<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
<TITLE>Firewall And Proxy Server HOWTO: Linux �$B%7%9%F%`$r=`Hw$9$k�(B</TITLE>
<LINK HREF="Firewall-HOWTO-7.html" REL=next>
<LINK HREF="Firewall-HOWTO-5.html" REL=previous>
<LINK HREF="Firewall-HOWTO.html#toc6" REL=contents>
</HEAD>
<BODY>
<A HREF="Firewall-HOWTO-7.html">�$B<!$N%Z!<%8�(B</A>
<A HREF="Firewall-HOWTO-5.html">�$BA0$N%Z!<%8�(B</A>
<A HREF="Firewall-HOWTO.html#toc6">�$BL\<!$X�(B</A>
<HR>
<H2><A NAME="s6">6. Linux �$B%7%9%F%`$r=`Hw$9$k�(B</A></H2>
<P>�$B$G$-$k$@$1>.$5$$5,LO$G!"�(BLinux �$B%7%9%F%`$r%$%s%9%H!<%k$7$^$9!#�(B
�$B;d$,%$%s%9%H!<%k$r$9$k$H$-$O!"$^$:%5!<%P$N@_Dj$r9T$$!"<!$$$G�(B
/etc/inetd.conf �$B$GITI,MW$J%5!<%S%9$r30$7$^$9!#�(B
�$B99$K%;%-%e%j%F%#$r9b$a$?$$$J$i!"ITI,MW$J%5!<%S%9$O�(B
�$B%"%s%$%s%9%H!<%k$7$F$7$^$$$^$7$g$&!#�(B
<P>�$BKX$I$N%G%#%9%H%j%S%e!<%7%g%s$O<+J,$NL\E*$K1~$8$?%+!<%M%k$K�(B
�$B$J$C$F$$$^$;$s$+$i!"<+J,$NL\E*$K$"$C$?%+!<%M%k$K�(B
�$B%3%s%Q%$%k$7$J$1$l$P$$$1$^$;$s!#�(B
�$B%U%!%$%"%&%)!<%k0J30$N%3%s%T%e!<%?$G%3%s%Q%$%k$,$G$-$k$J$i!"�(B
�$B$=$l$,0lHVNI$$J}K!$G$9!#�(B
C �$B%3%s%Q%$%i$J$I$N%f!<%F%#%j%F%#$r%U%!%$%"%&%)!<%k$K�(B
�$B%$%s%9%H!<%k$7$F$7$^$C$?>l9g$O!"%+!<%M%k$N@_Dj$,40N;$7$?8e$G�(B
�$B:o=|$7$^$7$g$&!#�(B
<P>
<H2><A NAME="ss6.1">6.1 �$B%+!<%M%k$N%3%s%Q%$%k�(B</A>
</H2>
<P>
<P>�$B$*;H$$$K$J$kM=Dj$N�(B Linux �$B%G%#%9%H%j%S%e!<%7%g%s$N:G>.8BEY$N%$%s%9%H!<%k$+$i�(B
�$B;O$a$F$/$@$5$$!#�(B
�$B%=%U%H%&%'%"$r8:$i$;$P!"$*;H$$$N%5!<%P$G$N%;%-%e%j%F%#LdBj$N860x$K$J$k�(B
�$B%;%-%e%j%F%#%[!<%k$d%P%C%/%I%"�(B (�$BIT@5$J<jCJ$G$N?/F~�(B) �$B!"0?$O%P%0$J$I$,�(B
�$B$h$j>/$J$/$J$j$^$9!#�(B
<P>�$B0BDjHG$N%+!<%M%k$rF~<j$7$F$/$@$5$$!#�(B
�$B;d$N%7%9%F%`$G$O%+!<%M%k�(B 2.2.13 �$B$r;H$C$F$$$^$9!#�(B
�$B$3$NJ8=q$O$=$N4D6-$G$N@_Dj$r4pK\$K$7$^$7$?!#�(B
<P>�$BE,@Z$J%*%W%7%g%s$G�(B Linux �$B$N%+!<%M%k$r%3%s%Q%$%k$7$J$1$l$P$$$1$^$;$s!#�(B
�$B%+!<%M%k$N:F9=C[$r$7$?7P83$,$J$$$J$i!"<B9T$9$kA0$K�(B Kernel HOWTO,
Ethernet HOWTO, NET-2 HOWTO �$B$rFI$_$^$7$g$&!#�(B
<P>�$B<!$K%M%C%H%o!<%/4XO"$N@_Dj$r<($7$^$9!#$3$l$,F0:n$9$k$3$H$O3NG'$7$F$"$j$^$9!#�(B
�$B$$$/$D$+$N9`L\$K$O�(B ? �$B$H$$$&0u$r$D$1$F$$$^$9!#�(B
�$B$3$N$h$&$J@_Dj$r;H$&$D$b$j$J$i!"%A%'%C%/$r$$$l$FA*Br$7$F$/$@$5$$!#�(B
