ß ÇÑ´Ù. ±×·¯¸é À̰͵éÀÇ Â÷ÀÌ´Â ¹«¾ùÀΰ¡? IPAUTOFW, REDIR¿Í UDPRED(¸ðµç URLµéÀº ``'' ¼½¼Ç¿¡ ÀÖ´Ù)µîÀº IP ¸¶½ºÄ¿·¹ÀÌµå »ç¿ëÀÚ°¡ ÀÌ ±â´ÉÀ» »ç¿ëÇϱâ À§Çؼ­ ÇÊ¿äÇÑ ÃʱâÀÇ µµ±¸µéÀ̾ú´Ù. ½Ã°£ÀÌ È帣°í, ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵尡 ¹ßÀüÇϸ鼭, ÀÌ µµ±¸µéÀº ´õ Áö´ÉÀûÀÎ ÇØ°áÃ¥ÀÎ IPPORTFW·Î ´ëüµÇ¾ú´Ù. »õ·Î¿î µµ±¸µéÀ» »ç¿ë°¡´ÉÇÏ°Ô µÇ¾ú±â ¶§¹®¿¡, IPQUTOFW¿Í REDIR¿Í °°Àº ¿¹ÀüÀÇ µµ±¸µéÀ» »ç¿ëÇÏ´Â °ÍÀº *¸Å¿ì ¹Ù¶÷Á÷ÇÏÁö ¾Ê´Ù*. À̵éÀº Ä¿³Î°ú ÇÔ²² Á¦´ë·Î µ¿ÀÛÇÏÁö ¸øÇϰųª ½ÉÁö¾î ¿©·¯ºÐÀÇ ¸®´ª½º ¼­¹ö¸¦ Æı«ÇÒ ¼öµµ ÀÖ´Ù. 2.0.x ¹öÁ¯ÀÇ IPPORTFW³ª 2.2.x ¹öÁ¯ÀÇ IPMASQADMÀ» IPPORTFW¿Í ÇÔ²² »ç¿ëÇϱâ Àü¿¡, ´Ù¸¥ Æ÷Æ® Æ÷¿öµù µµ±¸µéÀ» »ç¿ëÇÏ¸é ³×Æ®¿÷ º¸¾È ¹®Á¦¸¦ ÀÏÀ¸Å³ ¼ö ÀÖ´Ù. ±× ÀÌÀ¯´Â ÀÌ·¯ÇÑ µµ±¸µéÀº TCP/UDP Æ÷Æ®¸¦ Æ÷¿öµùÇϱâ À§Çؼ­ ±âº»ÀûÀ¸·Î ÆÐŶ ¹æÈ­º®¿¡ ±¸¸ÛÀ» ¸¸µé±â ¶§¹®ÀÌ´Ù. ÀÌ°ÍÀÌ ¸®´ª½º ¸Ó½Å¿¡ À§ÇùÀ» ÁÖÁö´Â ¾ÊÁö¸¸, ÆÐŶÀÌ Æ÷¿öµùµÇ´Â ³»ºÎÀÇ ÄÄÇ»ÅÍ¿¡°Ô´Â ¹®Á¦°¡ µÉ ¼öµµ ÀÖ´Ù. Å« ¹®Á¦´Â ¾Æ´ÏÁö¸¸, IPPORTFWÀÇ Á¦ÀÛÀÚÀÎ Steven ClarkeÀº ´ÙÀ½°ú °°ÀÌ ¸»ÇÑ´Ù: "ÇØ´çÇÏ´Â IPFWADM/IPCHAINS Á¤Ã¥¿¡ µé¾î¸Âµµ·Ï, Æ÷Æ® Æ÷¿öµùÀº ¸¶½ºÄ¿·¹À̵ù ÇÔ¼ö¿¡¼­¸¸ ºÒ·ÁÁø´Ù. ¸¶½ºÄ¿·¹À̵ùÀº IP Æ÷¿öµùÀ¸·Î È®ÀåµÈ´Ù. ±×·¡¼­, ipportfw´Â ÀԷ°ú ipfwadm Á¤Ã¥ ¸ðµÎ¿¡ µé¾î¸Â´Â ÆÐŶ¸¸À» º¼ ¼ö ÀÖ´Ù." ÀÌ·¯ÇÑ ÀÌÀ¯·Î, °­·ÂÇÑ ¹æÈ­º® Á¤Ã¥À» »ç¿ëÇÏ´Â °ÍÀÌ Áß¿äÇÏ´Ù. °­·ÂÇÑ ¹æÈ­º® Á¤Ã¥¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ °ÍÀº ``''°ú ``'' ¼½¼ÇÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù. ÀÌÁ¦, IPPORTFW Æ÷¿öµùÀ» 2.0.x³ª 2.2.x Ä¿³Î¿¡ »ç¿ëÇϱâ À§Çؼ­´Â, ¸®´ª½º Ä¿³ÎÀÌ IPPORTFW¸¦ Áö¿øÇϵµ·Ï ÀçÄÄÆÄÀÏÇØ¾ß ÇÑ´Ù. o 2.0.x Ä¿³Î »ç¿ëÀÚµéÀº ¾Æ·¡¿Í °°Àº °£´ÜÇÑ Ä¿³Î ¿É¼Ç ÆÐÄ¡¸¦ ÇØ¾ß ÇÑ´Ù. o 2.2.x Ä¿³Î »ç¿ëÀÚµéÀº IPMASQADMÀ» ÅëÇؼ­ ÀÌ¹Ì IPPORTFW Ä¿³Î ¿É¼ÇÀ» »ç¿ëÇÒ ¼ö ÀÖÀ» °ÍÀÌ´Ù. 6.8.1. 2.0.x Ä¿³Î¿¡¼­ IPPORTFW »ç¿ë ¿ì¼±, /usr/src/linux µð·ºÅ丮¿¡ °¡Àå ÃÖ½ÅÀÇ 2.0.x Ä¿³ÎÀÌ Á¸ÀçÇÏ´ÂÁö È®ÀÎÇÑ´Ù. ¸¸¾à ¾ø´Ù¸é, ``'' ¼½¼Ç¿¡¼­ ÀÚ¼¼ÇÑ »çÇ×À» ÂüÁ¶ÇÑ´Ù. ´ÙÀ½À¸·Î, ``'' ¼½¼Ç¿¡¼­ "ipportfw.c" ÇÁ·Î±×·¥°ú "subs-patch-x.gz" Ä¿³Î ÆÐÄ¡¸¦ ´Ù¿î·ÎµåÇؼ­ /usr/src/ µð·ºÅ丮¿¡ ¾ÐÃàÀ» Ǭ´Ù. ÁÖÀÇ: "subs-patch-x.gz"ÀÇ È­ÀÏ¸í¿¡¼­ "x"´Â ±× »çÀÌÆ®¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Â °¡Àå ÃÖ½ÅÀÇ ¹öÁ¯À¸·Î ´ëÄ¡ÇÑ´Ù. ÀÌÁ¦, IPPORTFW ÆÐÄ¡(subs-patch-x.gz)¸¦ ¸®´ª½º µð·ºÅ丮·Î º¹»çÇÑ´Ù. cp /usr/src/subs-patch-1.37.gz /usr/src/linux ´ÙÀ½¿¡, IPPORTFW Ä¿³Î ¿É¼ÇÀ» »ý¼ºÇϱâ À§Çؼ­ Ä¿³Î ÆÐÄ¡¸¦ ÇÑ´Ù: cd /usr/src/linux zcat subs-patch-1.3x.gz | patch -p1 ´ÙÀ½À¸·Î, FTP Á¢¼ÓÀ» ³»ºÎÀÇ ¼­¹ö·Î Æ÷Æ® Æ÷¿öµùÇÏ°íÀÚ ÇÑ´Ù¸é, ``'' ¼½¼Ç¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Â »õ·Î¿î IP_MASQ_FTP ¸ðµâ ÆÐÄ¡¸¦ ÇØ¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº ÀÌ ¼½¼ÇÀÇ ³ªÁß ºÎºÐ¿¡ ³ª¿Í ÀÖ´Ù. ÀÚ, ``'' ¼½¼Ç¿¡ ÀÖ´Â °Íó·³ Ä¿³ÎÀ» ÄÄÆÄÀÏÇÒ Â÷·ÊÀÌ´Ù. Ä¿³ÎÀ» ¼³Á¤ÇÏ´Â ´Ü°è¿¡¼­ IPPORTFW ¿É¼Ç¿¡ YES¶ó°í Çϵµ·Ï ÇÑ´Ù. ÀÏ´Ü ÄÄÆÄÀÏÀÌ ³¡³ª°í »õ·Î¿î Ä¿³Î·Î ¸®ºÎÆ®ÇÏ°í ³ª¸é, ´Ù½Ã ÀÌ ¼½¼ÇÀ¸·Î µ¹¾Æ¿Â´Ù. ÀÌÁ¦ »õ·Î ÄÄÆÄÀÏÇÑ Ä¿³ÎÀ» »ç¿ëÇؼ­, ½ÇÁ¦ÀÇ "IPPORTFW" ÇÁ·Î±×·¥À» ÄÄÆÄÀÏÇÏ°í ¼³Ä¡ÇÑ´Ù. cd /usr/src gcc ipportfw.c -o ipportfw mv ipportfw /usr/local/sbin ÀÌÁ¦, ¿¹¸¦ µé¾î¼­ ¸ðµç À¥ Á¢¼Ó(Æ÷Æ® 80)À» ¸¶½ºÄ¿·¹À̵åµÇ´Â ³»ºÎÀÇ ¸Ó½Å Áß¿¡¼­ 192.168.0.10À» ÁÖ¼Ò·Î °°Àº ¸Ó½ÅÀ¸·Î Æ÷¿öµåÇÏ·Á ÇÑ´Ù°í ÇÏÀÚ. ÁÖÀÇ: ÀÏ´Ü Æ÷Æ® 80À» Æ÷Æ® Æ÷¿öµùÇϸé, ¸®´ª½º IP ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö´Â ±× Æ÷Æ®¸¦ ´õÀÌ»ó »ç¿ëÇÏÁö ¸øÇÑ´Ù. ´õ ±¸Ã¼ÀûÀ¸·Î, ¸¸¾à ¿©·¯ºÐÀÌ ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö¿¡ ÀÌ¹Ì À¥ ¼­¹ö¸¦ ¿î¿µÇÏ°í ÀÖ°í Æ÷Æ® 80À» ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»ÅÍ·Î Æ÷Æ® Æ÷¿öµùÇÑ´Ù¸é, ¸ðµç ÀÎÅÍ³Ý »ç¿ëÀÚµéÀº IP ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö¿¡¼­ º¸³»´Â ÆäÀÌÁö°¡ ¾Æ´Ñ -³»ºÎÀÇ- À¥ ¼­¹ö¿¡¼­ º¸³»´Â ÆäÀÌÁö¸¦ º¼ °ÍÀÌ´Ù. À̸¦ ÇØ°áÇϱâ À§ÇÑ À¯ÀÏÇÑ ¹æ¹ýÀº ¿¹¸¦ µé¾î 8080°ú °°Àº ´Ù¸¥ Æ÷Æ®¸¦ ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ¸Ó½ÅÀ¸·Î Æ÷Æ® Æ÷¿öµùÇÏ´Â °ÍÀÌ´Ù. ÀÌ·¸°Ô ÇÏ¸é µÇ±ä ÇÏÁö¸¸, ¸ðµç ÀÎÅÍ³Ý »ç¿ëÀÚµéÀº ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â À¥ ¼­¹ö¿¡ Á¢¼ÓÇϱâ À§Çؼ­ URL¿¡ :8080À» µ¡ºÙ¿©¾ß ÇÑ´Ù. ¾î·µç, Æ÷Æ® Æ÷¿öµùÀ» »ç¿ëÇϱâ À§Çؼ­´Â, /etc/rc.d/rc.firewall Á¤Ã¥È­ÀÏÀ» ÆíÁýÇÑ´Ù. ´ÙÀ½¿¡ ÀÖ´Â ³»¿ëÀ» Ãß°¡ÇϵÇ, "$extip"´Â ¿©·¯ºÐÀÇ ÀÎÅÍ³Ý IP ÁÖ¼Ò·Î ´ëÄ¡ÇÑ´Ù. ÁÖÀÇ: ¸¸¾à ¿©·¯ºÐÀÌ ISP ·ÎºÎÅÍ(PPP, ADSL, ÄÉÀÌºí ¸ðµ©, ±âŸ µîµî) µ¿Àû TCP/IP ÁÖ¼Ò¸¦ ¹Þ¾Æ¼­ »ç¿ëÇÑ´Ù¸é, /etc/rc.d/rc.firewall Á¤Ã¥È­ÀÏÀ» ´õ Áö´ÉÀûÀ¸·Î ¸¸µé¾î¾ß ÇÒ °ÍÀÌ´Ù. °­·ÂÇÑ Á¤Ã¥µé°ú µ¿Àû IP ÁÖ¼Ò¿¡ °üÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº TrinityOS - Section 10 À» ÂüÁ¶Çϱ⠹ٶõ´Ù. /etc/rc.d/rc.firewall -- #echo "Enabling IPPORTFW Redirection on the external LAN.." # /usr/local/sbin/ipportfw -C /usr/local/sbin/ipportfw -A -t$extip/80 -R 192.168.0.10/80 -- ÀÚ ÀÌÁ¦ µÆ´Ù! /etc/rc.d/rc.firewall Á¤Ã¥È­ÀÏÀ» ´Ù½Ã ½ÇÇà½ÃÅ°°í ½ÃÇèÇØ º¸ÀÚ! ¸¸¾à¿¡ "ipfwadm: setsockopt failed: Protocol not available" ¶ó´Â ¿¡·¯ ¸Þ½ÃÁö¸¦ º¸°Ô µÈ´Ù¸é, »õ·Î ÄÄÆÄÀÏÇÑ Ä¿³ÎÀ» »ç¿ëÇÏ°í ÀÖÁö ¾Ê´Â °ÍÀÌ´Ù. »õ·Î¿î Ä¿³ÎÀ» Á¦´ë·Î µÈ À§Ä¡¿¡ ¿Å°Ü ³õ¾Ò´ÂÁö, LILO¸¦ Àç ½ÇÇàÇß´ÂÁö È®ÀÎÇÏ°í ´Ù½Ã Çѹø ¸®ºÎÆ®ÇÑ´Ù. FTP ¼­¹öÀÇ Æ÷Æ® Æ÷¿öµù: FTP¸¦ ³»ºÎÀÇ ¸Ó½ÅÀ¸·Î Æ÷Æ® Æ÷¿öµùÇÏ°íÀÚ ÇÑ´Ù¸é, ÀÏÀÌ Á» ´õ º¹ÀâÇØÁø´Ù. ±× ÀÌÀ¯´Â Ç¥ÁØÀÇ IP_MASQ_FTP Ä¿³Î ¸ðµâÀÌ ÀÌ·¯ÇÑ ¸ñÀûÀ¸·Î ¸¸µé¾îÁ® ÀÖÁö ¾Ê±â ¶§¹®ÀÌ´Ù. ´ÙÇàÈ÷ Fred Viles°¡ ÀÌ·¯ÇÑ ¸ñÀûÀ¸·Î µ¿ÀÛÇϵµ·Ï ¼öÁ¤µÈ IP_MASQ_FTP ¸ðµâÀ» ÀÛ¼ºÇß´Ù. Á¤È®È÷ ¹«¾ùÀÌ ¹®Á¦ÀÎÁö ¾Ë°í ½Í´Ù¸é, Fred°¡ ¹®¼­¸¦ ¸Å¿ì Àß ÀÛ¼ºÇØ ³õ¾ÒÀ¸´Ï ±×°ÍÀ» ´Ù¿î·ÎµåÇØ º¸±â ¹Ù¶õ´Ù. ÀÌ ÆÐÄ¡´Â ´Ù¼Ò ½ÇÇèÀûÀÎ ¸éÀÌ ÀÖ´Ù´Â °Íµµ ¾Ë¾ÆµÎ±â ¹Ù¶õ´Ù. ¶ÇÇÑ ÇöÀç ÀÌ ÆÐÄ¡´Â 2.0.x Ä¿³Î¿ë¿¡¼­¸¸ »ç¿ëÇÒ ¼ö ÀÖ´Ù´Â °Íµµ ¾Ë¾ÆµÎ±â ¹Ù¶õ´Ù. 2.2.x Ä¿³Î·ÎÀÇ Æ÷Æõµ ¾î´À Á¤µµ ÀÌ·ç¾îÁ® ÀÖÁö¸¸, ¿©±â¿¡ µµ¿òÀ» ÁÖ°í ½Í´Ù¸é Fred Viles - fv@episupport.com·Î Á÷Á¢ À̸ÞÀÏÀ» º¸³»±â ¹Ù¶õ´Ù. ÀÌÁ¦ ´ÙÀ½ °úÁ¤À» °ÅÃļ­ 2.0.x ÆÐÄ¡¸¦ ÇÑ´Ù: o ¿ì¼± ÀÌ ¼½¼ÇÀÇ ¾Õ ºÎºÐ¿¡ ÀÖ´Â °Í°ú °°ÀÌ IPPORTFW Ä¿³Î ÆÐÄ¡¸¦ °¡ÇÑ´Ù. o ``'' ¼½¼Ç¿¡ ¼ö·ÏµÈ Fred VilesÀÇ FTP ¼­¹ö¿¡¼­ "msqsrv-patch-36"¸¦ ´Ù¿î·ÎµåÇÏ°í /usr/src/linux¿¡ ³Ö´Â´Ù. o "cat msqsrv-patch-36 | patch -p1"¶ó°í ¸í·ÉÇؼ­ ÀÌ »õ·Î¿î ÄÚµå·Î Ä¿³ÎÀ» ÆÐÄ¡ÇÑ´Ù. o ÀÌÁ¦, ¿ø·¡ÀÇ "ip_masq_ftp.c" Ä¿³Î ¸ðµâÀ» »õ·Î¿î °ÍÀ¸·Î ´ëüÇÑ´Ù. o mv /usr/src/linux/net/ipv4/ip_masq_ftp.c /usr/src/linux/net/ipv4/ip_masq_ftp.c.orig o mv /usr/src/linux/ip_masq_ftp.c /usr/src/linux/net/ipv4/ip_masq_ftp.c o ¸¶Áö¸·À¸·Î »õ·Î¿î Äڵ尡 Àû¿ëµÈ Ä¿³ÎÀ» »ý¼ºÇؼ­ ÀνºÅçÇÑ´Ù. ´Ù µÆÀ¸¸é, /etc/rc.d/rc.firewall Á¤Ã¥È­ÀÏÀ» ÆíÁýÇؼ­ ´ÙÀ½ ³»¿ëÀ» Ãß°¡Ç쵂 "$extip"´Â ¿©·¯ºÐÀÇ ÀÎÅÍ³Ý IP ÁÖ¼Ò·Î ´ëÄ¡ÇÑ´Ù. ÁÖÀÇ: ¸¸¾à ¿©·¯ºÐÀÌ ISP ·ÎºÎÅÍ(PPP, ADSL, ÄÉÀÌºí ¸ðµ©, ±âŸ µîµî) µ¿Àû TCP/IP ÁÖ¼Ò¸¦ ¹Þ¾Æ¼­ »ç¿ëÇÑ´Ù¸é, /etc/rc.d/rc.firewall Á¤Ã¥È­ÀÏÀ» ´õ Áö´ÉÀûÀ¸·Î ¸¸µé¾î¾ß ÇÒ °ÍÀÌ´Ù. °­·ÂÇÑ Á¤Ã¥µé°ú µ¿Àû IP ÁÖ¼Ò¿¡ °üÇÑ ÀÚ¼¼ÇÑ »çÇ×Àº TrinityOS - Section 10 À» ÂüÁ¶Çϱ⠹ٶõ´Ù. ÀÌ ¿¹´Â À§¿¡¼­¿Í °°ÀÌ ¸ðµç FTP Á¢¼Ó(Æ÷Æ® 21)À» ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ¸Ó½Å Áß 192.168.0.10ÀÇ ÁÖ¼Ò¸¦ °®´Â ¸Ó½ÅÀ¸·Î Æ÷Æ® Æ÷¿öµùÇÒ °ÍÀÌ´Ù. ÁÖÀÇ: ÀÏ´Ü Æ÷Æ® 21À» Æ÷Æ® Æ÷¿öµùÇϸé, ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö´Â ±× Æ÷Æ®¸¦ ´õ ÀÌ»ó »ç¿ëÇÏÁö ¸øÇÒ °ÍÀÌ´Ù. ´õ ±¸Ã¼ÀûÀ¸·Î, ¸¸¾à ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö¿¡ ÀÌ¹Ì FTP ¼­¹ö¸¦ ¿î¿µÇÏ°í ÀÖ´Ù¸é, ¸ðµç ÀÎÅÍ³Ý »ç¿ëÀÚÀÇ FTP Á¢¼ÓÀº IP ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö°¡ ¾Æ´Ï¶ó -³»ºÎÀÇ- FTP ¼­¹ö·Î °¥ °ÍÀÌ´Ù. /etc/rc.d/rc.firewall -- #echo "Enabling IPPORTFW Redirection on the external LAN.." # /usr/local/sbin/ipportfw -C /usr/local/sbin/ipportfw -A -t$extip/21 -R 192.168.0.10/21 -- ÀÚ ÀÌÁ¦ µÆ´Ù! /etc/rc.d/rc.firewall Á¤Ã¥È­ÀÏÀ» ´Ù½Ã ½ÇÇà½ÃÅ°°í ½ÃÇèÇØ º¸ÀÚ! ¸¸¾à¿¡ "ipchains: setsockopt failed: Protocol not available" ¶ó´Â ¿¡·¯ ¸Þ½ÃÁö¸¦ º¸°Ô µÈ´Ù¸é, »õ·Î ÄÄÆÄÀÏÇÑ Ä¿³ÎÀ» »ç¿ëÇÏ°í ÀÖÁö ¾Ê´Â °ÍÀÌ´Ù. »õ·Î¿î Ä¿³ÎÀ» Á¦´ë·Î µÈ À§Ä¡¿¡ ¿Å°Ü ³õ¾Ò´ÂÁö, LILO¸¦ Àç ½ÇÇàÇß´ÂÁö È®ÀÎÇÏ°í ´Ù½Ã Çѹø ¸®ºÎÆ®ÇÑ´Ù. »õ·Î¿î Ä¿³ÎÀ» »ç¿ëÇÏ°í ÀÖ´Â °ÍÀÌ È®½ÇÇÏ´Ù¸é, "ls /proc/net"À̶ó°í ¸í·ÉÇؼ­ "ip_portfw" È­ÀÏÀÌ ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. ¾ø´Ù¸é, Ä¿³ÎÀ» ¼³Á¤ÇÏ´Â ´Ü°è¿¡¼­ ¹«¾ùÀΰ¡ ºüÆ®·ÈÀ» °ÍÀÌ´Ù. Ä¿³ÎÀ» ´Ù½Ã ¸¸µç´Ù. 6.8.2. 2.2.x Ä¿³Î¿¡¼­ IPPORTFW¿Í ÇÔ²² IPMASQADM »ç¿ë ¿ì¼±, /usr/src/linux µð·ºÅ丮¿¡ ÃÖ½ÅÀÇ 2.2.x Ä¿³ÎÀÌ ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. ¾ø´Ù¸é, ``'' ¼½¼Ç¿¡¼­ ÀÚ¼¼ÇÑ »çÇ×À» ÂüÁ¶ÇÑ´Ù. ´ÙÀ½À¸·Î, ``'' ¼½¼Ç¿¡¼­ "ipmasqadm.c" ÇÁ·Î±×·¥À» ´Ù¿î·ÎµåÇؼ­ /usr/src/ µð·ºÅ丮¿¡ ³Ö´Â´Ù. ´ÙÀ½À¸·Î, ``'' ¼½¼Ç¿¡ ÀÖ´Â °Í°ú °°ÀÌ 2.2.x Ä¿³ÎÀ» ÄÄÆÄÀÏÇØ¾ß ÇÑ´Ù. Ä¿³ÎÀ» ¼³Á¤ÇÏ´Â ´Ü°è¿¡¼­ IPPORTFW ¿É¼Ç¿¡ YES ¶ó°í ÇÑ´Ù. ÀÏ´Ü Ä¿³ÎÀ» ÄÄÆÄÀÏÇؼ­ ¸®ºÎÆ®ÇÑ ÈÄ¿¡ ÀÌ ¼½¼ÇÀ¸·Î µ¹¾Æ¿Â´Ù. ÀÌÁ¦, IPMASQADM µµ±¸¸¦ ÄÄÆÄÀÏÇÏ°í ¼³Ä¡ÇÑ´Ù: cd /usr/src tar xzvf ipmasqadm-x.tgz cd ipmasqadm-x make make install ÀÌÁ¦, ¿¹¸¦ µé¾î¼­ ¸ðµç À¥ Á¢¼Ó(Æ÷Æ® 80)À» ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ¸Ó½ÅÁß¿¡¼­ 192.168.0.10À» ÁÖ¼Ò·Î °®´Â ¸Ó½ÅÀ¸·Î Æ÷Æ® Æ÷¿öµùÇÑ´Ù°í ÇÏÀÚ. ÁÖÀÇ: FTP Á¢¼ÓÀ» Æ÷Æ® Æ÷¿öµùÇϱâ À§Çؼ­ ¼öÁ¤µÈ IP_MASQ_FTP ¸ðµâÀÌ ÇöÀç·Î´Â 2.2.x Ä¿³Î¿¡¼­ µ¿ÀÛÇÏÁö ¾ÊÀ» Áöµµ ¸ð¸¥´Ù. ÇÏÁö¸¸ À̸¦ ½ÃÇèÇØ º¸°í ½Í´Ù¸é, ÀÌ ¸ðµâÀ» 2.2.x Ä¿³Î¿ëÀ¸·Î Æ÷ÆÃÇØ º¸¶ó. ±×¸®°í Ambrose ¿Í David¿¡°Ô ¿©·¯ºÐÀÇ °á°ú¹°À» ¸ÞÀÏ·Î º¸³» Áֱ⠹ٶõ´Ù. ÁÖÀÇ: ÀÏ´Ü Æ÷Æ® 80À» Æ÷Æ® Æ÷¿öµùÇÏ°í ³ª¸é, ¸®´ª½º IP ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö´Â ±× Æ÷Æ®¸¦ »ç¿ëÇÏÁö ¸øÇÑ´Ù. ´õ ±¸Ã¼ÀûÀ¸·Î, ¸¸¾à ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö¿¡ ÀÌ¹Ì À¥ ¼­¹ö¸¦ ¿î¿µÇÏ°í ÀÖ´Ù¸é, ¸ðµç ÀÎÅÍ³Ý »ç¿ëÀÚµéÀº ¿©·¯ºÐÀÇ IP ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö°¡ ¾Æ´Ñ -³»ºÎÀÇ- À¥ ¼­¹ö¿¡¼­ À¥ ÆäÀÌÁö¸¦ ¹Þ¾Æ º¼ °ÍÀÌ´Ù. ¾î·µç, Æ÷Æ® Æ÷¿öµùÀ» Çϱâ À§Çؼ­´Â /etc/rc.d/rc.firewall Á¤Ã¥ È­ÀÏÀ» ÆíÁýÇÑ´Ù. ´ÙÀ½ÀÇ ³»¿ëÀ» Ãß°¡ÇϵÇ, "$extip"¸¦ ¿©·¯ºÐÀÇ ÀÎÅÍ³Ý IP ÁÖ¼Ò·Î ´ëÄ¡ÇÑ´Ù. ÁÖÀÇ: ¸¸¾à ISP·ÎºÎÅÍ(PPP, ADSL, ÄÉÀÌºí ¸ðµ©, ±âŸ µîµî) µ¿Àû TCP/IP ÁÖ¼Ò¸¦ ¹Þ¾Æ¼­ »ç¿ëÇÏ°í ÀÖ´Ù¸é, /etc/rc.d/rc.firewall Á¤Ã¥È­ÀÏÀ» Á»´õ Áö´ÉÀûÀ¸·Î ¸¸µé ÇÊ¿ä°¡ ÀÖ´Ù. °­·ÂÇÑ ¹æÈ­º® Á¤Ã¥°ú µ¿Àû IP ÁÖ¼Ò¿¡ °üÇÑ ÀÚ¼¼ÇÑ »çÇ׿¡ ´ëÇؼ­´Â TrinityOS - Section 10 