<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
 <TITLE>ADSL HOWTO for Linux Systems: Linux $B$N@_Dj(B</TITLE>
 <LINK HREF="DSL-HOWTO-8.html" REL=next>
 <LINK HREF="DSL-HOWTO-6.html" REL=previous>
 <LINK HREF="DSL-HOWTO.html#toc7" REL=contents>
</HEAD>
<BODY>
<A HREF="DSL-HOWTO-8.html">$B<!$N%Z!<%8(B</A>
<A HREF="DSL-HOWTO-6.html">$BA0$N%Z!<%8(B</A>
<A HREF="DSL-HOWTO.html#toc7">$BL\<!$X(B</A>
<HR>
<H2><A NAME="s7">7. Linux $B$N@_Dj(B</A></H2>

<P>ANT $B$N@\B3$,=*$C$FF14|?.9f$,3NG'$G$-$?$i!"(BLinux $B$r@_Dj$9$k(B
$B=`Hw$,@0$C$?$3$H$K$J$j$^$9!#$^$?F1;~$K(B ISP $B$X$N@\B33NG'$N(B
$B=`Hw$b$G$-$F$$$^$9!#$3$3$G$O(B Linux $B$rNc$K@bL@$7$F$$$-$^$9$,!"(B10BaseT
$B%G%P%$%9$r$b$D$b$N$G$"$l$P2?$G$b(B ANT $B$K@\B3$G$-$^$9!#$?$H$($P(B
$B%k!<%?!"%O%V!"(BPC$B!"$J$I;H$$$?$$$b$N$J$i2?$G$b(B OK $B$G$9!#(B
<P><B> $BCm0U(B!</B> <EM>ISP$B$K@\B3$9$kA0$K(B</EM>$B!"(BADSL $B7PM3$G%$%s%?!<%M%C%H(B
$B$KD>@\@\B3$9$k:]$KI,MW$H$J$k!"%;%-%e%j%F%#$K$D$$$F$NLdBj$rA4$FM}2r$7$F(B
$B$$$k$3$H$,I,MW$H$J$j$^$9!#(BISP $B$K$b$h$j$^$9$,!"%$%s%?!<%M%C%H$N$"$A$3$A(B
$B$+$i!"$"$J$?$N%7%9%F%`$K%"%/%;%9$,$G$-$k$h$&$K$J$j$^$9!#$G$9$+$i!"%]!<%H(B
$B$r$U$5$$$@$j!"%5!<%S%9$rMn$7$?$j$9$k5!G=$r;}$D2?$i$+$N%U%!%$%"!<%&%)!<%k(B
$B$r@_$1$k$Y$-$G$9!#$^$?%$%s%?!<%M%C%H$K%^%7%s$r@\B3$9$kA0$K$O%Q%9%o!<%I(B
$B$r@_Dj$9$kI,MW$b$"$j$^$9!#%;%-%e%j%F%#$K$D$$$F$N35MW$rCN$j$?$$$J$i!"(B
<EM>Security-HOWTO</EM> $B$rFI$`$3$H$r$*4+$a$7$^$9!#(B
<P>
<H2><A NAME="ss7.1">7.1 NIC $B$N%$%s%9%H!<%k$H@\B3(B</A>
</H2>