<P>�$B%+!<%M%k$N@_Dj$N0Y$K!";d$O�(B "make menuconfig" �$B$r;H$C$F$$$^$9!#�(B
<P>�$B!ZLuCm�(B: �$B8D!9$N9`L\$K$D$$$F$O!"�(BConfigure.help �$B$NF|K\8lHG$b;29M$K$7$F$/$@$5$$!#�(B
<A HREF="http://www.linux.or.jp/JF/JFdocs/Configure.help/">http://www.linux.or.jp/JF/JFdocs/Configure.help/</A>�$B![�(B
<P>
<PRE>
<*> Packet socket
[ ] Kernel/User netlink socket
[*] Network firewalls
[ ] Socket Filtering
<*> Unix domain sockets
[*] TCP/IP networking
[ ] IP: multicasting
[*] IP: advanced router
[ ] IP: kernel level autoconfiguration
[*] IP: firewalling
[?] IP: always defragment (required for masquerading)
[?] IP: transparent proxy support
[?] IP: masquerading
--- Protocol-specific masquerading support will be built as modules.
[?] IP: ICMP masquerading
--- Protocol-specific masquerading support will be built as modules.
[ ] IP: masquerading special modules support
[*] IP: optimize as router not host
< > IP: tunneling
< > IP: GRE tunnels over IP
[?] IP: aliasing support
[*] IP: TCP syncookie support (not enabled per default)
--- (it is safe to leave these untouched)
< > IP: Reverse ARP
[*] IP: Allow large windows (not recommended if <16Mb of memory)
< > The IPv6 protocol (EXPERIMENTAL)
---
< > The IPX protocol
< > Appletalk DDP
< > CCITT X.25 Packet Layer (EXPERIMENTAL)
< > LAPB Data Link Driver (EXPERIMENTAL)
[ ] Bridging (EXPERIMENTAL)
[ ] 802.2 LLC (EXPERIMENTAL)
< > Acorn Econet/AUN protocols (EXPERIMENTAL)
< > WAN router
[ ] Fast switching (read help!)
[ ] Forwarding between high speed interfaces
[ ] PU is too slow to handle full bandwidth
QoS and/or fair queueing --->
</PRE>
<P>�$BA4$F$N@_Dj$r$7$F$+$i!":F%3%s%Q%$%k$7!"%+!<%M%k$r:F%$%s%9%H!<%k$7!"�(B
�$B:F5/F0$7$^$9!#�(B
<P>�$B<!$N$h$&$J%3%^%s%I$G9T$$$^$9�(B -
<P>1�$B9T$N%3%^%s%I$GA4It$r9T$&$K$O!"<!$N$h$&$K$7$^$9!#�(B
make dep;make clean;make bzlilo;make modules;make modules_install;init 6
<P>
<H2><A NAME="ss6.2">6.2 �$BFsKg$N%M%C%H%o!<%/%+!<%I$r@_Dj$9$k�(B</A>
</H2>
<P>
�$B%3%s%T%e!<%?$KFsKg$N%M%C%H%o!<%/%+!<%I$rA^$7$F$$$k$J$i!"�(BIRQ �$B$HFsKg$N�(B
�$B%+!<%I$N%"%I%l%9$r�(B /etc/lilo.conf �$B%U%!%$%k$K�(B append �$B$r;H$C$FL@<(E*$K�(B
�$B2C$($J$1$l$P$J$i$J$$>l9g$,$"$j$^$9!#�(B