À» ÂüÁ¶Çϱ⠹ٶõ´Ù. ¿©±â¿¡ ÈùÆ®¸¦ ÇÑ°¡Áö Á¦°øÇÑ´Ù: PPP »ç¿ëÀÚµéÀ» À§ÇÑ /etc/ppp/ip-up È­ÀÏ. /etc/rc.d/rc.firewall -- #echo "Enabling IPPORTFW Redirection on the external LAN.." # /usr/sbin/ipmasqadm portfw -f /usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 80 -R 192.168.0.10 80 -- ÀÚ ÀÌÁ¦ µÆ´Ù! /etc/rc.d/rc.firewall Á¤Ã¥È­ÀÏÀ» ´Ù½Ã ½ÇÇà½ÃÅ°°í ½ÃÇèÇØ º¸ÀÚ! ¸¸¾à¿¡ "ipchains: setsockopt failed: Protocol not available" ¶ó´Â ¿¡·¯ ¸Þ½ÃÁö¸¦ º¸°Ô µÈ´Ù¸é, »õ·Î ÄÄÆÄÀÏÇÑ Ä¿³ÎÀ» »ç¿ëÇÏ°í ÀÖÁö ¾Ê´Â °ÍÀÌ´Ù. »õ·Î¿î Ä¿³ÎÀ» Á¦´ë·Î µÈ À§Ä¡¿¡ ¿Å°Ü ³õ¾Ò´ÂÁö, LILO¸¦ Àç ½ÇÇàÇß´ÂÁö È®ÀÎÇÏ°í ´Ù½Ã Çѹø ¸®ºÎÆ®ÇÑ´Ù. »õ·Î¿î Ä¿³ÎÀ» »ç¿ëÇÏ°í ÀÖ´Â °ÍÀÌ È®½ÇÇÏ´Ù¸é, "ls /proc/net/ip_masq"¶ó°í ¸í·ÉÇؼ­ "portfw" È­ÀÏÀÌ ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. ¾ø´Ù¸é, Ä¿³ÎÀ» ¼³Á¤ÇÏ´Â ´Ü°è¿¡¼­ ¹«¾ùÀΰ¡ ºüÆ®·ÈÀ» °ÍÀÌ´Ù. Ä¿³ÎÀ» ´Ù½Ã ¸¸µç´Ù. 6.9. CU-SeeMe¿Í ¸®´ª½º IP ¸¶½ºÄ¿·¹ÀÌµå ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵å´Â "ip_masq_cuseeme" Ä¿³Î ¸ðµâÀ» ÅëÇؼ­ CuSeeme¸¦ Áö¿øÇÑ´Ù. ÀÌ Ä¿³Î ¸ðµâÀº /etc/rc.d/rc.firewall ½ºÅ©¸³Æ®¿¡¼­ ¸Þ¸ð¸®¿¡ ÀûÀçµÇ¾î¾ß ÇÑ´Ù. ÀÏ´Ü "ip_masq_cuseeme" ¸ðµâÀÏ ¼³Ä¡µÇ¸é, ¿ø°ÝÀÇ reflectorµéÀ̳ª »ç¿ëÀڵ鿡°Ô Á¢¼Ó ½ÅÈ£¸¦ º¸³»°Å³ª Á¢¼ÓÀ» ¹Þ¾ÆµéÀÏ ¼ö ÀÖ°Ô µÈ´Ù. ÁÖÀÇ: CuSeeme¸¦ »ç¿ëÇϱâ À§Çؼ­´Â ¿¹ÀüÀÇ IPAUTOFW µµ±¸ ´ë½Å¿¡ IPPORTFW µµ±¸¸¦ »ç¿ëÇÒ °ÍÀ» ±ÇÀåÇÑ´Ù. CuSeeme¸¦ ¼³Á¤ÇÏ´Â µ¥ À־ ´õ È®½ÇÇÑ Á¤º¸°¡ ÇÊ¿äÇÏ´Ù¸é, Michael Owings's CuSeeMe page ¿¡¼­ ¹Ì´Ï-ÇÏ¿ìÅõ¸¦ º¸°Å³ª The IP Masquerade Resources¿¡¼­ ¹Ì´Ï-ÇÏ¿ìÅõÀÇ ¹Ì·¯ ÆäÀÌÁö¸¦ º¼ ¼ö ÀÖÀ» °ÍÀÌ´Ù. 6.10. Mirabilis ICQ ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼­¹öÀÇ µÚ¿¡¼­ ICQ¸¦ »ç¿ëÇÏ´Â ¹æ¹ýÀº µÎ°¡Áö°¡ ÀÖ´Ù. ÇÑ°¡Áö ¹æ¹ýÀº »õ·Î¿î ICQ ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀ» »ç¿ëÇÏ´Â °ÍÀÌ°í, ´Ù¸¥ ÇÑ°¡Áö´Â IPPORTFW¸¦ »ç¿ëÇÏ´Â °ÍÀÌ´Ù. ICQ ¸ðµâÀº ¸î°¡Áö À̵æ°ú ÇÔ²² Á¦Çѵµ ÀÖ´Ù. ÀÌ ¸ðµâÀº °£´ÜÇÑ ¼³Á¤À¸·Î ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö µÚ¿¡¼­ ¿©·¯¸íÀÌ ICQ¸¦ »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù. ICQ Ŭ¶óÀ̾ðÆ®¿¡¼­ Ưº°ÇÑ ¼³Á¤À» ÇÊ¿ä·Î ÇÏÁöµµ ¾Ê´Â´Ù. ±×·¯³ª, ÇöÀç´Â È­ÀÏ Àü¼Û°ú ½Ç½Ã°£ äÆÃÀÌ µÇÁö ¾Ê´Â´Ù. IPPORTFW¸¦ ¼³Á¤Çؼ­ »ç¿ëÇϸé, ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö¿Í ICQ Ŭ¶óÀ̾ðÆ® ¸ðµÎ¿¡ ¸î°¡Áö ¼³Á¤À» º¯°æ½ÃÄÑÁà¾ß ÇÏÁö¸¸, ICQÀÇ ¸Þ½ÃÁö ±â´É, URL ±â´É, äÆÃ, È­ÀÏ Àü¼Û µî ¸ðµç °ÍÀÌ µ¿ÀÛÇÒ °ÍÀÌ´Ù. Andrew DeryabinÀÇ djsf@usa.net 2.2.x Ä¿³ÎÀ» À§ÇÑ ICQ IP ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâ¿¡ °ü½ÉÀÌ ÀÖ´Ù¸é, ``'' ¼½¼Ç¿¡¼­ ÀÚ¼¼ÇÑ »çÇ×À» È®ÀÎÇϱ⠹ٶõ´Ù. ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö µÚ¿¡¼­ ICQ¸¦ »ç¿ëÇϱâ À§ÇØ ´Ù¼Ò °íÀüÀûÀÎ ¹æ¹ýÀ» ¾²±æ ¿øÇÑ´Ù¸é ´ÙÀ½°ú °°ÀÌ ÇÑ´Ù: o ¿ì¼±, ¸®´ª½º Ä¿³Î¿¡ IPPORTFW ±â´ÉÀ» Æ÷ÇÔ½ÃŲ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù. o ´ÙÀ½À¸·Î, ´ÙÀ½ÀÇ ³»¿ëÀ» /etc/rc.d/rc.firewall È­ÀÏ¿¡ Ãß°¡ÇÑ´Ù. ÀÌ ¿¹´Â ¿ÜºÎ·Î ÅëÇÏ´Â ¿©·¯ºÐÀÇ ÀÎÅÍ³Ý IP ÁÖ¼Ò¸¦ 10.1.2.3À¸·Î, ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ICQ Ŭ¶óÀ̾ðÆ®¸¦ 192.168.0.10À¸·Î °¡Á¤Çß´Ù: IPFWADMÀ» »ç¿ëÇÏ´Â 2.0.x Ä¿³ÎÀÇ ¿¹: µÎ°¡Áö ¿¹¸¦ Æ÷ÇÔ½ÃÄ×´Ù: ¾î¶² °ÍÀ̵ç Àß µ¿ÀÛÇÒ °ÍÀÌ´Ù: ¿¹ #1 -- /usr/local/sbin/ipportfw -A -t10.1.2.3/2000 -R 192.168.0.10/2000 /usr/local/sbin/ipportfw -A -t10.1.2.3/2001 -R 192.168.0.10/2001 /usr/local/sbin/ipportfw -A -t10.1.2.3/2002 -R 192.168.0.10/2002 /usr/local/sbin/ipportfw -A -t10.1.2.3/2003 -R 192.168.0.10/2003 /usr/local/sbin/ipportfw -A -t10.1.2.3/2004 -R 192.168.0.10/2004 /usr/local/sbin/ipportfw -A -t10.1.2.3/2005 -R 192.168.0.10/2005 /usr/local/sbin/ipportfw -A -t10.1.2.3/2006 -R 192.168.0.10/2006 /usr/local/sbin/ipportfw -A -t10.1.2.3/2007 -R 192.168.0.10/2007 /usr/local/sbin/ipportfw -A -t10.1.2.3/2008 -R 192.168.0.10/2008 /usr/local/sbin/ipportfw -A -t10.1.2.3/2009 -R 192.168.0.10/2009 /usr/local/sbin/ipportfw -A -t10.1.2.3/2010 -R 192.168.0.10/2010 /usr/local/sbin/ipportfw -A -t10.1.2.3/2011 -R 192.168.0.10/2011 /usr/local/sbin/ipportfw -A -t10.1.2.3/2012 -R 192.168.0.10/2012 /usr/local/sbin/ipportfw -A -t10.1.2.3/2013 -R 192.168.0.10/2013 /usr/local/sbin/ipportfw -A -t10.1.2.3/2014 -R 192.168.0.10/2014 /usr/local/sbin/ipportfw -A -t10.1.2.3/2015 -R 192.168.0.10/2015 /usr/local/sbin/ipportfw -A -t10.1.2.3/2016 -R 192.168.0.10/2016 /usr/local/sbin/ipportfw -A -t10.1.2.3/2017 -R 192.168.0.10/2017 /usr/local/sbin/ipportfw -A -t10.1.2.3/2018 -R 192.168.0.10/2018 /usr/local/sbin/ipportfw -A -t10.1.2.3/2019 -R 192.168.0.10/2019 /usr/local/sbin/ipportfw -A -t10.1.2.3/2020 -R 192.168.0.10/2020 -- ¿¹ #2 -- port=2000 while [ $port -lt 2020 ] do /usr/local/sbin/ipportfw -A t10.1.2.3/$port -R 192.168.0.10/$port port=$((port+1) done -- IPCHAINS¸¦ »ç¿ëÇÏ´Â 2.2.x Ä¿³ÎÀÇ ¿¹: µÎ°¡Áö ¿¹¸¦ Æ÷ÇÔ½ÃÄ×´Ù: ¾î¶² °ÍÀ̵ç Àß µ¿ÀÛÇÒ °ÍÀÌ´Ù: ¿¹ #1 -- /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2000 -R 192.168.0.10 2000 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2001 -R 192.168.0.10 2001 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2002 -R 192.168.0.10 2002 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2003 -R 192.168.0.10 2003 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2004 -R 192.168.0.10 2004 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2005 -R 192.168.0.10 2005 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2006 -R 192.168.0.10 2006 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2007 -R 192.168.0.10 2007 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2008 -R 192.168.0.10 2008 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2009 -R 192.168.0.10 2009 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2010 -R 192.168.0.10 2010 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2011 -R 192.168.0.10 2011 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2012 -R 192.168.0.10 2012 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2013 -R 192.168.0.10 2013 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2014 -R 192.168.0.10 2014 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2015 -R 192.168.0.10 2015 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2016 -R 192.168.0.10 2016 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2017 -R 192.168.0.10 2017 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2018 -R 192.168.0.10 2018 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2019 -R 192.168.0.10 2019 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2020 -R 192.168.0.10 2020 -- ¿¹ #2 -- port=2000 while [ $port -lt 2020 ] do /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 $port -R 192.168.0.10 $port port=$((port+1) done -- o »õ·Î¿î rc.firewallÀÌ ÁغñµÇ¸é, °£´ÜÈ÷ "/etc/rc.d/rc.firewall"¶ó°í ¸í·ÉÇؼ­ Á¤Ã¥À» ´Ù½Ã ·ÎµåÇÏ°í Á¦´ë·Î µÇ´ÂÁö È®ÀÎÇÑ´Ù. ¸¸¾à ¿¡·¯°¡ ³­´Ù¸é, Ä¿³Î¿¡ IPPORTFW Áö¿øÀ» Æ÷ÇÔ½ÃÅ°Áö ¾Ê¾Ò°Å³ª rc.firewall È­ÀÏ¿¡¼­ ¿ÀŸ°¡ ³µÀ» °ÍÀÌ´Ù. o ÀÌÁ¦, ICQÀÇ Preferences(¼³Á¤)-->Connection(Á¢¼Ó)¿¡¼­, "Behind a LAN(LANÀ» ÅëÇؼ­ Á¢¼Ó)"°ú "Behind a firewall or Proxy(¹æÈ­º®À̳ª ÇÁ·Ï½Ã¸¦ ÅëÇؼ­ Á¢¼Ó)"À» ¼³Á¤ÇÑ´Ù. ÀÌÁ¦, "Firewall Settings(¹æÈ­º® ¼³Á¤)"À» Ŭ¸¯ÇÏ°í "I don't use a SOCK5 proxy(SOCK5 ÇÁ·Ï½Ã¸¦ »ç¿ëÇÏÁö ¾ÊÀ½)"·Î ¼³Á¤ÇÑ´Ù. ¿¹Àü¿¡´Â ICQÀÇ "Firewall session timeouts(¹æÈ­º® Á¢¼Ó Á¦Çѽð£)"À» "30"ÃÊ·Î ÇÏ´Â °ÍÀ» ±ÇÀåÇßÁö¸¸, ICQ°¡ ºÒ¾ÈÁ¤ÇØÁüÀÌ ¾Ë·ÁÁ³´Ù. stock timeout settingÀ» ¼±ÅÃÇÏ°í ´Ü¼øÈ÷ ¸¶½ºÄ¿·¹ÀÌµå ¼­¹öÀÇ Á¦Çѽð£À» 160ÃÊ·Î º¯°æÇϸé ICQ°¡ ´õ ¾ÈÁ¤ÀûÀÌ µÈ´Ù´Â °ÍÀÌ ¾Ë·ÁÁ³´Ù. ÀÌ Á¦Çѽð£À» º¯°æÇÏ´Â ¹ýÀº ``''°ú ``'' Á¤Ã¥¿¡¼­ È®ÀÎÇÒ ¼ö ÀÖ´Ù. ¸¶Áö¸·À¸·Î, Next¸¦ Ŭ¸¯ÇÏ°í "Use the following TCP listen ports..(´ÙÀ½ÀÇ TCP Æ÷Æ®¸¦ È®ÀÎ..)"ºÎºÐÀ» "2000"¿¡¼­ "2020"À¸·Î ¼³Á¤ÇÑ´Ù. ÀÌÁ¦ "¿Ï·á"¸¦ Ŭ¸¯ÇÑ´Ù. ÀÌÁ¦ ICQ°¡ º¯°æ»çÇ×À» ¹Ý¿µÇϱâ À§ÇØ ICQ¸¦ Àç½ÃÀÛÇÒ °ÍÀ» ¿ä±¸ÇÒ °ÍÀÌ´Ù. »ç½ÇÀº, ÇÊÀÚ´Â ¸ðµç °ÍÀÌ Á¦´ë·Î µÇµµ·Ï Çϱâ À§Çؼ­´Â Windows9x¸¦ ¸®ºÎÆ®Çؾ߸¸ ÇßÁö¸¸ ´Ù¸¥ »ç¶÷µéÀº ´Ù¸£°Ô ¸»ÇÑ´Ù. ±×·¯´Ï ¾ÈÀüÇÏ°Ô ÇÏ·Á¸é µÎ°¡Áö¸¦ ¸ðµÎ ÇØ º»´Ù(ICQ Àç½ÃÀÛ, ¸®ºÎÆ®) o ¾Æ¿ï·¯ ¾Ë¸®°í ½ÍÀº °ÍÀº, ¾î¶² »ç¿ëÀÚ´Â ´Ü¼øÈ÷ Æ÷Æ® 4000À» ±×ÀÇ ICQ Ŭ¶óÀ̾ðÆ®·Î Æ÷Æ® Æ÷¿öµùÇÏ´Â °ÍÀÌ °¡Àå Àß µ¿ÀÛÇÑ´Ù°í ¸»Çß´Ù. ±×´Â ICQ¸¦ ±âº»¼³Á¤¿¡¼­ º¯°æÇÏÁö ¾Ê°íµµ ¸ðµç °ÍÀÌ(äÆÃ, È­ÀÏ Àü¼Û, ±âŸ µîµî) Àß µ¿ÀÛÇß´Ù°í Çß´Ù. ÀÌ ¹®Á¦´Â ¿©·¯ºÐÀÌ ¼±ÅÃÇÒ ¹®Á¦ÀÌÁö¸¸, ÀÌ·¯ÇÑ ÀÇ°ß¿¡ ´ëÇؼ­µµ ¾Ë°í ½Í¾îÇÏ´Â »ç¶÷ÀÌ ÀÖÀ» °ÍÀÌ´Ù. 6.11. °ÔÀÓ: LooseUDP ÆÐÄ¡ LooseUDP ÆÐÄ¡´Â, ÀϹÝÀûÀ¸·Î ¸®´ª½º IP ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö µÚ¿¡¼­ µ¿ÀÛÇϸ鼭 UDP Á¢¼ÓÀ» »ç¿ëÇÏ´Â, NAT¿Í Àß µ¿ÀÛÇÏ´Â °ÔÀÓµéÀ» ÇÒ ¼ö ÀÖµµ·Ï ÇØ ÁØ´Ù. ÇöÀç, LooseUDP´Â 2.0.36ÀÌ»óÀÇ Ä¿³Î¿¡ ÆÐÄ¡·Î¼­ Á¦°øµÇ°í 2.2.3ÀÌ»óÀÇ Ä¿³Î¿¡´Â ÀÌ¹Ì ÀÚü Æ÷ÇԵǾî ÀÖ´Ù. À̸¦ »ç¿ëÇϱâ À§Çؼ­´Â, ¸î°¡Áö Àϸ¸ ÇØÁÖ¸é µÈ´Ù: o /usr/src/linux µð·ºÅ丮¿¡ ÃÖ½ÅÀÇ 2.0.x Ä¿³Î ¼Ò½º°¡ µé¾î ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. o ¹öÁ¯ 2.0.x¿¡¼­´Â Àý´ëÀûÀ¸·Î ÇÊ¿äÇÑ °Í: ``'' ¼½¼Ç¿¡¼­ IPPORTFW ÆÐÄ¡¸¦ ´Ù¿î·Îµå ÇÏ°í ÀÌ ÇÏ¿ìÅõÀÇ ``'' ¼½¼Ç¿¡ ¼³¸íµÈ ´ë·Î ¼³Ä¡ÇÑ´Ù. o ``'' ¼½¼Ç¿¡¼­ LooseUDP ÆÐÄ¡¸¦ ´Ù¿î·ÎµåÇÑ´Ù. ÀÌÁ¦, LooseUDP ÆÐÄ¡¸¦ /usr/src/linux µð·ºÅ丮¿¡ ³Ö´Â´Ù. ±× ´ÙÀ½¿¡ ´ÙÀ½°ú °°ÀÌ ¸í·ÉÇÑ´Ù: ¾ÐÃàµÈ ÆÐÄ¡ È­ÀÏÀÏ ¶§: zcat loose-udp-2.0.36.patch.gz | patch -p1 ¾ÐÃàµÇÁö ¾Ê´Â ÆÐÄ¡ È­ÀÏÀÏ ¶§: cat loose-udp-2.0.36.patch | patch -p1 ÀÌÁ¦, "patch" ÇÁ·Î±×·¥ÀÇ ¹öÁ¯¿¡ µû¶ó¼­, ´ÙÀ½°ú °°Àº ¸Þ½ÃÁö¸¦ º¼ °ÍÀÌ´Ù: patching file `CREDITS' patching file `Documentation/Configure.help' patching file `include/net/ip_masq.h' patching file `net/ipv4/Config.in' patching file `net/ipv4/ip_masq.c' ÆÐÄ¡ÀÇ Á¦ÀÏ Ã³À½¿¡¼­¸¸ "Hunk FAILED"¶ó´Â ¸Þ½ÃÁö¸¦ º¸°Ô µÈ´Ù¸é, ½É°¢ÇÑ ¹®Á¦´Â ¾Æ´Ï´Ù. ¾Æ¸¶µµ ¿À·¡µÈ ÆÐÄ¡ È­ÀÏÀÏ Å×Áö¸¸ µ¿ÀÛÇÒ °ÍÀÌ´Ù. ÇÏÁö¸¸ ¸¸¾à ÆÐÄ¡°¡ ¿ÏÀüÈ÷ ½ÇÆÐÇÑ´Ù¸é, IPPORTFW Ä¿³Î ÆÐÄ¡¸¦ "¸ÕÀú" Àû¿ëÇß´ÂÁö È®ÀÎÇØ º»´Ù. ÆÐÄ¡°¡ ¼³Ä¡µÇ¸é, ``'' ¼½¼Ç¿¡ ³ª¿Í ÀÖ´Â ´ë·Î Ä¿³ÎÀ» À籸¼ºÇÏ°í "IP: loose UDP port managing (EXPERIMENTAL) (CONFIG_IP_MASQ_LOOSE_UDP) [Y/n/?]" ¿É¼Ç¿¡¼­ "Y"¶ó°í ÇÑ´Ù. ÀÏ´Ü LooseUDP ±â´ÉÀÌ Ãß°¡µÈ »õ Ä¿³ÎÀ» »ç¿ëÇϸé, NAT¿Í Àß µ¿ÀÛÇÏ´Â °ÔÀÓµéÀº Àß µ¿ÀÛÇÒ °ÍÀÌ´Ù. BattleZoneÀ̳ª ´Ù¸¥ °ÔÀÓµéÀ» NAT¿Í Àß µ¿ÀÛÇϵµ·Ï ÇØ ÁÖ´Â ÆÐÄ¡µéÀ» ±¸ÇÒ ¼ö ÀÖ´Â ¸î°¡Áö URLµéÀÌ ÀÖ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼ÇÀ» ÂüÁ¶ÇÑ´Ù. 7. ÀÚÁÖ ¹¯´Â Áú¹®µé(FAQ) À¯¿ëÇÑ FAQ°¡ ÀÖ´Ù¸é, ambrose@writeme.com°ú dranch@trinnet.netÀ¸·Î º¸³»Áֱ⠹ٶõ´Ù. Áú¹®À» ¸íÈ®ÇÏ°Ô Ç¥½ÃÇÏ°í ÀûÀýÇÑ ´äº¯À» ´Þ¾ÆÁֱ⠹ٶõ´Ù. ¹Ì¸® °¨»çµå¸°´Ù! 7.1. IP ¸¶½ºÄ¿·¹À̵带 ¹Ù·Î »ç¿ëÇÒ ¼ö ÀÖ´Â ¸®´ª½º ¹èÆ÷º»Àº ¾î¶² °ÍÀԴϱî? ¿©·¯ºÐÀÇ ¸®´ª½º ¹èÆ÷º»ÀÌ IP ¸¶½ºÄ¿·¹À̵带 ¹Ù·Î »ç¿ëÇÒ ¼ö ¾ø´Ù Çصµ °ÆÁ¤ÇÏÁö ¸¶½Ê½Ã¿ä. ´ÜÁö ÀÌ ÇÏ¿ìÅõ¿¡ ³ª¿Â ´ë·Î Ä¿³ÎÀ» ÀçÄÄÆÄÀÏÇϱ⸸ ÇÏ¸é µË´Ï´Ù. ÁÖÀÇ: ÀÌ Ç¥¸¦ ¿Ïº®È÷ ä¿ì´Âµ¥ µµ¿òÀ» ÁÖ°íÀÚ ÇÒ ¶§¿¡´Â ambrose@writeme.comÀ̳ª dranch@trinnet.netÀ¸·Î À̸ÞÀÏÀ» Áֽʽÿä. o Caldera < v1.2 : NO - ? o Caldera v1.3 : YES - 2.0.35 ±â¹Ý o Caldera v2.2 : YES - 2.2.5 ±â¹Ý o Debian v1.3 : NO - ? o Debian v2.0 : NO - ? o Debian v2.1 : NO - 2.2.1 ±â¹Ý o DLX Linux v? : ? - ? o DOS Linux v? : ? - ? o Hal91 Linux v? : ? - ? o Linux Mandrake v5.3 : YES - ? o Linux Mandrake v6.0 : YES - 2.2.5 ±â¹Ý o Linux PPC vR4 : NO - ? o Linux Pro v? : ? - ? o LinuxWare v? : ? - ? o MkLinux v? : ? - ? o MuLinux v3rl : YES - ? o Redhat < v4.x : NO - ? o Redhat v5.0 : YES - ? o Redhat v5.1 : YES - ? o Redhat v5.2 : YES - 2.0.36 ±â¹Ý o Redhat v6.0 : YES - 2.2.5 ±â¹Ý o Slackware v3.0 : ? - ? o Slackware v3.1 : ? - ? o Slackware v3.2 : ? - ? o Slackware v3.3 : ? - 2.0.34 ±â¹Ý o Slackware v3.4 : ? - ? o Slackware v3.5 : ? - ? o Slackware v3.6 : ? - ? o Slackware v3.9 : ? - 2.0.37pre10 ±â¹Ý o Slackware v4.0 : ? - ? o Stampede Linux v? : ? - ? o SuSE v5.2 : YES - ? o SuSE v5.3 : YES - ? o SuSE v6.0 : YES - ? o SuSE v6.1 : YES - 2.2.5 ±â¹Ý o Tomsrbt Linux v? : ? - ? o TriLinux v? : ? - ? o TurboLinux v? : ? - ? o Yggdrasil Linux v? : ? - ? 7.2. IP ¸¶½ºÄ¿·¹À̵尡 µ¿ÀÛÇϱâ À§ÇÑ ÃÖ¼ÒÇÑÀÇ Çϵå¿þ¾î »ç¾ç°ú Á¦ÇÑ»çÇ×Àº ¹«¾ùÀԴϱî? ¼º´ÉÀº ¾î´ÀÁ¤µµÀԴϱî? 16MB RAMÀ» °®´Â 486/66À¸·Îµµ 1.54Mb/s T1À» 100% ó¸®ÇÏ°íµµ ³²¾Ò¾ú´Ù! ¸¶½ºÄ¿·¹À̵å´Â 386SX-16s ¿¡¼­ 8BM RAMÀ» °¡Áö°í¼­µµ Àß µ¿ÀÛÇÑ´Ù°í ¾Ë·ÁÁ® ÀÖ´Ù. ±×·¯³ª, ¸¶½ºÄ¿·¹À̵å Ç׸ñÀÌ 500°³°¡ ³ÑÀ¸¸é ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵嵵 ¹ö¹÷À̱⠽ÃÀÛÇÑ´Ù´Â °Íµµ ¾Ë¾ÆµÎ¾î¾ß ÇÒ °ÍÀÌ´Ù. ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵带 Àá½Ã³ª¸¶ ¸ØÃß°Ô ÇÒ ¼ö ÀÖ´Â À¯ÀÏÇÑ ÀÀ¿ëÇÁ·Î±×·¥À¸·Î´Â, ÇÊÀÚ°¡ ¾Æ´Â ÇÑ GameSpy»ÓÀÌ´Ù. ±× ÀÌÀ¯´Â ¸ñ·ÏÀ» °»½ÅÇÒ ¶§, ¸Å¿ì ªÀº ½Ã°£µ¿¾È 10,000°³ÀÇ ºü¸¥ Á¢¼ÓÀ» ÇÊ¿ä·Î Çϱ⠶§¹®ÀÌ´Ù. ÀÌ ÀÏÀÌ ³¡³¯ ¶§±îÁö´Â, ¸¶½ºÄ¿·¹À̵å Å×À̺íÀÌ "²Ë" Â÷°Ô µÈ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº FAQÀÇ ``'' ¼½¼ÇÀ» »ìÆ캸±â ¹Ù¶õ´Ù. ¸»ÇÏ´Â ±è¿¡ ¸î°¡Áö ´õ: TCP¿Í UDP¿¡´Â 4096°³ÀÇ µ¿½Ã Á¢¼Ó ÇÑ°è°¡ ÀÖ´Ù. ÀÌ ÇÑ°è´Â /usr/src/linux/net/ipv4/ip_masq.h¿¡¼­ °ªÀ» °Çµå¸®¸é ¼öÁ¤µÉ ¼ö ÀÖ´Ù - À§ÂÊ ÇÑ°èÀÎ 32000 Á¤µµµµ ±¦Âú´Ù. ÇÑ°èÄ¡¸¦ ¼öÁ¤ÇÏ°í ½Í´Ù¸é - PORT_MASQ_BEGIN ¿Í PORT_MASQ_END °ªÀ» 32Kº¸´Ù ³ô°í 64Kº¸´Ù ³·Àº ¹üÀ§·Î ¼öÁ¤ÇÏ¸é µÈ´Ù. 7.3. ¸ðµç ¼³Á¤À» È®ÀÎÇßÁö¸¸, ¿©ÀüÈ÷ IP ¸¶½ºÄ¿·¹À̵尡 µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù. ¾î¶»°Ô ÇØ¾ß Çմϱî? o ¿ì¼± ¸¶À½À» °¡¶ó ¾ÉÈ÷½Ê½Ã¿ä. Â÷¸¦ ÇÑÀÜÇϵ簡, Ä¿Çdzª, À½·á¼ö¶óµç°¡. ±×¸®°í Á» ½¬½Ê½Ã¿ä. ÀÏ´Ü ¸¶À½ÀÌ ÁøÁ¤µÇ¾úÀ¸¸é, ¾Æ·¡¿¡ ÀÖ´Â Á¦¾È´ë·Î µû¶óÇϽʽÿä. ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵带 ¼³Á¤ÇÏ´Â °ÍÀº ¾î·ÆÁö ¾ÊÁö¸¸, ¸î°¡Áö »ý¼ÒÇÑ °³³äÀÌ ÀÖÀ» ¼ö ÀÖ½À´Ï´Ù. o ÀÚ, ÀÌÁ¦ ´Ù½Ã ``'' ¼½¼Ç¿¡ ÀÖ´Â °Í´ë·Î µû¶óÇϽʽÿä. ¸¶½ºÄ¿·¹À̵带 óÀ½ »ç¿ëÇÏ´Â »ç¶÷µé Áß¿¡¼­ ¹®Á¦°¡ ¹ß»ýÇÑ °æ¿ìÀÇ 99%´Â ±× ¼½¼ÇÀ» º¸Áö ¾Ê¾ÒÀ» °Ì´Ï´Ù. o IP Masquerade Mailing List Archives ¸¦ È®ÀÎÇØ º¸½Ê½Ã¿ä. ¿©·¯ºÐÀÇ Áú¹®À̳ª ¹®Á¦µé Áß ´ëºÎºÐÀº º¸ÅëÀÇ Áú¹®µéÀÌ°í, °£´ÜÈ÷ Archive¸¦ °Ë»öÇØ º¸¸é ´äÀ» ãÀ» ¼ö ÀÖÀ» °Ì´Ï´Ù. o TrinityOS ¹®¼­¸¦ È®ÀÎÇØ º¸½Ê½Ã¿ä. ±× ¹®¼­´Â 2.0.x ¿Í 2.2.x Ä¿³Î¿¡¼­ IP ¸¶½ºÄ¿·¹À̵ùÀ» »ç¿ëÇÏ´Â °Í¿¡ ´ëÇؼ­ ´Ù·ç°í ÀÖÀ¸¸ç, PPPd, DialD, DHCP, DNS, SendmailÀ̳ª ±×¿ÜÀÇ ÁÖÁ¦µéÀ» ´Ù·ç°í ÀÖ½À´Ï´Ù. o Ȥ½Ã³ª ¿©·¯ºÐÀÌ ROUTED³ª GATED¸¦ ½ÇÇàÇÏ°í ÀÖÁö´Â ¾Ê´ÂÁö È®ÀÎÇϽʽÿä. È®ÀÎÇϱâ À§Çؼ­´Â, "ps aux | grep -e routed -e gated"¶ó°í ¸í·ÉÇØ º¸½Ê½Ã¿ä. o ¿©·¯ºÐÀÇ Áú¹®À» IP ¸¶½ºÄ¿·¹ÀÌµå ¸ÞÀϸµ ¸®½ºÆ®·Î º¸³»½Ê½Ã¿ä(ÀÚ¼¼ÇÑ °ÍÀº FAQÀÇ ´ÙÀ½ ¼½¼ÇÀ» ÂüÁ¶ÇϽʽÿä). ´Ü, Áú¹®¿¡ ´ëÇÑ ´äÀ» IP ¸¶½ºÄ¿·¹À̵ù Archive¿¡¼­ ãÀ» ¾øÀ» ¶§¸¸ º¸³»½Ê½Ã¿ä. À̸ÞÀÏÀ» º¸³¾ ¶§´Â ``'' ¼½¼Ç¿¡ ÀÖ´Â ´ë·Î ½ÇÇàÇßÀ» ¶§ÀÇ °á°ú¸¦ ¹Ýµå½Ã Æ÷ÇÔ½ÃÅ°½Ê½Ã¿ä!! o ¿©·¯ºÐÀÇ Áú¹®À» °ü·ÃµÈ ¸®´ª½º NNTP ´º½º±×·ìÀ¸·Î º¸³»½Ê½Ã¿ä. o ambrose@writeme.com°ú dranch@trinnet.netÀ¸·Î À̸ÞÀÏÀ» º¸³»½Ê½Ã¿ä. ÇÏÁö¸¸, ¿ì¸®µé¿¡°Ô Áú¹®ÇÏ´Â °Íº¸´Ù IP ¸¶½ºÄ¿·¹À̵ù ¸ÞÀϸµ ¸®½ºÆ®¿¡¼­ ¿øÇÏ´Â ´äÀ» ¾ò±â°¡ ½¬¿ï °Ì´Ï´Ù. o ¿©·¯ºÐÀÇ ¼³Á¤À» ´Ù½Ã È®ÀÎÇϽʽÿä. :-) 7.4. IP ¸¶½ºÄ¿·¹À̵峪 IP ¸¶½ºÄ¿·¹ÀÌµå °³¹ßÀÚ ¸ÞÀϸµ ¸®½ºÆ®¿¡ Âü°¡Çϰųª º¸±â À§Çؼ­´Â ¾î¶»°Ô ÇØ¾ß Çմϱî? ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵ù ¸ÞÀϸµ ¸®½ºÆ®¿¡ Âü°¡ÇÏ´Â ¹æ¹ý¿¡´Â µÎ°¡Áö°¡ ÀÖ½À´Ï´Ù. ù¹ø° ¹æ¹ýÀº masq-request@indyramp.comÀ¸·Î ¸ÞÀÏÀ» º¸³»´Â °ÍÀÔ´Ï´Ù. ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵ù °³¹ßÀÚ ¸ÞÀϸµ ¸®½ºÆ®¿¡ Âü°¡Çϱâ À§Çؼ­´Â, masq-dev-request@indyramp.comÀ¸·Î ¸ÞÀÏÀ» º¸³»½Ê½Ã¿ä. ´õ ÀÚ¼¼ÇÑ »çÇ×Àº ¾Æ·¡ÀÇ ±â»ç¸¦ ÂüÁ¶ÇϽʽÿä. o À̸ÞÀÏÀ» ÅëÇؼ­ °¡ÀÔ(Âü°¡)Çϱâ: ¸ÞÀÏ ³»¿ëÀ̳ª Á¦¸ñ¿¡ "subscribe"¶ó´Â ´Ü¾î¸¦ ÀÔ·ÂÇϽʽÿä. ¸¶½ºÄ¿·¹À̵å ÁÖ ¸ÞÀϸµ ¸®½ºÆ®³ª ¸¶½ºÄ¿·¹ÀÌµå °³¹ßÀÚ ¸®½ºÆ®ÀÇ Ãà¾àÆÇ¿¡¸¸ °¡ÀÔÇϱ⠿øÇÑ´Ù¸é (±× ¸®½ºÆ®·Î º¸³»Áö´Â ¸ðµç À̸ÞÀÏÀÌ ÀÏÁÖÀÏ¿¡ Çѹø ÇÑ °³ÀÇ "Å«" À̸ÞÀÏ·Î ¿©·¯ºÐ¿¡°Ô º¸³»Áú °Ì´Ï´Ù), ¸ÞÀÏ ³»¿ëÀ̳ª Á¦¸ñ¿¡ "subscribe" ´ë½Å "subscribe digest"¶ó°í ÀÔ·ÂÇϽʽÿä. ÀÏ´Ü ¼­¹ö°¡ ¿©·¯ºÐÀÇ ¿äûÀ» ¹ÞÀ¸¸é, ¿©·¯ºÐÀÌ ¿äûÇÑ ¸®½ºÆ®¿¡ °¡ÀÔ½ÃÅ°°í ¿©·¯ºÐ¿¡°Ô Æнº¿öµå¸¦ º¸³¾ °Ì´Ï´Ù. ÀÌ Æнº¿öµå¸¦ ¾îµò°¡¿¡ ÀúÀåÇØ ³õÀ¸½Ê½Ã¿ä. ¿É¼ÇÀ» º¯°æÇϰųª ¸®½ºÆ®¿¡¼­ Å»ÅðÇÒ ¶§ ÇÊ¿äÇÕ´Ï´Ù. µÎ¹ø° ¹æ¹ýÀº À¥ ºê¶ó¿ìÁ®¸¦ ÀÌ¿ëÇؼ­ °¡ÀÔÇÏ´Â °Ì´Ï´Ù. ¸¶½ºÄ¿·¹À̵å ÁÖ ¸®½ºÆ®¿¡ °¡ÀÔÇÏ·Á¸é http://www.indyramp.com/masq-list/ÀÇ Çü½Ä¿¡ ¸ÂÃç¼­ °¡ÀÔÇÏ°í, ¸¶½ºÄ¿·¹ÀÌµå °³¹ßÀÚ ¸®½ºÆ®¿¡ °¡ÀÔÇÏ·Á¸é http://www.indyramp.com/masq-dev-list/¸¦ ÀÌ¿ëÇϽʽÿä. ÀÏ´Ü °¡ÀÔµÇ°í ³ª¸é, °¡ÀÔµÈ ¸®½ºÆ®¿¡¼­ À̸ÞÀÏÀ» ¹ÞÀ» °Ì´Ï´Ù. ¶Ç ÇÑ°¡Áö ¾Ë·ÁµÑ °ÍÀº ¸®½ºÆ®¿¡ °¡ÀÔÇÏµç °¡ÀÔÇÏÁö ¾Êµç, µÎ ¸®½ºÆ®ÀÇ archive¸¦ º¼ ¼ö ÀÖ½À´Ï´Ù. ÀÚ¼¼ÇÑ ¹æ¹ýÀº À§¿¡ ÀÖ´Â µÎ °³ÀÇ À¥ URLÀ» ÂüÁ¶ÇϽʽÿä. ¸¶Áö¸·À¸·Î ¾Ë·ÁµÑ °ÍÀº, ¸¶½ºÄ¿·¹ÀÌµå ¸®½ºÆ®¿¡ ±ÛÀ» ¿Ã¸®±â À§Çؼ­´Â óÀ½¿¡ °¡ÀÔÇß´ø °èÁ¤°ú ÁÖ¼Ò¸¦ ÀÌ¿ëÇØ¾ß ÇÑ´Ù´Â °Ì´Ï´Ù. ¸ÞÀϸµ ¸®½ºÆ®³ª ¸ÞÀϸµ ¸®½ºÆ® archive¿¡ °ü·ÃÇÑ ¹®Á¦°¡ ¹ß»ýÇϸé, Robert Novak¿¡°Ô ¿¬¶ôÇϽʽÿä. 7.5. IP ¸¶½ºÄ¿·¹À̵尡 ÇÁ·Ï½Ã(Proxy)³ª NAT ¼­ºñ½º¿Í ´Ù¸¥ Á¡Àº ¹«¾ùÀԴϱî? Proxy: ÇÁ·Ï½Ã ¼­¹ö´Â ´ÙÀ½ ȯ°æ¿¡¼­ »ç¿ë°¡´É: Win95, NT, Linux, Solaris, ±âŸ. ÀåÁ¡: + ÇÑ°³ÀÇ IP ÁÖ¼Ò ; Àú·ÅÇÔ + ´õ ³ªÀº ¼º´É(À¥ µî)À» À§Çؼ­ ¼±ÅÃÀûÀ¸·Î ij½¬ »ç¿ë ´ÜÁ¡: - ÇÁ·Ï½Ã ¼­¹ö µÚ¿¡ ÀÖ´Â ¸ðµç ÀÀ¿ëÇÁ·Î±×·¥µéÀÌ ÇÁ·Ï½Ã ¼­ºñ½º(SOCKS)¸¦ Áö¿øÇØ¾ß ÇÏ°í ÇÁ·Ï½Ã ¼­¹ö¸¦ »ç¿ëÇϵµ·Ï ¼³Á¤µÇ¾î¾ß ÇÑ´Ù - À¥ Ä«¿îÅͳª À¥ Åë°è ÇÁ·Î±×·¥À» È¥¶õ½ÃŲ´Ù ÇÁ·Ï½Ã ¼­¹ö´Â, IP ¸¶½ºÄ¿·¹À̵å¿Í °°ÀÌ, ´Ü ÇÑ°³ÀÇ °ø½ÄÀûÀÎ IP ÁÖ¼Ò¸¦ »ç¿ëÇÏ°í, ³»ºÎ LAN¿¡ Àִ Ŭ¶óÀ̾ðÆ®µé(À¥ ºê¶ó¿ìÀú µîµî)¿¡°Ô ¹ø¿ªÀÚ ¿ªÇÒÀ» ÇÑ´Ù. ÀÌ ÇÁ·Ï½Ã ¼­¹ö´Â ³»ºÎ ³×Æ®¿÷À¸·ÎºÎÅÍ ¿À´Â TELNET, FTP, À¥°ú °°Àº Á¢¼ÓÀ» ÇÑ °³ÀÇ ÀÎÅÍÆäÀ̽º¸¦ ÅëÇؼ­ ¹Þ¾ÆµéÀδÙ. ±×¸®°í ³ª¼­, ÇÁ·Ï½Ã ¼­¹ö ÀÚü¿¡¼­ Á¢¼ÓÀ» ¿äûÇÑ °Íó·³ ¹Ù²Ù¾î¼­ ¿ÜºÎ·Î º¸³½´Ù. ÀÏ´Ü ¿ø°ÝÀÇ ÀÎÅÍ³Ý ¼­¹ö°¡ ¿äûÇÑ Á¤º¸¸¦ º¸³»¿À¸é, ÇÁ·Ï½Ã ¼­¹ö´Â TCP/IP ÁÖ¼Ò¸¦ ³»ºÎÀÇ Å¬¶óÀ̾ðÆ®ÀÇ ÁÖ¼Ò·Î ´Ù½Ã º¯°æÇÏ°í ³»ºÎ¿¡¼­ ¿äûÇß´ø È£½ºÆ®·Î º¸³»ÁØ´Ù. ÀÌ·¯ÇÑ °ÍÀ» "ÇÁ·Ï½Ã(´ë¸®ÀÎ)" ¼­¹ö¶ó°í ºÎ¸¥´Ù. ÁÖÀÇ : ³»ºÎÀÇ ¸Ó½Åµé¿¡¼­ »ç¿ëÇÏ´Â ¸ðµç ÀÀ¿ëÇÁ·Î±×·¥Àº *¹Ýµå½Ã* ÇÁ·Ï½Ã ¼­¹ö »ç¿ëÀ» Áö¿øÇØ¾ß ÇÑ´Ù. ¿¹¸¦ µé¸é, Netscape³ª ¸î¸î ÁÁÀº TELNETÀ̳ª FTP Ŭ¶óÀ̾ðÆ®µé. ÇÁ·Ï½Ã ¼­¹ö¸¦ Áö¿øÇÏÁö ¾Ê´Â Ŭ¶óÀ̾ðÆ®µéÀº µ¿ÀÛÇÏÁö ¾ÊÀ» °ÍÀÌ´Ù. ÇÁ·Ï½Ã ¼­¹öÀÇ ÁÁÀº Á¡ ¶Ç ÇÑ°¡Áö´Â ¾î¶² ¼­¹öµéÀº ij½¬ ±â´Éµµ °®Ãß°í ÀÖ´Ù´Â °ÍÀÌ´Ù(WWW¿¡ »ç¿ëÇÏ´Â Squid). ±×·³, 50°³ÀÇ ÇÁ·Ï½ÃµÇ´Â È£½ºÆ®µéÀÌ ÀÖ°í, ¸ðµÎ ÇѲ¨¹ø¿¡ Netscape¸¦ ½ÇÇàÇÑ´Ù°í ÇÏÀÚ. ±×µéÀÌ µðÆúÆ®·Î µÇ¾î Àִ ȨÆäÀÌÁö URL·Î ¼³Á¤µÇ¾ú´Ù¸é, 50°³ÀÇ µ¿ÀÏÇÑ Netcape À¥ ÆäÀÌÁö¸¦ ¿ø°Ý¿¡¼­ ¹Þ¾Æ¿Í¼­ ÇØ´çÇÏ´Â ÄÄÇ»ÅÍ·Î º¸³»ÁÖ¾î¾ß ÇÑ´Ù. ij½¬ ±â´ÉÀÌ ÀÖ´Â ÇÁ·Ï½Ã ¼­¹ö¶ó¸é, ÇÁ·Ï½Ã ¼­¹ö°¡ ¿ø°ÝÀ¸·ÎºÎÅÍ Çѹø¸¸ ÆäÀÌÁö¸¦ ·ÎµåÇÏ°í, ÇÁ·Ï½Ã ³»ºÎÀÇ ÄÄÇ»Å͵éÀº ij½¬·ÎºÎÅÍ ±× ÆäÀÌÁö¸¦ ¹Þ¾Æº¼ °ÍÀÌ´Ù. ÀÌ·¸°Ô Çϸé, ¿ÜºÎ·ÎÀÇ ÀÎÅÍ³Ý Á¢¼Ó ´ë¿ªÆøÀ» Àý¾àÇÒ ¼ö ÀÖÀ» »Ó ¾Æ´Ï¶ó, ÇÁ·Ï½Ã ³»ºÎÀÇ ¸Ó½ÅµéÀº ÆäÀÌÁö¸¦ Àд °ÍÀÌ ¾ÆÁÖ¾ÆÁÖ ¸¹ÀÌ ºü¸£°Ô ´À²¸Áú °ÍÀÌ´Ù. MASQ: IP ¸¶½ºÄ¿·¹À̵å´Â ¸®´ª½º¿Í Zytel Prestige128, Cisco 770, NetGear ISDN ȤÀº ¶ó¿ìÅÍ µîÀÇ ¸î¸î ¶ó¿ìÅÍ¿¡¼­ »ç¿ë °¡´ÉÇÏ´Ù. 1´ë´Ù NAT ÀåÁ¡: + ¿ÀÁ÷ ÇÑ°³ÀÇ IP ÁÖ¼Ò¸¸ ÇÊ¿äÇÏ´Ù (Àú·ÅÇÔ) + ÀÀ¿ëÇÁ·Î±×·¥ÀÌ Æ¯º°ÇÑ °ÍÀ» Áö¿øÇÒ ÇÊ¿ä°¡ ¾ø´Ù + ³×Æ®¿÷ º¸¾ÈÀ» °­È­Çϱâ À§Çؼ­ ¹æÈ­º® ¼ÒÇÁÆ®¿þ¾î¸¦ »ç¿ëÇÑ´Ù. ´ÜÁ¡: - ¸®´ª½º È£½ºÆ®³ª Ưº°ÇÑ ISDN ¶ó¿ìÅ͸¦ ÇÊ¿ä·Î ÇÑ´Ù (´Ù¸¥ Á¦Ç°µéµµ ÀÌ ±â´ÉÀ» °¡Áú ¼ö Àִµ¥µµ.. ) - ¿ÜºÎ·ÎºÎÅÍ µé¾î¿À´Â Á¤º¸µéÀº, ³»ºÎ LANÀÇ ÄÄÇ»ÅÍ¿¡¼­ ¿äûÇÑ °ÍÀÌ ¾Æ´Ï°Å³ª, ƯÁ¤ Æ÷Æ® Æ÷¿öµù ¼ÒÇÁÆ®¿þ¾î°¡ ¼³Ä¡µÇ¾î ÀÖÁö ¾ÊÀ¸¸é ³»ºÎ LAN¿¡ Á¢±ÙÇÒ ¼ö ¾ø´Ù. ¸¹Àº NAT ¼­¹öµéÀÌ ÀÌ·¯ÇÑ ±â´ÉÀ» Á¦°øÇÏÁö ¾Ê´Â´Ù. - Ưº°ÇÑ ÇÁ·ÎÅäÄݵéÀº ¹æÈ­º® Àü´ÞÀÚ(redirector) µî¿¡ ÀÇÇØ °³º°ÀûÀ¸·Î 󸮵Ǿî¾ß ÇÑ´Ù. ¸®´ª½º´Â ÀÌ·¯ÇÑ ±â´É(FTP, IRC, ±âŸµîµî)À» ¿ÏÀüÈ÷ Áö¿øÇÏÁö¸¸ ¸¹Àº ¶ó¿ìÅ͵éÀÌ Áö¿øÇÏÁö ¾Ê´Â´Ù (NetGear´Â Áö¿øÇÑ´Ù). ¸¶½ºÄ¿·¹À̵峪 1´ë´Ù(Òý) NAT´Â, ¼­¹ö°¡ IP ÁÖ¼Ò¸¦ ÀüȯÇؼ­, ¸¶Ä¡ ³»ºÎ ¸Ó½ÅÀÌ ¾Æ´Ï¶ó ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö ÀÚü°¡ Á¢¼ÓÀ» ¿äûÇÑ °Íó·³(¿¹¸¦ µé¸é À¥ Á¢¼Ó µî) ¿ø°Ý ¼­¹ö¸¦ ¼ÓÀδٴ Á¡¿¡¼­´Â, ÇÁ·Ï½Ã ¼­¹ö¿Í À¯»çÇÏ´Ù. ¸¶½ºÄ¿·¹À̵å¿Í ÇÁ·Ï½Ã ¼­¹öÀÇ ÁÖµÈ Â÷ÀÌÁ¡Àº, ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö´Â Ŭ¶óÀ̾ðÆ® ¸Ó½Å(³»ºÎ ¸Ó½Å)¿¡°Ô ¾î¶°ÇÑ ¼³Á¤ÀÇ º¯°æµµ ¿ä±¸ÇÏÁö ¾Ê´Â´Ù´Â °ÍÀÌ´Ù. ´Ü½Ã ³»ºÎ ¸Ó½ÅµéÀÌ ¸®´ª½º È£½ºÆ®¸¦ ±×µéÀÇ ±âº» °ÔÀÌÆ®¿þÀÌ·Î »ç¿ëÇϵµ·Ï Çϱ⸸ ÇÏ¸é ¸ðµç °ÍÀÌ Àß µ¿ÀÛÇÒ °ÍÀÌ´Ù. (¸®¾ó¿Àµð¿À, FTP µîÀÌ µ¿ÀÛÇϱâ À§Çؼ­´Â ƯÁ¤ ¸®´ª½º ¸ðµâÀ» ¼³Ä¡ÇØ¾ß ÇÑ´Ù!) ¶ÇÇÑ, ¸¹Àº »ç¶÷µéÀÌ IP ¸¶½ºÄ¿·¹À̵带 TELNET, FTP µî¿¡ »ç¿ëÇϸ鼭, *µ¿½Ã¿¡* °°Àº ¸®´ª½º È£½ºÆ®¿¡ À¥ Á¢¼ÓÀ» À§ÇÑ Ä³½¬¿ë ÇÁ·Ï½Ã¸¦ ¼³Ä¡Çؼ­ Ãß°¡ÀûÀÎ ¼º´É Çâ»óÀ» ¾ò±âµµ ÇÑ´Ù. NAT: NAT ¼­¹ö´Â Windows 95/NT, Linux, Solaris, ±×¸®°í ¸î¸î °í±ÞÀÇ ISDN ¶ó¿ìÅÍ(Ascend