<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9"> <TITLE>ADSL HOWTO for Linux Systems: Linux $B$N@_Dj(B</TITLE> <LINK HREF="DSL-HOWTO-8.html" REL=next> <LINK HREF="DSL-HOWTO-6.html" REL=previous> <LINK HREF="DSL-HOWTO.html#toc7" REL=contents> </HEAD> <BODY> <A HREF="DSL-HOWTO-8.html">$B<!$N%Z!<%8(B</A> <A HREF="DSL-HOWTO-6.html">$BA0$N%Z!<%8(B</A> <A HREF="DSL-HOWTO.html#toc7">$BL\<!$X(B</A> <HR> <H2><A NAME="s7">7. Linux $B$N@_Dj(B</A></H2> <P>ANT $B$N@\B3$,=*$C$FF14|?.9f$,3NG'$G$-$?$i!"(BLinux $B$r@_Dj$9$k(B $B=`Hw$,@0$C$?$3$H$K$J$j$^$9!#$^$?F1;~$K(B ISP $B$X$N@\B33NG'$N(B $B=`Hw$b$G$-$F$$$^$9!#$3$3$G$O(B Linux $B$rNc$K@bL@$7$F$$$-$^$9$,!"(B10BaseT $B%G%P%$%9$r$b$D$b$N$G$"$l$P2?$G$b(B ANT $B$K@\B3$G$-$^$9!#$?$H$($P(B $B%k!<%?!"%O%V!"(BPC$B!"$J$I;H$$$?$$$b$N$J$i2?$G$b(B OK $B$G$9!#(B <P><B> $BCm0U(B!</B> <EM>ISP$B$K@\B3$9$kA0$K(B</EM>$B!"(BADSL $B7PM3$G%$%s%?!<%M%C%H(B $B$KD>@\@\B3$9$k:]$KI,MW$H$J$k!"%;%-%e%j%F%#$K$D$$$F$NLdBj$rA4$FM}2r$7$F(B $B$$$k$3$H$,I,MW$H$J$j$^$9!#(BISP $B$K$b$h$j$^$9$,!"%$%s%?!<%M%C%H$N$"$A$3$A(B $B$+$i!"$"$J$?$N%7%9%F%`$K%"%/%;%9$,$G$-$k$h$&$K$J$j$^$9!#$G$9$+$i!"%]!<%H(B $B$r$U$5$$$@$j!"%5!<%S%9$rMn$7$?$j$9$k5!G=$r;}$D2?$i$+$N%U%!%$%"!<%&%)!<%k(B $B$r@_$1$k$Y$-$G$9!#$^$?%$%s%?!<%M%C%H$K%^%7%s$r@\B3$9$kA0$K$O%Q%9%o!<%I(B $B$r@_Dj$9$kI,MW$b$"$j$^$9!#%;%-%e%j%F%#$K$D$$$F$N35MW$rCN$j$?$$$J$i!"(B <EM>Security-HOWTO</EM> $B$rFI$`$3$H$r$*4+$a$7$^$9!#(B <P> <H2><A NAME="ss7.1">7.1 NIC $B$N%$%s%9%H!<%k$H@\B3(B</A> </H2> <P>Linux $B%^%7%s$K(B NIC $B$r%$%s%9%H!<%k$7$F!"%+!<%M%k$r@_Dj$7$F!"$=$l$+$i(B...$B!#(B $B$3$NFbMF$K$D$$$F$O!"3F<o$N(B Linux $B$N;29MJ88%$r8+$F$/$@$5$$!#$^$?(B <EM>Ethernet-HOWTO</EM> $B$K>\:Y$J5-=R$,$"$j$^$9$N$G!"8+$F$*$$$F$/$@$5$$!#(B <P>NIC $B$H(B ANT $B$O(B RJ45 $B%1!<%V%k$G@\B3$7$F$/$@$5$$!#(B<B>$BIU5-(B</B> ANT $B$NCf$K$O(B $B$9$G$K(B 10baseT $B$N%/%m%9!&%1!<%V%k$GG[@~$5$l$k$3$H$rA0Ds$K$7$F$$$k$b$N$,$"$j(B $B$^$9!#(B NIC $B$rD>@\$D$J$0$N$K$O(B $B%/%m%9$G$O$J$/%9%H%l!<%H$N%+%F%4%j(B 5 $B%1!<%V%k(B $B$,I,MW$G$9!#;d$O$3$l$,$o$+$k$^$G!"H>F|$b;~4V$rHq$7$F$7$^$$$^$7$?!#F1$82a$A(B $B$r$*$+$5$J$$$h$&$K$^$:2r@b=q$rFI$s$G3NG'$7$F$/$@$5$$!#(B <P> <H2><A NAME="ss7.2">7.2 $B%$!<%5%M%C%H!&%$%s%?!<%U%'!