<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9"> <TITLE>Firewall And Proxy Server HOWTO: Linux $B%7%9%F%`$r=`Hw$9$k(B</TITLE> <LINK HREF="Firewall-HOWTO-7.html" REL=next> <LINK HREF="Firewall-HOWTO-5.html" REL=previous> <LINK HREF="Firewall-HOWTO.html#toc6" REL=contents> </HEAD> <BODY> <A HREF="Firewall-HOWTO-7.html">$B<!$N%Z!<%8(B</A> <A HREF="Firewall-HOWTO-5.html">$BA0$N%Z!<%8(B</A> <A HREF="Firewall-HOWTO.html#toc6">$BL\<!$X(B</A> <HR> <H2><A NAME="s6">6. Linux $B%7%9%F%`$r=`Hw$9$k(B</A></H2> <P>$B$G$-$k$@$1>.$5$$5,LO$G!"(BLinux $B%7%9%F%`$r%$%s%9%H!<%k$7$^$9!#(B $B;d$,%$%s%9%H!<%k$r$9$k$H$-$O!"$^$:%5!<%P$N@_Dj$r9T$$!"<!$$$G(B /etc/inetd.conf $B$GITI,MW$J%5!<%S%9$r30$7$^$9!#(B $B99$K%;%-%e%j%F%#$r9b$a$?$$$J$i!"ITI,MW$J%5!<%S%9$O(B $B%"%s%$%s%9%H!<%k$7$F$7$^$$$^$7$g$&!#(B <P>$BKX$I$N%G%#%9%H%j%S%e!<%7%g%s$O<+J,$NL\E*$K1~$8$?%+!<%M%k$K(B $B$J$C$F$$$^$;$s$+$i!"<+J,$NL\E*$K$"$C$?%+!<%M%k$K(B $B%3%s%Q%$%k$7$J$1$l$P$$$1$^$;$s!#(B $B%U%!%$%"%&%)!<%k0J30$N%3%s%T%e!<%?$G%3%s%Q%$%k$,$G$-$k$J$i!"(B $B$=$l$,0lHVNI$$J}K!$G$9!#(B C $B%3%s%Q%$%i$J$I$N%f!<%F%#%j%F%#$r%U%!%$%"%&%)!<%k$K(B $B%$%s%9%H!<%k$7$F$7$^$C$?>l9g$O!"%+!<%M%k$N@_Dj$,40N;$7$?8e$G(B $B:o=|$7$^$7$g$&!#(B <P> <H2><A NAME="ss6.1">6.1 $B%+!<%M%k$N%3%s%Q%$%k(B</A> </H2> <P> <P>$B$*;H$$$K$J$kM=Dj$N(B Linux $B%G%#%9%H%j%S%e!<%7%g%s$N:G>.8BEY$N%$%s%9%H!<%k$+$i(B $B;O$a$F$/$@$5$$!#(B $B%=%U%H%&%'%"$r8:$i$;$P!"$*;H$$$N%5!<%P$G$N%;%-%e%j%F%#LdBj$N860x$K$J$k(B $B%;%-%e%j%F%#%[!<%k$d%P%C%/%I%"(B ($BIT@5$J<jCJ$G$N?/F~(B) $B!"0?$O%P%0$J$I$,(B $B$h$j>/$J$/$J$j$^$9!#(B <P>$B0BDjHG$N%+!<%M%k$rF~<j$7$F$/$@$5$$!#(B $B;d$N%7%9%F%`$G$O%+!<%M%k(B 2.2.13 $B$r;H$C$F$$$^$9!#(B $B$3$NJ8=q$O$=$N4D6-$G$N@_Dj$r4pK\$K$7$^$7$?!#(B <P>$BE,@Z$J%*%W%7%g%s$G(B Linux $B$N%+!<%M%k$r%3%s%Q%$%k$7$J$1$l$P$$$1$^$;$s!#(B $B%+!<%M%k$N:F9=C[$r$7$?7P83$,$J$$$J$i!"<B9T$9$kA0$K(B Kernel HOWTO, Ethernet HOWTO, NET-2 HOWTO $B$rFI$_$^$7$g$&!#(B <P>$B<!$K%M%C%H%o!<%/4XO"$N@_Dj$r<($7$^$9!#$3$l$,F0:n$9$k$3$H$O3NG'$7$F$"$j$^$9!#(B $B$$$/$D$+$N9`L\$K$O(B ? $B$H$$$&0u$r$D$1$F$$$^$9!#(B $B$3$N$h$&$J@_Dj$r;H$&$D$b$j$J$i!"%A%'%C%/$r$$$l$FA*Br$7$F$/$@$5$$!