A firewall can be divided into several different security levels.
On Linux, because there are many different firewall software to choose from, security can be low to high, the most complex software can provide almost no penetration protection. However, the Linux kernel itself has a built in is called the "camouflage" simple mechanisms, in addition to the most dedicated hacker attack, can withstand live most of the attacks. When we dial-up link on the Internet, our computer will be assigned to one IP address, allowing online information to others who return to our computer. A hacker is to use your IP to access the information on your computer. Linux uses the "IP masquerading" method, is to hide your IP, do not let others on the network. There are several groups of IP addresses is specifically reserved for the local network using the Internet backbone routers, and does not recognize. Like the author's computer IP is 192.168.1.127, but if you enter this address into your browser, to believe anything or not received, this is because Internet backbone is they do not know the 192.168.X.X IP-group. On the other Intranet has innumerable computer that is using the same IP, because you cannot access, of course not penetrated or cracked. So, to solve the security issues on the Internet, it seems to be a simple matter, as long as your computer selected a someone else cannot access by IP address, anything. Wrong! because when you browse the Internet, also require a server data sent to you at your screen can't see anything, but the server can only be sent to the information in Internet backbone on legitimate IP addresses. "IP masquerading" is used to resolve this dilemma. When you have a Linux computer, setting to use "IP masquerading", it adds the two internal and external network bridge, and automatically translating from the inside to the outside or from external to internal IP address, usually this movement is called network address translation. In fact, the "IP masquerading" than the more complicated. Basically, the "IP masquerading" server set up between two networks. If you use analog dial-up modem to access the data on the Internet, this is one of the network; your internal network usually corresponds to an Ethernet card, this is the second network. If you are using a DSL modem or cable modem (CableModem), then the system will have a second Ethernet card, instead of an analog modem. Which Linux can manage each of these network IP address, so if you have a Windows computer (IP to 192.168.1.25), located on the second network (Etherneteth1), to access is located in the Internet (Etherneteth0), cable modem (207.176.253.15), Linux "IP masquerading" will be blocked from your browser by all TCP/IP packets, taking the original local addresses (192.168.1.25), then the real address (207.176.253.15). Then, when the server returns the information to 207.176.253.15, Linux will automatically block return packets, and back to the correct local address (192.168.1.25). Linux manages several local computer, and handle every packet, without confusion. Authors have an installation of old 486 computer SlackWareLinux, can simultaneously handle four computer sent to cable modem packets, but does not reduce the speed. In the second edition of the core, "IP masquerading" is sent to the IP management module (IPFWADM, IPfwadm) to manage. The second edition of core while providing a faster, more complex IPCHAINS, continued to provide IPFWADMwrapper to maintain backward compatibility.
No comments:
Post a Comment