Á¦¿Ü)¿¡¼­ »ç¿ëÇÒ ¼ö ÀÖ´Ù ÀåÁ¡: + ¼³Á¤Çϱ⠸ſì ÁÁ´Ù + Ưº°ÇÑ ÀÀ¿ë ¼ÒÇÁÆ®¿þ¾î¸¦ ÇÊ¿ä·Î ÇÏÁö ¾Ê´Â´Ù ´ÜÁ¡: - ISP·ÎºÎÅÍ ¼­ºê³ÝÀ» ÇÒ´ç¹Þ¾Æ¾ß ÇÑ´Ù (ºñ½Î´Ù) Network Address Translation(³×Æ®¿÷ ÁÖ¼Ò Àüȯ)Àº, ÀÎÅÍ³Ý ÀÎÅÍÆäÀ̽º¿¡, »ç¿ë °¡´ÉÇÑ IP ÁÖ¼Ò ¸ðÀ½À» °¡Áö°í Àִ ȣ½ºÆ®¸¦ ÁöĪÇÑ´Ù. ³»ºÎ ³×Æ®¿÷¿¡¼­ ÀÎÅÍ³Ý Á¢¼ÓÀ» ÇÏ°íÀÚ ÇÒ ¶§, ±× È£½ºÆ®´Â Á¢¼ÓÀ» ¿äûÇÑ ÄÄÇ»ÅÍÀÇ ¿ø·¡ ³»ºÎ IP ÁÖ¼Ò¿¡, ÀÎÅÍ³Ý ÀÎÅÍÆäÀ̽ºÀÇ °ø½ÄÀûÀÎ IP ÁÖ¼Ò¸¦ ÇÒ´çÇÑ´Ù. ±× ÈÄ¿¡, ¸ðµç Á¤º¸ ±³È¯Àº NATÀÇ °ø½ÄÀûÀÎ IP ÁÖ¼Ò¿¡¼­ NAT ¾ÈÂÊÀÇ ³»ºÎ ÁÖ¼Ò·Î ÀüȯÇؼ­ ÀÌ·ç¾îÁø´Ù. ÀÌ¹Ì ÇÒ´çµÈ °ø½ÄÀûÀÎ NATÀÇ ÁÖ¼Ò°¡ ¹Ì¸® Á¤ÇØÁø ¾ó¸¶°£ÀÇ ½Ã°£ µ¿¾È »ç¿ëµÇÁö ¾ÊÀ¸¸é, ±× °ø½ÄÀûÀÎ IP ÁÖ¼Ò´Â ´Ù½Ã »ç¿ë °¡´ÉÇÑ NAT ÁÖ¼Ò ¸ðÀ½À¸·Î µÇµ¹·Á Áø´Ù. NAT°¡ °®´Â ÁÖµÈ ¹®Á¦Á¡Àº, ¸ðµç °ø½Ä IP ÁÖ¼ÒµéÀÌ »ç¿ëµÇ¸é, ³»ºÎÀÇ »ç¿ëÀÚµéÀº »ç¿ë°¡´ÉÇÑ ÁÖ¼Ò°¡ »ý±æ ¶§±îÁö ÀÎÅͳݿ¡ Á¢¼ÓÀ» ÇÒ ¼ö ¾ø´Ù´Â °ÍÀÌ´Ù. 7.6. GUI ¹æ½ÄÀÇ ¹æÈ­º® »ý¼º/°ü¸® µµ±¸°¡ ÀÖ½À´Ï±î? ±×·¸½À´Ï´Ù! ±×µéÀº »ç¿ëÀÚ ÀÎÅÍÆäÀ̽º³ª º¹À⼺ µî¿¡ Â÷ÀÌ°¡ ÀÖ½À´Ï´Ù. ±×·¯³ª, Áö±Ý±îÁö´Â ´ëºÎºÐ IPFWADM¸¸ Áö¿øÇÏÁö¸¸ ²Ï ÈǸ¢ÇÕ´Ï´Ù. »ç¿ë ÇÒ ¼ö ÀÖ´Â µµ±¸µéÀ» ¾ËÆĺª ¼øÀ¸·Î °£´ÜÈ÷ ¸ñ·ÏÀ¸·Î ¸¸µé¾ú½À´Ï´Ù. ´Ù¸¥ µµ±¸µéÀ» ¾Ë°í Àְųª ¾î¶² °ÍÀÌ ÁÁ°í ³ª»Ú°í ±î´Ù·Î¿îÁö ÆòÇÏ°í ½Í´Ù¸é, Ambrose³ª David¿¡°Ô À̸ÞÀÏÀ» º¸³»Áֱ⠹ٶø´Ï´Ù. o John HardinÀÇ IPFWADM Dot file generator - IPCHAINS ¹öÁ¯Àº ÀÌ¹Ì »ç¿ëµÇ°í ÀÖÀ½. o Sonny ParlinÀÇ IPFWADM°ú IPCHAINS¿ëÀÇ FWCONFIG o William StearnsÀÇ Mason - ½Ç½Ã°£À¸·Î Á¤Ã¥À» ¸¸µå´Â Çü½ÄÀÇ ½Ã½ºÅÛ 7.7. IP ¸¶½ºÄ¿·¹À̵尡 µ¿ÀûÀ¸·Î ÇÒ´ç¹ÞÀº IP Áּҿ͵µ µ¿ÀÛÇմϱî? ¿¹, ISP·ÎºÎÅÍ PPP³ª DHCP/BOOTp ¼­¹ö¸¦ ÅëÇؼ­ ÇÒ´ç¹ÞÀº µ¿Àû IP Áּҿ͵µ µ¿ÀÛÇÕ´Ï´Ù. °ø½ÄÀûÀÎ ÀÎÅÍ³Ý IP ÁÖ¼Ò°¡ Àֱ⸸ ÇÏ¸é ¹Ýµå½Ã µ¿ÀÛÇÒ °Ì´Ï´Ù. ¹°·Ð, Á¤Àû IPµµ µ¿ÀÛÇÕ´Ï´Ù. ÇÏÁö¸¸, ¿©·¯ºÐÀÌ °­·ÂÇÑ IPFWADM/IPCHAINS Á¤Ã¥À» »ç¿ëÇÏ°íÀÚ ÇѴٰųª, Æ÷Æ® Æ÷¿ö´õ¸¦ »ç¿ëÇÏ°íÀÚ ÇÑ´Ù¸é, ¿©·¯ºÐÀÇ Á¤Ã¥Àº IP ÁÖ¼Ò°¡ ¹Ù²ð ¶§¸¶´Ù ´Ù½Ã ½ÇÇàµÇ¾î¾ß ÇÕ´Ï´Ù. °­·ÂÇÑ ¹æÈ­º® Á¤Ã¥°ú µ¿Àû IP ÁÖ¼Ò¿¡ °üÇÑ Ãß°¡ÀûÀÎ µµ¿òÀº TrinityOS - Section 10 ÀÇ ¾ÕºÎºÐ¿¡¼­ ãÀ» ¼ö ÀÖ½À´Ï´Ù. 7.8. ÀÎÅͳݿ¡ ¿¬°áÇϱâ À§ÇØ ÄÉÀÌºí ¸ðµ©(¾ç¹æÇâ°ú ¸ðµ© ÀÀ´äÀ» »ç¿ëÇÏ´Â °Í ¸ðµÎ), DSL, À§¼º Á¢¼Ó µîÀÇ ¹æ¹ýÀ» »ç¿ëÇϸ鼭 IP ¸¶½ºÄ¿·¹À̵带 »ç¿ëÇÒ ¼ö ÀÖ½À´Ï±î? ¿¹, ¸®´ª½º°¡ ±× ³×Æ®¿÷ ÀÎÅÍÆäÀ̽º¸¦ Áö¿øÇϱ⸸ Çϸé, ¹Ýµå½Ã µ¿ÀÛÇÒ °Ì´Ï´Ù. µ¿ÀûÀÎ IP ÁÖ¼Ò¸¦ ÇÒ´ç¹Þ¾Ò´Ù¸é, À§ÀÇ FAQÀÇ "IP ¸¶½ºÄ¿·¹À̵尡 µ¿ÀûÀ¸·Î ÇÒ´ç¹ÞÀº IP Áּҿ͵µ µ¿ÀÛÇմϱî?" Ç׸ñ ¾Æ·¡¿¡ ÀÖ´Â URLÀ» º¸½Ê½Ã¿ä. 7.9. Diald³ª PPPdÀÇ ÀüÈ­Á¢¼Ó ±â´ÉÀ» IP ¸¶½ºÄ¿·¹À̵å¿Í ÇÔ²² »ç¿ëÇÒ ¼ö ÀÖ½À´Ï±î? ¹°·Ð °¡´ÉÇÕ´Ï´Ù! IP ¸¶½ºÄ¿·¹À̵ùÀº Diald³ª PPP¿Í´Â ¿ÏÀüÈ÷ Åõ¸íÇÑ °ü°è¿¡ ÀÖ½À´Ï´Ù(¿ªÀÚÁÖ: ¼­·ÎÀÇ ¼¼ºÎÀûÀÎ ³»¿ë¿¡ ¾ô¸ÅÀÌÁö ¾ÊÀ½). ¹®Á¦°¡ µÉ¸¸ÇÑ À¯ÀÏÇÑ °æ¿ì´Â, ¿©·¯ºÐÀÌ µ¿Àû IP ÁÖ¼Ò¿Í ÇÔ²² °­·ÂÇÑ ¹æÈ­º® Á¤Ã¥À» »ç¿ëÇÒ ¶§ÀÔ´Ï´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº À§ÀÇ FAQÀÇ "IP ¸¶½ºÄ¿·¹À̵尡 µ¿ÀûÀ¸·Î ÇÒ´ç¹ÞÀº IP Áּҿ͵µ µ¿ÀÛÇմϱî?" Ç׸ñÀ» º¸½Ê½Ã¿ä. 7.10. IP ¸¶½ºÄ¿·¹À̵å¿Í ÇÔ²² »ç¿ëÇÒ ¼ö ÀÖ´Â ÀÀ¿ëÇÁ·Î±×·¥Àº ¾î¶² °ÍµéÀԴϱî? "µ¿ÀÛÇÏ´Â ÀÀ¿ëÇÁ·Î±×·¥"ÀÇ ¸ñ·ÏÀ» °è¼Ó ¸¸µå´Â °ÍÀº ¸Å¿ì ¾î·Á¿î ÀÛ¾÷ÀÔ´Ï´Ù. ÇÏÁö¸¸, À¥ ºê¶ó¿ì¡(Netscape, MSIE µî), FTP(WS_FTP°°Àº °Íµé), TELNET, SSH, ¸®¾ó ¿Àµð¿À, POP3(¸ÞÀÏ ¹Þ±â - Pine, Eudora, Outlook µî), SMTP(¸ÞÀÏ º¸³»±â), ±âŸ µîµîÀÇ Åë»óÀûÀÎ ÀÎÅÍ³Ý ÀÀ¿ëÇÁ·Î±×·¥Àº ´ëºÎºÐ Áö¿øµË´Ï´Ù. ¸¶½ºÄ¿·¹À̵å¿Í ÇÔ²² µ¿ÀÛÇϴ Ŭ¶óÀ̾ðÆ®µéÀÇ Á» ´õ ¿ÏÀüÇÑ ¸ñ·ÏÀº ÀÌ ÇÏ¿ìÅõÀÇ ``'' ¼½¼Ç¿¡¼­ ãÀ» ¼ö ÀÖÀ» °Ì´Ï´Ù. È­»óȸÀÇ ¼ÒÇÁÆ®¿þ¾î¿Í °°ÀÌ, Á»´õ º¹ÀâÇÑ ÇÁ·ÎÅäÄÝÀ̳ª Ưº°ÇÑ Á¢¼Ó ¹æ½ÄÀ» »ç¿ëÇÏ´Â ÀÀ¿ëÇÁ·Î±×·¥µéÀº Ưº°ÇÑ µµ±¸¸¦ °°ÀÌ »ç¿ëÇØ¾ß ÇÕ´Ï´Ù. ´õ ÀÚ¼¼ÇÑ »çÇ×Àº, Linux IP masquerading Applications ÆäÀÌÁö¸¦ º¸½Ê½Ã¿ä. 7.11. Redhat, Debian, Slackware³ª ±âŸÀÇ ¹èÆ÷º»¿¡¼­´Â ¾î¶»°Ô IP ¸¶½ºÄ¿·¹À̵带 »ç¿ëÇմϱî? ¿©·¯ºÐÀÌ ¾î¶°ÇÑ ¸®´ª½º ¹èÆ÷º»À» »ç¿ëÇÏ°í ÀÖµç, ÀÌ ÇÏ¿ìÅõ¿¡¼­ ¼³¸íÇÑ IP ¸¶½ºÄ¿·¹ÀÌµå ¼³Á¤ ¹æ¹ýÀº ¿ª½Ã À¯È¿ÇÕ´Ï´Ù. ¾î¶² ¹èÆ÷º»Àº ¼³Á¤À» ½±°Ô ÇØ ÁÖ´Â GUI³ª Ưº°ÇÑ ¼³Á¤ È­ÀÏÀ» °¡Áö°í ÀÖÀ» °Ì´Ï´Ù. ¿ì¸®´Â ÀÌ ÇÏ¿ìÅõ¸¦ °¡´ÉÇϸé ÀϹÝÀûÀÎ »óȲ¿¡ ¸ðµÎ Àû¿ë °¡´ÉÇϵµ·Ï ÀÛ¼ºÇϱâ À§Çؼ­ ÃÖ¼±À» ´ÙÇß½À´Ï´Ù. 7.12. TELNET Á¢¼ÓÀ» ÀÚÁÖ »ç¿ëÇÏÁö ¾ÊÀ¸¸é µ¿ÀÛÇÏÁö ¾Ê´Â °Í °°½À´Ï´Ù. ¿Ö ±×·¸½À´Ï±î? IP ¸¶½ºÄ¿·¹À̵å´Â, ±âº»ÀûÀ¸·Î, TCP ¼¼¼Ç°ú TCP FIN, UDP Åë½ÅµîÀÇ Á¦Çѽð£À» 15ºÐÀ¸·Î ¸ÂÃß¾î ³õ½À´Ï´Ù. ´ÙÀ½ÀÇ ¼³Á¤À»(ÀÌ ÇÏ¿ìÅõÀÇ /etc/rc.d/rc.firewall Á¤Ã¥ È­ÀÏ¿¡ ÀÌ¹Ì ³ª¿Í ÀÖÀ½) °¡´ÉÇÏ¸é ¸ðµç »ç¿ëÀڵ鿡 ´ëÇØ »ç¿ëÇÒ °ÍÀ» ±ÇÀåÇÕ´Ï´Ù: IPFWADMÀ» »ç¿ëÇÏ´Â ¸®´ª½º 2.0.x: # MASQ timeouts # # 2 hrs timeout for TCP session timeouts # 10 sec timeout for traffic after the TCP/IP "FIN" packet is received # 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec firewall timeout in ICQ itself) # /sbin/ipfwadm -M -s 7200 10 60 IPCHAINS¸¦ »ç¿ëÇÏ´Â ¸®´ª½º 2.2.x: # MASQ timeouts # # 2 hrs timeout for TCP session timeouts # 10 sec timeout for traffic after the TCP/IP "FIN" packet is received # 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec firewall timeout in ICQ itself) # /ipchains -M -S 7200 10 60 7.13. ÀÎÅÍ³Ý Á¢¼ÓÀÌ Ã³À½ ÀÌ·ç¾îÁú ¶§´Â ¾Æ¹«°Íµµ µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù. ÇÏÁö¸¸, ´Ù½Ã ½ÃµµÇÏ¸é ¸ðµç °ÍÀÌ Àß µ¿ÀÛÇÕ´Ï´Ù. ¿Ö ±×·¸½À´Ï±î? ±× ÀÌÀ¯´Â ¿©·¯ºÐÀÌ µ¿ÀûÀÎ IP ÁÖ¼Ò¸¦ °¡Áö°í ÀÖ°í, ÀÎÅÍ³Ý ¿¬°áÀÌ Ã³À½À¸·Î ÀÌ·ç¾îÁú ¶§´Â, IP ¸¶½ºÄ¿·¹À̵尡 IP ÁÖ¼Ò¸¦ ¾Ë ¼ö ¾ø±â ¶§¹®¿¡ ±×·¸½À´Ï´Ù. À̸¦ À§ÇÑ ÇØ°áÃ¥ÀÌ ÀÖ½À´Ï´Ù. ¿©·¯ºÐÀÇ /etc/rc.d/rc.firewall Á¤Ã¥È­ÀÏ¿¡, ´ÙÀ½ ³»¿ëÀ» Ãß°¡ÇϽʽÿä: # Dynamic IP users: # # If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following # option. This enables dynamic-ip address hacking in IP MASQ, making the life # with Diald and similar programs much easier. # echo "1" > /proc/sys/net/ipv4/ip_dynaddr 7.14. IP ¸¶½ºÄ¿·¹À̵尡 Àß µ¿ÀÛÇÏ´Â °Í °°Áö¸¸ ¸î¸î »çÀÌÆ®¿¡ ´ëÇؼ­´Â µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù. ÁÖ·Î À¥°ú FTP¿¡¼­ ±×·¸½À´Ï´Ù. ÀÌ¿¡´Â, µÎ°¡Áö ÀÌÀ¯¸¦ »ý°¢ÇØ º¼ ¼ö ÀÖ½À´Ï´Ù. ù¹ø°´Â ¸Å¿ì ÀÚÁÖ ÀϾ´Â °ÍÀÌ°í, µÎ¹ø°´Â ¸Å¿ì µå¹® °æ¿ìÀÔ´Ï´Ù. o 2.0.36°ú 2.2.9 ¸®´ª½º Ä¿³Î¿¡´Â ²Ï ã±â Èûµç ¹ö±×°¡ ¸¶½ºÄ¿·¹À̵å ÄÚµå ³»¿¡ À־, DF ȤÀº "Don't Fragment(Á¶°¢³»Áö ¸»°Í)" ºñÆ®°¡ ¼³Á¤µÇ¾î ÀÖ´Â ÆÐŶ°ú´Â ¹®Á¦¸¦ ÀÏÀ¸Åµ´Ï´Ù. ±âº»ÀûÀ¸·Î, ¸¶½ºÄ¿·¹ÀÌµå ¹Ú½º°¡ 1500º¸´Ù ÀÛÀº °ªÀÇ MTU·Î ÀÎÅͳݿ¡ ¿¬°áµÉ ¶§, ¸î¸î ÆÐŶÀÌ DF Çʵ尡 ¼³Á¤µÉ ¼ö ÀÖ½À´Ï´Ù. ¸®´ª½º ¹Ú½º¿¡¼­ MTU¸¦ 1500À¸·Î º¯°æÇÏ¸é ¹®Á¦°¡ ÇØ°áµÇ´Â µí Çϱä ÇÏÁö¸¸, ¹ö±×´Â ¿©ÀüÈ÷ ³²¾Æ ÀÖ½À´Ï´Ù. ¹®Á¦¶ó°í »ý°¢µÇ´Â °ÍÀº, ¸¶½ºÄ¿·¹À̵å Äڵ尡, ICMP 3 sub 4 Äڵ带 °®´Â ICMP ÆÐŶÀÌ µ¹¾Æ¿À¸é ¿ø·¡ÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»ÅÍ·Î °¡µµ·Ï Á¦´ë·Î ó¸®ÇÏÁö ¸øÇÑ´Ù´Â °ÍÀÔ´Ï´Ù. ÀÌ ¶§¹®¿¡, ÆÐŶÀÌ Áß°£¿¡ ´©¶ôµË´Ï´Ù. ¸¸¾à ¿©·¯ºÐÀÌ ³×Æ®¿÷ ÇÁ·Î±×·¡¸ÓÀÌ°í ÀÌ ¹®Á¦¸¦ °íÄ¥ ¼ö ÀÖ´Ù°í »ý°¢µÇ¸é.. µµÀüÇØ º¸½Ê½Ã¿ä! ÇÏÁö¸¸ °ÆÁ¤ÇÒ °ÍÀº ¾ø½À´Ï´Ù. ¸Å¿ì ÈǸ¢ÇÑ º¸¿ÏÃ¥Àº ¿©·¯ºÐÀÇ ÀÎÅÍ³Ý Á¢¼ÓÀÇ MTU¸¦ 1500À¸·Î º¯°æÇÏ´Â °ÍÀÔ´Ï´Ù. ±×·¸°Ô µÇ¸é ¾î¶² »ç¿ëÀÚµéÀº ºÒÆòÇÏ°Ô µÉ °ÍÀε¥, ±×°Ç TELNETÀ̳ª °ÔÀÓµî ¸î¸î ÀáÀç´É·Â¿¡ ¹Î°¨ÇÑ ÇÁ·Î±×·¥µéÀÌ ¹®Á¦¸¦ ÀÏÀ¸Å°±â ¶§¹®ÀÔ´Ï´Ù. ÇÏÁö¸¸, ÇÇÇØ´Â ´ÜÁö Á¶±ÝÀÏ »ÓÀÔ´Ï´Ù. HTTP¿Í FTP ¼Óµµ´Â ´õ ÁÁ¾ÆÁú °ÍÀÔ´Ï´Ù! ÀÌ ¹®Á¦¸¦ °íÄ¡±â À§Çؼ­´Â, ¿ì¼± ¿©·¯ºÐÀÇ ÀÎÅÍ³Ý ¿¬°áÀÇ MTU°¡ ¾ó¸¶ÀÎÁö ÇöÀç ¾ó¸¶ÀÎÁö ¾Ë¾Æ¾ß ÇÕ´Ï´Ù. È®ÀÎÇÏ´Â ¹æ¹ýÀº, "/bin/ifconfig"¶ó°í ¸í·ÉÇÏ´Â °ÍÀÔ´Ï´Ù. ÀÌÁ¦ ¿©·¯ºÐÀÇ ÀÎÅÍ³Ý ¿¬°á¿¡ ÇØ´çÇÏ´Â ¶óÀεéÀ» »ìÆ캸°í MTU°¡ ¾ó¸¶ÀÎÁö È®ÀÎÇÕ´Ï´Ù. ÀÌ °ªÀº 1500À̾î¾ß ÇÕ´Ï´Ù. º¸Åë Ethernet(ÀÌ´õ³Ý) ¿¬°áÀº ±âº»ÀûÀ¸·Î ÀÌ °ªÀ¸·Î µÇ¾î ÀÖÀ» °ÍÀÌ°í, PPP´Â ±âº»ÀûÀ¸·Î 576À¸·Î µÇ¾î ÀÖÀ» °Ì´Ï´Ù. o PPP Á¢¼Ó¿¡¼­ MTU °ªÀ» °íÄ¡±â À§Çؼ­´Â, /etc/ppp/options È­ÀÏÀ» ÆíÁýÇؼ­ À­ºÎºÐ¿¡ "mtu 1500"°ú "mru 1500"À̶ó´Â ¶óÀεéÀ» Ãß°¡ÇÕ´Ï´Ù. º¯°æ»çÇ×À» ÀúÀåÇÏ°í PPP¸¦ Àç½ÃÀÛÇÕ´Ï´Ù. À§¿¡¼­¿Í °°Àº ¹æ¹ýÀ¸·Î PPP Á¢¼ÓÀÌ ÀÌÁ¦´Â Á¦´ë·Î µÈ MTU °ªÀ» °®´ÂÁö È®ÀÎÇÕ´Ï´Ù. o ADSLÀ̳ª ÄÉÀÌºí ¸ðµ© µîÀÇ Ethernet ¿¬°á¿¡¼­ MTU °ªÀ» °íÄ¡±â À§Çؼ­´Â, ¿©·¯ºÐÀÇ ³×Æ®¿÷ ½ÃÀÛ ½ºÅ©¸³Æ®¸¦ ÆíÁýÇØ¾ß ÇÕ´Ï´Ù. ³×Æ®¿÷ ÃÖÀûÈ­¿¡ °üÇؼ­´Â TrinityOS - Section 16 ¹®¼­¸¦ º¸½Ê½Ã¿ä. o ¸¶Áö¸·À¸·Î, º¸Åë ÀϾ´Â ¹®Á¦´Â ¾Æ´ÏÁö¸¸, ¾î¶² ¶§´Â ÀÌ·± ÇØ°áÃ¥ÀÌ ÇÊ¿äÇÑ °æ¿ì°¡ ÀÖ½À´Ï´Ù. PPP »ç¿ëÀÚÀÇ °æ¿ì¿¡, PPPd Äڵ尡 ¾î¶² Æ÷Æ®·Î Á¢¼ÓÇϴ°¡ ÇÏ´Â °ÍÀÔ´Ï´Ù. /dev/cua* Æ÷Æ®Àΰ¡, /dev/ttyS* Æ÷Æ®Àΰ¡ ÇÏ´Â °ÍÀÔ´Ï´Ù. /dev/ttyS* Æ÷Æ®¿©¾ß ÇÕ´Ï´Ù. cua ½ºÅ¸ÀÏÀº ¿¹Àü °ÍÀÌ°í, ¸Å¿ì ƯÀÌÇÑ ¹æ¹ýÀ¸·Î ¹®Á¦¸¦ ÀÏÀ¸Åµ´Ï´Ù. 7.15. IP ¸¶½ºÄ¿·¹À̵ùÀÌ ´À¸° °Í °°½À´Ï´Ù. ÀÌ°Í¿¡´Â ¸î°¡Áö ÀÌÀ¯°¡ ÀÖÀ» ¼ö ÀÖ½À´Ï´Ù: o Ȥ½Ã³ª ¿©·¯ºÐÀÇ ³»ºÎ ³×Æ®¿÷°ú ¿ÜºÎ ³×Æ®¿÷ÀÌ IP Alias ±â´ÉÀ» ÅëÇؼ­ °°Àº ³×Æ®¿÷ Ä«µå¿¡¼­ µ¿ÀÛÇÏ°í ÀÖÁö´Â ¾Ê´ÂÁö È®ÀÎÇϽʽÿä. ¸¸¾à ±×·¸´Ù¸é, ³×Æ®¿÷ Ä«µå Çϳª¸¦ ´õ ±¸Çؼ­ ³»ºÎ ³×Æ®¿÷°ú ¿ÜºÎ ³×Æ®¿÷ÀÌ ±×µé ÀÚ½ÅÀÇ ÀÎÅÍÆäÀ̽º¿¡¼­ µ¿ÀÛÇϵµ·Ï ÇÒ °ÍÀ» °­·ÂÀÌ ±ÇÀåÇÕ´Ï´Ù. o ¸¸¾à ¿©·¯ºÐÀÌ ¿ÜÀå ¸ðµ©À» »ç¿ëÇÏ°í ÀÖ´Ù¸é, Ç°ÁúÀÌ ÁÁÀº Á÷·Ä ÄÉÀ̺íÀ» »ç¿ëÇÏ°í ÀÖ´ÂÁö È®ÀÎÇϽʽÿä. ¶ÇÇÑ, ¸¹Àº PCµéÀÌ ½Î±¸·ÁÀÇ ¸®º» ÄÉÀ̺í·Î ¸¶´õº¸µå³ª I/O Ä«µåÀÇ Á÷·Ä Æ÷Æ®¿Í ¿ÜºÎ Á÷·Ä Æ÷Æ® Á¢¼Ó ´ÜÀÚ¸¦ ¿¬°áÇÏ°í ÀÖ½À´Ï´Ù. ÀÌ·± °æ¿ì¿¡ ÇØ´çµÈ´Ù¸é, ÄÉÀ̺í°ú ´ÜÀÚÀÇ »óÅ°¡ ¾çÈ£ÇÑÁö È®ÀÎÇϽʽÿä. °³ÀÎÀûÀ¸·Î, ÇÊÀÚ´Â ¸ðµç ¸®º» ÄÉÀ̺í ÁÖÀ§¿¡ Æä¶óÀÌÆ® ÄÚÀÏ(£Àº ȸ»öÀÇ µÕ±Ù ±Ý¼Ó)À» °¨¾Æ³õ°í ÀÖ½À´Ï´Ù. o ÀÌ ÇÏ¿ìÅõÀÇ À§ÂÊ FAQ¿¡¼­ ¼³¸íÇÑ ´ë·Î MTU°¡ 1500À¸·Î µÇ¾î ÀÖ´ÂÁö È®ÀÎÇϽʽÿä. o ½Ã¸®¾ó Æ÷Æ®°¡ 16550AÀ̰ųª ȤÀº ´õ ÁÁÀº UARTÀÎÁö È®ÀÎÇϽʽÿä. È®ÀÎÇϱâ À§Çؼ­´Â "dmesg | more"¶ó°í ¸í·ÉÇϽʽÿä. o PPP Á¢¼ÓÀ» À§ÇÑ ½Ã¸®¾ó Æ÷Æ®°¡ 115200À¸·Î µ¿ÀÛÇÏ´ÂÁö È®ÀÎÇϽʽÿä(¸ðµ©°ú ½Ã¸®¾ó Æ÷Æ®°¡ ó¸®ÇÒ ¼ö ÀÖ´Ù¸é ´õ ºü¸¥ °ª.. À̸¦ Å׸é ISDN Å͹̳Π¾î´ðÅÍ(TA). o 2.0.x Ä¿³Î: 2.0.x Ä¿³ÎÀº Á» ±«»óÇÑ ¸éÀÌ À־ Ä¿³Î¿¡°Ô ½Ã¸®¾ó Æ÷Æ® ¼Óµµ¸¦ 115200À¸·Î ¸ÂÃßµµ·Ï Á÷Á¢ ¸í·ÉÇÒ ¼ö ¾ø½À´Ï´Ù. ±×·¡¼­, /etc/rc.d/rc.localÀ̳ª /etc/rc.d/rc.serial °°Àº Ãʱ⠽ºÅ©¸³Æ®¿¡¼­, ´ÙÀ½ ¸í·ÉÀ» ½ÇÇàÇϵµ·Ï ÇÕ´Ï´Ù(¸ðµ©À» COM2¿¡¼­ »ç¿ëÇÒ ¶§): o setserial /dev/ttyS1 spd_vhi o PPPd ½ºÅ©¸³Æ®¿¡¼­, ½ÇÁ¦ pppd¸¦ ½ÇÇàÇÏ´Â °÷À» ¼Óµµ°¡ "38400"ÀÌ µÇµµ·Ï °íĨ´Ï´Ù(pppdÀÇ man page ÂüÁ¶). o 2.2.x Ä¿³Î: 2.0.x Ä¿³Î°ú ´Ù¸£°Ô, 2.1.x¿Í 2.2.x Ä¿³ÎÀº ÀÌ·± "spd_vhi" ¹®Á¦°¡ ¾ø½À´Ï´Ù. o ±×·¡¼­, PPPd ½ºÅ©¸³Æ®¿¡¼­, ½ÇÁ¦ pppd¸¦ ½ÇÇàÇÏ´Â °÷À» ¼Óµµ°¡ "115200"ÀÌ µÇµµ·Ï °íÄ¡±â¸¸ ÇÕ´Ï´Ù(pppdÀÇ man page ÂüÁ¶). o TCP Sliding window¸¦ ÃÖ¼ÒÇÑ 8192°¡ µÇµµ·Ï ¼³Á¤ÇÕ´Ï´Ù. o ÀÌ ³»¿ëÀº ÀÌ ¹®¼­ÀÇ ¹üÀ§¸¦ ¿ÏÀüÈ÷ ¹þ¾î³ªÁö¸¸, ÀÌ·¸°Ô ÇÏ¸é ³»Àå/¿ÜÀå PPP, Ethernet, TokenRing µî ¾î¶°ÇÑ ³×Æ®¿÷ ±¸¼ºÀ» °®°í ÀÖµç ¸¹Àº µµ¿òÀÌ µÉ °ÍÀÔ´Ï´Ù. ´õ ÀÚ¼¼ÇÑ »çÇ×Àº, TrinityOS - Section 16ÀÇ ³×Æ®¿÷ ÃÖÀûÈ­ ¼½¼ÇÀ» º¸½Ê½Ã¿ä. o ½Ã¸®¾ó Æ÷Æ®¿¡ IRQ-TuneÀ» ¼³Á¤ o ´ëºÎºÐÀÇ PC Çϵå¿þ¾î¿¡¼­, Craig EsteyÀÇ IRQTUNE µµ±¸¸¦ »ç¿ëÇÏ¸é ½Ã¸®¾ó Æ÷Æ®ÀÇ ¼º´ÉÀÌ SLIP°ú PPP¸¦ Æ÷ÇÔÇؼ­ ȹ±âÀûÀ¸·Î Çâ»óµÉ °Ì´Ï´Ù. 7.16. ÀÌÁ¦ IP ¸¶½ºÄ¿·¹À̵ùÀº µ¿ÀÛÇÏÁö¸¸, SYSLOGÀÇ ·Î±× È­ÀÏ¿¡ °®°¡ÁöÀÇ ÀÌ»óÇÑ ¸Þ½ÃÁöµé°ú ¿¡·¯°¡ »ý±é´Ï´Ù. IPFWADM/IPCHAINS ¹æÈ­º®ÀÇ ¿¡·¯ ¸Þ½ÃÁöÀÇ Àǹ̵éÀ» ¾Ë ¼ö ÀÖÀ»±î¿ä? ¿©·¯ºÐÀÌ º¸Åë º¸°Ô µÉ ¸Þ½ÃÁö´Â ¾Æ¸¶µµ ´ÙÀ½ µÎ°¡ÁöÀÏ °Ì´Ï´Ù: o MASQ: Failed TCP Checksum error: ÀÌ ¿¡·¯°¡ º¸ÀÌ´Â °æ¿ì´Â, ÀÎÅͳݿ¡¼­ ¿À´Â ÆÐŶÀÌ µ¥ÀÌŸ ¼½¼Ç¿¡ ¹®Á¦°¡ ÀÖÁö¸¸ ³ª¸ÓÁö´Â ±¦Âú¾Æ "º¸ÀÏ" ¶§ÀÔ´Ï´Ù. ¸®´ª½º ¹Ú½º°¡ÀÌ ÀÌ·± ÆÐŶÀ» ¹ÞÀ¸¸é, ÆÐŶÀÇ CRC¸¦ °è»êÇؼ­ ÆÐŶ¿¡ ¹®Á¦°¡ ÀÖ´Ù´Â °ÍÀ» ÆÇ´ÜÇÕ´Ï´Ù. Microsoft Windows¿Í °°Àº OS¸¦ ¿î¿µÇÏ´Â ´ëºÎºÐÀÇ ¸Ó½ÅµéÀº, ÀÌ·± ÆÐŶÀ» ±×³É Á¶¿ëÈ÷ ¹«½ÃÇÏÁö¸¸ ¸®´ª½º IP ¸¶½ºÄ¿·¹À̵å´Â ±×°ÍÀ» SYSLOG¿¡ º¸°íÇÕ´Ï´Ù. ¸¸¾à PPP Á¢¼Ó¿¡¼­ ÀÌ·± ¸Þ½ÃÁö¸¦ "¾ÆÁÖ ¸¹ÀÌ" Á¢ÇÏ°Ô µÈ´Ù¸é, À§ÀÇ FAQ Ç׸ñ Áß "¸¶½ºÄ¿·¹À̵尡 ´À¸³´Ï´Ù"¸¦ º¸½Ã±â ¹Ù¶ø´Ï´Ù. o ±× Ç׸ñÀÇ ³»¿ëÀÌ µµ¿òÀÌ ¾È µÉ ¶§´Â, /etc/ppp/options È­ÀÏ¿¡ "-vj"¶ó´Â ÁÙÀ» Ãß°¡ÇÏ°í PPPd¸¦ Àç½ÃÀÛÇØ º¸½Ã±â ¹Ù¶ø´Ï´Ù. o Firewall hits: ÀÎÅͳÝÀ» »ç¿ëÇϸ鼭 °ü´ëÇÑ(¾ö°ÝÇÏÁö ¾ÊÀº) ¹æÈ­º®À» ¿î¿µÇÑ´Ù¸é, ¾ó¸¶³ª ¸¹Àº »ç¶÷µéÀÌ ¿©·¯ºÐÀÇ ¸®´ª½º ¹Ú½º¿¡ ħÀÔÇÏ·Á°í ÇÏ´ÂÁö¸¦ º¸°í¼­ ³î¶ó°Ô µÉ °Ì´Ï´Ù! ±×·³ ÀÌ·± ¹æÈ­º®ÀÇ ·Î±×µéÀÌ ÀǹÌÇÏ´Â °Ç ¹»±î¿ä? TrinityOS - Section 10 ¹®¼­¿¡¼­: ¾Æ·¡ÀÇ Á¤Ã¥¿¡¼­, ¾î¶² Æ®·¡ÇÈÀ» °ÅÀý ¶Ç´Â °ÅºÎÇÏ´Â ¶óÀεéÀº "-o" ¿É¼ÇÀ» °¡Áö°í À־ ¹æÈ­º®¿¡ÀÇ Á¢±Ù ±â·ÏÀ» ´ÙÀ½ÀÇ À§Ä¡¿¡ ÀÖ´Â SYSLOG ¸Þ½ÃÁö È­ÀÏ¿¡ ³²±é´Ï´Ù: Redhat: /var/log Slackware: /var/adm ÀÌ ¹æÈ­º® ·Î±×µéÀ» »ìÆ캸¸é, ´ÙÀ½ÀÇ °Íµé°ú °°Àº °ÍÀ» º¸°Ô µÉ °Ì´Ï´Ù: --------------------------------------------------------------------- IPFWADM: Feb 23 07:37:01 Roadrunner kernel: IP fw-in rej eth0 TCP 12.75.147.174:1633 100.200.0.212:23 L=44 S=0x00 I=54054 F=0x0040 T=254 IPCHAINS: Packet log: input DENY eth0 PROTO=17 12.75.147.174:1633 100.200.0.212:23 L=44 S=0x00 I=54054 F=0x0040 T=254 --------------------------------------------------------------------- ÀÌ ´Ü ÇÑ ÁÙ¿¡´Â ¾ÆÁÖ ¸¹Àº Á¤º¸°¡ ÀÖ½À´Ï´Ù. ÀÌ ¿¹¸¦ ºÐ¼®ÇØ º¸¸é¼­ ¿©·¯ºÐÀÌ º¸°ÔµÇ´Â ¹æÈ­º® Á¢±Ù ±â·ÏÀ» È®ÀÎÇØ º¾½Ã´Ù. ÀÌ ¿¹´Â IPFWADMÀ» ¼³¸íÇÏ°í ÀÖÁö¸¸ IPCHAINS »ç¿ëÀڵ鵵 ¹Ù·Î ¹«¾ðÁö ¾Ë ¼ö ÀÖÀ» °Ì´Ï´Ù. -------------- - ÀÌ ¹æÈ­º® "Á¢±Ù"Àº "Feb 23 07:37:01"¿¡ ¹ß»ýÇß½À´Ï´Ù. - ÀÌ Á¢±ÙÀº "RoadRunner"¶ó´Â ÄÄÇ»ÅÍ¿¡ ´ëÇÑ °ÍÀÔ´Ï´Ù. - ÀÌ Á¢±ÙÀº "IP" ȤÀº TCP/IP ÇÁ·ÎÅäÄÝÀ» ÅëÇÑ °ÍÀÔ´Ï´Ù. - ÀÌ Á¢±ÙÀº ¹æÈ­º®À¸·Î "µé¾î¿À´Â"("fw-in") °ÍÀÔ´Ï´Ù. * ´Ù¸¥ ·Î±×µéÀº "³ª°¡´Â" °Í¿¡ ´ëÇؼ­ "fw-out" ȤÀº FORWARDÇÏ´Â °Í¿¡ ´ëÇؼ­´Â "fw-fwd"¶ó°í ÇÒ °ÍÀÔ´Ï´Ù. - ÀÌ Á¢±ÙÀº "°ÅºÎµÇ¾ú½À´Ï´Ù(rejECTED)". * ´Ù¸¥ ·Î±×µéÀº "deny" ȤÀº "accept"¶ó°í ÇÒ ¼öµµ ÀÖ½À´Ï´Ù. - ÀÌ ¹æÈ­º® Á¢±Ù "eth0" ÀÎÅÍÆäÀ̽º(ÀÎÅÍ³Ý ¿¬°á)¿¡¼­ ÀϾ½À´Ï´Ù. - ÀÌ Á¢±ÙÀº "TCP" ÆÐŶÀ̾ú½À´Ï´Ù. - ÀÌ Á¢±ÙÀº "12.75.147.174"fksms IP ÁּҷκÎÅÍ ¿Â °ÍÀÌ°í "1633"¹ø Æ÷Æ®·Î µ¹·ÁÁ³½À´Ï´Ù. - ÀÌ Á¢±ÙÀº "100.200.0.212"¶ó´Â ÁÖ¼Ò¿¡ "23"¹ø Æ÷Æ® ȤÀº TELNETÀ¸·Î ¿¬°áÇϱâ À§ÇÑ °ÍÀ̾ú½À´Ï´Ù. * 23¹ø Æ÷Æ®°¡ TELNETÀ» À§ÇÑ °ÍÀÎÁö Àß ¸ð¸£°Ú´Ù¸é, /etc/services È­ÀÏ¿¡¼­ Æ÷Æ®¸¦ È®ÀÎÇϽʽÿä. - ÀÌ ÆÐŶÀº Å©±â°¡ "44" ¹ÙÀÌÆ®¿´½À´Ï´Ù. - ÀÌ ÆÐŶÀº "Type of Service(¼­ºñ½º Á¾·ù)"°¡ ¼³Á¤µÅ ÀÖÁö ¾Ê¾Ò½À´Ï´Ù. --ÀÌ ¸»À» ÀÌÇØÇÏÁö ¸øÇÏ´õ¶ó°í °ÆÁ¤ÇÏÁö ¸¶½Ê½Ã¿ä.. ¾Ë ÇÊ¿ä ¾ø½À´Ï´Ù. * ipchains »ç¿ëÀÚÀÇ °æ¿ì ÀÌ °ªÀ» 4·Î ³ª´©¸é ¼­ºñ½º Á¾·ù°¡ µË´Ï´Ù. - ÀÌ ÆÐŶÀº "IP ID" ¹øÈ£°¡ "18" À̾ú½À´Ï´Ù. --ÀÌ ¸»À» ÀÌÇØÇÏÁö ¸øÇÏ´õ¶ó°í °ÆÁ¤ÇÏÁö ¸¶½Ê½Ã¿ä.. ¾Ë ÇÊ¿ä ¾ø½À´Ï´Ù. - ÀÌ ÆÐŶÀº 16ºñÆ®ÀÇ Á¶°¢ À§Ä¡¸¦ °¡Áö°í ÀÖ°í TCP/IP ÆÐŶ Ç÷¡±×´Â "0x0000"À̾ú½À´Ï´Ù. --ÀÌ ¸»À» ÀÌÇØÇÏÁö ¸øÇÏ´õ¶ó°í °ÆÁ¤ÇÏÁö ¸¶½Ê½Ã¿ä.. ¾Ë ÇÊ¿ä ¾ø½À´Ï´Ù. * "0x2..."³ª "0x3..."·Î ½ÃÀÛÇÏ´Â °ªÀº "´õ ¸¹Àº Á¶°¢" ºñÆ®°¡ µÇ¾î¼­ ´õ¸¹Àº Á¶°¢³­ ÆÐŶµéÀÌ µµÂøÇؾßÁö ÀÌ "Å«" ÆÐŶÀÌ ¿Ï¼ºµÉ °ÍÀ̶ó´Â °ÍÀ» ÀǹÌÇÕ´Ï´Ù. * "0x4..."³ª "0x5..."·Î ½ÃÀÛÇÏ´Â °ªÀº "Á¶°¢³»±â ±ÝÁö" ºñÆ®°¡ ¼³Á¤µÇ¾î ÀÖ´Ù´Â °ÍÀ» ÀǹÌÇÕ´Ï´Ù. * ´Ù¸¥ °ªµéÀº Á¶°¢ À§Ä¡ (8·Î ³ª¿ì¾úÀ» ¶§) °ªµéÀÌ°í ³ªÁß¿¡ ¿ø·¡ÀÇ Å« ÆÐŶÀ¸·Î Á¶ÇÕÇÒ ¶§ »ç¿ëµË´Ï´Ù. - ÀÌ ÆÐŶÀº Áö¼Ó½Ã°£(TimeToLive) (TTL)ÀÌ 20À̾ú½À´Ï´Ù. * ÀÎÅͳݻ󿡼­ÀÇ ¸Å µµ¾à ¶§ ¸¶´Ù ÀÌ °ªÀº 1¾¿ °¨¼ÒÇÕ´Ï´Ù. º¸Åë, ÆÐŶµéÀº Ãâ¹ßÇÒ ¶§ 255ÀÇ °ªÀ» °®°í ¸¸¾à ÀÌ ¼ýÀÚ°¡ °á±¹ 0ÀÌ µÇ¸é, ÆÐŶÀº ¾ø¾îÁø °ÍÀÌ¶ó¼­ Áö¿öÁö°Ô µÉ °Ì´Ï´Ù. 7.17. ¿ÜºÎÀÇ ÀÎÅÍ³Ý »ç¿ëÀÚµéÀÌ ³»ºÎ¿¡ ¸¶½ºÄ¿·¹À̵åµÇ´Â ¼­¹öµé¿¡ Á÷Á¢ Á¢¼ÓÇÒ ¼ö ÀÖµµ·Ï IP ¸¶½ºÄ¿·¹À̵带 ¼³Á¤ÇÒ ¼ö ÀÖ½À´Ï±î? ¿¹! IPPORTFW¸¦ »ç¿ëÇϸé, ¸ðµç, ȤÀº ¼±ÅÃµÈ ¸î¸î ÀÎÅÍ³Ý È£½ºÆ®µéÀÌ ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»Å͵鿡 Á¢¼ÓÇÒ ¼ö ÀÖµµ·Ï ÇÒ ¼ö ÀÖ½À´Ï´Ù. ÀÌ ÁÖÁ¦¿¡ ´ëÇؼ­´Â ``'' ¼½¼Ç¿¡¼­ »ó¼¼È÷ ´Ù·ç°í ÀÖ½À´Ï´Ù. 7.18. SYSLOG È­ÀÏ¿¡ "kernel: ip_masq_new(proto=UDP): no free ports."¶ó´Â ¸Þ½ÃÁö°¡ ³²½À´Ï´Ù. ¿Ö ±×·±°¡¿ä? ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ¸Ó½Å Áß Çϳª°¡ ÀÎÅͳÝÀ¸·Î ³ª°¡´Â ÆÐŶÀ» ºñÁ¤»óÀûÀ¸·Î ¸¹ÀÌ ¸¸µé°í Àֱ⠶§¹®ÀÔ´Ï´Ù. IP ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö´Â ¸¶½ºÄ¿·¹À̵å Å×À̺íÀ» ¸¸µé°í ÀÌ ÆÐŶµéÀ» ÀÎÅͳÝÀ¸·Î ³»º¸³»´Âµ¥, ÀÌ Å×À̺íÀÌ ³Ê¹« »¡¸® ä¿öÁö´Â °Ì´Ï´Ù. ÀÏ´Ü Å×À̺íÀÌ ²Ë Â÷°Ô µÇ¸é, ÀÌ¿Í °°Àº ¿¡·¯¸¦ ³»°Ô µË´Ï´Ù. ÀÌ·¯ÇÑ »óȲÀ» ¸¸µé¾î ³»´Â ÀÀ¿ëÇÁ·Î±×·¥À¸·Î¼­ Á¦°¡ ¾Ë°í ÀÖ´Â À¯ÀÏÇÑ °ÍÀº "GameSpy"¶ó´Â °ÔÀÓ ÇÁ·Î±×·¥ÀÔ´Ï´Ù. ÀÌÀ¯´Â, Gamespy¶ó´Â °ÔÀÓÀº ¼­¹öÀÇ ¸®½ºÆ®¸¦ ¸¸µé°í, ±× ¸®½ºÆ®¿¡ ÀÖ´Â ¼öõ°³ÀÇ ¸ðµç °ÔÀÓ ¼­¹ö¿¡ pingÀ» Çϱ⠶§¹®ÀÔ´Ï´Ù. ÀÌ·¸°Ô pingÀ» ÇÔÀ¸·Î½á, ¸Å¿ì ªÀº ½Ã°£µ¿¾È ¼ö¸¸°³ÀÇ ºü¸¥ Á¢¼ÓÀ» ¿ä±¸ÇÕ´Ï´Ù. À̵éÀÌ IP ¸¶½ºÄ¿·¹À̵åÀÇ ½Ã°£Á¦ÇÑ¿¡ °É·Á¼­ ³¡³¯ ¶§±îÁö, ¸¶½ºÄ¿·¹À̵å Å×À̺íÀ» "²Ë" Â÷°Ô µË´Ï´Ù. ±×·³ ¾î¶»°Ô Çϳª¿ä? ÀÌ»óÀûÀ¸·Î ¸»ÇÑ´Ù¸é, ±×·± ÇÁ·Î±×·¥Àº ¾²Áö ¸¶½Ê½Ã¿ä. ·Î±× È­ÀÏ¿¡ ±×·± ¿¡·¯µéÀÌ ½×Àδٸé, ¾î¶² ÇÁ·Î±×·¥ÀÎÁö ã¾Æ³»¼­ »ç¿ëÀ» ÁßÁöÇϽʽÿä. ÇÏÁö¸¸, ¿©·¯ºÐÀÌ GameSpy°°Àº °ÔÀÓÀ» Á¤¸»·Î ÁÁ¾ÆÇÑ´Ù¸é, ¼­¹ö ¸ñ·ÏÀ» °»½ÅÇÏ´Â °ÍÀ» ¸¹ÀÌ ÇÏÁö ¸¶½Ê½Ã¿ä. ¾î·µç, ±×·± ÇÁ·Î±×·¥µéÀ» »ç¿ëÇÏÁö ¾Ê´Â´Ù¸é, ¸¶½ºÄ¿·¹À̵尡 ³»º¸³»´ø ±× ¿¡·¯µéÀº ´õ ÀÌ»ó ³ªÅ¸³ªÁö ¾ÊÀ» °Ì´Ï´Ù. 7.19. IPPORTFW¸¦ »ç¿ëÇÏ·Á°í Çϸé "ipfwadm: setsockopt failed: Proto­ col not available"¶ó´Â ¿¡·¯°¡ ³³´Ï´Ù! "ipfwadm: setsockopt failed: Protocol not available"¶ó´Â ¿¡·¯ ¸Þ½ÃÁö¸¦ ¸¸³­´Ù¸é, »õ·Ó°Ô ÄÄÆÄÀÏÇÑ Ä¿³ÎÀ» »ç¿ëÇÏ°í ÀÖÁö ¾ÊÀº °ÍÀÔ´Ï´Ù. »õ Ä¿³ÎÀ» Á¦ À§Ä¡¿¡ ¿Å±â°í, LILO¸¦ ´Ù½Ã ½ÇÇàÇÏ°í, ´Ù½Ã ÀçºÎÆÃÇØ º¸½Ê½Ã¿ä. ÀÚ¼¼ÇÑ »çÇ×Àº ``'' ¼½¼ÇÀÇ ¸¶Áö¸· ºÎºÐÀ» º¸½Ê½Ã¿ä. 7.20. Microsoft È­ÀÏ ÇÁ¸°Æ® °øÀ¯¿Í Microsoft µµ¸ÞÀΠŬ¶óÀ̾ðÆ®µé(SAMBA)ÀÌ IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ­ µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù! MicrosoftÀÇ SMB ÇÁ·ÎÅäÄÝÀ» Á¦´ë·Î Áö¿øÇϱâ À§Çؼ­´Â ±×¸¦ À§ÇÑ ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀÌ ÀÖ¾î¾ß ÇÏÁö¸¸, ÇöÀç·Î¼­´Â ¼¼°¡ÁöÀÇ ¿ìȸÀûÀÎ ¹æ¹ýÀÌ ÀÖ½À´Ï´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº, this Microsoft KnowledgeBase articleÀ» º¸½Ê½Ã¿ä. ù¹ø° ¿ìȸ¹æ¹ýÀº, IPPORTFW¸¦ ``'' ¼½¼Ç¿¡ ³ª¿Â ´ë·Î ¼³Á¤ÇÏ°í, TCP Æ÷Æ® 137, 138, 139¸¦ ³»ºÎÀÇ À©µµ¿ìÁî ¸Ó½ÅÀÇ IP ÁÖ¼Ò·Î Æ÷¿öµåÇÏ´Â °ÍÀÔ´Ï´Ù. ÀÌ·¸°Ô ÇÏ¸é µ¿ÀÛÇϱä ÇÏÁö¸¸, ¿ÀÁ÷ ÇÑ °³ÀÇ ³»ºÎ ¸Ó½Å¿¡ ´ëÇؼ­¸¸ µ¿ÀÛÇÒ °ÍÀÔ´Ï´Ù. µÎ¹øÀç ¹æ¹ýÀº, ¸®´ª½º ¸¶½ºÄ¿·¹ÀÌµå ¼­¹ö¿¡ Samba¸¦ ¼³Ä¡ÇÏ´Â °ÍÀÔ´Ï´Ù. Samba°¡ ½ÇÇàÇϸé, ³»ºÎÀÇ À©µµ¿ìÁîÀÇ È­ÀÏ ÇÁ¸°Æ® °øÀ¯¸¦ Samba ¼­¹ö¿¡¼­ º¸ÀÌ°Ô ÇÒ ¼ö ÀÖ½À´Ï´Ù. ±×·¯¸é, ¿ÜºÎÀÇ ¸ðµç Ŭ¶óÀ̾ðÆ®¿¡¼­ ÀÌ °øÀ¯µé¿¡ Á¢±ÙÇÒ ¼ö ÀÖ°Ô µË´Ï´Ù. Samba¸¦ ¼³Á¤ÇÏ´Â ¹æ¹ýÀº ¸®´ª½º ¹®¼­ ÇÁ·ÎÁ§Æ®ÀÇ HOWTO¿¡¼­ ãÀ» ¼ö ÀÖ°í, TrinityOS ¹®¼­¿¡¼­µµ ¿ª½Ã ãÀ» ¼ö ÀÖÀ» °ÍÀÔ´Ï´Ù. ¼¼¹ø° ¹æ¹ýÀº, µÎ ¿Þµµ¿ìÁî ¸Ó½Å »çÀÌ¿¡, ȤÀº µÎ ³×Æ®¿÷ »çÀÌ¿¡ VPN(°¡»ó °³ÀÎ ³×Æ®¿÷)À» ¼³Á¤ÇÏ´Â °ÍÀÔ´Ï´Ù. ÀÌ°ÍÀº PPTP³ª IPSEC VPN ¼Ö·ç¼ÇÀ» »ç¿ëÇؼ­ ¼³Á¤ÇÒ ¼ö ÀÖ½À´Ï´Ù. ¸®´ª½º¿ëÀÇ ``'' ÆÐÄ¡µµ ÀÖ°í, 2.0.x¿Í 2.2.x Ä¿³Î¿¡¼­ »ç¿ëÇÒ ¼ö ÀÖ´Â ¿ÏÀüÇÑ IPSECµµ ±¸ÇöµÇ¾î ÀÖ½À´Ï´Ù. ÀÌ ¹æ¹ýÀº ¼¼°¡Áö ¹æ¹ý Áß¿¡¼­ °¡Àå ¾ÈÁ¤ÀûÀÌ°í ¾ÈÀüÇÑ ¹æ¹ýÀÔ´Ï´Ù. ÀÌ ¹æ¹ýµéÀº ÀÌ HOWTO¿¡¼­ ´Ù·çÁö´Â ¾Ê½À´Ï´Ù. IPSEC¿¡ ´ëÇؼ­´Â TrinityOS ¹®¼­¿¡¼­ µµ¿òÀ» ¹ÞÀ» ¼ö ÀÖÀ» °ÍÀÌ°í, ±× ÀÌ»óÀÇ Á¤º¸´Â JJohn HardinÀÇ PPTP ÆäÀÌÁö¸¦ º¼ °ÍÀ» ±ÇÀåÇÕ´Ï´Ù. ¶ÇÇÑ ¾Ë¾Æ µÑ °ÍÀº, MicrosoftÀÇ SMB ÇÁ·ÎÅäÄÝÀº º¸¾È¿¡ ¸Å¿ì Ãë¾àÇÏ´Ù´Â °ÍÀÔ´Ï´Ù. ÀÌ ¶§¹®¿¡, ÀÎÅͳÝÀ» ÅëÇؼ­ ¾Ïȣȭ ¾øÀÌ Microsoft È­ÀÏ ÇÁ¸°Æ® °øÀ¯³ª ¿Þµµ¿ìÁî µµ¸ÞÀÎ ·Î±äÀ» »ç¿ëÇÏ´Â °ÍÀº ¸Å¿ì ÁÁÁö ¾Ê½À´Ï´Ù. 7.21. ¸¶½ºÄ¿·¹À̵åµÇ´Â IRC »ç¿ëÀÚµéÀº IRC¸¦ Á¦´ë·Î »ç¿ëÇÒ ¼ö ¾ø½À´Ï´Ù. ¿Ö ±×·±°¡¿ä? ÁÖµÈ ¿øÀÎÀ¸·Î »ý°¢ÇÒ ¼ö ÀÖ´Â °ÍÀº, ´ëºÎºÐÀÇ ¸®´ª½º ¹èÆ÷º»µéÀÇ IDENT³ª "ÀÎÁõ" ¼­¹ö´Â IP ¸¶½ºÄ¿·¹À̵åµÇ´Â ¿¬°áÀ» ó¸®ÇÏÁö ¸ø ÇÑ´Ù´Â °Ì´Ï´Ù. ÇÏÁö¸¸ °ÆÁ¤ÇÒ °ÍÀº ¾ø½À´Ï´Ù. Á¦´ë·Î µ¿ÀÛÇÏ´Â IDENTµéÀÌ ÀÖÀ¸´Ï±î¿ä. ÀÌ ¼ÒÇÁÆ®¿þ¾î¸¦ ¼³Ä¡ÇÏ´Â °ÍÀº ÀÌ HOWTOÀÇ ³»¿ëÀ» ¹þ¾î³ª´Â °ÍÀÔ´Ï´Ù. °¢°¢ÀÇ µµ±¸µéÀº °¢°¢ ¹®¼­µéÀ» °¡Áö°í ÀÖ½À´Ï´Ù. ¿©±â¿¡ ¸î°³ÀÇ URLµéÀ» Àû½À´Ï´Ù: o Mident °¡ ´ëºÎºÐÀÇ IRC »ç¿ëÀÚµéÀÌ »ç¿ëÇÏ´Â °ÍÀÔ´Ï´Ù. o Sident o Other Idents including Oidentd ¾î¶² ÀÎÅÍ³Ý IRC ¼­¹öµéÀº ¿©ÀüÈ÷ °°Àº È£½ºÆ®¿¡¼­ ¿©·¯°³ÀÇ Á¢¼ÓÀ» ÇÏ´Â °ÍÀ» Çã¿ëÇÏÁö ¾Ê°í ÀÖ½À´Ï´Ù. ÀÎÁõ Á¤º¸¸¦ ÅëÇؼ­ »ç¿ëÀÚµéÀÌ ¼­·Î ´Ù¸£´Ù´Â °ÍÀ» ¾Ë ¼ö ÀÖ´õ¶óµµ ¸»ÀÔ´Ï´Ù. ±× ¶§´Â ±× ¼­¹öÀÇ °ü¸®ÀÚ¿¡°Ô Ç×ÀÇÇϽʽÿä. :) 7.22. mIRC°¡ DCC Àü¼ÛÀ» ÇÏÁö ¸øÇÕ´Ï´Ù. ÀÌ°ÍÀº mIRCÀÇ ¼³Á¤ ¹®Á¦ÀÔ´Ï´Ù. °íÄ¡±â À§Çؼ­´Â, ¿ì¼± mIRC¸¦ IRC ¼­¹ö·ÎºÎÅÍ Á¢¼ÓÀ» ²÷½À´Ï´Ù. ±×¸®°í, mIRC¿¡¼­ È­ÀÏ --> ¼³Á¤À¸·Î °¡¼­ "IRC servers tab"À» Ŭ¸¯ÇÕ´Ï´Ù. Æ÷Æ®°¡ 6667·Î ¼³Á¤µÇ¾î ÀÖ´ÂÁö È®ÀÎÇÕ´Ï´Ù. ´Ù¸¥ Æ÷Æ®¸¦ »ç¿ëÇØ¾ß ÇÑ´Ù¸é, ÀÌ ¾Æ·¡¿¡ ÀÖ´Â ³»¿ëÀ» º¸½Ê½Ã¿ä. ´ÙÀ½À¸·Î, È­ÀÏ --> ¼³Á¤ --> Áö¿ª Á¤º¸·Î °¡¼­ Áö¿ª È£½ºÆ®(ÀÚ½ÅÀÇ È£½ºÆ®)¿¡ ÇØ´çÇÏ´Â ºÎºÐ°ú IP ÁÖ¼Ò¸¦ Áö¿ó´Ï´Ù. "LOCAL HOST"¿Í "IP address"(IP address´Â üũµÇ¾úÁö¸¸ »ç¿ëºÒ°¡·Î µÉ ¼ö ÀÖ½À´Ï´Ù)ÀÇ Ã¼Å©¹Ú½º¸¦ ¼±ÅÃÇÕ´Ï´Ù. ´ÙÀ½À¸·Î, "Lookup Method(°Ë»ö¹æ¹ý)"À» "normal(º¸Åë)"À¸·Î ¼³Á¤ÇÕ´Ï´Ù. ¸¸¾à¿¡ "servers"°¡ ¼±ÅõǾî ÀÖÀ¸¸é µ¿ÀÛÇÏÁö ¾ÊÀ» °Ì´Ï´Ù. ÀÚ ³¡³µ½À´Ï´Ù. IRC ¼­¹ö¿¡ ´Ù½Ã Á¢¼ÓÇØ º¸½Ê½Ã¿ä. IRC ¼­¹öÀÇ Æ÷Æ®¸¦ 6667ÀÌ ¾Æ´Ñ °ÍÀ» »ç¿ëÇØ¾ß ÇÑ´Ù¸é, (¿¹¸¦ µé¾î 6969) IRC ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀ» ·ÎµåÇÏ´Â /etc/rc.c/rc.firewall È­ÀÏÀ» ÆíÁýÇØ¾ß ÇÕ´Ï´Ù. ÀÌ È­ÀÏ¿¡¼­ "modprobe ip_masq_irc"¶ó´Â ÁÙÀÌ ÀÖ´Â °÷À» ÆíÁýÇؼ­ "ports=6667,6969"¸¦ ±¸°¡ÇÕ´Ï´Ù. ´Ù¸¥ Æ÷Æ®µéµµ ÄÞ¸¶·Î ±¸ºÐÇؼ­ Ãß°¡ÇÒ ¼ö ÀÖ½À´Ï´Ù. ¸¶Áö¸·À¸·Î, ¸¶½ºÄ¿·¹À̵åµÇ´Â ¸Ó½ÅµéÀÇ IRC Ŭ¶óÀ̾ðÆ®µéÀ» Á¾·áÇÏ°í