�$B;d$N�(B lilo �$B$N�(B append �$B9T$O<!$N$h$&$K$J$C$F$$$^$9�(B -
<P>
<PRE>
append="ether=12,0x300,eth0 ether=15,0x340,eth1"
</PRE>
<P>�$B!ZLuCm�(B: �$B%M%C%H%o!<%/%+!<%I$N@_Dj$O!"<!$N$h$&$JJ8=q$b;29M$K$7$F$/$@$5$$!#�(B
<A HREF="http://www.linux.or.jp/JF/JFdocs/Ethernet-HOWTO.html">http://www.linux.or.jp/JF/JFdocs/Ethernet-HOWTO.html</A><P>
<A HREF="http://www.linux.or.jp/JF/JFdocs/Multiple-Ethernet.html">http://www.linux.or.jp/JF/JFdocs/Multiple-Ethernet.html</A>�$B![�(B
<P>
<P>
<H2><A NAME="ss6.3">6.3 �$B%M%C%H%o!<%/%"%I%l%9$N@_Dj�(B</A>
</H2>
<P>
�$B$5$F!"9=C[:n6H$bLLGr$$$H$3$m$K$-$F$$$^$9!#�(B
�$B$3$NJ8=q$G$O�(B LAN �$B$r@_Dj$9$kJ}K!$K$D$$$F?<$/$O@bL@$7$^$;$s!#�(B
�$B$3$N7o$K$D$$$F$N$"$J$?$NLdBj$r2r7h$9$k$K$O!"�(B Networking-HOWTO �$B$r�(B
�$BFI$s$G$/$@$5$$!#�(B
<P>�$B!ZLuCm�(B: Networking-HOWTO �$B$NF|K\8lLu$O!"<!$N$H$3$m$K$"$j$^$9!#�(B
<A HREF="http://www.linux.or.jp/JF/JFdocs/NET3-4-HOWTO.html">http://www.linux.or.jp/JF/JFdocs/NET3-4-HOWTO.html</A>�$B![�(B
<P>�$B$"$J$?$NL\E*$O!"%U%#%k%?%j%s%0%U%!%$%"%&%)!<%k$rDL$7$F!"Fs$D$N�(B
�$B%M%C%H%o!<%/@\B3$rDs6!$9$k$3$H$G$9!#�(B
�$B%$%s%?!<%M%C%H>e$K0l$D�(B(�$B0BA4$G$J$$B&�(B)�$B$H�(B LAN (�$BJD$8$?B&�(B) �$B$K0l$D$H$$$&$3$H$K�(B
�$B$J$j$^$9!#�(B
<P>
<P>�$B$H$K$+$/!"$$$/$D$+$N$3$H$r7hDj$7$J$1$l$P$J$j$^$;$s!#�(B
<P>
<P>
<OL>
<LI> �$BK\J*$N�(B IP �$BHV9f$r;H$$$^$9$+!"$=$l$H$b�(B LAN �$B$K$OE,Ev$JHV9f$r;XDj$7$^$9$+!#�(B</LI>
<LI> �$B$"$J$?$N�(B ISP �$B$+$i3d$jEv$F$i$l$kHV9f$r;H$$$^$9$+!"�(B
�$B$=$l$H$b!"@EE*$J�(B IP �$BHV9f$r;H$$$^$9$+!#�(B</LI>
</OL>
<P>�$B%W%i%$%Y!<%H$J%M%C%H%o!<%/$K%$%s%?!<%M%C%H$+$i$N%"%/%;%9$r�(B
�$B5v2D$7$?$/$J$$$o$1$G$9$+$i!"�(B "�$BK\J*$N%"%I%l%9�(B" �$B$r;H$&I,MW$O�(B
�$B$"$j$^$;$s!#�(B
�$B%W%i%$%Y!<%H�(B LAN �$B$KBP$7$FE,Ev$J%"%I%l%9$r?6$k$3$H$O$G$-$^$9$,!"�(B
�$B$3$l$O$*4+$a$G$-$^$;$s!#�(B
�$B%G!<%?$,�(B LAN �$B$+$i$"$k7PO)$rDL$C$FO3$l$F$7$^$C$?$i!"$I$3$+$N%7%9%F%`$N�(B
�$B%]!<%H$^$GFO$$$F$7$^$$$^$9!#�(B
<P>�$B%W%i%$%Y!<%H%M%C%H%o!<%/MQ$K<h$j$o$1$i$l$F$$$k4v$D$+$N�(B
�$B%$%s%?!<%M%C%H%"%I%l%9$NHO0O$,$"$j$^$9!#�(B
192.168.1.xxx �$B$b$3$NCf$KF~$C$F$$$F!"$3$NJ8=q$G$O$3$l$rNc$K;H$$$^$9!#�(B
<P>�$B$3$N?tCM$r;H$&0Y$K$O�(B IP �$B%^%9%+%l!<%I$r;H$&I,MW$,$"$j$^$9!#�(B