<P>Linux $B%^%7%s$K(B NIC $B$r%$%s%9%H!<%k$7$F!"%+!<%M%k$r@_Dj$7$F!"$=$l$+$i(B...$B!#(B
$B$3$NFbMF$K$D$$$F$O!"3F<o$N(B Linux $B$N;29MJ88%$r8+$F$/$@$5$$!#$^$?(B 
<EM>Ethernet-HOWTO</EM> $B$K>\:Y$J5-=R$,$"$j$^$9$N$G!"8+$F$*$$$F$/$@$5$$!#(B
<P>NIC $B$H(B ANT $B$O(B RJ45 $B%1!<%V%k$G@\B3$7$F$/$@$5$$!#(B<B>$BIU5-(B</B> ANT $B$NCf$K$O(B
$B$9$G$K(B 10baseT $B$N%/%m%9!&%1!<%V%k$GG[@~$5$l$k$3$H$rA0Ds$K$7$F$$$k$b$N$,$"$j(B
$B$^$9!#(B NIC $B$rD>@\$D$J$0$N$K$O(B $B%/%m%9$G$O$J$/%9%H%l!<%H$N%+%F%4%j(B 5 $B%1!<%V%k(B
$B$,I,MW$G$9!#;d$O$3$l$,$o$+$k$^$G!"H>F|$b;~4V$rHq$7$F$7$^$$$^$7$?!#F1$82a$A(B
$B$r$*$+$5$J$$$h$&$K$^$:2r@b=q$rFI$s$G3NG'$7$F$/$@$5$$!#(B
<P>
<H2><A NAME="ss7.2">7.2 $B%$!<%5%M%C%H!&%$%s%?!<%U%'!<%9$N@_Dj(B</A>
</H2>

<P>IP $B%"%I%l%9!"%5%V%M%C%H!&%^%9%/!"%G%U%)%k%H!&%2!<%H%&%'%$!"(BDNS $B%5!<%P$N(B
$B>pJs$r@_Dj$7$F$/$@$5$$!#(BLinux $B$N%G%#%9%H%j%S%e!<%7%g%s(B(RH, debian, 
Slackware, S.U.S.E.)$B$4$H$K@_DjJ}K!$,0[$J$j$^$9!#<+J,$N>l9g$O$I$&$J$N$+(B
$B3NG'$7$F$/$@$5$$!#$b$A$m$s(B <CODE>ifconfig</CODE> $B$d(B <CODE>route</CODE> $B%3%^%s%I$r;H$C$F(B
$B@_Dj$9$k$3$H$b$G$-$^$9!#>\$7$$>pJs$O(B <EM>NET3-HOWTO</EM> $B$r8+$F$/$@$5$$!#(B
<P>$B@_Dj$,=*$C$?$i!"(BISP $B$+$i;XDj$5$l$?(B $B%G%U%)%k%H!&%2!<%H%&%'%$$N%"%I%l%9$K(B
ping $B$G$-$k$+3NG'$7$F$/$@$5$$!#@.8y$9$l$P!"(B20 ms $B$0$i$$$N%i%&%s%I%H%j%C%W!&(B
$B%?%$%`$G@\B3$5$l$k$O$:$G$9!#$*$a$G$H$&$4$6$$$^$9!#%$%s%?!<%M%C%H$N@$3&$X(B
$B$h$&$3$=!*(B
<P>
<H2><A NAME="ss7.3">7.3 $B%k!<%?$N@_Dj(B</A>
</H2>

<P>$B$"$J$?$N@_Dj$K$h$j$^$9$,!"$$$/$D$+9MN8$7$J$1$l$P$J$i$J$$LdBj$,$"$j$^$9!#(B
$B%U%!%$%"!<%&%)!<%k$N@_Dj$d$=$l$K4XO"$7$?@_Dj$G$9!#;d$N>l9g$r!"?^(B 3 $B$KNc<($7(B
$B$^$9!#8E$$(B i486 $B%^%7%s$r%U%!%$%"!<%&%)!<%k7s%k!<%?$H$7$F(B ADSL $B$H(B $B;D$j$N(B
$B%^%7%s4V$KCV$$$F$"$j$^$9!#(B $B%W%i%$%Y!<%H(B LAN $B$O(B $B%W%i%$%Y!<%H!&%"%I%l%9$r(B
$B;HMQ$7$F$$$F!"(BLAN $B$H%$%s%?!<%M%C%H4V$O%k!<%?$G(B IP $B%^%9%+%l!<%G%#%s%0$H(B
$B%U%!%$%"!<%&%)!<%k$r9T$C$F$$$^$9!#>\$7$$$3$H$O!"(B<EM>IP_Masquerading-HOWTO</EM>
$B$H(B <EM>Firewall-HOWTO</EM> $B$r8+$F$/$@$5$$!#;d$N7P83$G$O(B Linux $B$O%k!<%F%#%s%0$d(B
$B%U%!%$%"!<%&%)!<%k$KM%$l$?G=NO$rH/4x$7$^$9!#$*$^$1$K;THN$N%k!<%?$h$j0B2A$G(B
$B$9$N$G!"2H$G%I%"%9%H%C%Q!<$J$C$F$$$k8E$$(B 386 $B$d(B 486 $B$N%^%7%s$,$J$$$+A\$7$F(B
$B$_$F$/$@$5$$!#(B
<P>
<P>
<PRE>
&lt;!-- Figure 3: My  SOHO Network Setup -->
$B?^(B 3: $B;d$N(B SOHO $B%M%C%H%o!<%/$N9=@.(B