<%9$N@_Dj(B</A> </H2> <P>IP $B%"%I%l%9!"%5%V%M%C%H!&%^%9%/!"%G%U%)%k%H!&%2!<%H%&%'%$!"(BDNS $B%5!<%P$N(B $B>pJs$r@_Dj$7$F$/$@$5$$!#(BLinux $B$N%G%#%9%H%j%S%e!<%7%g%s(B(RH, debian, Slackware, S.U.S.E.)$B$4$H$K@_DjJ}K!$,0[$J$j$^$9!#<+J,$N>l9g$O$I$&$J$N$+(B $B3NG'$7$F$/$@$5$$!#$b$A$m$s(B <CODE>ifconfig</CODE> $B$d(B <CODE>route</CODE> $B%3%^%s%I$r;H$C$F(B $B@_Dj$9$k$3$H$b$G$-$^$9!#>\$7$$>pJs$O(B <EM>NET3-HOWTO</EM> $B$r8+$F$/$@$5$$!#(B <P>$B@_Dj$,=*$C$?$i!"(BISP $B$+$i;XDj$5$l$?(B $B%G%U%)%k%H!&%2!<%H%&%'%$$N%"%I%l%9$K(B ping $B$G$-$k$+3NG'$7$F$/$@$5$$!#@.8y$9$l$P!"(B20 ms $B$0$i$$$N%i%&%s%I%H%j%C%W!&(B $B%?%$%`$G@\B3$5$l$k$O$:$G$9!#$*$a$G$H$&$4$6$$$^$9!#%$%s%?!<%M%C%H$N@$3&$X(B $B$h$&$3$=!*(B <P> <H2><A NAME="ss7.3">7.3 $B%k!<%?$N@_Dj(B</A> </H2> <P>$B$"$J$?$N@_Dj$K$h$j$^$9$,!"$$$/$D$+9MN8$7$J$1$l$P$J$i$J$$LdBj$,$"$j$^$9!#(B $B%U%!%$%"!<%&%)!<%k$N@_Dj$d$=$l$K4XO"$7$?@_Dj$G$9!#;d$N>l9g$r!"?^(B 3 $B$KNc<($7(B $B$^$9!#8E$$(B i486 $B%^%7%s$r%U%!%$%"!<%&%)!<%k7s%k!<%?$H$7$F(B ADSL $B$H(B $B;D$j$N(B $B%^%7%s4V$KCV$$$F$"$j$^$9!#(B $B%W%i%$%Y!<%H(B LAN $B$O(B $B%W%i%$%Y!<%H!&%"%I%l%9$r(B $B;HMQ$7$F$$$F!"(BLAN $B$H%$%s%?!<%M%C%H4V$O%k!<%?$G(B IP $B%^%9%+%l!<%G%#%s%0$H(B $B%U%!%$%"!<%&%)!<%k$r9T$C$F$$$^$9!#>\$7$$$3$H$O!"(B<EM>IP_Masquerading-HOWTO</EM> $B$H(B <EM>Firewall-HOWTO</EM> $B$r8+$F$/$@$5$$!#;d$N7P83$G$O(B Linux $B$O%k!<%F%#%s%0$d(B $B%U%!%$%"!<%&%)!<%k$KM%$l$?G=NO$rH/4x$7$^$9!#$*$^$1$K;THN$N%k!<%?$h$j0B2A$G(B $B$9$N$G!"2H$G%I%"%9%H%C%Q!<$J$C$F$$$k8E$$(B 386 $B$d(B 486 $B$N%^%7%s$,$J$$$+A\$7$F(B $B$_$F$/$@$5$$!#(B <P> <P> <PRE> <!-- Figure 3: My SOHO Network Setup --> $B?^(B 3: $B;d$N(B SOHO $B%M%C%H%o!<%/$N9=@.(B <!-- <-Private Subnet--> <-Public Subnet-> <-ADSL Line---------> | X----| | X------| X----| |----| | |--------| | |ADSL| Internet | | Linux | |-----|ANT |----------> Service X------|------| System |--------| | | Provider | E1|(Router)|E0 | |----| Router | |--------| | X------| IP_Masq 10baseT IP_Firewall Hub --> <-$B%W%i%$%Y!<%H$J(B--> <-$B%Q%V%j%C%/$J(B-> <-ADSL $B2s@~(B-> $B%5%V%M%C%H(B $B%5%V%M%C%H(B | X----| | X------| X----| |----| | |---------| | |ADSL| $B%$%s%?!<%M%C%H!&(B | | Linux | |-----|ANT |----------> $B%5!<%S%9!