Qiao with universal agent Plug-GW
Wu Apang
---- In complex network environments, FWTK's PLUG-GW is an indispensable tool for network administrators. It is an universal agent based on the application layer, which proxy all kinds of connection-based TCP protocol services. When we need to allow Internet users to access the POP3 / SMTP / web server inside the firewall, you can use it to implement, and this mechanism for forwarding the bag on both ends of the firewall can also isolate external users directly to access internal machines, greatly increase System security. The author's operating system is RedHat 7.2.
First, network environment
---- A and B are 2 POP3 servers in the LAN, F is a firewall, access to the Internet. There is 2 network cards on F, bind 2 IP addresses, which need to be implemented as follows.
---- 1. When the external user sets the POP3 server to 1.2.3.4, the request is forwarded to the POP3 server A using PLUG-GW, and the connection request as seen from 192.168.1.1 is 192.168.1.1.
---- 2. When the external user sets the POP3 server to 1.2.3.5, the request is forwarded to the POP3 server B using PLUG-GW, and the connection requests seen from the server B come from 192.168.1.2.
Second, the defects and fixes of the FWTK toolkit
---- The FWTK we discussed here is a version 2.1, in which, PLUG-GW can only be bound to a particular port number, which is very inconvenient for practical applications, and must be picked. The download address of the patch is http://www.connetsys.com/products/ipbind/. With IPBIND, you can achieve complete access control. Users can specify which IP address and port number on the firewall accept external request, which IP address is requested by the customer request data (new parameter "-connect-from" after IPBIND Patch "Specifies the forward request IP address).
Third, the required file download
FWTK 2.1 firewall kit (http://www.fwtk.org/) ipbind (http://www.connetsys.com/products/ipbind/) GDBM (ftp://ftp.gnu.org/gnu/gdbm/ GDBM-1.8.0.tar.gz)
Fourth, compilation and installation
---- Place the downloaded file in the / root directory. ---- #CD / root ---- #for files in. / *; do tar xvfz $ files; done
---- 1. Patch FWTK ---- #CD fwtk ---- #patch -p0 <../ipbind-1.2/ipbind-1.2.path
---- 2. Install GDBM ---- #CD GDBM-1.8.0 ---- #. / Configure ---- #make ---- #Make Install ---- #Make Install-Compall
---- 3. Compile FWTK ---- #CD / root ---- #TAR XVFZ fwtk2.1.tar.z ---- #CD fwtk ---- #cp -f makefile.config.linux makefile.config --- - #vi makefile.config (Note: In the makefile.config file, make sure "dbmlib = -lgdbm" and remove the comments in front of "auxlib = -lcrypt".) - # #E ---- #make Install (Install all programs in / usr / local / etc directory.)
---- 4. Remove excess symbols in the program to reduce the size of the execution file. ---- #CD / USR / local / etc ---- #for files in. / *; do strip $ files; done 5, method
---- In / usr / local / etc / directory, edit file NetPerm-Table, and add the plane 2 line. ---- Plug-GW-POP3A: Port 110 * -plug-to 192.168.1.3 -port 110 ---- Plug-GW-POP3B: Port 110 * -plug-to 192.168.1.4 -port 110
---- Then start the PLUG-GW with the following command. - # / usr / local / etc / plug-gw -daemon 1.2.3.4:110 -Name plug-gw-pop3a -connect-from 192.168.1.1
---- Note: At this point, the specified source address is arbitrary address, issues a request to 1.2.3.4: 110, forward to 192.168.1.3: 110, and request data from 192.168.1.3 to 192.168.1.3, and forward to customers End PC. ---- # / usr / local / etc / plug-gw -daemon 1.2.3.5:110 -Name Plug-gw-pop3b -connect-from 192.168.1.2
---- In addition, check the request command to: ---- # / usr / sbin / tcpdump port 110