&lt;!--
&lt;-Private Subnet-->         &lt;-Public Subnet->    &lt;-ADSL Line--------->
                                     |
                                X----|      
                                     |      
     X------|                   X----|     |----|            
            |      |--------|        |     |ADSL|            Internet
            |      | Linux  |        |-----|ANT |----------> Service 
     X------|------| System |--------|     |    |            Provider
            |    E1|(Router)|E0      |     |----|            Router
            |      |--------|        |                       
     X------|        IP_Masq      10baseT
                   IP_Firewall     Hub 
-->
&lt;-$B%W%i%$%Y!<%H$J(B-->          &lt;-$B%Q%V%j%C%/$J(B->       &lt;-ADSL $B2s@~(B->
  $B%5%V%M%C%H(B                   $B%5%V%M%C%H(B
                                       |
                                  X----|      
                                       |      
     X------|                     X----|     |----|            
            |      |---------|         |     |ADSL|            $B%$%s%?!<%M%C%H!&(B
            |      | Linux   |         |-----|ANT |----------> $B%5!<%S%9!&(B
     X------|------| $B%7%9%F%`(B|---------|     |    |            $B%W%m%P%$%@(B
            |    E1|($B%k!<%?(B) |E0       |     |----|            $B%k!<%?(B
            |      |---------|         |                       
     X------| IP $B%^%9%+%l!<%G%#%s%0(B  10baseT
              IP $B%U%!%$%"!<%&%)!<%k(B   $B%O%V(B
</PRE>
<P>
<P>$B;d$O%k!<%?$H$7$F!"(B2 $B$D$N%$!<%5%M%C%H!&%$%s%?!<%U%'!<%9$r$b$D%^%7%s(B(i486 $B$K(B 
Linux RH 5.0 $B$r$N$;$?$b$N(B)$B$r@_Dj$7$^$7$?!#%$%s%?!<%U%'!<%9$N$&$A$N(B 1 $B$D$O(B  
ISP $B$N%5%V%M%C%H$H%2!<%H%&%'%$$X$N%k!<%F%#%s%0$N$?$a$G!"$b$&(B 1 $B$D$O$"$k(B
$B%/%i%9$N%W%i%$%Y!<%H!&%M%C%H%o!<%/$N%"%I%l%9(B($BNc(B 192.168.2.x)$B$N$?$a$G$9!#(B
$B%k!<%?$N2<N.$K$"$k%W%i%$%Y!<%H!&%M%C%H%o!<%/$r@_$1$k$3$H$G!"%;%-%e%j%F%#(B
$B$,99$K$+$+$j$^$9!#$H$$$&$N$O!"(BISP $B$N30It$+$iD>@\%"%/%;%9$9$k$3$H$,$G$-$J$/(B
$B$J$k$+$i$G$9!#(B
$B$3$N$?$a$K%$%s%?!<%M%C%H$K@\B3$9$k$K$O!"%W%i%$%Y!<%H!&%"%I%l%9$r%^%9%+%l!<(B
$B%G%#%s%0$9$kI,MW$,$"$j$^$9!#(B
<P><B>$BCm0U(B</B> $B%+!<%M%k$,(B IP $B%U%)%o!<%G%#%s%05!G=$rAH$_9~$s$G%3%s%Q%$%k$5$l$F(B
$B$$$k$3$H$r3NG'$7$F$+$i!"(BIP $B%U%)%o!<%G%#%s%0$rF0$+$7$F$/$@$5$$!#%A%'%C%/$N(B
$B$7$+$?$O!"(B
<PRE>
cat /proc/sys/net/ipv4/ip_forward
</PRE>

