Вы находитесь на странице: 1из 20

RedHat Linux 6.

x Internet Gateway
Paul Ramsey <pramsey@refractions.net>
22 2000
RedHat 6
, Internet gateway '
. ,
(masquerading), DNS, DHCP,
.
______________________________________________________________________
Table of Contents
1.
1.1
1.2 Copyright
2.
2.1 hub
2.2 hub
2.3
3.
3.1 driver
3.1.1
3.2
3.2.1
3.2.2 DHCP server
3.2.3 client /
3.2.4 DNS server
3.2.5
3.3
3.3.1 IP
3.3.2 DHCP
3.3.3
3.3.3.1 PPP Ethernet (PPPoE)
3.3.3.2 DHCP
3.3.3.3 Road Runner
3.3.4
3.4
4. (masquerading)
5.
5.1 ICQ
5.2 Caldera 2.x, RedHat 6.x
5.3 / Web server
______________________________________________________________________
1.
RedHat 6.x
Internet gateway ,

. :
, ,
,
:
ADSL Internet.

/ .
RedHat,
MacMillan Publishing
.

RedHat 6.x

Mandrake 6.x,

/ Linux
, Linux .
ethernet hub,
, cross-over,
/.
text /
Linux.
/ root.
RPM cd-roms Linux.
,
.
,
. ,
, .
,
, ' ,

.
--,
,
GUI's, RedHat.
, ' , .
, ,
Linux, . (,
X-Windows , headless
server.)
1.1.

http://www.coastnet.com/~pramsey/linux/homenet.html ( HTML),
http://www.coastnet.com/~pramsey/linux/homenet.sgml ( SGML).
21 1999 : .
2 2000 : John Mellor,
.
22 2000 :
, IP aliasing

Chris Lea.
16 2000 :
name server Caldera Linux,
Nelson Gibbs.
22 2000 :
RedHat 6.2 . PPPoE (PPP over
Ethernet), Kerr First.

1.2. Copyright
Copyright 2000, Paul Ramsey.
' ,
, :
copyright
,
.

, .
,

, , .
'
, ,
,
.
, :
.
, , ,
, .
2.
hub ,
. RJ45 (
, ),
.
/ hub,
, .
, .
2.1. hub
hub, '
<http://www.coastnet.com/~pramsey/linux/w_hub.gif>.
eth0 / (cable)
modem, ADSL,
. (,
' .)

, cable modems
crossover,
. ,
.
eth1 / hub,
. / .
2.2. hub
hub, /
/ Linux, crossover.

<http://www.coastnet.com/~pramsey/linux/wo_hub.gif>.
eth0 cable modem,
ADSL,
. eth1 /,
crossover.
2.3.
. ' ,
,
cracking ( =
hackers). ,
, . .
Linux "IP aliasing",
ethernet
IP . (
RedHat Mandrake.)
gateway ethernet,
eth1 eth0:0.
, DHCP
server.
/ cable modem (
ADSL) hub. , .
3.
, Linux /,
gateway . '
, Internet. , '
, .
login root.
login root.
Linux ethernet eth0
eth1, ' '
. , , .
"" ,
50% : /
motherboard , . (
,
.) eth0 -
. , '

eth0, eth1.
, eth0 eth1
. : ifconfig eth0 : ifconfig eth1.
, ,
(
, , ) :
eth0

Link encap: Ethernet HWaddr 00:60:67:4A:02:0A


inet addr:0.0.0.0 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:466 errors:0 dropped:0 overruns:0 frame:0
TX packets:448 errors:0 dropped:0 overruns:0 carrier:0
collisions:85 txqueuelen:100
Interrupt:10 Base address:0xe400

,
:
eth0: error fetching interface information: Device not found.

3.1. driver
Linux , .
, .
, .
. , ,
.
, ' . ,
, Ethernet HOWTO. , ,
:
PCI . ,
,
drivers ' . , ,
( '
), /proc/pci
.
ISA .
IO IRQ .
, ; , site
, on-line
. , DOS,

(
IRQ).
ISA Plug'n'Play .
- Plug'n'Play HOWTO. ,

,
IO IRQ .
, - eth0 eth1,
Ethernet HOWTO,
. driver,
, .
' !
, /etc/conf.modules. text editor
. ,
,
gateway. PCI
10/100 Mbps, VIA Rhine,
ISA NE2000, 10 Mbps.
100 Mbps , 10
. /etc/conf.modules
:
alias parport_lowlevel parport_pc
alias eth0 ne
options ne io=0x300 irq=10
alias eth1 via-rhine

conf.modules :

. ,
.
(alias eth0 ne)
ne driver eth0.
(options ne io=0x300 irq=10) ne driver
IO IRQ ISA .
ISA,
. , driver IO
irq .
(alias eth1 via-rhine)
eth1 driver viarhine. , , eth1 PCI,
io irq : PCI
.
alias
conf.modules ,
ISA .
conf.modules, ethernet

conf.modules,
ifconfig eth0 ifconfig eth1.
, IO IRQs,
.

