Linux IP Masquerade mini HOWTO ��Ķ��

Linux IP Masquerade mini HOWTO ��Ķ��

�@��: Ambrose Au, [1][email protected];
David Ranch, [2][email protected]
Ķ��: [3]��Ӱ� [4][email protected]

v1.50, 7 February 1999 ½Ķ��: 17-31 March 1999
_________________________________________________________________

�o��y�z�p��b�@�x Linux �D��W�_�� IP Masquerade �\��A��\�S��
�U��ں�� IP ��}��s�u�q��g�ѧA�� Linux ��s��ں��C
_________________________________________________________________

1. ²��

* 1.1 ²��
* 1.2 �e��A�^�X & �ѦҸ�T
* 1.3 ��v & �ŧi

2. �I��

* 2.1 ��O IP Masquerade?
* 2.2 �{�p
* 2.3 �֥i�H�q IP Masquerade ��q?
* 2.4 �֤��ݭn IP Masquerade?
* 2.5 IP Masquerade �O�p��B�@��?
* 2.6 �b Linux 2.2.x �W�ϥ� IP Masquerade ��ݨD
* 2.7 �b Linux 2.0.x �W�ϥ� IP Masquerade ��ݨD

3. IP Masquerade ��]�w

* 3.1 �sĶ�֤ߥ[�J IP Masquerade ��䴩
* 3.2 ��w�p�κ�� IP ��}
* 3.3 �t�m�䥦��
* 3.4 �t�m IP ��e(Forwarding)��覡
* 3.5 �� IP Masquerade

4. �䥦 IP Masquerade ��D�γn��䴩

* 4.1 IP Masquerade ��D
* 4.2 �i�J�t�Ϊ��A��(incoming services)
* 4.3 �w�䴩��Ȥ�ݳn��H�Ψ䥦�]�w�譱��`�N�ƶ�
* 4.4 IP ��޲z (ipfwadm)
* 4.5 IP �� (ipchains)
* 4.6 IP Masquerade �H�λݨD��(Demand-Dial-Up)
* 4.7 IPautofw �ʥ]��e�{��
* 4.8 CU-SeeMe �P Linux IP-Masquerade ��²�u��
* 4.9 �䥦��u��

5. �`��D�ѵ�

* 5.1 IP Masquerade ��_�M�ʺA�t�m�� IP �@�P�B�@?
* 5.2 �گ�ϥμƾھ��ADSL, �ìP�s�u��ӳs��ں��èϥ� IP
Masquerade ��?
* 5.3 IP Masquerade �䴩��ε{��?
* 5.4 �ڦp��b Redhat, Debian, Slackware ��ϥ� IP Masquerade �O?
* 5.5 �ڤɯŨ� 2.2.x ��֤ߡA�� IP Masquerade ��ΤF?
* 5.6 �ڤw�g�ɯŨ� 2.0.30 �᪺�֤ߡA�� IP Masquerade �٤��?
* 5.7 �ڵL�k� IP Masquerade �B�@! �� Windows ��x��ܶ�?
* 5.8 ��ˬd�L�کҦ��]�w�F�A��L�k� IP Masquerade �u�@�C�ڸӫ��
��?
* 5.9 �ڦp��[�J IP Masquerade �q�H�׾�?
* 5.10 �ڷQ��U IP Masquerade ��o�i�C�ڸӫ��?
* 5.11 �b��̥i��h IP Masquerade ��T?
* 5.12 �ڷQ½Ķ��󦨨䥦�y��A�ڸӫ��?
* 5.13 �o��I�L�ɤF�A�A�٦��b��@��?
* 5.14 �ڲש�� IP Masquerade ��ʤF�A�n��! �ڷQ��§A�̡A�ڸӫ��
��?

6. �䥦

* 6.1 ��Ϊ��귽
* 6.2 Linux IP Masquerade �귽
* 6.3 �P��
* 6.4 �ѦҸ��
_________________________________________________________________

1. ²��

1.1 ²��

�o��y�z�p��b�@�x Linux �D��W�_�� IP Masquerade �\��A��\�S��
�U��ں�� IP ��}��s�u�q��g�ѧA�� Linux ��s��ں��C�A��i
��O�H�A�Ӻ��s�� Linux, �]�i��O�䥦��A��O��I��I(ppp) �s�u
�C�o��N�|�j�դA�Ӻ��s�u��p�A�]��o��ӬO�̱`��רҡC

�o��ت��O�� 2.2.x �� 2.0.x í�w��֤ߪ��ϥΪ̰ѦҡC�ª��֤ߦp
1.2.x �ä��]�t�b��C

1.2 �e��A�^�X & �ѦҸ�T

�ڵo�{�s��b��s��֤ߤW�A��O 2.x �֤ߡA�]�w IP Masquerade �ɫD�`�x�b
�C��M��`��ݵ��(FAQ) �P�q�H�׾�(mailing list)�A�M�ӨS��@��o�譱
��M��F�ӥB�b�q�H�׾¤W��ǹ��o�ˤ@��(HOWTO) ��ШD�C��
�H�A�ڨM�w��g��Ҧ��s��@��@�Ӱ_�I�A�åB�Ʊ��߿j�ޥɡA�@��ǫD
�`�F�ѥ��ϥΪ̫إߤ�󪺰�¦�C�p�G�A�{��ڰ��n�A��n�b�N�i�D�ڡA
�o�˧گ�⥦��o��n�C

�o��ܦh�O�H�� Ken Eves ��`��ݵ��H�� IP Masquerade �q�H�׾¸�
�\�h��U��T��@��¦�C�S�O�P�� Mr. Matthew Driver �b�q�H�׾¤��T
��޵o�ڳ]�� IP Masquerade ��F�P�H�γ̫ἶ�g�F�o��C

�p�G�ڪ��T��~�ο�|��T�A�ЧO��N��^�X�ηN��H��
[5][email protected] �� [6][email protected] �ӡC�A��L��^�X�N�v�T
�o��󪺥��!

�o��O�Q�@��A�� IP Masquerade ��b�̵u�ɶ��B�@��ֳt��ޡC
�]��ڤ��O�@��M��@�a�A�A�i��|�o�{��󪺸�T�ëD�p�A�Q��@��
��[�C �̷s��H�θ�T�i�H�b�کҺ��@�� [7]IP Masquerade Resource ��
��W��C �p�G�A�� IP Masquerade ��޳N��D�A�Х[�J IP
Masquerade �q�H�׾¦ӧO�H�q�l�l�󵹧ڡA�]��ڪ��ɶ��A�ӥB IP
Masquerade ��o�i�̧̭󦳯�O�^��A��D�C

�o��̷s��i�H�b [8]IP Masquerade Resource �W��A�̭��]��
HTML �H�� postscript ��:
* [9]http://ipmasq.cjb.net/
* [10]http://ipmasq2.cjb.net/
* �аѦ� [11]IP Masquerade Resource �M�g��x�C�� H��䥦��M�g��x
�C

1.3 ��v & �ŧi

�o��v�ݩ� Ambrose Au 1999, �ӥB�O�K�O��C�A�i�H�b GNU ��q��
��}��v�覡�U��C

�o��󤤪��T��䥦��e��w�g�ɤF�ڳ̤j��V�O�C�L�צp��AIP
Masquerade �O��ʪ��A�ӥB�ڤ]�i��|�Ǩǿ��~�F�ҥH�A��Ӧۤv�M�w�O��O
�n�ӵ۳o��󤤪��T��C

�S��H�|��ϥγo��󤤪��T�ҳy��q��l�a�Ψ䥦�l��t�d�C�]�N�O��
�A

�@�̤κ��@�̤��̷ӳo��󤺮e�ʧ@�ҳy��l�`�t�d�C

��

This document is copyright(c) 1996 Ambrose Au, and it's a free
document. You can redistribute it under the terms of the GNU General
Public License.

The information and other contents in this document are to the best of
my knowledge. However, ip_masq is experimental, and there is chance
that I make mistakes as well; so you should determine if you want to
follow the information in this document.

Nobody is responsible for any damage on your computers and any other
losses by using the information on this document. i.e.

THE AUTHOR AND MAINTAINERS ARE NOT RESPONSIBLE FOR ANY DAMAGES
INCURRED DUE TO ACTIONS TAKEN BASED ON THE INFORMATION IN THIS
DOCUMENT.

2. �I��

2.1 ��O IP Masquerade?

