IP camouflage simple instructions

zhaozj2021-02-08  321

UNIX / Linux workshop

Original file: Linux IP Masquerade Mini Howto

Ambrose au, achau@wwnline.com

V1.00, 1 January 1997

Translation date: 1997/04/14

Translation maintenance: asdchen@ms1.hinet.net O

-------------------------------------------------- ------------- x ---

O

This file describes how to start an IP Masquerade feature on a Linux host.

, The connection to the Internet IP address allowed by your Linux machine

Connect to the Internet.

1 Introduction

Introduction

This file describes how to start an IP Masquerade feature on a Linux host.

, The connection to the Internet IP address allowed by your Linux machine

Connect to the Internet. Your machine may be connected to the Ethernet connection Linux or it

It types, like a point-to-point pair point (PPP) connection. This document will emphasize the Ethernet

Connect the situation because it should be the most common case.

This document is tended to use 2.0.x core users, do not include development

2.1.x core.

1.2. Foreword, Feedback & Reference Information

First of all, I want you to know that I am not very thorough or very implied.

Experienced person.

I found novices on the new core, like 2.x core, set ip massguerade

It is very confused. Although there is a common question collection (FAQ) and mail list (Mailing List)

However, there is no special document in this regard; and some on the list of posts

A request for a document (Howto). So, I decided to write it to all the novice as

A starting point, and hope to throw the jade, as a user who knows it very well

The basis of the document. If you think I am doing well, don't care about telling me, so I can

It does better.

Many of this file is the common question and answer set of the original Ken Eves and IP_masq.

There are many helpful messages in the list as the foundation. Special thanks Mr. Matthew Driver

The message in the mailing list triggered the inspiration of IP_masq and finally wrote this

Copy file.

If I have misuse or miss any information, please don't mind give any feedback or opinion.

Send to Achau@wwnline.com. Your invaluable feedback will affect this description of the future.

file!

This documentation is to make your IP masquerade to operate in the shortest time.

Fast guidance. The latest news and information can be used in IP Masquerade

Released on the resource page. If you have any technology about IP Masquerade

Question, join the IP Masquerade List and don't send me emails because

My time is limited, and the developers of IP_ Masq are more capable to answer your questions.

The latest version of this document can be found on IP Masquerade Resource, inside

There are also HTMLs and POSTScript versions.

. http://www.wwnline.com/~achau/ipmasq/

. Http://www.hwy401.com/achau/ipmasq/

. http://www.leg.uct.ac.za/mirrors/ipmasq/

. http://130.89.230.132/linux/ipmasq/

1.3. Copyright & Declaration

This file is copyrighted by Ambrose Au and is a free file. You can be in GNU

The general public authorization method is spreading it. The information in this document has made my greatest efforts with other content. anyway,

IP_MASQ is experimental, and I may also make some mistakes; so you should decide yourself

Is it necessary to do it according to information in this document.

No one will be responsible for computers or other losses caused by information in this document.

. I.E.

The author is not responsible for damage caused by this document content.

THIS Document Is Copyright (C) 1996 Ambrose Au, And It's A Free

Document. You can redistribute it Under the Terms of the gnu general

Public license.

THE Information and other Contents in this document is to the best of

My Knowledge. However, IP_MASQ IS Experimental, and There is Chance

That I make missakes as well; so you hope determine if you want to

Follow the information in this document.

Nobody Is Responsible for Any Damage ON Your Computers and Any Other

Losses by using the information on this document. I.e.

The Author Is Not Responsible for Any Damages Incurred Due

TO ACTIONS TAKEN BASED ON The Information in this Document.

2. Background knowledge

2.1. What is IP Masquerade?

IP Masquerade is a network function in Linux development. If a Linux

The host uses the IP Masquerade function to connect to the Internet, then connect it to the electricity

The brain (whether on the same area network or by the data wiring) can also contact the Internet.