3.1.1.
, ,
; , '

/etc/conf.modules. , IO
IRQ's ,
NE2000
( ).
/etc/conf.modules :
alias eth0 ne
alias eth1 ne
options ne io=0x330,0x360 irq=7,9

,
eth0.
eth1.
3.2.
"" , /
. "" ,
Internet, gateway / .
,
gateway /,
firewall .
3.2.1.
drivers ,
eth0 eth1 ifconfig,
.
eth1, eth0.
,
: 192.168.1.0.
" C",
.
, .
/etc/sysconfig/network,
:
NETWORKING=yes
FORWARD_IPV4=yes

Linux
/.
Linux IP (IP
forwarding).
(masquerading), 4 HowTo.

RedHat : RedHat 6.2


/etc/sysctl.conf, IP forwarding
masquerading.
:
net.ipv4.ip_forward = 1
net.ipv4.ip_always_defrag = 1

RedHat
RedHat , directory /etc/sysconfig/networkscripts directory. cd ' directory,
, ifcfg-eth1. ' :
DEVICE=eth1
IPADDR=192.168.1.1
ONBOOT=yes

scripts eth1
, IP.

: /etc/rc.d/init.d/network restart
3.2.2. DHCP server
DHCP server IP /
. ,
/ :
/ , . DHCP
server , .

DHCP server .
mount CD Linux , dhcp RPM.
/etc/dhcpd.conf, (
) :

subnet 192.168.1.0 netmask 255.255.255.0 {


range 192.168.1.2 192.168.1.60;
default-lease-time 86400;
max-lease-time 86400;
option routers 192.168.1.1;
option ip-forwarding off;
option broadcast-address 192.168.1.255;
option subnet-mask 255.255.255.0;
}

Linux / caching domain name


server, :

option domain-name-servers 192.168.1.1;

DNS ,
Linux / DNS,
( x.x.x.x y.y.y.y IP DNS servers) :
option domain-name-servers x.x.x.x, y.y.y.y;

Samba
Linux / ( / Windows),
, Linux / WINS
browsing server :
option
option
option
option

netbios-name-servers 192.168.1.1;
netbios-dd-server 192.168.1.1;
netbios-node-type 8;
netbios-scope "";

Samba WINS
. ,
SMB HOWTO, .
. ,
/etc/rc.d/init.d/dhcpd, :
/sbin/route add -host 255.255.255.255 dev eth1

DHCP clients Windows


DHCP,
TCP/IP stack Linux .
, .
, , eth1.
' /etc/rc.d/init.d/dhcpd,
default eth1.
:
daemon /usr/sbin/dhcpd

:
daemon /usr/sbin/dhcpd eth1

DHCP. DHCP
server, : /etc/rc.d/init.d/dhcpd start.
, DHCP server
. RPM DHCP server ,
server ,
, : chkconfig dhcpd
on.
RedHat script
dhcp directories runlevels, /etc/rc.d.
DHCP server runlevels 3 5 (multiuser
multiuser X). runlevels 0, 1 6 (shutdown,
reboot), DHCP server .
3.2.3. client /
DHCP,
client / : DHCP. /
Windows, ' ("Control
Panel"), ("Networking").
"TCP/IP", ("Configure").
, TCP/IP
("Configure TCP/IP address automatically"), ,
.
, , server,
: tail -f /var/log/messages. logs
Linux. , Windows /
IP, DHCP server ' .
( tail -f , Control-C.)
DHCP,
. ("Networking")
("Control Panel"), TCP/IP.
client /
192.168.1.0 , 192.168.1.0 (.
), 192.168.1.255 (. broadcast),
192.168.1.1 ( Linux server /).
IP /. "Gateway"
192.168.1.1,
gateway /.
IP Masquerading HOWTO
clients, .
, client /,
DHCP,
192.168.1.x, gateway 192.168.1.1 . DNS server
192.168.1.1, caching DNS server ( ),
DNS Internet
Provider .