�$B$3$NJ}K!$G�(B �$B%U%!%$%"%&%)!<%k$O%Q%1%C%H$r%U%)%o!<%I$7$F!"�(B
�$B%$%s%?!<%M%C%H>e$G�(B "�$BK\J*$N�(B" �$B%"%I%l%9$KJQ49$7$^$9!#�(B
<P>�$B$3$N$h$&$J%k!<%F%#%s%0$G$-$J$$�(B IP �$B%"%I%l%9$r;H$($P!"$"$J$?$N%M%C%H%o!<%/$O�(B
�$B$h$j0BA4$K$J$j$^$9!#�(B
�$B%$%s%?!<%M%C%H%k!<%?$O!"$3$N$h$&$J%W%i%$%Y!<%H%"%I%l%9$N$D$$$?%Q%1%C%H$r�(B
�$BDL$7$^$;$s!#�(B
<P>�$B$3$N7o$K4X$7$F$O!"<!$NJ8=q$rFI$s$@$[$&$,$h$$$G$7$g$&!#�(B
<A HREF="http://members.home.net/ipmasq/">IP Masquerading HOWTO</A><P>�$B!ZLuCm�(B: IP Masquerade HOWTO �$B$NF|K\8lLu$O!"<!$N$H$3$m$K$"$j$^$9!#�(B
<A HREF="http://www.linux.or.jp/JF/JFdocs/IP-Masquerade.html">http://www.linux.or.jp/JF/JFdocs/IP-Masquerade.html</A>�$B![�(B
<P>
<PRE>
24.94.1.123 __________ 192.168.1.1
_/\__/\_ \ | �$B%U%!%$%"�(B | / _______________
|�$B%$%s%?!<�(B| \| �$B%&%)!<%k�(B |/ | �$B%o!<%/�(B |
/ �$B%M%C%H�(B \--------| �$B%7%9%F%`�(B |------------| �$B%9%F!<%7%g%s�(B |
\_ _ _ _/ |__________| |_______________|
\/ \/ \/
</PRE>
<P>�$B$*;H$$$N%$%s%?!<%M%C%HMQ%M%C%H%o!<%/%+!<%I$K3d$jEv$F$k$?$a$N�(B
"�$BK\J*$N�(B" IP �$B%"%I%l%9$r;}$C$F$$$J$1$l$P$$$1$^$;$s!#�(B
�$B$3$N%"%I%l%9$O!"$"$J$?$K1JB3E*$K3d$jEv$F$i$l$?$b$N�(B (�$B@EE*$J�(B IP �$B%"%I%l%9�(B)
�$B$G$b$$$$$G$9$7!"�(B PPP �$B%W%m%;%9$K$h$k%M%C%H%o!<%/$X$N@\B3;~$K�(B
�$B3d$jEv$F$i$l$?$b$N$G$b$+$^$$$^$;$s!#�(B
<P>�$BFbB&$N�(B IP �$BHV9f$r3d$jEv$F$^$9!#�(B
�$B$?$H$($P�(B LAN �$B%+!<%I$KBP$7$F�(B 192.168.1.1 �$B$N$h$&$K$7$^$9!#�(B
�$B$3$l$O%2!<%H%&%'%$%"%I%l%9$K$J$j$^$9!#�(B
�$BJ]8n$5$l$?%M%C%H%o!<%/�(B (LAN) �$B$K$$$kB>$NA4$F$N%^%7%s$K$O!"�(B
192.168.1.xxx �$B$NHO0O�(B (192.168.1.2 �$B$+$i�(B 192.168.1.254 �$B$^$G�(B) �$B$NHV9f$r�(B
�$B3d$jEv$F$k$3$H$,$G$-$^$9!#�(B
<P>�$B;d$O�(B RedHat Linux �$B$r;HMQ$7$F$$$^$9!#�(B
�$B5/F0;~$K%M%C%H%o!<%/$r@_Dj$9$k$?$a!";d$O�(B /etc/sysconfig/network-scripts
�$B$H$$$&%G%#%l%/%H%j$K$"$k�(B ifcfg-eth1 �$B%U%!%$%k$K5-=R$rDI2C$7$F$$$^$9!#�(B
�$B$3$N%G%#%l%/%H%j$K�(B ifcfg-ppp0 �$B$d�(B ifcfg-tr0 �$B$H$$$&%U%!%$%k$b$"$k$O$:$G$9!#�(B'ifcfg-'
�$B$H$$$&%U%!%$%k$O!"�(B RedHat �$B$G!"5/F0;~$K%M%C%H%o!<%/%G%P%$%9$r�(B
�$B@_Dj$7!";HMQ2DG=$K$9$k0Y$K;H$o$l$F$$$^$9!#�(B
�$B@\B3$N%?%$%W$K$h$C$FL>A0$,$D$1$i$l$F$$$^$9!#�(B