Online, even if they do not get a formal designated IP address.

This allows some computers to hide the Gateway system to access the Internet network.

Not found, it seems like only this system is using the Internet. Breakthrough

Masquerade system security protection should be filtered by a good packing package

Packet filter firewall is more difficult (assuming that there is no

wrong).

2.2. Status

IP Masquerade is still in the experimental phase. Anyway, the core has started from 1.3.x

This support is built. Many individuals and even the company is using it, and satisfactory results.

Browsing the web and the remote check-in (Telnet) already reward indicates that can be on IP_MASQ

Work. Archive Transmission (FTP), Network Talk (IRC) and Listening Real Audio now

Some modules can be loaded. STREAMING AUDIO

It is also possible to operate like True Speech and Internet Wave. Some mailing list

The use partners in the middle have even tried the video conference software. Ping now cooperates with newest

The Internet Control Message Agreement (ICMP) repairs can also operate. More complete support

Please refer to Section 4.3 of the Software.

IP Masquerade is equipped with a number of different job systems and platforms with 'client machines'

Well. Successful cases have UNIX, Windows95, Windows NT,

Windows for Workgroup (with TCP / IP Package), OS / 2, Macintosh

System's Os with Mac TCP, Mac Open Transport, DOS with NCSATET PACKAGE, VAX, Alpha with Linux, or even Amiga with amitcp

OR AS225-Stack system.

2.3. Who can benefit from IP MasqueraDe?

. If you have a link to Linux, a link to the Internet, and

. If you have some computers that perform TCP / IP connect to Linux machines in the area network

On, and / or

. If your Linux host has more than one data machine and as a PPP or SLIP

Servers connect other computers, they

. These "other" machines do not have formally specified IP orders. (These machines are open from here

Being called "Other" machines later

. And of course, if you hope that these "other" machines do not have to have additional costs

Internet access :)

2.4. Who does not need ip masquerade?

. If your machine is a single (Stand-alone) Linux connected to the Internet

Host, then execute IP_masq does not make sense, or

. If your "other" machine has officially specified IP address, then you don't need

IP Masquerade,

. And of course, if you don't like this idea of ​​free ride.

2.5. How is IP MasqueraDe working?

IP Masquerade FAQ from Ken EVES:

This is a simple set of sketches:

SLIP / PPP ------------ -----------

To Provider | Linux | SLIP / PPP | Anybox |

<---------- Modem1 | | MODEM2 ----------- Modem | |

111.222.333.444 | 192.168.1.100 | |

------------ -----------

One of the top sketches installed and executed with IP_masquerading Linux

The machine uses MODEM1 to connect to the Internet access via the SLIP / OR / PPP. It has one

The designated IP address 111.222.333.444. It sets MODEM2 allows the call

Check in and start the SLIP / OR / PPP link.

Second system (do not have to perform Linux system) Dial access to Linux

The machine and the start SLIP / OR / PPP link. It does not specify on the Internet

The IP address is used to use 192.168.1.100. (See also described below)

With IP_Masquerade and appropriate delivery configuration (Routing Configure)

Anybox This machine can communicate with the Internet is just like it is true.

(Except for a few exceptions).

PAULINE MIDDELINK:

Don't forget to mention that anybox should treat Linux machine as its gateway (whether

The preset delivery path or is just a subnet. If Anybox is not able to

In this way, the Linux machine should make a proxy address resolution for all the address to be delivered.

Analysis Agreement (Proxy ARP), but the agency address resolution exceeds this file

□ surround.

The following is an antector from Comp.OS.Linux.Networking and a little editing

In line with the above □

. I told Anybox's Linux machine that this machine runs Slip is its gate.

. When a packet enters the Linux machine from Anybox, it specifies the Source Port Number, set its own IP address into the header of the package.

Store it. Then it will make the modified package by the SLIP / OR / PPP interface

Send an internet.