$B7k2L$,(B 1 $B$@$C$?$iM-8z!"(B0 $B$@$C$?$iL58z$K$J$C$F$$$^$9!#(Behco $B$r;H$C$FE,@Z$JCM$K(B
$BJQ99$G$-$^$9!#(B
<PRE>
(e.g.) echo 1 > /proc/sys/net/ipv4/ip_forward
</PRE>

$B$3$l$GM-8z$K$J$j$^$9!#(B
<P>
<H2><A NAME="ss7.4">7.4 $B%U%!%$%"!<%&%)!<%k$H%^%9%+%l!<%G%#%s%0$N@_Dj(B</A>
</H2>

<P>$B%$%s%?!<%M%C%H$KD>@\@\B3$7$F$$$k$J$i!"%U%!%$%"!<%&%)!<%k$K$h$k4IM}$H(B
$B%^%9%+%l!<%G%#%s%05!G=$rK>$`$N$G$O$J$$$G$7$g$&$+!#?^(B 4 $B$,$=$N9=@.$G$9!#(B
<P><B>$BCm0U!*(B</B>&nbsp;&nbsp;$B6/D4$7$F$*$-$?$$$3$H$O!"$3$N@_Dj$O0BA4$J4D6-$r$D$/$j(B
$B$"$2$k:n6H$N$[$s$N0lIt$K$9$.$J$$!"$H$$$&$3$H$G$9!#$3$NB>$K$b$$$/$D$b$N9MN8(B
$B$9$Y$-;v9`$,$"$j$^$9!#%k!<%?$G(B ftp $B$d(B telnet $B$=$NB>$N%5!<%S%9$rMn$7$?$j!"(B
$BA4$F$N%Q%9%o!<%I$d%m%0%$%s!&%"%+%&%s%H$r8!>Z$7$?$j(B...$B!#4D6-$K$"$C$?@5$7$$(B
$B@_Dj$r$7$F$/$@$5$$!#(B<EM>Security-HOWTO</EM> $B$rFI$`$3$H$bK:$l$:$K!#(B
<PRE>
&lt;!-- Figure 4: Firewall/Masquerading for ADSL -->
$B?^(B 4: ADSL $B$K$*$1$k%U%!%$%"!<%&%)!<%k$H%^%9%+%l!<%G%#%s%0(B