#(B <P>$B%+!<%M%k$N@_Dj$N0Y$K!";d$O(B "make menuconfig" $B$r;H$C$F$$$^$9!#(B <P>$B!ZLuCm(B: $B8D!9$N9`L\$K$D$$$F$O!"(BConfigure.help $B$NF|K\8lHG$b;29M$K$7$F$/$@$5$$!#(B <A HREF="http://www.linux.or.jp/JF/JFdocs/Configure.help/">http://www.linux.or.jp/JF/JFdocs/Configure.help/</A>$B![(B <P> <PRE> <*> Packet socket [ ] Kernel/User netlink socket [*] Network firewalls [ ] Socket Filtering <*> Unix domain sockets [*] TCP/IP networking [ ] IP: multicasting [*] IP: advanced router [ ] IP: kernel level autoconfiguration [*] IP: firewalling [?] IP: always defragment (required for masquerading) [?] IP: transparent proxy support [?] IP: masquerading --- Protocol-specific masquerading support will be built as modules. [?] IP: ICMP masquerading --- Protocol-specific masquerading support will be built as modules. [ ] IP: masquerading special modules support [*] IP: optimize as router not host < > IP: tunneling < > IP: GRE tunnels over IP [?] IP: aliasing support [*] IP: TCP syncookie support (not enabled per default) --- (it is safe to leave these untouched) < > IP: Reverse ARP [*] IP: Allow large windows (not recommended if <16Mb of memory) < > The IPv6 protocol (EXPERIMENTAL) --- < > The IPX protocol < > Appletalk DDP < > CCITT X.25 Packet Layer (EXPERIMENTAL) < > LAPB Data Link Driver (EXPERIMENTAL) [ ] Bridging (EXPERIMENTAL) [ ] 802.2 LLC (EXPERIMENTAL) < > Acorn Econet/AUN protocols (EXPERIMENTAL) < > WAN router [ ] Fast switching (read help!) [ ] Forwarding between high speed interfaces [ ] PU is too slow to handle full bandwidth QoS and/or fair queueing ---> </PRE> <P>$BA4$F$N@_Dj$r$7$F$+$i!":F%3%s%Q%$%k$7!"%+!<%M%k$r:F%$%s%9%H!<%k$7!"(B $B:F5/F0$7$^$9!#(B <P>$B<!$N$h$&$J%3%^%s%I$G9T$$$^$9(B - <P>1$B9T$N%3%^%s%I$GA4It$r9T$&$K$O!"<!$N$h$&$K$7$^$9!#(B make dep;make clean;make bzlilo;make modules;make modules_install;init 6 <P> <H2><A NAME="ss6.2">6.2 $BFsKg$N%M%C%H%o!<%/%+!<%I$r@_Dj$9$k(B</A> </H2> <P> $B%3%s%T%e!<%?$KFsKg$N%M%C%H%o!<%/%+!<%I$rA^$7$F$$$k$J$i!"(BIRQ $B$HFsKg$N(B $B%+!<%I$N%"%I%l%9$r(B /etc/lilo.conf $B%U%!