IP Masquerade �O Linux ��@��\��C�p�G�@�x Linux �D��ϥ� IP
Masquerade �\��s�u��ں��W�A��򱵤W��q��]��׬O�b�P�@�Ӱϰ��
��W��ǥѼƾھ��s�u�^�]�i�H��Ĳ��ں��A�Y�ϥ��̨S��o��w��
IP ��}�C

�o�ϱo�@�ǹq��i�H��æb�h�D(gateway) �t�Ϋ᭱�s��ں��Ӥ��Q�o�{�A
�ݰ_�ӴN��u��o�Өt�Φb�ϥκ�ں��C��}�]�w�}�n��(masquerade)�t
�Τ��w��@��ӷ|��}�}�n��ʥ]�L�o��(packet filter firewall)
�ӱo��[�x��]��]��̤��S��~�^�C

2.2 �{�p

IP Masquerade �w�g�o�i�h�~��ͩ󦨼�A�]��w��֤J Linux 2.2.x ��֤�
��C �q 1.3.x ��֤߶}�l�w�g��سo��䴩�C�\�h�ӤH�Ʀܤ��q��b�ϥΥ�
�A�Ӧ��N��G�C

�s��H�λ��ñ�J(telnet)�w�g��^��ܥi�H�b IP Masquerade �W�B�@�C
�ɮ׶ǿ�(FTP)�A��(IRC) �H�β�ť Real Audio �{�b�i�H��J�Y�ǼҲհt
�X�C�䥦��Ƭy��T (streaming audio) ��O True Speech �H��
Internet Wave �]��B�@�C�@�ǳq�H�׾¤��ϥι٦�Ʀ�ٹ��չL��T�|ĳ�n
��C Ping �{�b�t�X�s��i�H��o��ں��T��w(ICMP)�׸�ɤ]��B
�@�C

�󧹾㪺�䴩�n��C��аѦ� 4.3 �`�C

IP Masquerade �b�ƺؤ��P��@�~�t�ΤΥ��O�W�P '�Ȥ�ݾ��' �t�X�}�n�C ��
�\��רҦ��ϥ� Unix, Windows95, Windows NT, Windows for Workgroup
(with TCP/IP package), OS/2, Macintosh System's OS with Mac TCP, Mac
Open Transport, DOS with NCSA Telnet package, VAX, Alpha with Linux, ��
�� Amiga with AmiTCP �� AS225-stack ��t�ΡC �o�C��٦b��_�W�[��C��
�I�N�O�A�u�n�A��t�Ψϥ� TCP/IP ��w�A��N��ӯ�M IP Masquerade �@�_�u
�@�C

2.3 �֥i�H�q IP Masquerade ��q?

* �p�G�A��x�s��ں�� Linux �D��A�ӥB
* �p�G�A��@�ǰ�� TCP/IP �s�� Linux ��q��b�ϰ��W�A�H��/
�άO
* �p�G�A�� Linux �D��@�ӥH�W��ƾھ��åB�@�� PPP �� SLIP ��A��s
��䥦�q��A��
* �o�Ǩ䥦��S��w�� IP ��}�C�]�o�Ǿ��q�o�̶}�l�H��N�٬�
�䥦��^
* �ӥB��M�A�p�G�A�Ʊ�o�Ǩ䥦��B�~��O�δN��s�W��ں��
:)

2.4 �֤��ݭn IP Masquerade?

* �p�G�A��O��W�@�x(stand-alone) �s��ں�� Linux �D��A��
�� IP Masquerade �S��N�q�A�Ϊ�
* �p�G�A��䥦��֦��w�� IP ��}�A��A�N��ݭn IP
Masquerade
* �ӥB��M�A�p�G�A��w�K�O�ϥ�(free ride) �o�ӥD�N��ܡC

2.5 IP Masquerade �O�p��B�@��?

�`�� Ken eves �� IP Masquerade FAQ:
�o�O�j��²�檺�]�w��:

SLIP/PPP +------------+ +-------------+
to provider | Linux | SLIP/PPP | Anybox |
<---------- modem1| |modem2 ----------- modem | |
111.222.333.444 | | 192.168.1.100 | |
+------------+ +-------------+

�W��Ϥ��@�x�w�˨ð�� ip_masquerading �� Linux
��ϥ� modem1 �g�� SLIP/or/PPP �s��ں��C��@��
��w�� IP ��} 111.222.333.444�C��]�w modem2 ��\��
ñ�J�ð_�l SLIP/or/PPP �s��C

�ĤG�Өt�Ρ]��O�� Linux ��t�Ρ^��i�J Linux
��ð_�l SLIP/or/PPP �s��C��b��ں��W�èS��w��
IP ��}�ҥH��ϥ� 192.168.1.100�C�]�Ѿ\�U�z�^

�t�X ip_masquerade �ξA��e�t�m(routing configured)
Anybox �o�x��i�H��ں��y�N�p�P��u��s�b�W��
�]��F�ּƨҥ~�^�C

�`�� Pauline Middelink:
�O�ѰO�� ANYBOX ��ӧ� Linux ��@��h�D�]�L�׬O
�w�]��e��|�Υu�O�Ӥl��S��Y�^�C�p�G ANYBOX ��
�o�˳]�A Linux ��Ӭ��Ҧ��n��e��}��N�z��}�ѪR
�R��w(proxy arp) �A�ȡA��N�z��}�ѪR��]�w�W�L�o��
��d��C

�U��`�� comp.os.linux.networking ��@�g��i�åB�y�[�s��H
�ŦX�W�z�d�Ҫ��ε�:

�C�ڧi�D ANYBOX �o�x��] slip �� linux ��O��h�D�C
�C��@�ӫʥ]�q ANYBOX �i�J linux ��ɡA��|��w�s��ӷ��
��(source port number)�A�⥦�ۤv�� ip ��}��J�ʥ]��Y��
�x�s��Ӫ��C�M�ᥦ�N�|�ǥ� SLIP/or/PPP �ɭ��ק�L��ʥ]
�e�W��ں��C
�C��@�ӫʥ]�q��ں��Ө� linux ��ɡA�p�G�𸹬O�W��w
��䤤�@�ӡA��N�|��X��Ӫ��𸹥H�� ip ��}�A�⥦�̩�^��
�]��Y�A�åB��ʥ]�e�� ANYBOX �C
�C�e�X�ʥ]��D��N�û��D�䤤��t�O�C

�@�� IP Masquerading ��Ҥl:

�U��ϥܬO�嫬��Ҥl:-

+----------+
| | Ethernet
| abox |::::::
| |2 :192.168.1.x
+----------+ :
: +----------+ PPP
+----------+ : 1| Linux | link
| | ::::| masq-gate|:::::::::// Internet
| bbox |:::::: | |
| |3 : +----------+
+----------+ :
:
+----------+ :
| | :
| cbox |::::::
| |4
+----------+

<-Internal Network->

�b�o�ӨҤl��ڭ̦Ҽ{�|�x�q��t�Ρ]�Q��k��٦��ǪF��A��ں�
�� IP �s�u��s��A�H�Τ@�ǡ]��W�L�o�@��^�b��ں��W�A��洫
��T��F��^�C �o�� Linux �t�� masq-gate �O abox, bbox, cbox ��
��s��ں��˹h�D�C ��ϥΫ��w��p��(private) ��}�A�b
�o�ӮרҤ��O class C �� 192.168.1.0, Linux ��֦��} 192.168.1.1
�Ө䥦�t�Τ]�֦��W��}�C

�o�T�x�� abox, bbox �H�� cbox (��̥i�H��@�~�t�� O
Windows 95, Macintosh MacTCP �άƦܬO�t�@�x Linux ��A�u�n��̯�F��
IP)�i�H�s�u��ں��W��䥦��h�A�M�ӳo�Ӱ��˨t�ιh�D masq-gate ��
��̩Ҧ��s�u�ҥH�o�ǳs�u�ݰ_�ӹ��O�쥻�Y�q��˹h�D masq-gate ��o
�X��A�ӥB�٦w�ư��˳s�u�Ǧ^��^��t�� ҥH�b��W��
�t�άݨ쪺�O��q��ں��e��|�ӥB��D�L�̪��ƳQ��˹L�C

2.6 �b Linux 2.2.x �W�ϥ� IP Masquerade ��ݨD

** �аѦ� [12]IP Masquerade Resource �H��o�̷s��T�C**

* 2.2.x ��֤ߪ��l�{��X�i�q [13]http://www.kernel.org/ ��o�C
(�j��{�N��o��M��p Red Hat 5.2 - �t�ƤF 2.0.36 ��֤� - �w��F
�Ҳդƪ��֤ߡA�B�Ҧ� IP Masquerade �һݪ��ﶵ��w��}�C �o�ر��ΤU
�A�w�S��n�A�ۦ�sĶ�C�p�G�A�ۤv�ɯŮ֤ߡA�A��`�N�A�ݭn��A�b
��y��|��C)
* �i��J��֤߼ҲաA�̦n�O 2.1.121 �ΥH�᪺��
* �]�w�}�n�� TCP/IP ��
��b [14]Linux NET-3 HOWTO �� [15]Network Administrator's
Guide
�]�аѦ� [16]Trinity OS Doc, �O�@��D�`��㪺 Linux ��Ѧҫ��ޡC
* �N�A�� Linux �D��s�W��ں��
�� [17]Linux ISP Hookup HOWTO, [18]Linux PPP HOWTO,
[19]Linux DHCP mini-HOWTO �� [20]Linux Cable Modem mini-HOWTO
* IP Chains 1.3.8 �Χ�s��C�i�q
[21]http://www.rustcorp.com/linux/ipchains/ ��o�C
��ݨD��h��T�]�b [22]Linux IP Firewalling Chains page�C
* �䥦��T�A�Ш� [23]Linux IP Masquerade Resource