IRC ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâÀ» ´Ù½Ã ·ÎµåÇÕ´Ï´Ù: /sbin/rmmod ip_masq_irc /etc/rc.d/rc.firewall 7.23. ÇÑ°³ÀÇ ÀÌ´õ³Ý ³×Æ®¿÷ Ä«µå¸¸ À־ (IP AliasingÀ» ÅëÇؼ­) IP ¸¶½ºÄ¿·¹À̵带 »ç¿ëÇÒ ¼ö ÀÖ½À´Ï±î? ±×·¸±âµµ ÇÏ°í ¾Æ´Ï±âµµ ÇÕ´Ï´Ù. "IP Alias"¶ó´Â Ä¿³ÎÀÇ ±â´ÉÀ» ÅëÇؼ­, »ç¿ëÀÚ´Â eth0:1, eth0:2 µî°ú °°ÀÌ ¿©·¯°³ÀÇ ÀÎÅÍÆäÀ̽º¸¦ ¼³Á¤ÇÒ ¼ö ÀÖ½À´Ï´Ù. ÇÏÁö¸¸, IP ¸¶½ºÄ¿·¹À̵忡 aliasµÈ ÀÎÅÍÆäÀ̽º¸¦ »ç¿ëÇÏ´Â °ÍÀº ÃßõÇÏÁö ¾Ê½À´Ï´Ù. ¿Ö³Ä±¸¿ä? ÇÑ °³ÀÇ ³×Æ®¿÷ Ä«µå¸¦ ÅëÇؼ­´Â ¾ÈÀüÇÑ ¹æÈ­º®À» ±¸¼ºÇÏ´Â °ÍÀÌ ´ë´ÜÈ÷ ¾î·Æ½À´Ï´Ù. ¶ÇÇÑ, ÆÐŶµéÀÌ µé¾î¿À¸é ¶Ç µ¿½Ã¿¡ ³»º¸³»Áö±â ¶§¹®¿¡ »ó´ç·®ÀÇ ¿¡·¯µéÀÌ ³¯ °ÍÀÔ´Ï´Ù. ÀÌ·± ÀÌÀ¯µµ ÀÖ°í ¶Ç ¿äÁòÀº ³×Æ®¿÷ Ä«µå°¡ Àú·ÅÇϱ⠶§¹®¿¡, Àú´Â ¿©·¯ºÐ¿¡°Ô ³×Æ®¿÷ Ä«µå¸¦ ´õ ±¸ÀÔÇÒ °ÍÀ» °­·ÂÈ÷ ±ÇÀåÇÕ´Ï´Ù. ¿©·¯ºÐÀÌ ¶Ç ¾Ë¾ÆµÖ¾ß ÇÒ °ÍÀº, IP ¸¶½ºÄ¿·¹À̵ùÀº eth0, eth1 µî°ú °°Àº ¹°¸®ÀûÀÎ ÀÎÅÍÆäÀ̽º¿¡¼­¸¸ Á¦´ë·Î µ¿ÀÛÇÑ´Ù´Â °Ì´Ï´Ù. "eth0:1, eth1:1 µî°ú °°ÀÌ" alias µÈ ÀÎÅÍÆäÀ̽º¿¡¼­ ¸¶½ºÄ¿·¹À̵ùÀº Á¦´ë·Î µ¿ÀÛÇÏÁö ¾ÊÀ» °Ì´Ï´Ù. ¸»ÇÏÀÚ¸é, ´ÙÀ½°ú °°Àº °æ¿ì´Â µ¿ÀÛÇÏÁö ¾ÊÀ» °Ì´Ï´Ù: o /sbin/ipfwadm -F -a m -W eth0:1 -S 192.168.0.0/24 -D 0.0.0.0/0 o /sbin/ipchains -A forward -i eth0:1 -s 192.168.0.0/24 -j MASQ" ÇÏÁö¸¸ ¿©ÀüÈ÷ alias µÈ ÀÎÅÍÆäÀ̽º¸¦ »ç¿ëÇÏ°í ½Í´Ù¸é, Ä¿³Î¿¡¼­ "IP Alias" ±â´ÉÀ» ÄÑ¾ß ÇÕ´Ï´Ù. ±×¸®°í Ä¿³ÎÀ» ´Ù½Ã ÄÄÆÄÀÏÇÏ°í ÀçºÎÆÃÇØ¾ß ÇÕ´Ï´Ù. »õ·Î¿î Ä¿³Î·Î ºÎÆÃÇÏ°í ³ª¸é, ¸®´ª½º°¡ »õ·Î¿î ÀÎÅÍÆäÀ̽º(¿¹¸¦ µé¸é /dev/eth0:1 µî)¸¦ »ç¿ëÇϵµ·Ï ¼³Á¤ÇØ Áà¾ß ÇÕ´Ï´Ù. ±×¸®°í ³ª¸é, ¾Õ¼­ ¸»ÇÑ °Í°ú °°Àº Á¦¾àÀº ÀÖÁö¸¸ ±×°ÍµéÀ» º¸ÅëÀÇ ÀÌ´õ³Ý ÀÎÅÍÆäÀ̽ºÃ³·³ »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù. 7.24. ¸¶½ºÄ¿·¹À̵åµÇ´Â ¿¬°áµéÀ» º¸±âÀ§Çؼ­ NETSTAT ¸í·ÉÀ» »ç¿ëÇÏ·Á°í Çϴµ¥ µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù. "netstat" ÇÁ·Î±×·¥¿¡´Â ¹®Á¦°¡ ÀÖ½À´Ï´Ù. ¸®´ª½º ºÎÆ®µÈ Á÷ÈÄ¿¡, "netstat -M"¶ó°í ¸í·ÉÇϸé Àß µ¿ÀÛÇÏÁö¸¸, ¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»ÅÍ°¡ pingÀ̳ª traceroute °°Àº ICMP Åë½ÅÀ» ¼öÇàÇÏ°í ³ª¼­´Â ´ÙÀ½°ú °°Àº °ÍÀ» º¸°Ô µÉ °Ì´Ï´Ù: masq_info.c: Internal Error `ip_masquerade unknown type'. À̸¦ À§ÇÑ ´Ù¸¥ ¹æ¹ýÀº "/sbin/ipfwadm -M -l"¶ó´Â ¸í·ÉÀ» »ç¿ëÇÏ´Â °Ì´Ï´Ù. ¶ÇÇÑ ¿­°ÅµÈ ICMP ¸¶½ºÄ¿·¹À̵å Ç׸ñµéÀÌ ³¡³ª°í ³ª¸é, "netstat"°¡ ´Ù½Ã Àß µ¿ÀÛÇÏ´Â °É º¸°Ô µÉ °Ì´Ï´Ù. 7.25. IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ­ Microsoft PPTP (GRE tunnels)À̳ª IPSEC (Linux SWAN) tunnels µîÀ» »ç¿ëÇÏ°í ½Í½À´Ï´Ù. °¡´ÉÇÕ´Ï´Ù. ÇÏÁö¸¸ ÀÌ ¹®¼­ÀÇ ¹üÁÖ¸¦ ¹þ¾î³ª´Â °ÍÀ̹ǷÎ, ÀÚ¼¼ÇÑ Á¤º¸´Â John HardinÀÇ PPTP Masq¸¦ º¸½Ã±â ¹Ù¶ø´Ï´Ù. 7.26. IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ­ XYZ ³×Æ®¿÷ °ÔÀÓÀ» ½ÇÇàÇÏ°í ½ÍÁö¸¸ µ¿ÀÛÇÏÁö ¾Ê½À´Ï´Ù. µµ¿ÍÁÖ¼¼¿ä! ¿ì¼±, Steve Grevemeyer's MASQ Applications page ¸¦ »ìÆ캸½Ê½Ã¿ä. °Å±â¿¡ ÇØ°áÃ¥ÀÌ ¾ø´Ù¸é, À§ÀÇ ``'' ¼½¼Ç¿¡ ÀÖ´Â Glenn LambÀÇ LooseUDP ÆÐÄ¡·Î ¸®´ª½º Ä¿³ÎÀ» ÆÐÄ¡ÇØ º¸½Ê½Ã¿ä. ´õ ÀÚ¼¼ÇÑ Á¤º¸´Â Dan KegelÀÇ NAT Page ¸¦ »ìÆ캸½Ê½Ã¿ä. ¿©·¯ºÐÀÌ ±â¼úÀûÀÎ ´É·ÂÀÌ ÀÖ´Ù¸é, "tcpdump" ÇÁ·Î±×·¥À» »ç¿ëÇؼ­ ¿©·¯ºÐÀÇ ³×Æ®¿÷À» sniff ÇØ º¸½Ê½Ã¿ä. ±× XYZ °ÔÀÓÀÌ »ç¿ëÇÏ°í ÀÖ´Â ÇÁ·ÎÅäÄÝ°ú Æ÷Æ® ¹øÈ£¸¦ ¾Ë¾Æ³»´Â °Ì´Ï´Ù. ÀÌ Á¤º¸µéÀ» ¾Ë¾Æ³»¸é, IP Masq email list¿¡ °¡ÀÔÇÏ°í ¿©·¯ºÐÀÇ °á°ú¸¦ ÀÌ ¸ÞÀÏ·Î º¸³»°í µµ¿òÀ» ¿äûÇϽʽÿä. 7.27. IP ¸¶½ºÄ¿·¹À̵尡 ¾ó¸¶°£Àº Àß µ¿ÀÛÇÏÁö¸¸ °©Àڱ⠸ØÃä´Ï´Ù. ÀçºÎÆÃÇÏ°í ³ª¸é Çѵ¿¾È ¶Ç Àß µ¿ÀÛÇÕ´Ï´Ù. ¿Ö ±×·±°¡¿ä? Á¦°¡ »ý°¢Çϱ⿡ ¿©·¯ºÐÀº IPAUTOFWÀ» »ç¿ëÇÏ°í Àְųª Ä¿³Î¿¡ Æ÷ÇÔ½ÃÄ×À» °Ì´Ï´Ù. ¸Â³ª¿ä?? ÀÌ°Ç IPAUTOFWÀÇ Àß ¾Ë·ÁÁø ¹®Á¦Á¡ÀÔ´Ï´Ù. ¸®´ª½º Ä¿³Î¿¡ IPAUTOFW ±â´ÉÀ» Æ÷ÇÔ½ÃÅ°Áö ¸»°í, ´ë½Å IPPORTFW ¿É¼ÇÀ» »ç¿ëÇϽʽÿä. ÀÌ ¹®Á¦µéÀº ``'' ¼½¼Ç¿¡¼­ ÀÚ¼¼È÷ ´Ù·ç°í ÀÖ½À´Ï´Ù. 7.28. ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»Å͵éÀÌ SMTP³ª POP-3 ¸ÞÀÏÀ» º¸³»Áö ¸øÇÕ´Ï´Ù! ÀÌ°ÍÀÌ ¸¶½ºÄ¿·¹À̵ù¿¡ °ü·ÃµÈ »çÇ×Àº ¾ÆÁö¸¸, ¸¹Àº »ç¶÷µé¿¡ °ü°èµÈ °ÍÀ̱⠶§¹®¿¡ ¿©±â¿¡ ¾ð±ÞÇÕ´Ï´Ù. SMTP: ¿©·¯ºÐÀº ¾Æ¸¶µµ ¸®´ª½º ¹Ú½º¸¦ SMTP Áß°è±â(relay)·Î »ç¿ëÇÏ·Á°í ÇÏ°í ´ÙÀ½°ú °°Àº ¿¡·¯°¡ ³¯ °Ì´Ï´Ù: "error from mail server: we do not relay" SendmailÀÇ »õ ¹öÁ¯À̳ª ´Ù¸¥ ¸ÞÀÏ Àü¼Û ÇÁ·Î±×·¥(MTA)µéÀº ±âº»ÀûÀ¸·Î Á߰踦 ÇÏÁö ¾Ê½À´Ï´Ù(ÀÌ°ÍÀÌ ¹Ù¶÷Á÷ÇÑ °Ì´Ï´Ù). ÀÌ ¹®Á¦¸¦ °íÄ¡·Á¸é ´ÙÀ½°ú °°ÀÌ ÇÕ´Ï´Ù: o Sendmail: /etc/sendmail.cw È­ÀÏÀ» ÆíÁýÇؼ­ ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ¸Ó½Åµé¿¡ ´ëÇÑ Æ¯Á¤ Á߰踦 Çã¿ëÇÏ°í, ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ¸Ó½ÅÀÇ È£½ºÆ®¸í°ú µµ¸ÞÀÎ ¸íÀ» Ãß°¡ÇÕ´Ï´Ù. ¶ÇÇÑ /etc/hosts È­ÀÏ¿¡ IP ÁÖ¼Òµé°ú ¿ÏÀüÈ÷ ±â¼úµÈ µµ¸ÞÀÎ ¸í(Fully Qualified Domain Name: FQDN)ÀÌ ¼³Á¤µÇ¾î ÀÖ´ÂÁö È®ÀÎÇÕ´Ï´Ù. ÀÌ°ÍÀÌ ÀÏ´Ü µÇ¾úÀ¸¸é, SendmailÀ» Àç½ÃÀÛÇؼ­ ¼³Á¤È­ÀÏÀ» ´Ù½Ã ÀоîµéÀ̵µ·Ï ÇÕ´Ï´Ù. ÀÌ ³»¿ëÀº TrinityOS - Section 25 ¿¡¼­ ´Ù·ç°í ÀÖ½À´Ï´Ù. POP-3: ¾î¶² »ç¿ëÀÚµéÀº ³»ºÎÀÇ ¸¶½ºÄ¿·¹À̵åµÇ´Â ÄÄÇ»ÅÍÀÇ POP-3 Ŭ¶óÀ̾ðÆ®µéÀÌ ¿ÜºÎÀÇ SMTP ¼­¹ö¿¡ Á¢¼ÓÇϵµ·Ï ¼³Á¤ÇÕ´Ï´Ù. ÀÌ°Ç ±¦ÂúÁö¸¸, ¸¹Àº SMTP ¼­¹öµéÀº Æ÷Æ® 113À¸·Î ¿©·¯ºÐÀÇ ¿¬°áÀ» ÀÎÁõ(IDENT)ÇÏ°íÀÚ ÇÒ °ÍÀÔ´Ï´Ù. ¹®Á¦°¡ ¹ß»ýÇÏ´Â °ÍÀº, ´ëºÎºÐ ¿©·¯ºÐÀÇ ±âº» ¸¶½ºÄ¿·¹À̵å Á¤Ã¥ÀÌ DENYÀÎ °Í°ú °ü·ÃµÅ ÀÖ½À´Ï´Ù. ÀÌ°Ç ¹Ù¶÷Á÷ÇÏÁö ¾Ê½À´Ï´Ù. ÀÌ°ÍÀ» REJECT·Î ¼³Á¤ÇÏ°í rc.firewall Á¤Ã¥À» ´Ù½Ã ½ÇÇàÇϽʽÿä. 7.29. ³»ºÎÀÇ ¼­·Î ´Ù¸¥ ¸¶½ºÄ¿·¹ÀÌµå ³×Æ®¿÷Àº °¢°¢ÀÇ ¿ÜºÎ IP ÁÖ¼Ò¸¦ ÅëÇؼ­ ³ª°¡µµ·Ï ÇÏ°í ½Í½À´Ï´Ù. (IPROUTE2) ¿©·¯ºÐÀÌ ´ÙÀ½°ú °°Àº ¹®Á¦¸¦ °¡Áö°í ÀÖ´Ù°í ÇսôÙ: ³»ºÎ LAN -----> °ø½Ä IP 192.168.1.x --> 123.123.123.11 192.168.2.x --> 123.123.123.12 ¿©·¯ºÐÀº ¿ì¼±, IPFWADM°ú IPCHAINS´Â ¶ó¿ìÆà ½Ã½ºÅÛÀÌ ÆÐŶÀ» ¾îµð·Î º¸³¾ °ÍÀΰ¡¸¦ °áÁ¤ÇÑ *ÈÄ¿¡* ½ÇÇàµÈ´Ù´Â »ç½ÇÀ» ÀÌÇØÇØ¾ß ÇÕ´Ï´Ù. ÀÌ »ç½ÇÀº ¸ðµç IPFWADM/IPCHAINS/IPMASQ ¹®¼­¿¡ Ä¿´Ù¸¥ ºÓÀº ±Û¾¾·Î µµÀåÀ» Âï¾î³ö¾ß ¸¶¶¥ÇÕ´Ï´Ù. ¿ì¼± ¶ó¿ìÆÃÀÌ Á¦´ë·Î µÇµµ·Ï ÇÏ°í ³ª¼­ IPFWADM/IPCHAINS³ª ¸¶½ºÄ¿·¹À̵ùÀ» Ãß°¡ÇØ¾ß ÇÏ´Â °Ì´Ï´Ù. À§ÀÇ °æ¿ì¿¡¼­´Â, ¿ì¼± ¶ó¿ìÆà ½Ã½ºÅÛÀÌ 192.168.1.x·ÎºÎÅÍÀÇ ÆÐŶÀ» 123.123.123.11·Î, 192.168.2.x·ÎºÎÅÍÀÇ ÆÐŶÀ» 123.123.123.12·Î º¸³»µµ·Ï ¼³Á¤ÇØ¾ß ÇÕ´Ï´Ù. ÀÌ ÀÛ¾÷ÀÌ ¾î·Á¿î ÀÛ¾÷ÀÌ°í, ±× À§¿¡ ¸¶½ºÄ¿·¹À̵带 ¼³Á¤ÇÏ´Â °ÍÀº ½±½À´Ï´Ù. ÀÌ ÀÛ¾÷À» À§Çؼ­ IPROUTE2¸¦ »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù. Primary FTP site is: o ftp://ftp.inr.ac.ru/ip-routing Mirrors are: ftp://linux.wauug.org/pub/net ftp://ftp.nc.ras.ru/pub/mirrors/ftp.inr.ac.ru/ip-routing/ ftp://ftp.gts.cz/MIRRORS/ftp.inr.ac.ru/ ftp://ftp.funet.fi/pub/mirrors/ftp.inr.ac.ru/ip-routing/ (STM1 to USA) ftp://sunsite.icm.edu.pl/pub/Linux/iproute/ ftp://ftp.sunet.se/pub/Linux/ip-routing/ ftp://ftp.nvg.ntnu.no/pub/linux/ip-routing/ ftp://ftp.crc.ca/pub/systems/linux/ip-routing/ ftp://ftp.paname.org (France) ftp://donlug.ua/pub/mirrors/ip-route/ ftp://omni.rk.tusur.ru/mirrors/ftp.inr.ac.ru/ip-routing/ RPMs are available at ftp://omni.rk.tusur.ru/Tango/ and at ftp://ftp4.dgtu.donetsk.ua/pub/RedHat/Contrib-Donbass/KAD/ NOTE: The following instructions are given below ONLY because currently there is very little documentation to the IPROUTE2 tool available. Check out http://www.compendium.com.ar/policy-routing.txt for the beginnings of a IPROUTE2 howto. The "iprule" and "iproute" commands are the same as "ip rule" and "ip route" commands (I prefer the former since it is easier to search for.) All the commands below are completely untested, if they do not work, please contact the author of IPROUTE2.. not David Ranch, Ambrose Au, or anyone on the Masq email list as it has NOTHING to do with IP Masquerading. The first few commands only need to be done once at boot, say in /etc/rc.d/rc.local file. # Allow internal LANs to route to each other, no masq. /sbin/iprule add from 192.168.0.0/16 to 192.168.0.0/16 table main pref 100 # All other traffic from 192.168.1.x is external, handle by table 101 /sbin/iprule add from 192.168.1.0/24 to 0/0 table 101 pref 102 # All other traffic from 192.168.2.x is external, handle by table 102 /sbin/iprule add from 192.168.2.0/24 to 0/0 table 102 pref 102 These commands need to be issued when eth0 is configured, perhaps in /etc/sysconfig/network-scripts/ifup-post (for Redhat systems). Be sure to do them by hand first to make sure they work. # Table 101 forces all assigned packets out via 123.123.123.11 /sbin/iproute add table 101 via 62123.123.123.11 # Table 102 forces all assigned packets out via 123.123.123.12 /sbin/iproute add table 102 via 62123.123.123.12 At this stage, you should find that packets from 192.168.1.x to the outside world are being routed via 123.123.123.11, packets from 192.168.2.x are routed via 123.123.123.12. Once routing is correct, now you can add any IPFWADM or IPCHAINS rules. The following examples are for IPCHAINS: /sbin/ipchains -A forward -i ppp+ -j MASQ If everything hangs together, the masq code will see packets being routed out on 123.123.123.11 and 123.123.123.12 and will use those addresses as the masq source address. 7.30. Why do the new 2.1.x and 2.2.x kernels use IPCHAINS instead of IPFWADM? IPCHAINS supports the following features that IPFWADM doesn't: o "Quality of Service" (QoS support) o A TREE style chains system vs. LINEAR system like IPFWADM (Eg. this allows something like "if it is ppp0, jump to this chain (which contains its own difference set of rules)" o IPCHAINS is more flexible with configuration. For example, it has the "replace" command (in addition to "insert" and "add"). You can also negate rules (e.g. "discard any outbound packets that don't come from my registered IP" so that you aren't the source of spoofed attacks). o IPCHAINS can filter any IP protocol explicitly, not just TCP, UDP, ICMP 7.31. I've just upgraded to the 2.2.x kernels, why isn't IP Masquer­ ade working? There are several things you should check assuming your Linux IP Masq box already have proper connection to the Internet and your LAN: o Make sure you have the necessary features and modules are compiled and loaded. See earlier sections for detail. o Check /usr/src/linux/Documentation/Changes and make sure you have the minimal requirement for the network tools installed. o Make sure you followed all the tests in the ``'' section of the HOWTO. o You should use ipchains to manipulate IP Masq and firewalling rules. o The standard IPAUTOFW and IPPORTFW port forwarders have been replaced by IPMASQADM . You'll need to apply these patches to the kernel, re-compile the kernel, compile the new IPMASQADM tool and then convert your old IPAUTOFW/IPPORTFW firewall rulesets to the new syntax. This is completely covered in the ``'' section. o Go through all setup and configuration again! A lot of time it's just a typo or a simple mistake you are overlooking. 