%$%k$K(B append $B$r;H$C$FL@<(E*$K(B $B2C$($J$1$l$P$J$i$J$$>l9g$,$"$j$^$9!#(B $B;d$N(B lilo $B$N(B append $B9T$O<!$N$h$&$K$J$C$F$$$^$9(B - <P> <PRE> append="ether=12,0x300,eth0 ether=15,0x340,eth1" </PRE> <P>$B!ZLuCm(B: $B%M%C%H%o!<%/%+!<%I$N@_Dj$O!"<!$N$h$&$JJ8=q$b;29M$K$7$F$/$@$5$$!#(B <A HREF="http://www.linux.or.jp/JF/JFdocs/Ethernet-HOWTO.html">http://www.linux.or.jp/JF/JFdocs/Ethernet-HOWTO.html</A><P> <A HREF="http://www.linux.or.jp/JF/JFdocs/Multiple-Ethernet.html">http://www.linux.or.jp/JF/JFdocs/Multiple-Ethernet.html</A>$B![(B <P> <P> <H2><A NAME="ss6.3">6.3 $B%M%C%H%o!<%/%"%I%l%9$N@_Dj(B</A> </H2> <P> $B$5$F!"9=C[:n6H$bLLGr$$$H$3$m$K$-$F$$$^$9!#(B $B$3$NJ8=q$G$O(B LAN $B$r@_Dj$9$kJ}K!$K$D$$$F?<$/$O@bL@$7$^$;$s!#(B $B$3$N7o$K$D$$$F$N$"$J$?$NLdBj$r2r7h$9$k$K$O!"(B Networking-HOWTO $B$r(B $BFI$s$G$/$@$5$$!#(B <P>$B!ZLuCm(B: Networking-HOWTO $B$NF|K\8lLu$O!"<!$N$H$3$m$K$"$j$^$9!#(B <A HREF="http://www.linux.or.jp/JF/JFdocs/NET3-4-HOWTO.html">http://www.linux.or.jp/JF/JFdocs/NET3-4-HOWTO.html</A>$B![(B <P>$B$"$J$?$NL\E*$O!"%U%#%k%?%j%s%0%U%!%$%"%&%)!<%k$rDL$7$F!"Fs$D$N(B $B%M%C%H%o!<%/@\B3$rDs6!$9$k$3$H$G$9!#(B $B%$%s%?!<%M%C%H>e$K0l$D(B($B0BA4$G$J$$B&(B)$B$H(B LAN ($BJD$8$?B&(B) $B$K0l$D$H$$$&$3$H$K(B $B$J$j$^$9!#(B <P> <P>$B$H$K$+$/!"$$$/$D$+$N$3$H$r7hDj$7$J$1$l$P$J$j$^$;$s!#(B <P> <P> <OL> <LI> $BK\J*$N(B IP $BHV9f$r;H$$$^$9$+!"$=$l$H$b(B LAN $B$K$OE,Ev$JHV9f$r;XDj$7$^$9$+!#(B</LI> <LI> $B$"$J$?$N(B ISP $B$+$i3d$jEv$F$i$l$kHV9f$r;H$$$^$9$+!"(B $B$=$l$H$b!"@EE*$J(B IP $BHV9f$r;H$$$^$9$+!#(B</LI> </OL> <P>$B%W%i%$%Y!<%H$J%M%C%H%o!<%/$K%$%s%?!<%M%C%H$+$i$N%"%/%;%9$r(B $B5v2D$7$?$/$J$$$o$1$G$9$+$i!"(B "$BK\J*$N%"%I%l%9(B" $B$r;H$&I,MW$O(B $B$"$j$^$;$s!#(B $B%W%i%$%Y!<%H(B LAN $B$KBP$7$FE,Ev$J%"%I%l%9$r?6$k$3$H$O$G$-$^$9$,!"(B $B$3$l$O$*4+$a$G$-$^$;$s!#(B $B%G!<%?$,(B LAN $B$+$i$"$k7PO)$rDL$C$FO3$l$F$7$^$C$?$i!"$I$3$+$N%7%9%F%`$N(B $B%]!<%H$^$GFO$$$F$7$^$$$^$9!#(B <P>$B%W%i%$%Y!<%H%M%C%H%o!<%/MQ$K<h$j$o$1$i$l$F$$$k4v$D$+$N(B $B%$%s%?!<%M%C%H%"%I%l%9$NHO0O$,$"$j$^$9!#(B 192.168.1.xxx $B$b$3$NCf$KF~$C$F$$$F!"$3$NJ8=q$G$O$3$l$rNc$K;H$$$^$9!