2.7 �b Linux 2.0.x �W�ϥ� IP Masquerade ��ݨD

** �аѦ� [24]IP Masquerade Resource �H��o�̷s��T�C**

* �֤� 2.0.x ��l�{��X�i�H�q�o�̨��o [25]http://www.kernel.org/
(�j��{�N��o��M��p Red Hat 5.2 - �t�ƤF 2.0.36 ��֤� - �w��F
�Ҳդƪ��֤ߡA�B�Ҧ� IP Masquerade �һݪ��ﶵ��w��}�C �o�ر��ΤU
�A�w�S��n�A�ۦ�sĶ�C�p�G�A�ۤv�ɯŮ֤ߡA�A��`�N�A�ݭn��A�b
��y��|��C)
* �i��J�֤߼ҲաA�̦n�O 2.0.0 �Χ�s��A�i�H�q�o�̨��o
[26]http://www.pi.se/blox/modules/modules-2.0.0.tar.gz
(�ܤֻݭn modules-1.3.57)
* �]�w�n�� TCP/IP ��
��b [27]Linux NET-3 HOWTO �� [28]Network Administrator's
Guide
�]�аѦ� [29]Trinity OS Doc, �O�@��D�`��㪺 Linux ��Ѧҫ��ޡC
* �N�A�� Linux �D��s�W��ں��
�� [30]Linux ISP Hookup HOWTO, [31]Linux PPP HOWTO,
[32]Linux DHCP mini-HOWTO �� [33]Linux Cable Modem mini-HOWTO
* Ipfwadm 2.3 �Χ�s��i�H�q�o�̨��o
[34]ftp://ftp.xos.nl/pub/linux/ipfwadm/ipfwadm-2.3.tar.gz �b Linux
Ipfwadm ��W��h��󪩥��T [35]Linux IPFWADM page
* �A�i�H��ܩʦa�[�W�@�� IP Masquerade �׸�ɥH�W�[�䥦�\��C �q�o��
�i�H��h��T�A [36]IP Masquerade Resources (�o�ǭ׸�ɾA�Ω��
�� 2.0.x �֤�)

3. IP Masquerade ��]�w

�p�G�A��p�κ��̦��󭫭n��T�A�b�ϥ� IP Masquerade ��e�ФT��
�C�o�i�ন��A�q��ں��h�D�A�Ϥ��M�A�]�i�ন��t�@�䪺�@�ɶi
�J�A�p�κ��~�|�C

3.1 �sĶ�֤ߥ[�J IP Masquerade ��䴩

�p�G�A�� Linux �o��M��w�g�N�U��N��쪺�һݯS�ʤμҲսsĶ�i�h��
��(�j��Ҳդƪ��֤ߦ��A�һݪ��F��)�A��A��ݭn��s�sĶ�֤ߡC ��
�L��Q��ĳ�AŪ�@Ū��`�A�]��]�t�F�䥦��Ϊ��T�C

Linux 2.2.x ��֤�

* ��A�A�ݭn 2.2.x ��֤ߪ��l�{��X�C
* �p�G�o�O�A�Ĥ@��sĶ�֤ߡA��n�`�ȡC �ƹ�W�A�o�D�`�e��ӥB�[�\��
[37]Linux Kernel HOWTO�C
* �H�o�ӫ��O: tar xvzf linux-2.2.x.tar.gz -C /usr/src �N�֤߭�l�X��
�}�� /usr/src/, �䤤 x �O 2.2 ��᪺�׸ɼh��(�T�w��@�s linux ��
��βŸ��s��)�C
* �[�W�A��׸ɡC�]��s��׸�ɤ��_�X�ӡA�ҥH�Ӹ`��|�]�t�b�o�̡C ��
�s��T�аѦ� [38]IP Masquerade Resources�C
* ��sĶ�֤ߧ�i�@�B��наѦ� Kernel HOWTO �H�ή֤߭�l�{��X��
��̪� README �ɮסC
* �o�̬O�A�n�sĶ�i�h��ﶵ:
�U�C�ﶵ�n�^�� YES:

* Prompt for development and/or incomplete code/drivers
CONFIG_EXPERIMENTAL
- �o�N��A��ܧ��ʪ� IP Masquerade �{��X�sĶ��֤߸̥h

* Enable loadable module support
CONFIG_MODULES
- ��A��J ipmasq ��Ҳզp ip_masq_ftp.o

* Networking support
CONFIG_NET

* Network firewalls
CONFIG_FIREWALL

* TCP/IP networking
CONFIG_INET

* IP: forwarding/gatewaying
CONFIG_IP_FORWARD

* IP: firewalling
CONFIG_IP_FIREWALL

* IP: masquerading
CONFIG_IP_MASQUERADE

* IP: ipportfw masq support
CONFIG_IP_MASQUERADE_IPPORTFW
- ��ĳ�[�J

* IP: ipautofw masquerade support
CONFIG_IP_MASQUERADE_IPAUTOFW
- �i��

* IP: ICMP masquerading
CONFIG_IP_MASQUERADE_ICMP
- �䴩�� ICMP �ʥ]�A��ĳ�[�J

* IP: always defragment
CONFIG_IP_ALWAYS_DEFRAG
- ��׫�ĳ�ϥ�

* Dummy net driver support
CONFIG_DUMMY
- ��ĳ�[�J

* IP: ip fwmark masq-forwarding support
CONFIG_IP_MASQUERADE_MFW
- �i��

�`�N: �o�u��L�O�A�] IP Masquerade �һݪ��ءA�䥦��ӧA�һݪ��
��ܡC
* �b�sĶ��֤ߤ��A�A�ݭn�sĶ�Φw�˼Ҳ�:

make modules; make modules_install

* �M��U��X��[��A�� /etc/rc.d/rc.local �ɮ� (�Ψ䥦�A�{��A��
�ɮ�)��H�K��C��}��ɦ۰ʸ��J�� /lib/modules/2.2.x/ipv4/ ��
��:

.
.
.
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
(�H�Ψ䥦��Ҳզp ip_masq_cuseeme, ip_masq_vdolive,
�p�G�A��[�W�o�ǭ׸ɪ��)
.
.
.

��n: IP ��e�\��b 2.2.x ��֤ߤ��w�]�O��A�нT�w�A�H��O�N
�䥴�}:

echo "1" > /proc/sys/net/ipv4/ip_forwarding

�� Red Hat ��ϥΪ̨ӻ��A�A�i�H�� /etc/sysconfig/network ��
FORWARD_IPV4=false �令 FORWARD_IPV4=true�C
* ��s�Ұ� Linux �D��C

Linux 2.0.x Kernels

* ��A�A�ݭn�֤ߪ��l�{��X(�̦n�O�̷s�� 2.0.36 �ΥH�W��)�C
* �p�G�o�O�A�Ĥ@��sĶ�֤ߡA��n�`�ȡC �ƹ�W�A�o�D�`�e��ӥB�[�\��
[39]Linux Kernel HOWTO�C
* �H�o�ӫ��O: tar xvzf linux-2.0.x.tar.gz -C /usr/src �N�֤߭�l�X��
�}�� /usr/src/, �䤤 x �O 2.0 ��᪺�׸ɼh��(�T�w��@�s linux ��
��βŸ��s��)�C
* �[�W�A��׸ɡC�]��s��׸�ɤ��_�X�ӡA�ҥH�Ӹ`��|�]�t�b�o�̡C ��
�s��T�аѦ� [40]IP Masquerade Resources�C
* ��sĶ�֤ߧ�i�@�B��наѦ� Kernel HOWTO �H�ή֤߭�l�{��X��
��̪� README �ɮסC
* �o�̬O�A�n�sĶ�i�h��ﶵ:
�U�C�ﶵ�n�^�� YES:

* Prompt for development and/or incomplete code/drivers
CONFIG_EXPERIMENTAL
- �o�N��A��ܧ��ʪ� IP Masquerade �{��X�sĶ��֤߸̥h

* Enable loadable module support
CONFIG_MODULES
- ��A��J�Ҳ�

* Networking support
CONFIG_NET

* Network firewalls
CONFIG_FIREWALL

* TCP/IP networking
CONFIG_INET

* IP: forwarding/gatewaying
CONFIG_IP_FORWARD

* IP: firewalling
CONFIG_IP_FIREWALL

* IP: masquerading (EXPERIMENTAL)
CONFIG_IP_MASQUERADE
- �o��M�O��ʪ��A��o�O *��* ��

* IP: ipautofw masquerade support (EXPERIMENTAL)
CONFIG_IP_MASQUERADE_IPAUTOFW
- ��ĳ�[�J

* IP: ICMP masquerading
CONFIG_IP_MASQUERADE_ICMP
- �䴩�� ICMP �ʥ]�A�i��

* IP: always defragment
CONFIG_IP_ALWAYS_DEFRAG
- ��׫�ĳ�ϥ�

* Dummy net driver support
CONFIG_DUMMY
- ��ĳ�[�J

�`�N: �o�u��L�O�A�] IP Masquerade �һݪ��ءA�䥦��ӧA�һݪ��
��ܡC
* �b�sĶ��֤ߤ��A�A�ݭn�sĶ�Φw�˼Ҳ�:

make modules; make modules_install

* �M��U��X��[��A�� /etc/rc.d/rc.local �ɮ� (�Ψ䥦�A�{��A��
�ɮ�)��H�K��C��}��ɦ۰ʸ��J�� /lib/modules/2.0.x/ipv4/ ��
��:

.
.
.
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
(�H�Ψ䥦��Ҳզp ip_masq_cuseeme, ip_masq_vdolive,
�p�G�A��[�W�o�ǭ׸ɪ��)
.
.
.