<P>�$B$3$l$,�(B ifcfg-eth1(�$BFs$DL\$N%$!<%5%M%C%H%+!<%I�(B)�$B$NNc$G$9�(B -
<P>
<PRE>
DEVICE=eth1
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
GATEWAY=24.94.1.123
ONBOOT=yes
</PRE>
<P>�$B%@%$%"%k%"%C%W@\B3$r$9$k$D$b$j$J$i!"�(Bifcfg-ppp0 �$B$H�(B chat-ppp0 �$B$r8+$J$1$l$P�(B
�$B$J$j$^$;$s!#�(B
�$B$3$l$i$O�(B PPP �$B@\B3$r@)8f$7$^$9!#�(B
<P>�$B$3$N>l9g$N�(B ifcfg �$B%U%!%$%k$O<!$N$h$&$K$J$j$^$9�(B -
<P>
<PRE>
DEVICE="ppp0"
ONBOOT="yes"
USERCTL="no"
MODEMPORT="/dev/modem"
LINESPEED="115200"
PERSIST="yes"
DEFABORT="yes"
DEBUG="yes"
INITSTRING="ATZ"
DEFROUTE="yes"
HARDFLOWCTL="yes"
ESCAPECHARS="no"
PPPOPTIONS=""
PAPNAME="LoginID"
REMIP=""
NETMASK=""
IPADDR=""
MRU=""
MTU=""
DISCONNECTTIMEOUT=""
RETRYTIMEOUT="5"
BOOTPROTO="none"
</PRE>
<P>
<P>
<H2><A NAME="ss6.4">6.4 �$B%M%C%H%o!<%/$r;n$7$F$_$k�(B</A>
</H2>
<P>
ifconfig �$B$H�(B route �$B%3%^%s%I$r;H$C$F$_$^$7$g$&!#�(B
�$BFsKg$N%M%C%H%o!<%/%+!<%I$r;H$C$F$$$k$J$i!"<!$N$h$&$KI=<($5$l$^$9!#�(B
<P>
<PRE>
#ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:1620 errors:0 dropped:0 overruns:0
TX packets:1620 errors:0 dropped:0 overruns:0
collisions:0 txqueuelan:0
eth0 Link encap:10Mbps Ethernet HWaddr 00:00:09:85:AC:55
inet addr:24.94.1.123 Bcast:24.94.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1000 errors:0 dropped:0 overruns:0
TX packets:1100 errors:0 dropped:0 overruns:0
collisions:0 txqueuelan:0
Interrupt:12 Base address:0x310
eth1 Link encap:10Mbps Ethernet HWaddr 00:00:09:80:1E:D7
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1110 errors:0 dropped:0 overruns:0
TX packets:1111 errors:0 dropped:0 overruns:0
collisions:0 txqueuelan:0
Interrupt:15 Base address:0x350
</PRE>
<P>�$B99$K7PO)%F!<%V%k$O<!$N$h$&$K$J$j$^$9�(B -
<P>
<PRE>
#route -n
Kernel routing table
Destination Gateway Genmask Flags MSS Window Use Iface
24.94.1.0 * 255.255.255.0 U 1500 0 15 eth0
192.168.1.0 * 255.255.255.0 U 1500 0 0 eth1
127.0.0.0 * 255.0.0.0 U 3584 0 2 lo
default 24.94.1.123 * UG 1500 0 72 eth0
</PRE>
<P><B>�$BCm0U�(B - </B> 24.94.1.0 �$B$O!"$3$N%U%!%$%"%&%)!<%k$N%$%s%?!<%M%C%HB&$G!"�(B
192.168.1.0 �$B$O%W%i%$%Y!<%H�(B( LAN )�$BB&$K$J$j$^$9!#�(B