#(B <P>$B$3$N?tCM$r;H$&0Y$K$O(B IP $B%^%9%+%l!<%I$r;H$&I,MW$,$"$j$^$9!#(B $B$3$NJ}K!$G(B $B%U%!%$%"%&%)!<%k$O%Q%1%C%H$r%U%)%o!<%I$7$F!"(B $B%$%s%?!<%M%C%H>e$G(B "$BK\J*$N(B" $B%"%I%l%9$KJQ49$7$^$9!#(B <P>$B$3$N$h$&$J%k!<%F%#%s%0$G$-$J$$(B IP $B%"%I%l%9$r;H$($P!"$"$J$?$N%M%C%H%o!<%/$O(B $B$h$j0BA4$K$J$j$^$9!#(B $B%$%s%?!<%M%C%H%k!<%?$O!"$3$N$h$&$J%W%i%$%Y!<%H%"%I%l%9$N$D$$$?%Q%1%C%H$r(B $BDL$7$^$;$s!#(B <P>$B$3$N7o$K4X$7$F$O!"<!$NJ8=q$rFI$s$@$[$&$,$h$$$G$7$g$&!#(B <A HREF="http://members.home.net/ipmasq/">IP Masquerading HOWTO</A><P>$B!ZLuCm(B: IP Masquerade HOWTO $B$NF|K\8lLu$O!"<!$N$H$3$m$K$"$j$^$9!#(B <A HREF="http://www.linux.or.jp/JF/JFdocs/IP-Masquerade.html">http://www.linux.or.jp/JF/JFdocs/IP-Masquerade.html</A>$B![(B <P> <PRE> 24.94.1.123 __________ 192.168.1.1 _/\__/\_ \ | $B%U%!%$%"(B | / _______________ |$B%$%s%?!<(B| \| $B%&%)!<%k(B |/ | $B%o!<%/(B | / $B%M%C%H(B \--------| $B%7%9%F%`(B |------------| $B%9%F!<%7%g%s(B | \_ _ _ _/ |__________| |_______________| \/ \/ \/ </PRE> <P>$B$*;H$$$N%$%s%?!<%M%C%HMQ%M%C%H%o!<%/%+!<%I$K3d$jEv$F$k$?$a$N(B "$BK\J*$N(B" IP $B%"%I%l%9$r;}$C$F$$$J$1$l$P$$$1$^$;$s!#(B $B$3$N%"%I%l%9$O!"$"$J$?$K1JB3E*$K3d$jEv$F$i$l$?$b$N(B ($B@EE*$J(B IP $B%"%I%l%9(B) $B$G$b$$$$$G$9$7!"(B PPP $B%W%m%;%9$K$h$k%M%C%H%o!<%/$X$N@\B3;~$K(B $B3d$jEv$F$i$l$?$b$N$G$b$+$^$$$^$;$s!#(B <P>$BFbB&$N(B IP $BHV9f$r3d$jEv$F$^$9!#(B $B$?$H$($P(B LAN $B%+!<%I$KBP$7$F(B 192.168.1.1 $B$N$h$&$K$7$^$9!#(B $B$3$l$O%2!<%H%&%'%$%"%I%l%9$K$J$j$^$9!#(B $BJ]8n$5$l$?%M%C%H%o!<%/(B (LAN) $B$K$$$kB>$NA4$F$N%^%7%s$K$O!"(B 192.168.1.xxx $B$NHO0O(B (192.168.1.2 $B$+$i(B 192.168.1.254 $B$^$G(B) $B$NHV9f$r(B $B3d$jEv$F$k$3$H$,$G$-$^$9!#(B <P>$B;d$O(B RedHat Linux $B$r;HMQ$7$F$$$^$9!#(B $B5/F0;~$K%M%C%H%o!<%/$r@_Dj$9$k$?$a!";d$O(B /etc/sysconfig/network-scripts $B$H$$$&%G%#%l%/%H%j$K$"$k(B ifcfg-eth1 $B%U%!%$%k$K5-=R$rDI2C$7$F$$$^$9!#(B $B$3$N%G%#%l%/%H%j$K(B ifcfg-ppp0 $B$d(B ifcfg-tr0 $B$H$$$&%U%!%$%k$b$"$k$O$:$G$9!#(B'ifcfg-' $B$H$$$&%U%!%$%k$O!"(B RedHat $B$G!"5/F0;~$K%M%C%H%o!<%/%G%P%$%9$r(B $B@_Dj$7!";HMQ2DG=$K$9$k0Y$K;H$o$l$F$$$^$9!#(B $B@\B3$N%?%$%W$K$h$C$FL>A0$,$D$1$i$l$F$$$^$9!