. When a packet comes from the Internet to the Linux machine, if the number is the specified

One of them, it will take out the original number and IP address, put them back.

The header of the package and put the package to anybox.

. The host that sent the package will never know the difference.

An example of an ip masquerading:

The figure below is a typical example:

--------

| | Ethernet

| ABOX | :::::::

| | 2: 192.168.1.x

---------- :

: ---------- PPP

-------- : 1 | Linux | LINK

| | :::: | Masq-Gate | :::::::::: // Internet

| BBOX | :::::::

| | 3: ----------

---------- :

:

---------- :

| |

| CBOX | :::::::

| | 4

--------

<-Internal network->

In this example we consider 4 computer systems (you must have something to be far away.

Let your IP connection to the Internet access, and some (far more than this page)

On the Internet, you are interested in exchange information. This Linux system camouflage

It is ABOX, BBOX, and CBOX internal network machines connected to the Internet of Package. internal

The network uses the specified private (private) network address, in this case, Class C

Online 192.168.1.0, Linux machine has a site 192.168.1.1 and 'other'

The system also has a location on this network.

These three machines ABOX, BBOX, and CBOX (they can perform any job system -

Like Windows95, Macintosh Mactcp or even another Linux machine

As long as they can understand IP) can be connected to other machines on the Internet, however

This camouflage system is converting all of them, so these connectors look like it.

That is, from the camouflage gate itself, but also arranges the information transferred by the camouflage wiring to turn back.

System - So the system on the internal network sees that the delivery directly to the internet network

Path and don't know their information being disguised.

2.6. Using IP Masquerade on Linux 2.x

. The original program code of the core 2.0.x can be obtained from here

ftp://ftp.funet.fi/pub/linux/kernel/src/v2.0/

(Yes, you will have to join some support to compile your core ...

Recommended the latest stable version)

. The core module can be loaded, preferably 2.0.0 or updated version, can be obtained from here

http://www.pi.se/blox/modules/modules-2.0.0.tar.gz

(At least Modules-1.3.57)

. Set good TCP / IP network

Covered with Linux Net-2 Howto

Network administrator's guide

. Your Linux host internet connection

Covered with Linux ISP Hookup HOWTO

,

Linux PPP HOWTO

LINUX PPP-over-Isdn Mini-HOWTO

. IPFWADM 2.3 or updated version can be obtained from here

ftp://ftp.xos.nl/pub/linux/ipfwadm/ipfwadm-2.3.tar.gz

There are more information about the version on the Linux IPFWADM page.

. You can selectively apply some IP MasqueraDe repair to open other features.

For more information from here, IP Masquerade Resources

(These patch files apply

All 2.0.x cores)

3. Setting IP Masquerade

If you have any important information in your private network, use IP Masquerade

Please think twice before. This may become a gateway to the Internet, and vice versa, too

It may become the way to enter your private network in the world.

3.1. Compiling the core to join the support of IP Masquerade

. First, you need the core of the original code (preferably a stable version 2.0.0 or more

Core)

. If this is your first compilation core, don't be afraid. In fact, this is very easy and

Covered with Linux Kernel HOWTO

. Use instructions: TAR ZXVF Linux-2.0.x.tar.gz -c / usr / src puts the core

The original program is solved to / usr / src /, where X is the fix level after 2.0

(Determine a directory or symbolic link called Linux)

. Add appropriate fixes. Because the new fix files continue, the details will not be included

Here. For the latest information, please refer to IP Masquerade Resources

. For further introductions about compilation core, please refer to Kernel HOWTO and the core original

Readme file in program code catalog

. Here is the option you want to compile:

The following options To answer Yes

* Prompt for development and / or ibptomplete code / drivers

Config_experimental

- This will allow you to choose to compile the experimental ip_masq code code to the core

* Enable loadable module support

Config_Modules

- Let you load the module

* NetWorking Support

CONFIG_NET

* NetWork FireWallsconfig_FireWall

* TCP / IP Networking

CONFIG_INET

* IP: Forwarding / Gatewaying

Config_ip_forward

* IP: firewalling

Config_ip_firewall

* IP: MasqueRading (Experimental)

Config_ip_masquerade

- Although it is experimental, it is * must *

* IP: ALWAYS DEFRAGMENT

Config_ip_always_defrag

- High recommendation

* Dummy Net Driver Support

Config_dummy

- Recommended

Note: These are just IP_MASQs, you also need to choose any other settings.