3.2.4. DNS server


Linux / caching DNS server,
() ,
DNS ,
' .
DNS,
. DNS HOWTO ,
DNS and BIND ( )
.
caching server client / ,
, Linux gateway
DNS server . ,
DHCP, 3.2.2 .
client / , '
DNS
IP.
DNS server, bind
RPM, caching-nameserver RPM. ' ,
.
caching server
. , IP DNS servers
Internet Provider ( "ISP" - ...), '
, /etc/named.conf,
directory (
x.x.x.x y.y.y.y DNS
servers) :
forwarders { x.x.x.x; y.y.y.y; };

DNS server DNS servers


ISP, Internet
. servers ISP
, '
, server.
daemon named 12,
,
, '
.
1. bind ,
8.2.2. site RedHat,
Mandrake,
.
2. name server ,
. allow-query { 192.168.1/24;
127.0.0.1/32; }; /etc/named.conf,
forwarders.

3. name server root. server


root, server
root. server
, nobody,
name server. name server
nobody, /etc/rc.d/init.d/named,
daemon named daemon named -u nobody -g nobody.
DNS server boot :
chkconfig named on. , server
runlevels (3 5) boot.
, DNS server :
/etc/rc.d/init.d/named start
3.2.5.
DNS , (
DNS servers Internet),
ping
.
(MS-DOS) ' client /
, : ping 192.168.1.1.
Linux / ,
. ,
.
3.3.
.
, Linux
ISP . , ADSL mini-HOWTO,
ADSL .
Cable Modem HOWTO, link ' .

IP. ISPs IP
cable () modem ADSL, '
. , ISPs
(
!) DHCP. Linux / DHCP
server eth1 interface, DHCP client
eth0.
, ISPs
, Windows.
'
3.3.2. .
3.3.1. IP
ISP IP, .
, /etc/sysconfig/networkscripts/ifcfg-eth0, :
DEVICE=eth0
IPADDR=x.x.x.x
NETMASK=y.y.y.y

ONBOOT=yes

x.x.x.x y.y.y.y
ISP. , /etc/resolv.conf,
:
search provider_domain_here
nameserver n.n.n.n
nameserver m.m.m.m

provider_domain ISP . ,
DNS servers
n.n.n.n m.m.m.m . Linux / DNS server,
nameservers :
nameserver 127.0.0.1. Linux server
caching server, servers
DNS.
3.3.2. DHCP
ISP DHCP,
, /etc/sysconfig/network-scripts/ifcfg-eth0,
:
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes

, dhcpcd client daemon


. Linux CD ,
dhcpcd RPM.

. /etc/rc.d/init.d/network restart.
, ping . ping '
/ Internet, www.yahoo.com,
.
3.3.3.

.
, links
. John Mellor,
links .
3.3.3.1. PPP Ethernet (PPPoE)

ADSL providers ( Bell Atlantic)


"PPP over
Ethernet" (PPPoE). ,
client Windows :
Linux. , , PPPoE ,
Linux.
Kerr First Roaring Penguin PPPoE
Client.
PPPoE on Linux for Bell Sympatico,
General Info Linux Info.
3.3.3.2. DHCP
ISPs '
host name,
. '
/ , hub. (, Linux
masquerading ,
ISP !!)
ISP host name, Windows
/ ,
, Linux /
host name, DHCP
server.
dhcp BOOTPROTO, ,
RedHat DHCP client, '
host name. host name RedHat 6.1,
/etc/sysconfig/network, :
HOSTNAME=
:
HOSTNAME=your_isp_assigned_name
RedHat.
, /sbin/ifup script
dhcpcd pump -h $HOSTNAME. ,
, : /sbin/dhcpcd -i
$DEVICE -h $HOSTNAME /sbin/pump -i $DEVICE -h $HOSTNAME.
3.3.3.3. Road Runner
Road Runner
login, server. ,
Linux Road Runner HOWTO.
3.3.4.
, . ifconfig,
. gateway /,
:

eth0 Link encap:Ethernet HWaddr 00:60:67:4A:02:0A


inet addr:24.65.182.43 Bcast:24.65.182.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:487167 errors:0 dropped:0 overruns:0 frame:0
TX packets:467064 errors:0 dropped:0 overruns:0 carrier:0
collisions:89 txqueuelen:100
Interrupt:10 Base address:0xe400
eth1 Link encap:Ethernet HWaddr 00:80:C8:D3:30:2C
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:284112 errors:0 dropped:0 overruns:0 frame:1
TX packets:311533 errors:0 dropped:0 overruns:0 carrier:0
collisions:37938 txqueuelen:100
Interrupt:5 Base address:0xe800
lo
Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:12598 errors:0 dropped:0 overruns:0 frame:0
TX packets:12598 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0

eth0
IP, eth1 .
routes , route.
gateway / , :
Kernel IP routing table
Destination
Gateway
255.255.255.255 *
192.168.1.0
*
24.65.182.0
*
127.0.0.0
*
default
24.65.182.1