#(B <P>$B$3$l$,(B ifcfg-eth1($BFs$DL\$N%$!<%5%M%C%H%+!<%I(B)$B$NNc$G$9(B - <P> <PRE> DEVICE=eth1 IPADDR=192.168.1.1 NETMASK=255.255.255.0 NETWORK=192.168.1.0 BROADCAST=192.168.1.255 GATEWAY=24.94.1.123 ONBOOT=yes </PRE> <P>$B%@%$%"%k%"%C%W@\B3$r$9$k$D$b$j$J$i!"(Bifcfg-ppp0 $B$H(B chat-ppp0 $B$r8+$J$1$l$P(B $B$J$j$^$;$s!#(B $B$3$l$i$O(B PPP $B@\B3$r@)8f$7$^$9!#(B <P>$B$3$N>l9g$N(B ifcfg $B%U%!%$%k$O<!$N$h$&$K$J$j$^$9(B - <P> <PRE> DEVICE="ppp0" ONBOOT="yes" USERCTL="no" MODEMPORT="/dev/modem" LINESPEED="115200" PERSIST="yes" DEFABORT="yes" DEBUG="yes" INITSTRING="ATZ" DEFROUTE="yes" HARDFLOWCTL="yes" ESCAPECHARS="no" PPPOPTIONS="" PAPNAME="LoginID" REMIP="" NETMASK="" IPADDR="" MRU="" MTU="" DISCONNECTTIMEOUT="" RETRYTIMEOUT="5" BOOTPROTO="none" </PRE> <P> <P> <H2><A NAME="ss6.4">6.4 $B%M%C%H%o!<%/$r;n$7$F$_$k(B</A> </H2> <P> ifconfig $B$H(B route $B%3%^%s%I$r;H$C$F$_$^$7$g$&!#(B $BFsKg$N%M%C%H%o!<%/%+!<%I$r;H$C$F$$$k$J$i!"<!$N$h$&$KI=<($5$l$^$9!#(B <P> <PRE> #ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:1620 errors:0 dropped:0 overruns:0 TX packets:1620 errors:0 dropped:0 overruns:0 collisions:0 txqueuelan:0 eth0 Link encap:10Mbps Ethernet HWaddr 00:00:09:85:AC:55 inet addr:24.94.1.123 Bcast:24.94.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1000 errors:0 dropped:0 overruns:0 TX packets:1100 errors:0 dropped:0 overruns:0 collisions:0 txqueuelan:0 Interrupt:12 Base address:0x310 eth1 Link encap:10Mbps Ethernet HWaddr 00:00:09:80:1E:D7 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1110 errors:0 dropped:0 overruns:0 TX packets:1111 errors:0 dropped:0 overruns:0 collisions:0 txqueuelan:0 Interrupt:15 Base address:0x350 </PRE> <P>$B99$K7PO)%F!<%V%k$O<!$N$h$&$K$J$j$^$9(B - <P> <PRE> #route -n Kernel routing table Destination Gateway Genmask Flags MSS Window Use Iface 24.94.1.0 * 255.255.255.0 U 1500 0 15 eth0 192.168.1.0 * 255.255.255.0 U 1500 0 0 eth1 127.0.0.0 * 255.0.0.0 U 3584 0 2 lo default 24.94.1.123 * UG 1500 0 72 eth0 </PRE> <P><B>$BCm0U(B - </B> 24.94.1.0 $B$O!"$3$N%U%!%$%"%&%)!<%k$N%$%s%?!<%M%C%HB&$G!"