<P>LAN �$B>e$K$"$kA4$F$N%3%s%T%e!<%?$,!"%U%!%$%"%&%)!<%k%7%9%F%`$NFbB&$N�(B
�$B%"%I%l%9$K�(B ping �$B$G$-$k$+$I$&$+$rD4$Y$^$7$g$&�(B
(�$B$3$3$G$O�(B 192.168.1.1 �$B$rNc$K$7$F$$$^$9�(B)�$B!#�(B
�$B$&$^$/$G$-$J$$$J$i!":FEY�(B NET-2 HOWTO �$B$r8+$F$/$@$5$$!#�(B
�$B$=$7$F!"$b$&>/$7%M%C%H%o!<%/$K$D$$$FD4$Y$F$/$@$5$$!#�(B
<P>�$B<!$K!"%U%!%$%"%&%)!<%k$+$i%$%s%?!<%M%C%H%7%9%F%`$K�(B ping �$B$r;n$7$F$_$^$9!#�(B
�$B;d$O%F%9%H%]%$%s%H$H$7$F�(Bwww.internic.net �$B$r;H$C$F$$$^$9!#�(B
�$B$b$7$3$l$,$&$^$/F0$+$J$1$l$P!"$*;H$$$N�(B ISP �$B$G$N%5!<%P$r;n$7$F$_$^$9!#�(B
�$B$3$l$,$&$^$/F0$+$J$1$l$P!"$"$J$?$N%$%s%?!<%M%C%H@\B3$N$I$3$+$,$-$A$s$H�(B
�$B@_Dj$5$l$F$$$^$;$s!#�(B
�$B%U%!%$%"%&%)!<%k$+$i$O!"%$%s%?!<%M%C%H$N$"$i$f$k>l=j$K@\B3$G$-$J$1$l$P�(B
�$B$J$j$^$;$s!#�(B
�$B%G%U%)%k%H$N%2!<%H%&%'%$$N@_Dj$r8+D>$7$F$/$@$5$$!#�(B
�$B%@%$%"%k%"%C%W@\B3$r;H$C$F$$$k$J$i!"%f!<%6�(B ID �$B$H%Q%9%o!<%I$r�(B
�$B8+D>$7$F$/$@$5$$!#�(B
Net-2 HOWTO �$B$r$b$&0lEYFI$s$G$+$i:FEY;n$7$F$/$@$5$$!#�(B
<P>
<HR>
<PRE>
�$B$"$J$?$N�(B LAN �$B>e$K$"$k%3%s%T%e!<%?$+$i!"%U%!%$%"%&%)!<%k�(B(24.94.1.123) �$B$N�(B
�$B30B&$N%"%I%l%9$K�(B ping �$B$r;n$7$F$_$^$9!#�(B
�$B$3$l$OF0$+$J$$$O$:$G$9!#�(B
�$B$b$7�(B ping �$B$G$-$k$J$i!"$"$J$?$O%^%9%+%l!<%I$r9T$C$F$$$k$+!"�(B
IP �$B%U%)%o!<%G%#%s%0$r;H$C$F$$$k$+!"$"$J$?$O4{$K2?$i$+$N�(B
�$B%Q%1%C%H%U%#%k%?%j%s%0$r@_Dj$7$F$$$k$N$G$9!#�(B
�$B$=$l$i$rL58z$K$7$F:FEY;n$7$F$/$@$5$$!#�(B
�$B%U%#%k%?%j%s%0$,@5$7$$>uBV$K$"$k$3$H$r3NG'$7$J$1$l$P$J$j$^$;$s!#�(B
</PRE>
<HR>
<P>2.1.102 �$B$h$j?7$7$$%+!<%M%k$KBP$7$F$O!"0J2<$N%3%^%s%I$,;H$($^$9�(B -
<P>
<PRE>
echo "0" > /proc/sys/net/ipv4/ip_forward
</PRE>
<P>(�$B2?8N$+$OJ,$+$j$^$;$s$,�(B) �$B8E$$%+!<%M%k$r;H$C$F$$$k$J$i!"%U%)%o!<%I$r�(B
�$BL58z$K$7$F%+!<%M%k$r:F%3%s%Q%$%k$7$J$1$l$P$$$1$J$$$G$7$g$&�(B
(�$B%+!<%M%k$N%"%C%W%0%l!<%I$r$9$k$N$K$A$g$&$I$$$$5!2q$G$9�(B)�$B!#�(B
<P>�$B:FEY%U%!%$%"%&%)!<%k�(B (24.94.1.123) �$B$N%"%I%l%9$N30B&$K8~$1$F�(B ping �$B$r�(B
�$B;n$7$^$9!#�(B
�$BF0$$$F$O$$$1$J$$$N$G$9!#�(B
<P>�$B$3$3$^$G$r3NG'$7$?$H$3$m$G!"�(BIP �$B%U%)%o!<%G%#%s%05Z$S�(B/�$BKt$O�(B IP �$B%^%9%+%l!<%I$r�(B
�$BM-8z$K$7$^$9!#�(B
�$B$"$J$?$N�(B LAN �$B>e$N$I$s$J%7%9%F%`$+$i%$%s%?!<%M%C%H>e$N$I$N$h$&$J>l=j$K$b�(B
ping �$B$,2DG=$K$J$k$O$:$G$9!#�(B