&(B X------|------| $B%7%9%F%`(B|---------| | | $B%W%m%P%$%@(B | E1|($B%k!<%?(B) |E0 | |----| $B%k!<%?(B | |---------| | X------| IP $B%^%9%+%l!<%G%#%s%0(B 10baseT IP $B%U%!%$%"!<%&%)!<%k(B $B%O%V(B </PRE> <P> <P>$B;d$O%k!<%?$H$7$F!"(B2 $B$D$N%$!<%5%M%C%H!&%$%s%?!<%U%'!<%9$r$b$D%^%7%s(B(i486 $B$K(B Linux RH 5.0 $B$r$N$;$?$b$N(B)$B$r@_Dj$7$^$7$?!#%$%s%?!<%U%'!<%9$N$&$A$N(B 1 $B$D$O(B ISP $B$N%5%V%M%C%H$H%2!<%H%&%'%$$X$N%k!<%F%#%s%0$N$?$a$G!"$b$&(B 1 $B$D$O$"$k(B $B%/%i%9$N%W%i%$%Y!<%H!&%M%C%H%o!<%/$N%"%I%l%9(B($BNc(B 192.168.2.x)$B$N$?$a$G$9!#(B $B%k!<%?$N2<N.$K$"$k%W%i%$%Y!<%H!&%M%C%H%o!<%/$r@_$1$k$3$H$G!"%;%-%e%j%F%#(B $B$,99$K$+$+$j$^$9!#$H$$$&$N$O!"(BISP $B$N30It$+$iD>@\%"%/%;%9$9$k$3$H$,$G$-$J$/(B $B$J$k$+$i$G$9!#(B $B$3$N$?$a$K%$%s%?!<%M%C%H$K@\B3$9$k$K$O!"%W%i%$%Y!<%H!&%"%I%l%9$r%^%9%+%l!<(B $B%G%#%s%0$9$kI,MW$,$"$j$^$9!#(B <P><B>$BCm0U(B</B> $B%+!<%M%k$,(B IP $B%U%)%o!<%G%#%s%05!G=$rAH$_9~$s$G%3%s%Q%$%k$5$l$F(B $B$$$k$3$H$r3NG'$7$F$+$i!"(BIP $B%U%)%o!<%G%#%s%0$rF0$+$7$F$/$@$5$$!#%A%'%C%/$N(B $B$7$+$?$O!"(B <PRE> cat /proc/sys/net/ipv4/ip_forward </PRE> $B7k2L$,(B 1 $B$@$C$?$iM-8z!"(B0 $B$@$C$?$iL58z$K$J$C$F$$$^$9!#(Behco $B$r;H$C$FE,@Z$JCM$K(B $BJQ99$G$-$^$9!#(B <PRE> (e.g.) echo 1 > /proc/sys/net/ipv4/ip_forward </PRE> $B$3$l$GM-8z$K$J$j$^$9!#(B <P> <H2><A NAME="ss7.4">7.4 $B%U%!%$%"!<%&%)!<%k$H%^%9%+%l!<%G%#%s%0$N@_Dj(B</A> </H2> <P>$B%$%s%?!<%M%C%H$KD>@\@\B3$7$F$$$k$J$i!"%U%!%$%"!<%&%)!<%k$K$h$k4IM}$H(B $B%^%9%+%l!<%G%#%s%05!G=$rK>$`$N$G$O$J$$$G$7$g$&$+!#?^(B 4 $B$,$=$N9=@.$G$9!#(B <P><B>$BCm0U!*(B</B> $B6/D4$7$F$*$-$?$$$3$H$O!"$3$N@_Dj$O0BA4$J4D6-$r$D$/$j(B $B$"$2$k:n6H$N$[$s$N0lIt$K$9$.$J$$!"$H$$$&$3$H$G$9!#$3$NB>$K$b$$$/$D$b$N9MN8(B $B$9$Y$-;v9`$,$"$j$^$9!#%k!<%?$G(B ftp $B$d(B telnet $B$=$NB>$N%5!<%S%9$rMn$7$?$j!"(B $BA4$F$N%Q%9%o!<%I$d%m%0%$%s!&%"%+%&%s%H$r8!>Z$7$?$j(B...$B!#4D6-$K$"$C$?@5$7$$(B $B@_Dj$r$7$F$/$@$5$$!#(B<EM>Security-HOWTO</EM> $B$rFI$`$3$H$bK:$l$:$K!#(B <PRE> <!-- Figure 4: Firewall/Masquerading for ADSL --> $B?^(B 4: ADSL $B$K$*$1$k%U%!%$%"!<%&%)!<%k$H%^%9%+%l!<%G%#%s%0(B <!-- |-------| |-------| |-X ======X| ADSL |=------| Linux |-----| ADSL | ANT | E0| |E1 |-X Private Network Line |-------| |-------| | (e.g. 192.168.2.x) <-------> |... ISP Subnet or host (Public Net Address) --> |-------| |-------| |-X ======X| ADSL |=------| Linux |-----| ADSL | ANT | E0| |E1 |-X $B%W%i%$%Y!