The options needed.

. After compiling the core, you should compile and install the module:

Make Modules; Make Modules_Install

. Then you should be in /etc/rc.d/rc.local (or any profile you think)

Plus a few lines to automatically load /Lib/modules/2.0.x/iPv4/ each time startup

The module required:

.

.

.

/ sbin / depmod -a

/ sbin / modprobe ip_masq_ftp

/ sbin / modprobe ip_masq_raudio

/ sbin / modprobe ip_masq_irc

(And other modules such as IP_MASQ_CUSEEME, IP_MASQ_VDOLIVE, if

You have appropriate fixes)

.

.

.

Note: You can also manually load it manually before using IP_MASQ, but don't use

Kerneld is loaded, this is not!

3.2. Specifies the IP address of the private network

Because all 'other' machines are not officially specified, there must be a correct way

To assign the address to these machines.

Since IP Masquerade FAQ:

There is a copy of the RFC (# 1597) is what IP address is related to the use of online connection with the external connection

. There are three digits that are particularly reserved for this purpose. One of them used it is

192.168.1.N to 255 Class-C subnets between 192.168.255.n.

Self-RFC 1597:

Section III: Space of private sites

Internet Address Specify Authority (IANA: Internet Assigned Numbers Authority)

The IP address space of the following three blocks has been retained to the private network:

10.0.0.0 - 10.255.255.255

172.16.0 - 172.31.255.255

192.168.0.0 - 192.168.255.255

We will call the first block as "24-bit block", the second is "20-bit block block"

", And the third is called" 16-bit block ". Notice that the first block is just

Class A network number, the second block is a continuous 16 Class B

Online numbers, and the third block is a set of 255 consecutive Class C networks

number.

So, if you want to use a Class C network, then your machine should

192.168.1.1, 192.168.1.2, 192.168.1.3, ..., 192.168.1.x

.

192.168.1.1 is usually a gate of the gate, that is, you even connect to the Internet's Linux.

Host. Note 192.168.1.0 and 192.168.1.x are networks and broadcasts, respectively.

Address, it is reserved. Avoid using these sites on your machine.

3.3. Configure "Other" machines

In addition to setting the appropriate IP address for each machine, you should also set the appropriate gateway.

. Generally speaking, this is very straightforward. You only need to simply enter the Linux host

The location (usually 192.168.1.1) is used as a gate site.

About the domain name service, you can join any DNS system. The most likely you should be you

The one used by Linux. You can also selectively add any domain word (Domain)

SUFFIX.

After you reconfigure these IP addresses, remember to restart the appropriate service or re-

Boot.

The following configuration □ Case assumes that you use a Class C network and 192.168.1.1

As the address of the Linux host. Please note 192.168.1.0 and 192.168.1.255

It is reserved.

3.3.1. Configuring Windows 95

1. If you haven't installed a network card and interface driver, do it now.

2. Go to 'Console / Network'.

3. If there is no 'TCP / IP Agreement in your online configuration, add it.

4. In 'TCP / IP content', select 'IP address' and set the IP address to

192.168.1.x, (1

5. Join 192.168.1.x in 'Communication Gate' as your gateway.

6. Add your Linux host using your Linux host under 'DNS Configuration' / 'DNS Server'

DNS (usually available in /etc/resolv.co

转载请注明原文地址:https://www.9cbs.com/read-1466.html

New Post(0)