&lt;!-- 
       |-------|       |-------|     |-X
======X| ADSL  |=------| Linux |-----|
ADSL   |  ANT  |     E0|       |E1   |-X   Private Network
Line   |-------|       |-------|     |     (e.g. 192.168.2.x)
               &lt;------->             |...
             ISP Subnet or host
            (Public Net Address)
-->
       |-------|       |-------|     |-X
======X| ADSL  |=------| Linux |-----|
ADSL   |  ANT  |     E0|       |E1   |-X   $B%W%i%$%Y!<%H$J%M%C%H%o!<%/(B
$B2s@~(B   |-------|       |-------|     |     ($BNc(B 192.168.2.x)
               &lt;------->             |...
             ISP $B%5%V%M%C%H(B 
             $B$b$7$/$O(B $B%[%9%H(B
            ($B%Q%V%j%C%/(B $B$J%"%I%l%9(B)
</PRE>
<P>Linux $B$r%k!<%?$H$7$FF0$+$9$?$a$N%+!<%M%k$O!"(BIP $B%U%)%o!<%G%#%s%0$H%^%9%+%l!<(B
$B%G%#%s%0$rM-8z$K$7$F%3%s%Q%$%k$7$F$"$k$b$N$G$9!#$=$7$F(B "ipfwadm" (IP$B%Y!<%9$N(B
$B%U%!%$%"!<%&%)!<%k(B $B%=%U%H%&%(%"(B)$B$r%$%s%9%H!<%k$7$F!"<!$N$h$&$K@_Dj$7$^$9!#(B<BR>
<B>$BLuCp!'(B</B> $B%+!<%M%k$,(B 2.2.x $B0J>e$N>l9g$O(B ipfwadm $B$N$+$o$j$K(B ipchains 
$B$r;HMQ$7$F$/$@$5$$!#>\:Y$O(B
<A HREF="http://netfilter.filewatcher.org/ipchains/">http://netfilter.filewatcher.org/ipchains/</A>
$B$r;2>H$7$F$/$@$5$$!#(B
<P>file: /etc/rc.d/rc.firewall  (RH5.0 $B$@$H(B rc.sysinit $B$G$9(B)
<PRE>
echo "Setting up the firewall"
#
# From the "Firewall-HOWTO"
#
# flushes all setting
#
ipfwadm -F -f
#
# set the firewall
#
ipfwadm -F -p deny
#
# allow any machine with address 192.168.2.x to masquerade.
#
ipfwadm -F -a accept -m -S 192.168.2.0/24 -D 0.0.0.0/0
#
# allow the domain name server to work (udp 53)
#
ipfwadm -F -a accept -b -P udp -S 0.0.0.0/0 53 -D 192.168.2.0/24
ipfwadm -F -p masquerade
#
# the rest just list out the options for your enjoyment
#
ipfwadm -F -l
ipfwadm -O -l
ipfwadm -I -l
</PRE>
<P>$BFCDj$N%b%8%e!<%k(B(ftp$B!"(Breal audio, $B$=$NB>(B)$B$rF~$l$J$$$HF0:n$7$J$$%5!<%S%9$,(B
$B$"$j$^$9$N$G!"Cm0U$,I,MW$G$9!#(Bipfwadm $B$N%I%-%e%s%a%s%H$K>\$7$$>pJs$,=q$$$F(B
$B$"$j$^$9$N$G!"D4$Y$F$_$F$/$@$5$$!#;d$O$3$N%I%-%e%a%s%H$N$*$+$2$G4JC1$K@_Dj(B
$B$G$-$^$7$?!#(B
<P>$B2C$($F!"%W%i%$%Y!<%H!&%M%C%H%o!<%/!&%"%I%l%9$G(B LAN $B$r9=@.$9$k$H0B2A$GM;DL$N(B
$B$-$/@_Dj$,$G$-$^$9!#$?$@$7%^%9%+%l!<%G%#%s%0$r9T$&$H!"<j7Z$K@\B3$G$-$k%[%9%H(B
$B$NBf?t$N@)8B$,$G$F$/$k$H$$$&7gE@$,$"$j$^$9!#$^$?(B $B%[%9%H$N%"%I%l%9$rMxMQ$9$k(B 
IP $B%Y!<%9$N%"%W%j%1!<%7%g%s$NCf$K$OF0:n$7$J$$$b$N$b$"$j$^$9$,!"$=$l$[$IB?$/(B
$B$O$"$j$^$;$s!#(B
<P>
<HR>
<A HREF="DSL-HOWTO-8.html">$B<!$N%Z!<%8(B</A>
<A HREF="DSL-HOWTO-6.html">$BA0$N%Z!<%8(B</A>
<A HREF="DSL-HOWTO.html#toc7">$BL\<!$X(B</A>
</BODY>
</HTML>