7.32. I've just upgraded to a 2.0.36+ kernels later, why isn't IP Masquerade working? There are several things you should check assuming your Linux IP Masq box already have proper connection to the Internet and your LAN: o Make sure you have the necessary features and modules are compiled and loaded. See earlier sections for detail. o Check /usr/src/linux/Documentation/Changes and make sure you have the minimal requirement for the network tools installed. o Make sure you followed all the tests in the ``'' section of the HOWTO. o You should use ipfwadm to manipulate IP Masq and firewalling rules. If you want to use IPCHAINS, you'll need to apply a patch the 2.0.x kernels. o Go through all setup and configuration again! A lot of time it's just a typo or a simple mistake you overlooked. 7.33. I need help with EQL connections and IP Masq EQL has nothing to do with IP Masq though they are commonly teamed up on Linux boxes. Because of this, I recommend to check out the NEW version of Robert Novak's EQL HOWTO for all your EQL needs. 7.34. I can't get IP Masquerade to work! What options do I have for Windows Platforms? Giving up a free, reliable, high performance solution that works on minimal hardware and pay a fortune for something that needs more hardware, lower performance and less reliable? (IMHO. And yes, I have real life experience with these ;-) Okay, it's your call. If you want a Windows NAT and/or proxy solution, here is a decent listing. I have no preference of these tools since I haven't used them before. o Firesock (from the makers of Trumpet Winsock) o Does Proxy o http://www.trumpet.com.au o Iproute o DOS program designed to run on 286+ class computers o requires another box like Linux MASQ o http://www.mischler.com/iproute/ o Microsoft Proxy o Requires Windows NT Server o Quite expensive o http://www.microsoft.com o NAT32 o Windows 95/98/NT compatible o http://www.nat32.com o Roughly $25 for Win9x and $47 for Win9x and WinNT o SyGate o http://www.sygate.com o Wingate o Does proxy o Costs roughly $30 for 2-3 IPs o http://www.wingate.com o Winroute o Does NAT o http://www.winroute.cz/en/ Lastly, do a web search on "MS Proxy Server", "Wingate", "WinProxy", or goto www.winfiles.com . And definitely DON'T tell anyone that we sent you. 7.35. I want to help on IP Masquerade development. What can I do? Join the Linux IP Masquerading DEVELOPERS list and ask the developers there what you can help with. For more details on joining the lists, check out the ``'' FAQ section. Please DON'T ask NON-IP-Masquerade development related questions there!!!! 7.36. Where can I find more information on IP Masquerade? You can find more information on IP Masquerade at the Linux IP Masquerade Resource that both David Ranch and Ambrose Au maintain. You can also find more information at Dranch's Linux page where the TrinityOS and other Linux documents are kept. You may also find more information at The Semi-Original Linux IP Masquerading Web Site maintained by Indyramp Consulting, who also provides the IP Masq mailing lists. Lastly, you can look for specific questions in the IP MASQ and IP MASQ DEV email archives or ask a specific question on these lists. Check out the ``'' FAQ item for more details. 7.37. I want to translate this HOWTO to another language, what should I do? Make sure the language you want to translate to is not already covered by someone else. But, most of the translated HOWTOs are now OLD and need to be updated. A list of available HOWTO translations are available at the Linux IP Masquerade Resource . If a copy of a current IP MASQ HOWTO isn't in your proposed language, please download the newest copy of the IP-MASQ HOWTO SGML code from the Linux IP Masquerade Resource . From there, begin your work while maintaining good SGML coding. For more help on SGML, check out www.sgmltools.org 7.38. This HOWTO seems out of date, are you still maintaining it? Can you include more information on ...? Are there any plans for mak­ ing this better? Yes, this HOWTO is still being maintained. In the past, we've been guilty of being too busy working on two jobs and don't have much time to work on this, my apology. As of v1.50, David Ranch has begun to revamp the document and get it current again. If you think of a topic that could be included in the HOWTO, please send email to ambrose@writeme.com and dranch@trinnet.net. It will be even better if you can provide that information. We will then include the information into the HOWTO once it is both found appropriate and tested. Many thanks for your contributions! We have a lot of new ideas and plans for improving the HOWTO, such as case studies that will cover different network setup involving IP Masquerade, more on security via strong IPFWADM/IPCHAINS firewall rulesets, IPCHAINS usage, more FAQ entries, etc. If you think you can help, please do! Thanks. 7.39. I got IP Masquerade working, it's great! I want to thank you guys, what can I do? o Can you translate the newer version of the HOWTO to another language? o Thank the developers and appreciate the time and effort they spent on this. o Join the IP Masquerade email list and support new MASQ users o Send an email to us and let us know how happy you are o Introduce other people to Linux and help them when they have problems. 8. ±âŸ »çÇ×µé 8.1. À¯¿ëÇÑ ÀÚ·áµé o IP Masquerade Resource page ¿¡¼­ 2.0.x, 2.2.x, ½ÉÁö¾î ¿À·¡µÈ 1.2 Ä¿³Î¿¡¼­ IP ¸¶½ºÄ¿·¹À̵带 ¼³Á¤Çϱâ À§ÇÑ ÇöÀçÀÇ Á¤º¸µéÀ» Á¦°øÇÑ´Ù. o IP Masquerade mailing list Archives ¿¡¼­ ¸ÞÀϸµ ¸®½ºÆ®¿¡ º¸³»Áø ÃÖ±ÙÀÇ ¸Þ½ÃÁöµéÀ» Á¦°øÇÑ´Ù. o David Ranch's Linux page including the TrinityOS Linux document and current versions of the IP-MASQ-HOWTO. . IP ¸¶½ºÄ¿·¹À̵å, °­·ÂÇÑ IPFWADM/IPCHAINS Á¤Ã¥µé, PPP, Diald, ÄÉÀÌºí ¸ðµ©, DNS, Sendmail, Samba, NFS, º¸¾È, ±âŸ µîµî¿¡ °üÇÑ Á¤º¸µéÀ» ´Ù·é´Ù. o IP Masquerading Applications page : Linux IP ¸¶½ºÄ¿·¹À̵ù ¼­¹ö¸¦ ÅëÇؼ­ µ¿ÀÛÇϰųª ȤÀº µ¿ÀÛÇϵµ·Ï Á¶Á¤µÉ ¼ö ÀÖ´Â ÀÀ¿ëÇÁ·Î±×·¥µéÀÇ ¸ñ·Ï. o MkLinux¿¡¼­ IP ¸¶½ºÄ¿·¹À̵带 ¼³Á¤Çϱ⠿øÇÏ´Â »ç¶÷µéÀº, Taro Fukunaga¿¡°Ô tarozax@earthlink.net·Î À̸ÞÀÏÀ» º¸³»¼­ ÀÌ ÇÏ¿ìÅõ¿Í ºñ½ÁÇÑ ³»¿ëÀÇ °£´ÜÇÑ ¹®¼­¸¦ ¾òÀ» ¼ö ÀÖ´Ù. o IP masquerade FAQ ¿¡¼­ ¸î°¡Áö ÀϹÝÀûÀÎ Á¤º¸µéÀ» Á¦°øÇÑ´Ù. o Paul RusselÀÇ http://www.rustcorp.com/linux/ipchains/ÀÇ ¹®¼­µé°ú ȤÀº ±× ¹é¾÷º»À» Linux IPCHAINS HOWTO¿¡¼­ ¾òÀ» ¼ö ÀÖ´Ù. ÀÌ ÇÏ¿ìÅõ´Â IPCHAINS¸¦ »ç¿ëÇÏ´Â µ¥ °ü·ÃÇÑ ¸¹Àº Á¤º¸µéÀ» ´ã°í ÀÖÀ¸¸ç, ipchains µµ±¸ÀÇ ¼Ò½º¿Í ½ÇÇàÈ­Àϵµ ¾òÀ» ¼ö ÀÖ´Ù. o X/OS Ipfwadm page ¿¡¼­ ipfwadm ÆÐÅ°Áö¿¡ °üÇÑ Á¤º¸µé°ú ±× ¼Ò½º, ½ÇÇàÈ­ÀÏ, ¹®¼­µéÀ» ¾òÀ» ¼ö ÀÖ´Ù. o °­·ÂÇÑ ¹æÈ­º® Á¤Ã¥¿¡ °üÇÑ ¾öû³­ ¾çÀÇ ÀÚ·áµéÀ» GreatCircle's Firewall mailing list¿¡¼­ ¾òÀ» ¼ö ÀÖ´Ù. o LDP Network Administrator's Guide ´Â ³×Æ®¿÷À» ¼³Á¤ÇÏ°íÀÚ ÇÏ´Â Ãʺ¸ Linux °ü¸®ÀÚµéÀ» À§ÇÑ °ÍÀÌ´Ù. o Linux NET-3 HOWTO µµ Linux ³×Æ®¿öÅ·À» ¼³Á¤ÇÏ°í ±¸¼ºÇÏ´Â °Í¿¡ °üÇÑ Ãæ½ÇÇÑ ¹®¼­ÀÌ´Ù. o Linux ISP Hookup HOWTO ¿Í Linux PPP HOWTO ¿¡¼­ Linux È£½ºÆ®¸¦ ÀÎÅͳݿ¡ ¿¬°áÇÏ´Â °Í¿¡ °üÇÑ Á¤º¸µéÀ» ¾òÀ» ¼ö ÀÖ´Ù. o Linux Ethernet-Howto ´Â Ethernet(ÀÌ´õ³Ý)À» ÅëÇؼ­ LANÀ» ±¸¼ºÇÏ´Â ¹æ¹ý¿¡ °üÇÑ ÁÁÀº Á¤º¸µéÀ» Á¦°øÇÑ´Ù. o Linux Firewalling and Proxy Server HOWTO ¿¡¼­µµ Èï¹Ì ÀÖ´Â Á¤º¸¸¦ ¾òÀ» ¼ö ÀÖ´Ù. o Linux Kernel HOWTO °¡ Ä¿³Î ÄÄÆÄÀÏ °úÁ¤¿¡ ´ëÇÑ ¾È³»°¡ µÉ °ÍÀÌ´Ù. o Linux HOWTOs . Ä¿³Î ÇÏ¿ìÅõ¿Í °°Àº ±âŸÀÇ ÇÏ¿ìÅõ ¹®¼­µé. o À¯Áî³Ý ´º½º±×·ìÀ¸·Îµµ Æ÷½ºÆÃÀ» ÇÒ ¼ö ÀÖ´Ù: comp.os.linux.networking 8.2. Linux IP ¸¶½ºÄ¿·¹À̵å ÀÚ·á(Linux IP Masquerade Resource) Linux IP Masquerade Resource Àº David Ranch¿Í Ambrose Au°¡ °ü¸®ÇÏ°í Linux IP ¸¶½ºÄ¿·¹À̵忡 °ü·ÃÇÑ Á¤º¸¸¦ Á¦°øÇÏ´Â À¥»çÀÌÆ®ÀÌ´Ù. IP ¸¶½ºÄ¿·¹À̵忡 °üÇöÇÑ °¡Àå ÃÖ½ÅÀÇ Á¤º¸¸¦ Á¦°øÇϸç, ÇÏ¿ìÅõ¿¡ Æ÷ÇÔµÇÁö ¾ÊÀº Á¤º¸µéµµ Á¦°øÇÑ´Ù. ´ÙÀ½ÀÇ À§Ä¡¿¡¼­ Linux IP ¸¶½ºÄ¿·¹À̵å ÀÚ·á(Linux IP Masquerade Resource)¸¦ ãÀ» ¼ö ÀÖÀ» °ÍÀÌ´Ù: o http://ipmasq.cjb.net/, ÁÖ »çÀÌÆ®, http://ipmasq.cjb.net/·Î ¿¬°áµÉ °ÍÀÌ´Ù. o http://ipmasq2.cjb.net/, º¸Á¶ »çÀÌÆ®, http://www.geocities.com/SiliconValley/Heights/2288/·Î ¿¬°áµÉ °ÍÀÌ´Ù. 8.3. °¨»ç¸¦ µå·Á¾ß ÇÒ »ç¶÷µé.. ¾ËÆĺª ¼ø: o Gabriel Beitler, gabrielb@voicenet.com ¼½¼Ç 3.3.8 (Novell ¼³Á¤) ÀÛ¼º. o Juan Jose Ciarlante, irriga@impsat1.com.ar IPMASQADM Æ÷Æ® Æ÷¿öµù µµ±¸ ÀÛ¼º¿¡ ±â¿©, 2.1.x¿Í 2.2.x Ä¿³Î ÄÚµå¿Í ¿ø·¡ÀÇ LooseUDP ÆÐÄ¡ ÀÛ¼º¿¡ ±â¿©, ±âŸ µîµî. o Steven Clarke, steven@monmouth.demon.co.uk IPPORTFW IP Æ÷¿öµù µµ±¸ ÀÛ¼º. o Andrew Deryabin, djsf@usa.net ICQ ¸¶½ºÄ¿·¹ÀÌµå ¸ðµâ ÀÛ¼º. o Ed Doolittle, dolittle@math.toronto.edu ipfwadm ¸í·É¿¡¼­ º¸¾ÈÀ» ³ôÀ̱â À§ÇØ -V ¿É¼ÇÀ» »ç¿ëÇÒ °ÍÀ» Á¦¾È. o Matthew Driver, mdriver@cfmeu.asn.au ÀÌ ÇÏ¿ìÅõ¿¡ ´ëÇÑ È¹±âÀûÀÎ µµ¿ò, ¼½¼Ç 3.3.1 (Windows 95 ¼³Á¤) ÀÛ¼º. o Ken Eves, ken@eves.com ÀÌ ÇÏ¿ìÅõ¿¡ °ªÀ¸·Î µûÁú ¼ö ¾ø´Â Á¤º¸¸¦ Á¦°øÇÑ FAQ ÀÛ¼º. o John Hardin, jhardin@wolfenet.com PPTP¿Í IPSEC Æ÷¿öµù µµ±¸. o Glenn Lamb, mumford@netcom.com LooseUDP ÆÐÄ¡. o Ed. Lott, edlott@neosoft.com ½ÃÇèµÈ ½Ã½ºÅÛ°ú ¼ÒÇÁÆ®¿þ¾îµéÀÇ ¸ñ·Ï. o Nigel Metheringham, Nigel.Metheringham@theplanet.net ±× ÀÚ½ÅÀÇ IP ÆÐŶ ÇÊÅ͸µ°ú IP ¸¶½ºÄ¿·¹À̵ù ÇÏ¿ìÅõ ÀÛ¼º, ÀÌ ¹®¼­·Î ÀÎÇؼ­ ÀÌ ÇÏ¿ìÅõ°¡ ´õ ÁÁÀº ÇÏ¿ìÅõ°¡ µÇ·Î·Ï ÇßÀ¸¸ç ±â¼úÀûÀ¸·Î ½Éµµ ÀÖµµ·Ï Çß´Ù. ¼½¼Ç 4.1, 4.2¿Í ±×¿Ü ´Ù¸¥ ºÎºÐµé ÀÛ¼º. o Keith Owens, kaos@ocs.com.au ¼½¼Ç 4.2¿¡¼­ ipfwadm¿¡ ´ëÇÑ ÈǸ¢ÇÑ ¾È³»¸¦ Á¦°ø. ipfwadm -deny ¿É¼ÇÀÌ º¸¾È ±¸¸ÛÀ» ¸·À» ¼ö ÀÖ°í IP ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ­ pingÀ» ÇÒ ¶§ ¸í·áÇÑ °á°ú¸¦ ¾òÀ» ¼ö ÀÖÀ½À» ÁöÀû. o Michael Owings, mikey@swampgas.com CU-SeeMe¿¡ °üÇÑ ¼½¼Ç°ú Linux IP ¸¶½ºÄ¿·¹À̵å Teeny ÇÏ¿ìÅõ ÀÛ¼º o Rob Pelkey, rpelkey@abacus.bates.edu ¼½¼Ç 3.3.6°ú 3.3.7 (MacTCP¿Í Open Transport ¼³Á¤) ÀÛ¼º o Harish Pillay, h.pillay@ieee.org ¼½¼Ç 4.5 (Diald¸¦ ÀÌ¿ëÇÑ ÀüÈ­ Á¢¼Ó) ÀÛ¼º o Mark Purcell, purcell@rmcs.cranfield.ac.uk ¼½¼Ç 4.6 (IPautofw) ÀÛ¼º o David Ranch, dranch@trinnet.net ÀÌ ÇÏ¿ìÅõ¿Í Linux ¸¶½ºÄ¿·¹À̵å ÀÚ·á(Linux IP Masquerade Resource), ±×¸®°í TrinityOS ¹®¼­¸¦ ¾÷µ¥ÀÌÆ®ÇÏ°í À¯ÁöÇÏ´Â °ÍÀ» µµ¿ò , ..., ¿©±â¿¡ ¿­°ÅÇÒ ¼ö ¾øÀ» ¸¸Å­ ¸¹Àº µµ¿òÀ» ÁÜ :-) o Paul Russell, rusty@rustcorp.com.au IP CHAINS, IP ¸¶½ºÄ¿·¹À̵å Ä¿³Î ÆÐÄ¡¿Í ±×¿ÜÀÇ ¸ðµç ±â¿© o Ueli Rutishauser, rutish@ibm.net ¼½¼Ç 3.3.9 (OS/2 Warp ¼³Á¤) ÀÛ¼º o Steve Grevemeyer, seg@cylexsys.com Lee Nevo·ÎºÎÅÍÀÇ IP ¸¶½ºÄ¿·¹À̵å ÀÀ¿ëÇÁ·Î±×·¥ ÆäÀÌÁö¸¦ ³Ñ°Ü¹Þ¾Æ¼­ dzºÎÇÑ µ¥ÀÌÅͺ£À̽º·Î ¸¸µê. o Fred Viles, fv@episupport.com o John B. (Brent) Williams, forerunner@mercury.net ¼½¼Ç 3.3.7 (Open Transport ¼³Á¤) ÀÛ¼º o Enrique Pessoa Xavier, enrique@labma.ufrj.br BOOTp ¼³Á¤¿¡ ´ëÇÑ Á¦¾È o IP ¸¶½ºÄ¿·¹ÀÌµå ¸ÞÀϸµ ¸®½ºÆ®ÀÇ ¸ðµç »ç¶÷µé, masq@tiffany.indyramp.com »õ·Î¿î Linux ¸¶½ºÄ¿·¹ÀÌµå »ç¿ëÀÚµéÀ» µ½°í Áö¿øÇØ ÁØ °Í. o ±×¿Ü ´Ù¸¥ IP ¸¶½ºÄ¿·¹À̵åÀÇ ÄÚµå¿Í ¹®¼­ ÀÛ¾÷ÀÚµéÀÌ ¸¸µç ÀÌ ¾öû³­ ÀÛ¾÷¿¡ ´ëÇؼ­ °¨»ç o Delian Delchev, delian@wfpa.acad.bg o David DeSimone (FuzzyFox), fox@dallas.net o Jeanette Pauline Middelink, middelin@polyware.iaf.nl o Miquel van Smoorenburg, miquels@q.cistron.nl o Jos Vos, jos@xos.nl o ±×¸®°í ±×¿Ü¿¡ ½Ç¼ö·Î ºüÆ®·ÈÀ» ¸¹Àº »ç¶÷µé (¾Ë·ÁÁֱ⠹ٶø´Ï´Ù) o ¸ÞÀϸµ ¸®½ºÆ®·Î ÀÇ°ßÀ» º¸³»ÁØ ¸ðµç »ç¿ëÀÚµé, ƯÈ÷ ¹®¼­¿¡¼­ Ʋ¸° Á¡À» ÁöÀûÇØ ÁØ ºÐµé°ú ¾î¶² Ŭ¶óÀ̾ðÆ®°¡ Áö¿øÀÌ µÇ´ÂÁö ¾È µÇ´ÂÁö ¾Ë·ÁÁØ ºÐµé o ¿ì¸®°¡ Áß¿äÇÑ À̸§µéÀ» ºüÆ®·È°Å³ª, ¶Ç´Â µ¿·á »ç¿ëÀÚµéÀÌ º¸³»ÁØ Á¤º¸¸¦ ¾ÆÁ÷ Æ÷ÇÔ½ÃÅ°Áö ¾Ê¾Ò´Ù¸é Á˼ÛÇÕ´Ï´Ù. ¿ì¸®¿¡°Ô º¸³»Á® ¿Â ¾ÆÁÖ ¸¹Àº ¾çÀÇ Á¦¾È°ú ¾ÆÀ̵ð¾î°¡ ÀÖÁö¸¸ À̰͵éÀ» °ËÁõÇÏ°í º¯°æ »çÇ×À» À籸¼ºÇÒ ½Ã°£ÀÌ ºÎÁ·ÇÕ´Ï´Ù. º¸ÀçÁ® ¿Â ¸ðµç Á¤º¸µéÀ» ÀÌ ÇÏ¿ìÅõ¿¡ Æ÷ÇÔ½ÃÅ°±â À§Çؼ­ Ambrose Au¿Í David Ranch ¸ðµÎ ÃÖ¼±À» ´ÙÇÏ°í ÀÖ½À´Ï´Ù. ¿©·¯ºÐÀÇ ³ë·Â¿¡ °¨»çµå¸®°í, ¿©·¯ºÐÀÌ ¿ì¸®ÀÇ ÀÔÀåÀ» ÀÌÇØÇØ ÁÖ¼ÌÀ¸¸é ÇÕ´Ï´Ù. 8.4. Âü°íÇÑ ÀÚ·á o Ken Eves°¡ ¸¸µç ¿ø·¡ÀÇ IP ¸¶½ºÄ¿·¹À̵å FAQ o Indyramp ConsultingÀÌ ¸¸µç IP ¸¶½ºÄ¿·¹ÀÌµå ¸ÞÀϸµ ¸®½ºÆ® archive o Ambrose Au°¡ ¸¸µç IP ¸¶½ºÄ¿·¹À̵å À¥ »çÀÌÆ® o X/OS°¡ ¸¸µç Ipfwadm ÆäÀÌÁö o ±×¿Ü ³×Æ®¿÷¿¡ °ü·ÃµÈ ¿©·¯°¡Áö Linux ÇÏ¿ìÅõµé o David Ranch°¡ ¸¸µç TrinityOS¿¡¼­ ¾ð±ÞµÈ ¸î°¡Áö ÁÖÁ¦µé 8.5. Changes o TO do - HOWTO: o Add the scripted IPMASQADM example to the Forwarders section. Also confirm the syntax. o Add a little section on having multiple subnets behind a MASQ server o Confirm the IPCHAINS ruleset and make sure it is consistant with the IPFWADM ruleset TO DO - WWW page: o Update all PPTP urls from lowrent to ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html o Update the PPTP patch on the masq site o Update the portfw FTP patch Changes from 1.78 to 1.79 - 10/21/99 o Updated the HOWTO name to reflect that it isn't a MINI anymore! Changes from 1.77 to 1.78 - 8/24/99 o Fixed a typeo in "Section 6.6 - Multiple Internal Networks" where the -a policy was ommited. o Deleted the 2.2.x kernel configure option "Drop source routed frames" since it is now enabled by default and the kernel compile option was removed. o Updated the 2.2.x and all other IPCHAINS sections to notify users of the IPCHAINS fragmentation bug. o Updated all the URLs point at Lee Nevo's old IP Masq Applications page to Seg's new page. Changes from 1.76 to 1.77 - 7/26/99 o Fixed a typo in the Port fowarding section that used "ipmasqadm ipportfw -C" instead of "ipmasqadm portfw -f" Changes from 1.75 to 1.76 - 7/19/99 o Updated the "ipfwadm: setsockopt failed: Protocol not available" message in the FAQ to be more clear instead of making the user hunt for the answer in the Forwarders section. o Fixed incorrect syntax in section 6.7 for IPMASQADM and "portfw" Changes from 1.72 to 1.75 - 6/19/99 o Fixed the quake module port setup order for the weak IPFWADM & IPCHAINS ruleset and the strong IPFWADM ruleset as well. o Added a user report about port forwarding ICQ 4000 directly in and using ICQ's default settings WITHOUT enabling the "Non-Sock" proxy setup. o Updated the URLs for the IPMASQADM tool o Added references to Taro Fukunaga, tarozax@earthlink.net for his MkLinux port of the HOWTO o Updated the blurb about Sonny Parlin's FWCONFIG tool to note new IPCHAINS support o Noted that Fred Vile's patch for portfw'ed FTP access is ONLY available for the 2.0.x kernels o Updated the 2.2.x kernel step with a few clarifications on the Experiemental tag o Added Glen Lamb's name to the credits for the LooseUDP patch o Added a clarification on installing the LooseUDP patch that it should use "cat" for non-compressed patches. o Fixed a typo in the IPAUTO FAQ section o I had the DHCP client port numbers reversed for the IPFWADM and IPCHAINS rulesets. The order I had was if your Linux server was a DHCP SERVER. o Added explict /sbin path to all weak and strong ruleset examples. o Made some clarifications in the strong IPFWADM section regarding Dynamic IP addresses for PPP and DHCP users. I also noted that the strong rulesets should be re-run when PPP comes up or when a DHCP lease is renewed. o Added reference in the 2.2.x requirements, updated the ICQ FAQ section, and added Andrew Deryabin to credits section for his ICQ MASQ module. o Added some clarifcation in the FAQ section why the 2.1.x and 2.2.x kernels went to IPCHAINS. o Added a little FAQ section on Microsoft File/Print/Domain services (Samba) through a MASQ server. I also added a URL to a Microsoft Knowledge base document for more details. o Added clarification in the FAQ section that NO Debian distribution supports IP masq out of the box. o Updated the supported MASQ distributions in the FAQ section. o Added to the Aliased NIC section of the FAQ that you CANNOT masq out of an aliased interface. o Wow.. never caught this before but the "ppp-ip" variable in the strong ruleset section is an invalid variable name! It has been renamed to "ppp_ip" o In both the IPFWADM and IPCHAINS simple ruleset setup areas, I had a commented out section on enabling DHCP traffic. Problem is, it was below the final reject line! Doh! I moved both up a section. o In the simple IPCHAINS setup, the #ed out line for DHCP users, I was using the IPFWADM "-W" command instead of IPCHAINS's "-i" parameter. o Added a little blurb to the Forwarders section the resolution to the famous "ipfwadm: setsockopt failed: Protocol not available" error. This also includes a little /proc test to let people confirm if IPPORTFW is enabled in the kernel. I also added this error to a FAQ section for simple searching. o Added a Strong IPCHAINS ruleset to the HOWTO o Added a FAQ section explaining the "kernel: ip_masq_new(proto=UDP): no free ports." error. o Added an example of scripting IPMASQADM PORTFW rules o Updated a few of the Linux Documentation Project (LDP) URLs o Added Quake III support in the module loading sections of all the rc.firewall rulesets. o Fixed the IPMASQADM forwards for ICQ o 1.72 - 4/14/99 - Dranch: Added a large list of Windows NAT/Proxy alternatives with rough pricing and URLs to the FAQ. o 1.71 - 4/13/99 - Dranch: Added IPCHAINS setups for multiple internal MASQed networks. Changed the ICQ setup to use ICQ's default 60 second timeout and change IPFWADM/IPCHAINS timeout to 160 seconds. Updated the MASQ and MASQ-DEV email list and archive subscription instructions. o 1.70 - 3/30/99 - Dranch: Added two new FAQ sections that cover SMTP/POP-3 timeout problems and how to masquerade multiple internal networks out different external IP addresses with IPROUTE2. o 1.65 - 3/29/99 - Dranch: Typo fixes, clarifications of required 2.2.x kernel options, added dynamic PPP IP address support to the strong firewall section, additional quake II module ports, noted that the LooseUDP patch is built into later 2.2.x kernels and its from Glenn Lamb and not Dan Kegel, added more game info in the compatibility section. o 1.62 - Dranch: Make the final first-draft changes to the doc and now announce it the the MASQ email list. o 1.61 - Dranch: Make editorial changes, cleaned things up and fixed some errors in the Windows95 and NT setups. o 1.58 - Dranch: Addition of the port forwarding sections; LooseUDP setup; Ident servers for IRC users, how to read firewall logs, deleted the CuSeeme Mini-HOWTO since it is rarely used. o 1.55 - Dranch: Complete overhaul, feature and FAQ addition, and editing sweep of the v1.50 HOWTO. Completed the 2.2.x kernel and IPCHAINS configurations. Did a conversion from IPAUTOFW to IPPORTFW for the examples that applied. Added many URLs to various other documentation and utility sites. There are so many changes.. I hope everyone likes it. Final publishing of this new rev of the HOWTO to the LDP project won't happen until the doc is looked over and approved by the IP MASQ email list (then v2.00). o 1.50 - Ambrose: A serious update to the HOWTO and the initial addition of the 2.2.0 and IPCHAINS configurations. o 1.20 - Ambrose: One of the more recent HOWTO versions that solely dealt with < 2.0.x kernels and IPFWADM.