<%H$J%M%C%H%o!<%/(B $B2s@~(B |-------| |-------| | ($BNc(B 192.168.2.x) <-------> |... ISP $B%5%V%M%C%H(B $B$b$7$/$O(B $B%[%9%H(B ($B%Q%V%j%C%/(B $B$J%"%I%l%9(B) </PRE> <P>Linux $B$r%k!<%?$H$7$FF0$+$9$?$a$N%+!<%M%k$O!"(BIP $B%U%)%o!<%G%#%s%0$H%^%9%+%l!<(B $B%G%#%s%0$rM-8z$K$7$F%3%s%Q%$%k$7$F$"$k$b$N$G$9!#$=$7$F(B "ipfwadm" (IP$B%Y!<%9$N(B $B%U%!%$%"!<%&%)!<%k(B $B%=%U%H%&%(%"(B)$B$r%$%s%9%H!<%k$7$F!"<!$N$h$&$K@_Dj$7$^$9!#(B<BR> <B>$BLuCp!'(B</B> $B%+!<%M%k$,(B 2.2.x $B0J>e$N>l9g$O(B ipfwadm $B$N$+$o$j$K(B ipchains $B$r;HMQ$7$F$/$@$5$$!#>\:Y$O(B <A HREF="http://netfilter.filewatcher.org/ipchains/">http://netfilter.filewatcher.org/ipchains/</A> $B$r;2>H$7$F$/$@$5$$!#(B <P>file: /etc/rc.d/rc.firewall (RH5.0 $B$@$H(B rc.sysinit $B$G$9(B) <PRE> echo "Setting up the firewall" # # From the "Firewall-HOWTO" # # flushes all setting # ipfwadm -F -f # # set the firewall # ipfwadm -F -p deny # # allow any machine with address 192.168.2.x to masquerade. # ipfwadm -F -a accept -m -S 192.168.2.0/24 -D 0.0.0.0/0 # # allow the domain name server to work (udp 53) # ipfwadm -F -a accept -b -P udp -S 0.0.0.0/0 53 -D 192.168.2.0/24 ipfwadm -F -p masquerade # # the rest just list out the options for your enjoyment # ipfwadm -F -l ipfwadm -O -l ipfwadm -I -l </PRE> <P>$BFCDj$N%b%8%e!<%k(B(ftp$B!"(Breal audio, $B$=$NB>(B)$B$rF~$l$J$$$HF0:n$7$J$$%5!<%S%9$,(B $B$"$j$^$9$N$G!"Cm0U$,I,MW$G$9!#(Bipfwadm $B$N%I%-%e%s%a%s%H$K>\$7$$>pJs$,=q$$$F(B $B$"$j$^$9$N$G!"D4$Y$F$_$F$/$@$5$$!#;d$O$3$N%I%-%e%a%s%H$N$*$+$2$G4JC1$K@_Dj(B $B$G$-$^$7$?!#(B <P>$B2C$($F!"%W%i%$%Y!<%H!&%M%C%H%o!<%/!&%"%I%l%9$G(B LAN $B$r9=@.$9$k$H0B2A$GM;DL$N(B $B$-$/@_Dj$,$G$-$^$9!#$?$@$7%^%9%+%l!<%G%#%s%0$r9T$&$H!"<j7Z$K@\B3$G$-$k%[%9%H(B $B$NBf?t$N@)8B$,$G$F$/$k$H$$$&7gE@$,$"$j$^$9!#$^$?(B $B%[%9%H$N%"%I%l%9$rMxMQ$9$k(B IP $B%Y!<%9$N%"%W%j%1!<%7%g%s$NCf$K$OF0:n$7$J$$$b$N$b$"$j$^$9$,!"$=$l$[$IB?$/(B $B$O$"$j$^$;$s!#(B <P> <HR> <A HREF="DSL-HOWTO-8.html">$B<!$N%Z!<%8(B</A> <A HREF="DSL-HOWTO-6.html">$BA0$N%Z!<%8(B</A> <A HREF="DSL-HOWTO.html#toc7">$BL\<!$X(B</A> </BODY> </HTML>