(B 192.168.1.0 $B$O%W%i%$%Y!<%H(B( LAN )$BB&$K$J$j$^$9!#(B <P>LAN $B>e$K$"$kA4$F$N%3%s%T%e!<%?$,!"%U%!%$%"%&%)!<%k%7%9%F%`$NFbB&$N(B $B%"%I%l%9$K(B ping $B$G$-$k$+$I$&$+$rD4$Y$^$7$g$&(B ($B$3$3$G$O(B 192.168.1.1 $B$rNc$K$7$F$$$^$9(B)$B!#(B $B$&$^$/$G$-$J$$$J$i!":FEY(B NET-2 HOWTO $B$r8+$F$/$@$5$$!#(B $B$=$7$F!"$b$&>/$7%M%C%H%o!<%/$K$D$$$FD4$Y$F$/$@$5$$!#(B <P>$B<!$K!"%U%!%$%"%&%)!<%k$+$i%$%s%?!<%M%C%H%7%9%F%`$K(B ping $B$r;n$7$F$_$^$9!#(B $B;d$O%F%9%H%]%$%s%H$H$7$F(Bwww.internic.net $B$r;H$C$F$$$^$9!#(B $B$b$7$3$l$,$&$^$/F0$+$J$1$l$P!"$*;H$$$N(B ISP $B$G$N%5!<%P$r;n$7$F$_$^$9!#(B $B$3$l$,$&$^$/F0$+$J$1$l$P!"$"$J$?$N%$%s%?!<%M%C%H@\B3$N$I$3$+$,$-$A$s$H(B $B@_Dj$5$l$F$$$^$;$s!#(B $B%U%!%$%"%&%)!<%k$+$i$O!"%$%s%?!<%M%C%H$N$"$i$f$k>l=j$K@\B3$G$-$J$1$l$P(B $B$J$j$^$;$s!#(B $B%G%U%)%k%H$N%2!<%H%&%'%$$N@_Dj$r8+D>$7$F$/$@$5$$!#(B $B%@%$%"%k%"%C%W@\B3$r;H$C$F$$$k$J$i!"%f!<%6(B ID $B$H%Q%9%o!<%I$r(B $B8+D>$7$F$/$@$5$$!#(B Net-2 HOWTO $B$r$b$&0lEYFI$s$G$+$i:FEY;n$7$F$/$@$5$$!#(B <P> <HR> <PRE> $B$"$J$?$N(B LAN $B>e$K$"$k%3%s%T%e!<%?$+$i!"%U%!%$%"%&%)!<%k(B(24.94.1.123) $B$N(B $B30B&$N%"%I%l%9$K(B ping $B$r;n$7$F$_$^$9!#(B $B$3$l$OF0$+$J$$$O$:$G$9!#(B $B$b$7(B ping $B$G$-$k$J$i!"$"$J$?$O%^%9%+%l!<%I$r9T$C$F$$$k$+!"(B IP $B%U%)%o!<%G%#%s%0$r;H$C$F$$$k$+!"$"$J$?$O4{$K2?$i$+$N(B $B%Q%1%C%H%U%#%k%?%j%s%0$r@_Dj$7$F$$$k$N$G$9!#(B $B$=$l$i$rL58z$K$7$F:FEY;n$7$F$/$@$5$$!#(B $B%U%#%k%?%j%s%0$,@5$7$$>uBV$K$"$k$3$H$r3NG'$7$J$1$l$P$J$j$^$;$s!#(B </PRE> <HR> <P>2.1.102 $B$h$j?7$7$$%+!<%M%k$KBP$7$F$O!"0J2<$N%3%^%s%I$,;H$($^$9(B - <P> <PRE> echo "0" > /proc/sys/net/ipv4/ip_forward </PRE> <P>($B2?8N$+$OJ,$+$j$^$;$s$,(B) $B8E$$%+!<%M%k$r;H$C$F$$$k$J$i!"%U%)%o!<%I$r(B $BL58z$K$7$F%+!<%M%k$r:F%3%s%Q%$%k$7$J$1$l$P$$$1$J$$$G$7$g$&(B ($B%+!<%M%k$N%"%C%W%0%l!<%I$r$9$k$N$K$A$g$&$I$$$$5!2q$G$9(B)$B!#(B <P>$B:FEY%U%!%$%"%&%)!<%k(B (24.94.1.123) $B$N%"%I%l%9$N30B&$K8~$1$F(B ping $B$r(B $B;n$7$^$9!#(B $BF0$$$F$O$$$1$J$$$N$G$9!#(B <P>$B$3$3$^$G$r3NG'$7$?$H$3$m$G!"(BIP $B%U%)%o!<%G%#%s%05Z$S(B/$BKt$O(B IP $B%^%9%+%l!<%I$r(B $BM-8z$K$7$^$9!#(B $B$"$J$?$N(B LAN $B>e$N$I$s$J%7%9%F%`$+$i%$%s%?!