<P>
<PRE>
echo "1" > /proc/sys/net/ipv4/ip_forward
</PRE>
<P><B>�$B=EMW$JCm0U�(B - </B>
�$B$b$7!"$"$J$?$,�(B LAN �$B>e$G!"�(B (192.168.1.* �$B$G$O$J$$�(B) "�$BK\J*$N�(B"
IP �$B%"%I%l%9$r;H$C$F$$$F!"�(B
�$B%$%s%?!<%M%C%H$X�(B ping �$B$G$-$J$$$,!"$"$J$?$N%U%!%$%"%&%)!<%k$N�(B
�$B%$%s%?!<%M%C%HB&$K$O�(B ping �$B$G$-$k>l9g$O!"@\B3@h$N�(B ISP �$B$,�(B
�$B$"$J$?$N%W%i%$%Y!<%H%M%C%H%o!<%/$N%"%I%l%9$+$i$N%Q%1%C%H$r�(B
�$B%k!<%F%#%s%0$7$F$$$k$+$I$&$+3NG'$7$F$/$@$5$$!#�(B
<P>�$B!ZLuCm�(B: �$B$3$3$G$O%f!<%6$N%^%7%sA4$F$K%0%m!<%P%k�(B IP �$B$r3d$jEv$F$F$$$k�(B
�$B>l9g$r@bL@$7$F$$$^$9!#![�(B
<P>�$B$3$NLdBj$r%F%9%H$9$k$K$O!"%$%s%?!<%M%C%H>e$NC/$+�(B
(�$BNc$($P%m!<%+%k$N%W%m%P%$%@$r;H$C$F$$$kM'?M$KMj$s$G�(B) �$B$K!"$"$J$?$N�(B
�$B%M%C%H%o!<%/$K�(B traceroute �$B$7$F$b$i$&$3$H$G$9!#�(B
traceroute �$B$K$h$k7PO)C5:w$,!"$"$J$?$,;H$C$F$$$k%W%m%P%$%@$N%k!<%?$G�(B
�$BDd;_$9$k$J$i!"%W%m%P%$%@$O$"$J$?$N%H%i%U%#%C%/$rE>Aw$7$F$$$J$$$N$G$9!#�(B
<P>�$BF0$-$^$7$?$+�(B? �$BAG@2$i$7$$!#Fq$7$$>l=j$O=*$o$j$^$7$?!#�(B:-)
<P>
<H2><A NAME="ss6.5">6.5 �$B%U%!%$%"%&%)!<%k$r0BA4$K$9$k�(B</A>
</H2>
<P>�$B%U%!%$%"%&%)!<%k$O!"$=$l$,F0:n$7$F$$$k%7%9%F%`$=$N$b$N$,!"967b$KBP$7$F�(B
�$B9-$/3+$1$CJ|$7$K$J$C$?$^$^$@$H!"$J$s$i0UL#$r$J$7$^$;$s!#�(B
"�$B0-$$E[$i�(B" �$B$O�(B �$B%U%!%$%"%&%)!<%k0J30$N%5!<%S%9$rDL$7$F�(B
�$B%"%/%;%9$7$F$7$^$$$^$9$7!"9%$->!<j$KJQ99$7$F$7$^$$$^$9!#�(B
�$BITMW$J%5!<%S%9$O$I$l$bL58z$K$7$J$1$l$P$J$j$^$;$s!#�(B
<P>/etc/inetd.conf �$B%U%!%$%k$r8+$F$/$@$5$$!#�(B
�$B$3$l$O�(B "super server" �$B$H$7$FCN$i$l$k�(B inetd �$B$r@_Dj$9$k�(B
�$B%U%!%$%k$G$9!#�(B
inetd �$B$OBt;3$N%5!<%P%G!<%b%s$r@)8f$7!"�(B"well known" �$B%]!<%H�(B
�$B$X$NMW5a%Q%1%C%H$,E~Ce$9$k$H!"$=$l$i$r%9%?!<%H$5$;$^$9!#�(B
<P>�$B!ZLuCm�(B: well known port �$B$O!"�(B TCP/UDP �$B%]!<%HHV9f�(B 1024 �$BHV0J2<$N%]!<%H$r�(B
�$B;X$7$^$9!#![�(B
<P>echo, discard, daytime, chargen, ftp, gopher, shell, login, exec, talk,
ntalk, pop-2, pop-3, netstat, systat, tftp, bootp, finger, cfinger,
time, swat �$B$=$7$F�(B linuxconfig �$BEy$OA4$FL58z$K$7$^$7$g$&!#�(B
<P>�$B%5!<%S%9$rJQ99$9$k$K$O!"%5!<%S%99T$N:G=i$NJ8;z$K�(B # �$B$rCV$-$^$9!#�(B
�$B$3$l$,:Q$s$@$i�(B <B>"kill -HUP <pid>"</B> �$B$rAw$j$^$9!#�(B