��n: IP ��e�\��b 2.0.34 ��᪺�֤ߤ��w�]�O��A�нT�w�A�H��
�O�N�䥴�}:

echo "1" > /proc/sys/net/ipv4/ip_forwarding

�� Red Hat ��ϥΪ̨ӻ��A�A�i�H�� /etc/sysconfig/network ��
FORWARD_IPV4=false �令 FORWARD_IPV4=true�C
* ��s�Ұ� Linux �D��C

3.2 ��w�p�κ�� IP ��}

�]��Ҧ��䥦��S��w��}�A��ӥ��T��覡�Ӥ��t��}��o
�Ǿ��C

�`�� IP Masquerade FAQ:

�� RFC (#1597, �{�b�i��w�L�ɤF) �O��S��P�~�ɳs�u��ӨϥΤ��
IP ��}�C��T�ӼƦr�϶�O�S�O��o�ӥت��ӫO�d��C�䤤�@�ӧڨϥΪ��O
192.168.1.n �� 192.168.255.n �� 255 Class-C �l��C

�`�� RFC 1597:

�ĤT�`: �p�Φ�}�Ŷ�

��ں��}��w��(IANA: Internet Assigned Numbers Authority)
�w�g�O�d�U�C�T�Ӱ϶� IP ��}�Ŷ��p�κ��:

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

�ڭ̱N�ٲĤ@�Ӱ϶� "24�줸�϶�"�A�ĤG�Ӭ� "20�줸�϶�"�A
�ӲĤT�ӫh�٬� "16�줸�϶�"�C�`�N��Ĥ@�Ӱ϶�N�u�O��
class A ��X�A�ĤG�Ӱ϶�h�O�s�� 16 �� class B ��
��X�A�ӲĤT�Ӱ϶�O�@�� 255 �ӳs�� class C ��X�C

�ҥH�A�p�G�A�n�ϥΤ@�� class C ��ܡA��A��ӥH
192.168.1.1, 192.168.1.2, 192.168.1.3, ..., 192.168.1.x �ӦW��C

192.168.1.1 �q�`�O�h�D�o�x��A�b��Y�A�s�W��ں�� Linux �D��C�`�N
192.168.1.0 �H�� 192.168.1.255 ��O��H�μs��}�A�O�O�d��C�קK�b
�A��W�ϥγo�Ǧ�}�C

3.3 �t�m�䥦��

��F��C�x��]�w�A�� IP ��}��~�A�A�]��ӳ]�w�A��h�D�C�@�뻡��
�A�o�O�D�`��F��C�A�u��²��a��J Linux �D��}(�q�`�O
192.168.1.1)�@��h�D��}�C

��W�٪A�ȡA�A�i�H�[�J�� DNS �t�ΡC�̥i�઺��ӬO�A Linux �ϥ�
��@�ӡC�A�]�i�H��ܩʦa�[�W��r��(domain suffix) �C

�b�A��s�t�m�o�� IP ��}��A�O�o��s�ҰʾA��A�ȩάO��s�}��C

�U��t�m�d�Ұ��]�A�ϥΤ@�� Class C ��åB�H 192.168.1.1 �@�� Linux
�D��}�C�Ъ`�N 192.168.1.0 �� 192.168.1.255 �O�O�d��C

�t�m Windows 95

1. �p�G�A�٨S��w�˺��d�H�άɭ��X�ʵ{��A�{�b��C
2. �� '��x/��' �̥h�C
3. �p�G�A��t�m�̨S�� 'TCP/IP ��w' �h�[�i�h�C
4. �b'TCP/IP ��e'��A��'IP ��}'�åB�� IP ��}�]�w��
192.168.1.x,(1<x<255) �A�åB��l��B�n�]�� 255.255.255.0
5. �b'�q�T�h'��[�J 192.168.1.x �@��A��h�D�C
6. �b'DNS �t�m'/'DNS ��A��'�U�[�J�A�� Linux �D��ϥΪ� DNS (�q�`�i�H
�b /etc/resolv.conf �̧��)�C�A�i�H��ܩʦa�[�J�A��r��j�M��
�ǡC
7. ��n�ܧ��䥦�]�w�A��D�A��D�ۤv�b��C
8. �b�Ҧ��ܲ��U'�T�w'�åB��s�Ұʨt�ΡC
9. ��պ��s�u�APing �A�� linux �D��: �q'�}�l/��'�A��J ping
192.168.1.1
(�o�u�O�ϰ��s�u��աA�A�{�b�٤�� ping �~��@�ɡC)
10. �A�i�H�b windows �ؿ��U��ܩʦa�إߤ@�� HOSTS �ɮסA�p��A�i�H�ϥ�
�ϰ��̪��W�١C�b windows �ؿ��̦��Ӻ٬� HOSTS.SAM ��d�ҡC

�t�m Windos for Workgroup 3.11

1. �p�G�A�٨S��w�˺��d�H�άɭ��X�ʵ{��A�{�b��C
2. �p�G�A�٥��w�� TCP/IP 32b �M�󪺸ܴN�˧a�C
3. �b 'Main'/'Windows Setup'/'Network Setup', ��U 'Drivers'�C
4. �N 'Network Drivers' �̪� 'Microsoft TCP/IP-32 3.11b' �ϥաA��U
'Setup'�C
5. �]�w IP ��}�� 192.168.1.x (1 < x < 255), �M��]�w Subnet Mask ��
255.255.255.0 �H�� Default Gateway �� 192.168.1.1�C
6. ��n�}�� 'Automatic DHCP Configuration' �æb 'WINS Server' ��J��
��F��A��D�A�b�@ Windows NT ��줤�ӥB�A��D�A�b��C
7. ��U 'DNS', ��J�b 3.3.1 �p�`��B�J��쪺��T�A�M��b�A��U
'OK' �s�C
8. ��U 'Advanced', �p�G�A�ϥ�� 3.3.1 �p�`�B�J�Q��D��ɮסA��
�� 'Enable DNS for Windows Name Resolution' �� 'Enable LMHOSTS
lookup'�C
9. �b�Ҧ��ܲ�� 'OK' �í��s�Ұʨt�ΡC
10. Ping �@�U�A�� Linux �D��H��պ��s��: �b 'File/Run' ��J: ping
192.168.1.1
(�o�u��L�O�ϰ��s��աA�A�٤�� ping ��~��@��)�C

Configuring Windows NT

1. �p�G�A�٨S��w�˺��d�H�άɭ��X�ʵ{��A�{�b��C
2. �� 'Main'/'Control Panel'/'Network'�C
3. �p�G�A�٨S�� TCP/IP �A�Ȫ��ܱq 'Add Software' ��椤�[�J TCP/IP ��
�w�ά��C
4. �b 'Network Software and Adapter Cards' �̱N 'Installed Network
Software' ��ܲ�� 'TCP/IP ��w' �ϥաC
5. �b 'TCP/IP Configuration'�A��ܾA��ɭ��X�ʵ{��A�Ҧp�A[1]Novell
NE2000 Adapter�C�M��]�w IP ��}�� 192.168.1.x (1 < x < 255)�A�M��
�]�w Subnet Mask �� 255.255.255.0 �H�� Default Gateway ��
192.168.1.1�C
6. ��n�}�� 'Automatic DHCP Configuration' �æb 'WINS Server' ��J��
��F��A��D�A�b�@ Windows NT ��줤�ӥB�A��D�A�b��C
7. ��U 'DNS', ��J�b 3.3.1 �p�`��B�J��쪺��T�A�M��b�A��U
'OK' �s�C
8. ��U 'Advanced', �p�G�A�ϥ�� 3.3.1 �p�`�B�J�Q��D��ɮסA��
�� 'Enable DNS for Windows Name Resolution' �� 'Enable LMHOSTS
lookup'�C
9. �b�Ҧ��ܲ�� 'OK' �í��s�Ұʨt�ΡC
10. Ping �@�U�A�� Linux �D��H��պ��s��: �b 'File/Run' ��J: ping
192.168.1.1
(�o�u��L�O�ϰ��s��աA�A�٤�� ping ��~��@��)�C

�t�m UNIX �t�C��t��

1. �p�G�A�٥��w�˧A��d�åH�A��ɭ��X�ʵ{��s�sĶ�A��֤ߡA�{
�b�N��a�C
2. �w�� TCP/IP ��A��O nettools �M��A�p�G�A�٨S�˪��ܡC
3. �N IPADDR �]�� 192.168.1.x (1 < x < 255), �M��N NETMASK �]��
255.255.255.0, GATEWAY �]�� 192.168.1.1, �H�� BROADCAST �]��
192.168.1.255�C
�Ҧp�A�b Red Hat Linux �t�ΤW�A�i�H�s��
/etc/sysconfig/network-scripts/ifcfg-eth0�A�Ϊ��q Control Panel
�̰��C
(�b SunOS, BSDi, Slackware Linux, ��ۦP...)
4. �N�A��W�٦��A��λ��j�M�r��[�� /etc/resolv.conf�C
5. �̾ڧA��]�w�A�i��n��s�A�� /etc/networks �ɮסC
6. ��s�ҰʾA��A�ȡA��²�檺��s�}��C
7. �o�X ping ��O: ping 192.168.1.1 �H��ը�A�� gateway ��s��
�C
(�o�u��L�O�ϰ��s��աA�A�٤�� ping ��~��@��)�C