<%M%C%H>e$N$I$N$h$&$J>l=j$K$b(B ping $B$,2DG=$K$J$k$O$:$G$9!#(B <P> <PRE> echo "1" > /proc/sys/net/ipv4/ip_forward </PRE> <P><B>$B=EMW$JCm0U(B - </B> $B$b$7!"$"$J$?$,(B LAN $B>e$G!"(B (192.168.1.* $B$G$O$J$$(B) "$BK\J*$N(B" IP $B%"%I%l%9$r;H$C$F$$$F!"(B $B%$%s%?!<%M%C%H$X(B ping $B$G$-$J$$$,!"$"$J$?$N%U%!%$%"%&%)!<%k$N(B $B%$%s%?!<%M%C%HB&$K$O(B ping $B$G$-$k>l9g$O!"@\B3@h$N(B ISP $B$,(B $B$"$J$?$N%W%i%$%Y!<%H%M%C%H%o!<%/$N%"%I%l%9$+$i$N%Q%1%C%H$r(B $B%k!<%F%#%s%0$7$F$$$k$+$I$&$+3NG'$7$F$/$@$5$$!#(B <P>$B!ZLuCm(B: $B$3$3$G$O%f!<%6$N%^%7%sA4$F$K%0%m!<%P%k(B IP $B$r3d$jEv$F$F$$$k(B $B>l9g$r@bL@$7$F$$$^$9!#![(B <P>$B$3$NLdBj$r%F%9%H$9$k$K$O!"%$%s%?!<%M%C%H>e$NC/$+(B ($BNc$($P%m!<%+%k$N%W%m%P%$%@$r;H$C$F$$$kM'?M$KMj$s$G(B) $B$K!"$"$J$?$N(B $B%M%C%H%o!<%/$K(B traceroute $B$7$F$b$i$&$3$H$G$9!#(B traceroute $B$K$h$k7PO)C5:w$,!"$"$J$?$,;H$C$F$$$k%W%m%P%$%@$N%k!<%?$G(B $BDd;_$9$k$J$i!"%W%m%P%$%@$O$"$J$?$N%H%i%U%#%C%/$rE>Aw$7$F$$$J$$$N$G$9!#(B <P>$BF0$-$^$7$?$+(B? $BAG@2$i$7$$!#Fq$7$$>l=j$O=*$o$j$^$7$?!#(B:-) <P> <H2><A NAME="ss6.5">6.5 $B%U%!%$%"%&%)!<%k$r0BA4$K$9$k(B</A> </H2> <P>$B%U%!%$%"%&%)!<%k$O!"$=$l$,F0:n$7$F$$$k%7%9%F%`$=$N$b$N$,!"967b$KBP$7$F(B $B9-$/3+$1$CJ|$7$K$J$C$?$^$^$@$H!"$J$s$i0UL#$r$J$7$^$;$s!#(B "$B0-$$E[$i(B" $B$O(B $B%U%!%$%"%&%)!<%k0J30$N%5!<%S%9$rDL$7$F(B $B%"%/%;%9$7$F$7$^$$$^$9$7!"9%$->!<j$KJQ99$7$F$7$^$$$^$9!#(B $BITMW$J%5!<%S%9$O$I$l$bL58z$K$7$J$1$l$P$J$j$^$;$s!#(B <P>/etc/inetd.conf $B%U%!%$%k$r8+$F$/$@$5$$!#(B $B$3$l$O(B "super server" $B$H$7$FCN$i$l$k(B inetd $B$r@_Dj$9$k(B $B%U%!%$%k$G$9!#(B inetd $B$OBt;3$N%5!<%P%G!<%b%s$r@)8f$7!"(B"well known" $B%]!<%H(B $B$X$NMW5a%Q%1%C%H$,E~Ce$9$k$H!"$=$l$i$r%9%?!<%H$5$;$^$9!#(B <P>$B!ZLuCm(B: well known port $B$O!"(B TCP/UDP $B%]!<%HHV9f(B 1024 $BHV0J2<$N%]!<%H$r(B $B;X$7$^$9!#![(B <P>echo, discard, daytime, chargen, ftp, gopher, shell, login, exec, talk, ntalk, pop-2, pop-3, netstat, systat, tftp, bootp, finger, cfinger, time, swat $B$=$7$F(B linuxconfig $BEy$OA4$FL58z$K$7$^$7$g$&!#(B <P>$B%5!<%S%9$rJQ99$9$k$K$O!"%5!<%S%99T$N:G=i$NJ8;z$K(B # $B$rCV$-$^$9!#(B $B$3$l$,:Q$s$@$i(B <B>"kill -HUP <pid>"</B> $B$rAw$j$^$9!