At present.
Network operating systems, Linux has become the computer operating system technology professionals, technical personnel through a simple installation, you can get the Linux provides a number of network services, such as domain name service, e-mail, anonymous FTP service, etc. At the same time, it also provides a graphics workstation with Xwindows system. Latest Linux7.2 full already have all the features of the Web server. In this, our company would like to combine their work experience, talk about the use of Linux on the other hand, is about to Linux as a router to connect two different network segments, and to configure the firewall to implement network access control and traffic statistics. If you want to make a Linux PC is equipped with a router function, first of all you want to make hardware configuration. Assumption that a Router PC is equipped with a Linux system, and equipped with two network cards, each card to connect a different network segments, this machine as a router between the two segments forward IP packets. In order to prevent two network cards interrupt conflict, there is a need for the network card driver interrupts are set to different values. Our company, in practice it, and the i/o address respectively to: 3, 4, 0x300H and 0x320. Hardware configuration is complete, you also need the software to do the appropriate configuration. In a typical installation mode, the Linux system does not have the router functionality, you must reinstall the Linux kernel. To Slackware version of Linux as an example, the process of reconfiguring kernel is 1. # cd/usr/src/linux/* target into the Linux source code */2. # makeconig/* compile options configuration */in this step, the system will provide some of the compile process for users depending on the option to own actual situation to select. For options that cannot be determined, the user can select the system default. In the network portion uncompiled asks, the prompt appears: networkfirewall [y/n/N]? /* Kernel supports firewall */... TCP/IPnetworking[n/y/Y]? /* Host is connected to a TCP/IP network */IP: forwarding/gatewaying [n/y/Y]? /* Host forwarding database or as a gateway */... IP:firewalling[y/n/N]? /* If in a TCP/IP network settings in the firewall */IP: firewallpacketlogging [y/n/N]? /* Whether or not the registration packet on the firewall */... IP:accounting[y/n/N]? /* Whether or not the packet billing */IP: optimizeasrouternothost [y/n/N]? /* If the host is set to router */... IP:multicatsroutig[y/n/N]? /* Router is routing information to a foreign broadcasting */because we want to make this host is configured as a router, and firewall, so these options unified selected "y". 3. # makedep/* compile under compile option to do before the preparatory work */4. # makezlmage/* start compiling kernel and named the compiled kernel filename is zlmage */compiled kernel in "/usr/src/linux/arch/i386/boot" directory. Backup the original kernel in the system, the user can copy that file to the root directory, and renamed the vmlinuz ", run the" lilo ", making it the next time you start to take effect. Reconstruction of the kernel, the two network cards set of TCP/IP section to enable them to effectively connect two different network segments, and in two segments for the forwarding of IP packets. Setup steps as (one of the parameters as shown in the figure): 1. for NE2000-compatible network cards, modify "/etc/rc.d/rc.modules" file; /Sbin/modprobeneio = 0x300, 0x320/* identify two network cards */2. modify the "/etc/rc.d/rc.inetl" file, set the network adapter's IP address, mask and two network cards-routing information; IPADDR = "202.207.0.27" NETWORK = "202.207.0.0" BROADCAST = "202.207.0.255" IPADDR1 = "202.207.7.2" NETWORK1 = "202.207.7.0" BROADCAST1 = "202.207.7.255" NETMASK 255.255.255.0 "/sbin/ifconfigeth0 =" $ {IPADDR} $ {BROADCAST} broadcast netmask $ {NETMASK}/sbin/ifconfigeth1 $ {IPADDR1} $ {BROADCAST1} broadcast netmask $ {NETMASK} $ {NETWORK}/sbin/routeadd-net netmask $ {NETMASK} et0/sbin/routeadd-net $ {NETWORK1} netmask $ {NETMASK} et1 3. modify the file, open the/etc/rc.d/rc.inet2 "RoutedServer", so that it canAnd other routers exchanging routing information, and to forward IP packets. # # StarttheRoutedserver if [-f $ {NET}/routed]; ten echo-n "routed" $ {NET}/routed-g-s/* start the program */I 4. in the "file/etc/lilo.conf add one line to enable it at boot time to identify a second network adapter. Append = "ether = 0, 0x320, etl" after completing the above setup, restart the computer, the system will recognize the two network cards, and follow the instructions in the/etc/rc.d/rc.intel "file by following the instructions in the IP address of the NIC, and then sets the mask. After startup is complete, as root root identity into the system, type the following command can be seen on the network card and route information. # Ifconfig/* display the card details */# route/* display the system routing table */our company has a corporate room LAN PC through Linux router touches with local education network, and further through local education network into the Internet. In addition, the author also at Linux Firewall is configured on the router. Practice shows that the firewall is an effective control of the company's internal staff on illegal access, IP address and successful record of each IP address of network traffic, to billing and network management provides. Linux firewall configuration can be done by simple commands one by one, or you can write a shell program to the system startup directory automatically. The command format is very simple, for example: # ipfwadm-A/* for all packets by the router for billing */# ipfwadm-I-aaccept-S162.105.0.0/16/* accept messages from all packets 162.105.0.0 network */# ipfwadm-I-adeny-S159.226.0.0/16/* throw away from all the packets 159.226.0.0 network/# ipfwadm-O-areject-S210.32.0.0/12/* lost to all packets 210.32.0.0 network, and send a reject message to the requester */configure user may act according to the actual need for firewall configuration, in order to achieve the desired effect. Or security brokers help completing the security configuration.
No comments:
Post a Comment