�t�m�ϥ� NCSA Telnet �M�� DOS ��

1. �p�G�A�٨S��w�˺��d�A�{�b��C
2. ��J�A��ʥ]�X�ʵ{��C�� NE2000 �d�ӻ��A�p�G�A��d�]�w�� IRQ
10 �εw��}�� 0x300�A�� nwpd 0x60 10 0x300�C
3. �إߤ@�s�ؿ��A�M��Ѷ} NCSA Telnet �M��: pkunzip tel2308b.zip
4. �ϥΤ�r�s�边��} config.tel �ɮסC
5. �]�w myip=192.168.1.x (1 < x < 255), �H�� netmask=255.255.255.0�C
6. �b��Ҥl��A�A��ӳ]�w hardware=packet, interrupt=10, ioaddr=60�C
7. �A�ܤ֭n��@��W��]�w�� gateway�A�]�N�O Linux �D��:

name=default
host=yourlinuxhostname
hostip=192.168.1.1
gateway=1

8. �٭n��t�~�@�ӫ��w��W�٪A��:

name=dns.domain.com ; hostip=123.123.123.123; nameserver=1

�`�N: �ΧA Linux �D��ϥΪ� DNS ��A��T�Ө��N�C
9. �x�s�A�� config.tel �ɮסC
10. Telnet ��A�� Linux �D��H��պ��s��: telnet 192.168.1.1

�t�m�� MacTCP �� MacOS ��

1. �p�G�A�٨S��A��A�Ӻ��౵��w�˾A��X�ʵ{��A�̦n�{�b�N�@�C
2. ��} MacTCP control panel�A��ܾA��X�ʵ{��(Ethernet, �ӫD
EtherTalk) �ë��U 'More...' �s�C
3. �b 'Obtain Address:', �� 'Manually'�C
4. �b 'IP Address:' �U�A�q�u�X��椤�� class C�C��ܲ��䥦��
��C
5. �b 'Domain Name Server Information:' ��J�A��T�C
6. �b 'Gateway Address:' ��A��J 192.168.1.1�C
7. ��U 'OK' �H�x�s�]�w�C�b MacTCP control panel ��D��A�b 'IP
Address:' ��J�A Mac �� IP ��} (192.168.1.x, 1 < x < 255)�C
8. �� MacTCP control panel�C�p�G��u�X��A��s�}��A��N��a
�C
9. �A�i�H ping �@�U�A�� Linux �D�ӨӴ��պ��s�u�C�p�G�A�� MacTCP
Watcher �K�O�{��A��U 'Ping' �s�A�M��b�u�X��ܲ��J�A��
Linux �D��a�}(192.168.1.1)�C(�o�u��L�O�ϰ��s��աA�A��
�� ping ��~��@�ɡC)
10. �A�i��ܩʦa�b System Folder ��إߤ@ Hosts �ɮץH�K�A�i�H�ϥΧA��
��̾��D��W�١C �o��ɮץi��w�g�s�b��A�� System Folder
�̡A�ӥB��ӷ|�]�t�@��(��ѱ��)�d�Ҷ��ئӧA�i�H�ھڧA��ݭn�ӭ�
��C

�t�m�� Open Transport �� MacOS �t��

1. �p�G�A�٨S��A��A�Ӻ��౵��w�˾A��X�ʵ{��A�̦n�{�b�N�@�C
2. ��} TCP/IP Control Panel �M��q Edit ��椤�� 'User Mode ...'�C
�T�w�ϥΪ̼Ҧ��ܤ֬O 'Advanced' �M��U 'OK' �s�C
3. �q File ��椤�� 'Configurations...'�C�� 'Default' �t�m�ë��U
'Duplicate...' �s�C�b 'Duplicate Configuration' ��ܲ��J 'IP
Masq' (�άO�䥦��A��D�o�O�ӯS��t�m��r��)�A��i��|��O
'Deafault copy' ��򪺡C�M��U 'OK' �s�A�H�� 'Make Active' �s�C
4. �q 'Connect via:' �u�X��椤�� 'Ethernet'�C
5. �q 'Configure:' �u�X��ܾA��ءC�p�G�A��D��ӿ擄��A
�A�i��ӭ��s��ܧA�� 'Default' �t�m�M��}�C�ڥΪ��O 'Manually'
�C
6. �b 'IP Address:' ��J�A�� Mac �� IP ��} (192.168.1.x, 1 < x <
255)�C
7. �b 'Subnet mask:' ��J 255.255.255.0�C
8. �b 'Router address:' ��J 192.168.1.1 �C
9. �b 'Name server addr.:' ��J�A��W�٦��A�� IP ��}�C
10. �b 'Implicit Search Path:' �̪� 'Starting domain name' ��J�A��
��W��(�Ҧp 'microsoft.com')�C
11. ��U�Ӫ��B�J�O��ܩʪ��C��T��ȥi��ɭP�Y��~�欰�C�p�G�A��
�T�w�A�̦n�d�U�ťաA��n�Ŀ�C�p�G�ݭn��ܡA��h��줤��
�T�C�N�ڥثe�Ҫ��S��k�b TCP/IP ��ܵ��i�D�t�Τ��n�ϥΥH�e��
�L��t�@ "Hosts" �ɮסC�p�G�A��D��ܡA�ګܦ��F�ѡC�p�G�A��
�ݭn 802.3 �ج[��ܴN�Ŀ� '802.3'�C
12. ��U 'Options...' �H�T�w TCP/IP ��@�ΡC�ڨϥ� 'Load only when
needed' �ﶵ�C�p�G�A��õ�� TCP/IP ��ε{��\�h��ӥ��s�ҰʧA
��A�A�N�o�{�� 'Load only when needed' �|��/��C�A��O
��޲z�į�C��惡��رN�� TCP/IP ��w�`�O�Q��J�K��ϥΡC�p�G��
��F�ATCP/IP ��w�|�۰ʦb�ݭn�ɸ��J�æb��ݭn��C��J�P��񪺹L
�{�i��ϧA��O��ܪ��H��C
13. �A�i�H ping �@�U�A�� Linux �D�ӨӴ��պ��s�u�C�p�G�A�� MacTCP
Watcher �K�O�{��A��U 'Ping' �s�A�M��b�u�X��ܲ��J�A��
Linux �D��a�}(192.168.1.1)�C(�o�u��L�O�ϰ��s��աA�A��
�� ping ��~��@�ɡC)
14. �A�i�H�b System Folder ��إߤ@ Hosts �ɮץH�K�A�i�H�ϥΧA�ϰ��
�̾��D��W�١C�o��ɮץi��w�g��٥��s�b��A�� System Folder ��
�C�p�G��ܡA��ӷ|�]�t�@��(��ѱ��)�d�Ҷ��ئӧA�i�H�ھڧA��
�n�ӭק�C�p�G�٨S��ܡA�A�i�H�q�@��b�B�@ MacTCP ��t�Τ��^
�A�Φۤv�ؤ@��(��` Unix �� /etc/hosts �ɮ׮榡�A�b RFC 952 ��y
�z)�C�@��A�إߤF�o��ɮסA��} TCP/IP control panel�A��U 'Select
Hosts File...' �s�A�M�ᥴ�} Hosts �ɮסC
15. ��ܲ��αq File ��椤�� 'Close' �� 'Quit' �M��U 'Save' �H
�x�s�A�Ұ��ܡC
16. �o�ǧ��ܷ|�ߨ�ͮġA��s�}��]�L�`�C

�t�m�ϥ� DNS �� Novell ��

1. �p�G�A�٨S��A��A�Ӻ��౵��w�˾A��X�ʵ{��A�̦n�{�b�N�@�C
2. �q [41]ftp.novell.com/pub/updates/unixconn/lwp5 ��^ tcpip16.exe�C
3.
�s�� c:\nwclient\startnet.bat
: (here is a copy of mine)
SET NWLANGUAGE=ENGLISH
LH LSL.COM
LH KTC2000.COM
LH IPXODI.COM
LH tcpip
LH VLM.EXE
F:
4.
�s�� c:\nwclient\net.cfg
: (�N�X�ʵ{��אּ�A��A i.e. NE2000)
Link Driver KTC2000
Protocol IPX 0 ETHERNET_802.3
Frame ETHERNET_802.3
Frame Ethernet_II
FRAME Ethernet_802.2

NetWare DOS Requester
FIRST NETWORK DRIVE = F
USE DEFAULTS = OFF
VLM = CONN.VLM
VLM = IPXNCP.VLM
VLM = TRAN.VLM
VLM = SECURITY.VLM
VLM = NDS.VLM
VLM = BIND.VLM
VLM = NWP.VLM
VLM = FIO.VLM
VLM = GENERAL.VLM
VLM = REDIR.VLM
VLM = PRINT.VLM
VLM = NETX.VLM

Link Support
Buffers 8 1500
MemPool 4096

Protocol TCPIP
PATH SCRIPT C:\NET\SCRIPT
PATH PROFILE C:\NET\PROFILE
PATH LWP_CFG C:\NET\HSTACC
PATH TCP_CFG C:\NET\TCP
ip_address xxx.xxx.xxx.xxx
ip_router xxx.xxx.xxx.xxx
5. �̫�إ�
c:\bin\resolv.cfg
:
SEARCH DNS HOSTS SEQUENTIAL
NAMESERVER 207.103.0.2
NAMESERVER 207.103.11.9
6. �ڧƱ�o�ǬY�Ǩϥ� Novell ��H��U�C�٦��A�o�� Netware 3.1x
�� 4.x ��ΡC