Genmask
255.255.255.255
255.255.255.0
255.255.255.0
255.0.0.0
0.0.0.0

Flags
UH
U
U
U
UG

Metric
0
0
0
0
0

Ref Use Iface


0
0 eth1
0
0 eth1
0
0 eth0
0
0 lo
0
0 eth0

,
, ,
broadcast 255.255.255.255 , default route
gateway ISP. !
, . '
. ,
' .
3.4.
Internet ADSL
modem, /
24 , 7 .
Linux gateway ,
/ : Internet,
Linux / .
, Linux / , '
,
.
, . ,
/etc/hosts.deny,
:
#
# hosts.deny host /,
#
**
#
INET, "/usr/sbin/tcpd" server.
#
#
portmap ,
#
portmap
#
hosts.deny hosts.allow . ,
#
NFS portmap!
ALL: ALL

"TCP wrappers" ( 95%


) host /.
!
Linux / ,
. , .
/etc/hosts.allow, :
#
# hosts.allow host /,
#

#
INET, "/usr/sbin/tcpd" server.
#
ALL: 127.0.0.1
ALL: 192.168.1.

"TCP wrappers"
(local device,
127.0.0.1), (192.168.1.) .

, .
,
. Security HOWTO '
, '
Linux / .
4. (masquerading)
! ,
. IP
Linux. Windows,
, . 386
IP
, Windows 95 -
Windows. (
, Windows 2000
" " software.

, " "
MicroSoft. , Windows 2000
386.)
Linux firewalling,

. firewalling ,
Firewalling HOWTO ,
IPChains HOWTO firewalling,
ipchains, 2.2.x Linux (, '
, RedHat 6.x). ,
IP Masquerading HOWTO,
.
,
.
/etc/rc.d/rc.local,
:
# 1) .
/sbin/ipchains -F input
/sbin/ipchains -F forward
/sbin/ipchains -F output
# 2) MASQ
# DHCP.
/sbin/ipchains -M -S 7200 10 60
/sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 68 -d 0/0 67 -p udp
# 3) ,
# . .
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
# 4) modules .
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio

modules ,
FTP RealAudio / .

modules ,
, :
CUSeeMe (/sbin/modprobe ip_masq_cuseeme)
Internet Relay Chat (/sbin/modprobe ip_masq_irc)
Quake (/sbin/modprobe ip_masq_quake)
VDOLive (/sbin/modprobe ip_masq_vdolive)
! rc.local
script /etc/rc.d/rc.local, !
/ , Internet.
, !
5.

,
.
.
' , ,
links ,
, .
pramsey@refractions.net.
5.1. ICQ
ICQ .
. , beta quality ICQ
module , ( )
ICQ . README
source, compile module.
compile , :
/sbin/modprobe ip_masq_icq.
5.2. Caldera 2.x, RedHat 6.x
, ! ,
Nelson Gibbs (ngibbs@pacbell.net) ,
Linux.
, :
1. GATEWAY=xxx.xxx.xxx.xxx
/etc/sysconfig/network-scripts/ifcfg-eth0 & eth1 (
IP ,
IP gateway ISP).
2. /etc/sysconfig/daemons/dhcpd script
ROUTE_DEVICE eth1, eth0.
3. /etc/dhcpd.conf (subnet)
. ,
: subnet 216.102.154.201 netmask 255.255.255.255 { }
, DHCP server eth0
eth1, (fallback). DHCP server
, .

4. host route 255.255.255.255,


/etc/rc.d/init.d/dhcpd script Caldera
.
eth0 script eth1.
5.3. / Web server
! , IP,
. IP,
scripts,
IP ,
.

/ "" / "" ' ,
,
.
Linux,
,
utility ipmasqadm .
, ipmasqadm
RedHat Mandrake,
web site -
RPM , source .
RPM, ,
/etc/rc.d/rc.local :
/usr/sbin/ipmasqadm portfw -f
/usr/sbin/ipmasqadm portfw -a -P tcp -L x.x.x.x 80 -R 192.168.1.x 80

(port forwarding
rules), 80
80 /.
IP x.x.x.x ,
IP / 192.168.1.x .
, 80
80 .
telnet, 80 gateway
/ :
.