#(B <pid> $B$K$O!"(Binetd $B$N%W%m%;%9HV9f$r=q$-$^$9!#(B $B$3$&$9$k$H$=$N@_Dj%U%!%$%k$r:FFI$5$;!"%7%9%F%`$rDd;_$5$;$J$$$G(B $B:F%9%?!<%H$7$^$9!#(B <P>$B!ZLuCm(B: killall $B$H$$$&%3%^%s%I$,$"$j$^$9!#(B man killall $B$bD4$Y$F$/$@$5$$!#(B killall -HUP inetd $B$,;H$($^$9!#![(B <P>$B%U%!%$%"%&%)!<%k$N(B port 15 (netstat) $B$KBP$7$F(B telnet $B$7$F$_$F$/$@$5$$!#(B $B2?$+=PNO$9$k$h$&$J$i!"%5!<%S%9$OL58z$K$J$C$F$$$^$;$s!#(B <P>telnet localhost 19 <P>/etc/nologin $B$H$$$&%U%!%$%k$r:n@.$9$k$3$H$b$G$-$^$9!#(B BUZZ OFF ($B7R$,$J$$$N0UL#(B) $B$N$h$&$K!"$3$N%U%!%$%k$K$A$g$C$H$7$?%F%-%9%H$r(B $B=q$-$^$9!#(B $B$3$N%U%!%$%k$,B8:_$9$k$H!"(B login $B$O%f!<%6$N%m%0%*%s$r5v2D$7$^$;$s!#(B $B%f!<%6$O$3$N%U%!%$%k$NFbMF$r8+$k$3$H$K$J$j!"%m%0%$%s$O5qH]$5$l$^$9!#(B root $B$@$1$,%m%0%$%s$G$-$^$9!#(B <P>/etc/securetty $B$H$$$&%U%!%$%k$bJT=8$G$-$^$9!#(B $B%f!<%6$,(B root $B$J$i!"(B /etc/securetty $B$KNs5s$5$l$?(B tty $B$+$i$7$+(B $B%m%0%$%s$G$-$^$;$s!#(B $B<:GT$9$k$H!"(B syslog $B5!G=$G5-O?$5$l$^$9!#(B $B$3$l$i$NN>J}$N%3%s%H%m!<%k$rM-8z$K$9$l$P!"%U%!%$%"%&%)!<%k$X$N%m%0%*%s$O!"(B root $B$H$7$F%3%s%=!<%k7PM3$G$7$+9T$($J$/$J$j$^$9!#(B <P>$B@dBP$K(B telnet $B$G(B root $B$H$7$F%m%0%$%s$7$F$O$$$1$^$;$s!#(B $B%j%b!<%H(B root $B$rI,MW$H$9$k$J$i!"(BSSH (Secure Shell) $B$G%"%/%;%9$7$^$9!#(B telnet $B$OL58z$K$9$Y$-$G$7$g$&!#(B <P>$B?4G[@-$J?M$O!"(Blids (Linux Intrusion Detect System $B3d$j9~$_8!CN%7%9%F%`(B) $B$r;H$&I,MW$,$"$k$+$b$7$l$^$;$s!#(B $B$3$l$O(B Linux $B%+!<%M%k$KBP$9$k?/F~6X;_%7%9%F%`$N%Q%C%A$G$9!#(B $B=EMW$J%U%!%$%k$r2~cb$+$i<i$j$^$9!#(B $B$3$N;EAH$_$r;H$&$H!"(B $BKI8fBP>]$N%U%!%$%k$d%G%#%l%/%H%j!"99$K$=$NG[2<$N(B $B%5%V%G%#%l%/%H%j$O(B (root $B$r4^$a$F(B) $BC/$bJQ99$G$-$J$/$J$j$^$9!#(B $B$3$N$h$&$J0BA42=$5$l$?%U%!%$%k$rJQ99$9$k$K$O!"(B LILO $B$N@_Dj$G(B security=1 $B$r;XDj$7$F%7%9%F%`$r%j%V!<%H$5$;$J$1$l$P$J$j$^$;$s(B ($B;d$J$i%7%s%0%k%f!<%6%b!<%I$G5/F0$5$;$k$G$7$g$&(B)$B!#(B <P> <P> <HR> <A HREF="Firewall-HOWTO-7.html">$B<!$N%Z!<%8(B</A> <A HREF="Firewall-HOWTO-5.html">$BA0$N%Z!<%8(B</A> <A HREF="Firewall-HOWTO.html#toc6">$BL\<!$X(B</A> </BODY> </HTML>