�t�m OS/2 Warp

1. �p�G�A�٨S��A��A�Ӻ��౵��w�˾A��X�ʵ{��A�̦n�{�b�N�@�C
2. �p�G�A�٨S�� TCP/IP �q�T��w��ܲ{�b�N�ˡC
3. �}�� Programms/TCP/IP (LAN) / TCP/IP �]�w
4. �b 'Network' ��[�W�A�� TCP/IP ��}�ó]�w�A�� netmask
(255.255.255.0)
5. �b 'Routing' ��U 'Add'�C�N Type ��]�w�� 'default' �æb
'Router Address' ��줤��J�A�� Linux �D�� IP ��} (192.168.1.1)
�C
6. �N 'Hosts' ��]�w�P�A�� Linux �D��ϥάۦP�� DNS (�W�٦��A��)��}
�C
7. �� TCP/IP ��x�C�b��U�Ӫ��D��^�� yes�C
8. ��s�ҰʧA��t��
9. �A�i�H ping �A�� Linux �D��H��պ��t�m�C�b 'OS/2 �R�O��' �W��
�J 'ping 192.168.1.1'�C�p�G�� ping �ʥ]�@��N�S��D�C

�t�m�䥦�t��

�ۦP��޿��i�A�Ω�t�m�䥦��x�C�d�\�W�z��p�`��C �p�G�A��
�g��䥦��@�~�t�Ϊ��t�m�A �аe�ԲӪ��إ߫��ި�
[42][email protected] �� [43][email protected]�C

3.4 �t�m IP ��e(Forwarding)��覡

��ثe��A�A��Ӥw�g�w�˦n�֤ߥH�Ψ䥦�ݭn��M��A�]��J�F�A��ҲաC
�P�ɡA�䥦�� IP ��}�A�h�D�A�H�Ρ@DNS �]�ӥ��]�w��C

�{�b�A�ߤ@�ѤU�n��ƬO�ϥ� IP ��u��e�A��ʥ]��A��
��:

** �o�i�H�γ\�h��P��覡�ӹF��C�U�C��ĳ�P�Ҥl��ڨӻ��ΡA��A
�i�঳��P��D�N�A�Ը`��аѦ� 4.4 �`�� ipchains(2.2.x) /
ipfwadm(2.0.x) ��u�W��U�C **

** ��`�ȴ��ѧA�إ� IP ��˥\��һݪ��ֳ̤W�h�A�@�Ǧw��Ҷq�å��]
�t�i�h�C �j�P��ĳ�A��@�Ǯɶ��h��s�A��W�h�ӥ[�j�w��ʡC
**

Linux 2.2.x �֤�

Ipfwadm �w�g�L�k�b 2.2.x ��֤ߤ��B�z IP �ʥ]��˳W�h�A�Ч��
ipchains�C

ipchains -P forward DENY
ipchains -A forward -s yyy.yyy.yyy.yyy/x -j MASQ

�䤤 x ��A��l��өw�A��U�C�Ʀr��@�A�� yyy.yyy.yyy.yyy �h�O�A��
��}�C

netmask | x | Subnet
~~~~~~~~~~~~~~~~|~~~~|~~~~~~~~~~~~~~~
255.0.0.0 | 8 | Class A
255.255.0.0 | 16 | Class B
255.255.255.0 | 24 | Class C
255.255.255.255 | 32 | Point-to-point

�A�]�i�H�ϥγo�خ榡 yyy.yyy.yyy.yyy/xxx.xxx.xxx.xxx, �䤤
xxx.xxx.xxx.xxx ��w�A��l��B�n�A�p 255.255.255.0�C

�Ҧp�A�p�G�ڬO�b�@�� class C �l��W�A�ڱo��J:

ipchains -P forward DENY
ipchains -A forward -s 192.168.1.0/24 -j MASQ

��

ipchains -P forward DENY
ipchains -A forward -s 192.168.1.0/255.255.255.0 -j MASQ

�A�]�i�H��O��C�x��]�w�C �Ҧp�A�p�G�ڷQ� 192.168.1.2 ��
192.168.1.8 ��s��ں��A��\�䥦��ϥΪ��ܡA�ڱo��J:

ipchains -P forward DENY
ipchains -A forward -s 192.168.1.2/32 -j MASQ
ipchains -A forward -s 192.168.1.8/32 -j MASQ

��n��A��w�]�覡(policy)�w��(masquerading) �� _�h�i�H�ޱ��L�̪�
��e��|(routing) ��H�N��L(tunnel)�A��h�D�A�H��˥L�̪��
��!

�P�˦a�A�A�i�H��o�ǥ[�J /etc/rc.d/rc.local �ɮסA��@�ӧA��w��
rc �ɮסA�άO�b�C��A�ݭn IP Masquerade �ɤ�ʰ��椧�C

�� ipchains ��ԲӨϥΤ�k�A�аѦ� [44]Linux IPCHAINS HOWTO

Linux 2.0.x �֤�

ipfwadm -F -p deny
ipfwadm -F -a m -S yyy.yyy.yyy.yyy/x -D 0.0.0.0/0

��

ipfwadm -F -p deny
ipfwadm -F -a masquerade -S yyy.yyy.yyy.yyy/x -D 0.0.0.0/0

�䤤 x ��A��l��өw�A��U�C�Ʀr��@�A�� yyy.yyy.yyy.yyy �h�O�A��
��}�C

netmask | x | Subnet
~~~~~~~~~~~~~~~~|~~~~|~~~~~~~~~~~~~~~
255.0.0.0 | 8 | Class A
255.255.0.0 | 16 | Class B
255.255.255.0 | 24 | Class C
255.255.255.255 | 32 | Point-to-point

�A�]�i�H�ϥγo�خ榡 yyy.yyy.yyy.yyy/xxx.xxx.xxx.xxx, �䤤
xxx.xxx.xxx.xxx ��w�A��l��B�n�A�p 255.255.255.0�C

�Ҧp�A�p�G�ڬO�b�@�� class C �l��W�A�ڱo��J:

ipfwadm -F -p deny
ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0

�]�� bootp �ШD�ʥ]�S��X�k�� IP's �A�Ȥ�ݨä��D��}�A��b��
��/��W�� bootp ��A��H��b deny ��e��U�C��O:

ipfwadm -I -a accept -S 0/0 68 -D 0/0 67 -W bootp_clients_net_if_name -P udp

�A�]�i�H��O��C�x��]�w�C �Ҧp�A�p�G�ڷQ� 192.168.1.2 ��
192.168.1.8 ��s��ں��A��\�䥦��ϥΪ��ܡA�ڱo��J:

ipfwadm -F -p deny
ipfwadm -F -a m -S 192.168.1.2/32 -D 0.0.0.0/0
ipfwadm -F -a m -S 192.168.1.8/32 -D 0.0.0.0/0

�`��~�O��o�˪��Ĥ@��O
ipfwadm -F -p masquerade

��n��A��w�]�覡(policy)�w��(masquerading) �� _�h�i�H�ޱ��L�̪�
��e��|(routing) ��H�N��L(tunnel)�A��h�D�A�H��˥L�̪��
��!

�P�˦a�A�A�i�H��o�ǥ[�J /etc/rc.d/rc.local �ɮסA��@�ӧA��w��
rc �ɮסA�άO�b�C��A�ݭn IP Masquerade �ɤ�ʰ��椧�C

�о\Ū 4.4 �`�� Ipfwadm ��Բӫ��ޡC

3.5 �� IP Masquerade

�b�o�Ǥu�@��A�{�b�O�ոլݪ��ɭԤF�C�T�w�A�� Linux �D��ں��
�s�u�O�q��C

�A�i�H�b�䥦��W�յ��s��@��'��ں��!!!' �W��A�ݬO�_�ਣ��C��
��ĳ�Ĥ@��ծɨϥ� IP ��}�Ӥ��n�ΥD��W�١A�]��A�� DNS �]�w��i��
��T�C

�Ҧp�A�A�i�H�ϥ� [45]http://152.19.254.81/mdw/linux.html �Ӧs�� Linux
��p�e�� http://metalab.unc.edu/mdw/linux.html

�p�G�A�ݨ� The Linux Documentation Project ��r�ˡA��򮥳�! ��i�H�B�@
�F! ��ۧA�i�H�ϥΥD��W�ٸոլݡA�M��O telnet, ftp, RealAudio, True
Speech�A�H�Υ�� IP Masquerade �䴩��F��C

��ثe��A��٤��b�W��]�w�W�o�͹L��D�A�Ө��Ǫ�U�ɶ��o�ӵ��
�\��B�@��H��P�N�o�ǳ]�w�C

4. �䥦 IP Masquerade ��D�γn��䴩

4.1 IP Masquerade ��D

�Y�Ǩ�w�{�b�L�k�t�X masquerading �ϥΡA�]��̤��O��]��𸹪��@��
�Ʊ��A�N�O�b��}�ΰ𸹪��Ƭy�̽s�X�� ᭱�o�Ǩ�w�ݭn�b
masquerading �{��X�̫إ߯S�w��N�z�{��ϥ��̯�B�@�C

4.2 �i�J�t�Ϊ��A��(incoming services)

Masquerading ��B�z�~�ɪ��A�ȽШD (incoming services)�C �u��
��k�ह�\��̡A��o��P masquerading �L��A�ӥB��b�O�зǪ��
��C

�p�G�A�ä��n�D��ת��w��ʨ��A�i�H²��a��(redirect)�o�ǰ�C ��X��
��P��k�i�H��o�� ڨϥΤ@��ק�L�� redir �{��(�ڧƱ�o��{��
�ܧִN��q sunsite �Ψ� mirrors ��o)�C �p�G�A�Ʊ��~�ɶi�J�t�Ϊ�
�A�ȽШD��Y�ص{�ת��{(authorisation) ��A�i�H�b redir ��
�h(0.7 or above) �ϥ� TCP wrappers �άO Xinetd �Ӥ��\�S�w IP ��}�q�L�A
�ΨϥΨ䥦��u��CTIS ��u�㶰�O�M��u��θ�T��n�a��C