<pid> �$B$K$O!"�(Binetd �$B$N%W%m%;%9HV9f$r=q$-$^$9!#�(B
�$B$3$&$9$k$H$=$N@_Dj%U%!%$%k$r:FFI$5$;!"%7%9%F%`$rDd;_$5$;$J$$$G�(B
�$B:F%9%?!<%H$7$^$9!#�(B
<P>�$B!ZLuCm�(B: killall �$B$H$$$&%3%^%s%I$,$"$j$^$9!#�(B man killall �$B$bD4$Y$F$/$@$5$$!#�(B
killall -HUP inetd �$B$,;H$($^$9!#![�(B
<P>�$B%U%!%$%"%&%)!<%k$N�(B port 15 (netstat) �$B$KBP$7$F�(B telnet �$B$7$F$_$F$/$@$5$$!#�(B
�$B2?$+=PNO$9$k$h$&$J$i!"%5!<%S%9$OL58z$K$J$C$F$$$^$;$s!#�(B
<P>telnet localhost 19
<P>/etc/nologin �$B$H$$$&%U%!%$%k$r:n@.$9$k$3$H$b$G$-$^$9!#�(B
BUZZ OFF (�$B7R$,$J$$$N0UL#�(B) �$B$N$h$&$K!"$3$N%U%!%$%k$K$A$g$C$H$7$?%F%-%9%H$r�(B
�$B=q$-$^$9!#�(B
�$B$3$N%U%!%$%k$,B8:_$9$k$H!"�(B login �$B$O%f!<%6$N%m%0%*%s$r5v2D$7$^$;$s!#�(B
�$B%f!<%6$O$3$N%U%!%$%k$NFbMF$r8+$k$3$H$K$J$j!"%m%0%$%s$O5qH]$5$l$^$9!#�(B
root �$B$@$1$,%m%0%$%s$G$-$^$9!#�(B
<P>/etc/securetty �$B$H$$$&%U%!%$%k$bJT=8$G$-$^$9!#�(B
�$B%f!<%6$,�(B root �$B$J$i!"�(B /etc/securetty �$B$KNs5s$5$l$?�(B tty �$B$+$i$7$+�(B
�$B%m%0%$%s$G$-$^$;$s!#�(B
�$B<:GT$9$k$H!"�(B syslog �$B5!G=$G5-O?$5$l$^$9!#�(B
�$B$3$l$i$NN>J}$N%3%s%H%m!<%k$rM-8z$K$9$l$P!"%U%!%$%"%&%)!<%k$X$N%m%0%*%s$O!"�(B
root �$B$H$7$F%3%s%=!<%k7PM3$G$7$+9T$($J$/$J$j$^$9!#�(B
<P>�$B@dBP$K�(B telnet �$B$G�(B root �$B$H$7$F%m%0%$%s$7$F$O$$$1$^$;$s!#�(B
�$B%j%b!<%H�(B root �$B$rI,MW$H$9$k$J$i!"�(BSSH (Secure Shell) �$B$G%"%/%;%9$7$^$9!#�(B
telnet �$B$OL58z$K$9$Y$-$G$7$g$&!#�(B
<P>�$B?4G[@-$J?M$O!"�(Blids (Linux Intrusion Detect System �$B3d$j9~$_8!CN%7%9%F%`�(B)
�$B$r;H$&I,MW$,$"$k$+$b$7$l$^$;$s!#�(B
�$B$3$l$O�(B Linux �$B%+!<%M%k$KBP$9$k?/F~6X;_%7%9%F%`$N%Q%C%A$G$9!#�(B
�$B=EMW$J%U%!%$%k$r2~cb$+$i<i$j$^$9!#�(B
�$B$3$N;EAH$_$r;H$&$H!"�(B �$BKI8fBP>]$N%U%!%$%k$d%G%#%l%/%H%j!"99$K$=$NG[2<$N�(B
�$B%5%V%G%#%l%/%H%j$O�(B (root �$B$r4^$a$F�(B) �$BC/$bJQ99$G$-$J$/$J$j$^$9!#�(B
�$B$3$N$h$&$J0BA42=$5$l$?%U%!%$%k$rJQ99$9$k$K$O!"�(B LILO �$B$N@_Dj$G�(B security=1
�$B$r;XDj$7$F%7%9%F%`$r%j%V!<%H$5$;$J$1$l$P$J$j$^$;$s�(B
(�$B;d$J$i%7%s%0%k%f!<%6%b!<%I$G5/F0$5$;$k$G$7$g$&�(B)�$B!#�(B
<P>
<P>
<HR>
<A HREF="Firewall-HOWTO-7.html">�$B<!$N%Z!<%8�(B</A>
<A HREF="Firewall-HOWTO-5.html">�$BA0$N%Z!<%8�(B</A>
<A HREF="Firewall-HOWTO.html#toc6">�$BL\<!$X�(B</A>
</BODY>
</HTML>