��h��Ը`�i�b [46]IP Masquerade Resource ��C

�N�|�[�W�@�p�`��h��e�A�Ȫ��T�C

4.3 �w�䴩��Ȥ�ݳn��H�Ψ䥦�]�w�譱��`�N�ƶ�

** �U��C��N��A�Q��@�F�C�i�g�� Linux IP masquerading �B�@��
�{��аѦ� [47]�o�� M [48]IP Masquerade Resource �H��o�i�@�B��Ӹ`
�C **

�@�뻡�ӡA�ϥζǿ鱱��w(TCP) �άO�ϥΪ̩w�q��ƨ�w (UDP)��ε{��
��ӳ��B�@�C �p�G�A��ε{��P IP Masquerade �ۮe��ĳ�A��
�ܩΰ��D�A�Ы�X�� Lee Nevo ��@�� [49]�i�P Linux IP masquerading �B�@
��ε{�� C

�i�H�ϥΪ��Ȥ�ݳn��

�@��Ȥ�ݳn��

HTTP
�Ҧ��䴩��O�A�s��

POP & SMTP
�Ҧ��䴩��O�A�q�l�l��n��

Telnet
�Ҧ��䴩��O�A��ñ�J�@�~

FTP
�Ҧ��䴩��O�A�t�X ip_masq_ftp.o �Ҳ�(��O�Ҧ��x��t�X�U
�ثȤ�ݳn��F�Ҧp�Y�Ǥ��ϥ� ws_ftp32 Ĳ�Ϊ��O�o��ϥ�
netscape �i�J)

Archie
�Ҧ��䴩��O�A�ɮ׷j�M�n��(�ëD�Ҧ� archie �Ȥ�ݳn�鳣��
��)

NNTP (USENET)
�Ҧ��䴩��O�A��s�D�n��

VRML
Windows (�i��Ҧ��䴩��O��i�H)�A��s�

traceroute
�D�n�O UNIX �t�C��O�A�Y��ܺإi��L�k�B�@

ping
�Ҧ��O�A�t�X ICMP �׸��

anything based on IRC
�Ҧ��䴩��O�A�t�X ip_masq_irc.o �Ҳ�

Gopher client
�Ҧ��䴩��O

WAIS client
�Ҧ��䴩��O

�h�C��Ȥ�ݳn��

Real Audio Player
Windows, ��Ƭy��T�A�t�X��J ip_masq_raudio �Ҳ�

True Speech Player 1.1b
Windows, ��Ƭy��T

Internet Wave Player
Windows, ��Ƭy��T

Worlds Chat 0.9a
Windows, �Ȥ�Ц��A�ݥ��(3D chat) �{��

Alpha Worlds
Windows, Windows, �Ȥ�Ц��A�ݥ��(3D chat) �{��

Powwow
Windows, �I��I��r�n��ժO�q�T�A�p�G�A�I�s�O�H�A�H�̥i�H�P�A��
�͡A��O�L�̤��I�s�A�C

CU-SeeMe
�Ҧ��䴩��O�A�t�X��J cuseeme �ҲաA�ԲӲӸ`�а� �\ [50]IP
Masquerade Resource

VDOLive
Windows, �t�X vdolive �׸��

�`�N: �Y�Ϥ��O�ѧA�I�s�O�H�A�ϥ� ipautofw �M��Y�ǫȤ�ݳn�鹳�O
IPhone �H�� Powwow �i��٬O�i�H�B�@(�Ѿ\ 4.6 �`)

�䥦�Ȥ�ݳn��

NCSA Telnet 2.3.08
DOS, �]�t telnet, ftp, ping ��@�ծM��C

PC-anywhere for windows 2.0
MS-Windows, �g�� TCP/IP ��ݻ�� PC �A�u��b�@��Ȥ�ݦӫD�D��
��ΤU�~��B�@

Socket Watch
�ϥ� ntp �� ɶ��w

Linux net-acct package
Linux, ��b��޲z�M��

�L�k�ϥΪ��Ȥ�ݳn��

Intel Internet Phone Beta 2
�i�H�s�W��n��u��V(��~)�ǰe

Intel Streaming Media Viewer Beta 1
�L�k�s�W��A��

Netscape CoolTalk
�L�k�s��

talk,ntalk
�o�N��|�B�@ �� ݭn��g�@��֤ߥN�z�{��C

WebPhone
�ثe�L�k�B�@(��F��X�k��}��])�C

X
�S��չL�A��ڷQ��D��H�إߤ@�M X �N�z�{��_�h��L�k�B�@�A�o
�i��O masquerading �{��X��~��@�ӥ~��{��C�@��B�@��覡
�O�ϥ� ssh �@��쵲�åB�ϥΨ䤺�� X �N�z�\��Ӱ��!

�w��չL�i�H�@��䥦��O/�@�~�t��

* Linux
* Solaris
* Windows 95
* Windows NT (both workstation and server)
* Windows For Workgroup 3.11 (with TCP/IP package)
* Windows 3.1 (with Chameleon package)
* Novel 4.01 Server
* OS/2 (including Warp v3)
* Macintosh OS (with MacTCP or Open Transport)
* DOS (with NCSA Telnet package, DOS Trumpet works partially)
* Amiga (with AmiTCP or AS225-stack)
* VAX Stations 3520 and 3100 with UCX (TCP/IP stack for VMS)
* Alpha/AXP with Linux/Redhat
* SCO Openserver (v3.2.4.2 and 5)
* IBM RS/6000 running AIX

�򥻤W�A�Ҧ��䴩 TCP/IP �ӥB��\�A��w�X�D��/��Ѿ�(gateway/router)��@
�~�t�γ��ӯ�M IP Masquerade �@�_�u�@�C

4.4 IP ��޲z (ipfwadm)

�o�@�`�� ipfwadm ��`�J��ϥΫ��ޡC

�o�O�@�ӵ��b�T�w PPP ��}�� PPP �s�u�᭱��/��˨t�ΨϥΪ��]�w�C�H
��(trusted) �ɭ�� 192.168.255.1, PPP �ɭ��w�g�ק�L�H�קK�ǿ� :) �C��
��O�C�X�C�@�Ӷi�J(incoming)�H�ΰe�X(outgoing)�ɭ��ӧ�X�ܧ󻼰e��
�|(stuffed routing) �H��/�άO��(masquerading)��o�ǭ� IP spoofing
�ޥ��C�P�ɥ��S��T��\��F�賣�O�T�!

#!/bin/sh
#
# /etc/rc.d/rc.firewall, �w�q��t�m�A�q rc.local ��C
#

PATH=/sbin:/bin:/usr/sbin:/usr/bin

# ��եΡA��ݤ@�q�ɶ��M��M��Ҧ��W�h�C
# �p�G�A�Ʊ樾��Q��۰��N��U�C�X�檺��ѡC
# (sleep 600; \
# ipfwadm -I -f; \
# ipfwadm -I -p accept; \
# ipfwadm -O -f; \
# ipfwadm -O -p accept; \
# ipfwadm -F -f; \
# ipfwadm -F -p accept; \
# ) &

# �i�J��˹h�D��]�w�A��s�H�γ]�w�ڵ��(policy)�C�ƹ�W
# �w�]��S��Y�A�]��N�Ʊ�ڵ��H�ΰO��Ҧ��W�h
ipfwadm -I -f
ipfwadm -I -p deny
# ��˹h�D��a(local) �ɭ��A�ϰ��̪��A��\�s��
# �a��
ipfwadm -I -a accept -V 192.168.255.1 -S 192.168.0.0/16 -D 0.0.0.0/0
# ��˹h�D��(remote)�ɭ��A�n�٬O�ϰ��̪��AIP spoofing
# �ڵ�
ipfwadm -I -a deny -V your.static.PPP.address -S 192.168.0.0/16 -D 0.0.0.0/0 -o
# ��˹h�D��ݬɭ��A��ӷ��A��\�e��T�w (permanent) PPP
# ��}
ipfwadm -I -a accept -V your.static.PPP.address -S 0.0.0.0/0 -D your.static.PPP
address/32
# �^��(loopback)�ɭ��O��\��
ipfwadm -I -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0
# ��Ҧ��W�h�A��䥦��i�J�覡��|�Q�ڵ��ðO��C�i��S��
# �O��Ϊ��ﶵ��o�i�H�N��
ipfwadm -I -a deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o

# �e�X��˹h�D��]�w�A��s�H�γ]�w�ڵ��(policy)�C�ƹ�W
# �w�]��S��Y�A�]��N�Ʊ�ڵ��H�ΰO��Ҧ��W�h
ipfwadm -O -f
ipfwadm -O -p deny
# ��a�ɭ��A��\��ӷ��e�X�ܰϰ��
ipfwadm -O -a accept -V 192.168.255.1 -S 0.0.0.0/0 -D 192.168.0.0/16
# ��ݬɭ��e�X�ܰϰ��Astuffed routing �A�ڵ�
ipfwadm -O -a deny -V your.static.PPP.address -S 0.0.0.0/0 -D 192.168.0.0/16 -o
# �ϰ��q��ݬɭ��e�X�Astuffed masquerading�A�ڵ�
ipfwadm -O -a deny -V your.static.PPP.address -S 192.168.0.0/16 -D 0.0.0.0/0 -o
# �ϰ��q��ݬɭ��e�X�Astuffed masquerading�A�ڵ�
ipfwadm -O -a deny -V your.static.PPP.address -S 0.0.0.0/0 -D 192.168.0.0/16 -o
# ��䥦��ݬɭ��e�X��F�賣�O��\��
ipfwadm -O -a accept -V your.static.PPP.address -S your.static.PPP.address/32 -
D 0.0.0.0/0
# �^��(loopback)�ɭ��O��\��
ipfwadm -O -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0
# ��Ҧ��W�h�A��䥦��e�X�覡��|�Q�ڵ��ðO��C�i��S��
# �O��Ϊ��ﶵ��o�i�H�N��
ipfwadm -O -a deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o

# ��˹h�D��e�]�w�A��s�H�γ]�w�ڵ��(policy)�C�ƹ�W
# �w�]��S��Y�A�]��N�Ʊ�ڵ��H�ΰO��Ҧ��W�h
ipfwadm -F -f
ipfwadm -F -p deny
# ��˰ϰ��q��a�ɭ��e�X�ܥ��a�誺��
ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/16 -D 0.0.0.0/0
# ��Ҧ��W�h�A��䥦��e�覡��|�Q�ڵ��ðO��C�i��S��
# �O��Ϊ��ﶵ��o�i�H�N��
ipfwadm -F -a deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o

�A�i�H�ϥ� -I, -O �άO -F �ӱ��Y�S�w�`�I��y�q�C�O�o�o�ǳW�h��O��
�W��U��y�� -a �N��"��[(append)"��ثe�{��W�h��ҥH��󭭨
��b��(global)�W�h��e�X�{�C�Ҧp(�S��չL) :-

�ϥ� -I �W�h�C�i��O�t�׳̧֪��O��u��ϰ��̪��A��
��M�i�H�s��"�T��"��`�I�C��M�A�i��Q��\�o�˪��զX�C

.. start of -I rules ...
# �ڵ��ðO��a�ɭ��A�ϰ��̪��q�� 204.50.10.13
ipfwadm -I -a reject -V 192.168.255.1 -S 192.168.0.0/16 -D 204.50.10.13/32 -o
# ��a�ɭ��A�ϰ��̪��A��\�q��a��
ipfwadm -I -a accept -V 192.168.255.1 -S 192.168.0.0/16 -D 0.0.0.0/0
.. end of -I rules ...

�ϥ� -O �W�h�C�̺C�A�]��ʥ]��g�L��˦��o�ӳW�h����s��T�
�`�I�C

.. start of -O rules ...
# �ڵ��ðO��e�X�� 204.50.10.13 ��
ipfwadm -O -a reject -V your.static.PPP.address -S your.static.PPP.address/32 -
D 204.50.10.13/32 -o
# ��\��䥦��ݬɭ��e�X��F��
ipfwadm -O -a accept -V your.static.PPP.address -S your.static.PPP.address/32 -
D 0.0.0.0/0
.. end of -O rules ...

�ϥ� -F �W�h�C�i�� -I �C�ӳo��M�u���˪��(�Ҧp��)�A
��𤴵M�i�H��o�T��`�I�C

.. start of -F rules ...
# �ڵ��ðO�� PPP �ɭ��e�X�q�ϰ�� 204.50.10.13 ��ơC
ipfwadm -F -a reject -W ppp0 -S 192.168.0.0/16 -D 204.50.10.13/32 -o
# ��˥��a�ɭ��q�ϰ��e�X�ܥ��a�誺��ơC
ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/16 -D 0.0.0.0/0
.. end of -F rules ...

��ݭn��ӯS�w��W�h�Ӥ��\ 192.168.0.0/16 �q�� 204.50.11.0, �o�[�\��
��W�h��C

��@�إH�W��k�i�H��ɭ��]�w�W�z�W�h�C�Ҧp�i�H�ϥ� -W eth0 �Ө��N -V
192.168.255.1�A�i�H�ϥ� -W ppp0 �Ө��N -V your.static.PPP.address�C�ӤH
��̭ܳ��n�C

4.5 IP �� (ipchains)

�o�ӥD�n�O�� 2.2.x �֤ߨϥΪ��W�h�޲z�u��(�[�W�@�ӭ׸�ɫ�]�i�b
2.0.x �W�B�@)�C

�ڭ̷|��֧�s��`�A��@�Ǩϥ� ipchains ��d�ҡC

�Ӹ`�аѦ� [51]Linux IP Firewalling Chains page �H�� [52]Linux
IPCHAINS HOWTO�C

4.6 IP Masquerade �H�λݨD��(Demand-Dial-Up)

1. �p�G�A�Q��]�w��۰ʼ��W��ں��A�� diald demand ��M��
�N�|�O�ܴΪ��u��C
2. �n�]�w diald, �Ьd�� [53]Setting Up Diald for Linux Page ��
3. �@�� diald �H�� IP masq �]�w��A�A�i�H�b��Ȥ�ݾ��W�Ұ�
web, telnet �άO ftp �s�u�C
4. Diald �N�|��i�J�t�Ϊ��ШD�A�M�ἷ��A�� ISP �ëإ߳s�u�C
5. �Ĥ@��s�u�N�|�o�͹O��(timeout) ��ΡC�p�G�A�ϥ��񦡪��ƾھ��
�o�O�L�i�קK��C �إ߼ƾھ��s��H�� PPP �s�u�Ҫ�O��ɶ��N�|�ϧA��
�Ȥ�ݳn�餣�@�C �p�G�A�ϥ� ISDN �s�u��o�O�i�H�קK��C�A�o��u�O
��Ȥ�ݳn��{�檺�{�ǦA��s�ҰʧY�i�C

4.7 IPautofw �ʥ]��e�{��

[54]IPautofw �O�@�ӵ� Linux masquerading �ϥΪ��@�� TCP �� UDP ��e�{
��C�@��ϥλݭn UDP ��M�󪺮ɭԡA�ݭn��J�S�w�� ip_masq �Ҳ�
�Fip_masq_raudio, ip_masq_cuseeme,... Ipautofw �H��@��ƪ��覡�B�@�A��
�N�|��e�]�t�o��ε{��S�w�Ҳճ��|��e��Ƭy��A�C�p�G�S��
�T�a�޲z�o�i��y��w��W��|�}�C

4.8 CU-SeeMe �P Linux IP-Masquerade ��²�u��

�� [55]Michael Owings �Ҵ��ѡC

²��

��`�� CU-SeeMe (�]�A Cornell �� White Pine ��) �P Linux ��
IP ��˥\��@�_�B�@��k�C

CU-SeeMe �O�@�Ӯ�W��T�|ĳ��n��A�� Windows �� Macintosh ��ثȤ�ݡC
�@�ӧK�O��i�q [56]Cornell University ��o�C�ӷ~��[�j��i�q
[57]White Pine Software ��o�C

IP ��ˤ��\�@��Χ�h��b�ϰ��W��u�@��"��"�b�@��s��ں��
Linux �D��C �ϰ��u�@��i�H�X�G�z�q�a��κ�ں��A�Y�ϥ��S
��X�k�� IP �a�}�C Linux �D��g�q��ں��~�e�ʥ]�A�ϥ��
�ݰ_�ӴN��O�q�o�� Linux ��o�X��@�ˡC �e�i�Ӫ��^��ʥ]�]�Q��g��
�e�ܤ��T�u�@��W�C �o��w�ƨϱo�\�h��ں��ε{��i�H�z�q
�a�q��u�@��W��C �M�ӡA��Y��ε{��ӻ�(�� CU-SeeMe),
Linux ��˵{��ݭn�@�Ǥp�ޥ��U�~��ϱo�ʥ]��e�o�H��T�B�@�C �o��
��U�ޥ��q�`�Ӧ۩�Y�ǯS��֤ߥi��J�ҲաC �� IP-Masquerading ��
�h��T�A�аѦ� [58]The Linux IP Masquerading Website�C

��B�@

��A�ݭn�A��a�t�m�֤ߡC�A��ӥ[�J IP-Masquerading �� IP
AutoForwarding ��䴩�CIP Autoforwarding �X�{�b 2.0.30 �Ψ�᪺�֤�
�ﶵ -- �󦭪��֤ߧA�ݭn�׸�ɡC �Ѩ� [59]Linux IP Masquerade Resource
�� IP-Autoforwarding ��T��ޡC

��U�ӡA�A�n��o�̷s�� ip_masq_cuseeme.c�C �o�i�g�ѰΦW FTP �q
[60]ftp://ftp.swampgas.com/pub/cuseeme/ip_masq_cuseeme.c ��o�C �o�ӷs
��Ҳդ]�w�g�[�J 2.0.31 ��֤ߤ��C�A�i�H�ηs��Ө��N�֤ߤ��
�C ip_masq_cuseeme.c �q�`�� Linux �֤߭�l�X�� net/ipv4 �ؿ��C �A��
��sĶ�æw�˦��ҲաC

��U�ӡA�A��إ� UDP �� 7648-7649 ��۰��e�p�U:

ipautofw -A -r udp 7648 7649 -c udp 7648 -u

��

ipautofw -A -r udp 7648 7649 -h www.xxx.yyy.zzz

�Ĥ@�ӧΦ��\�I�s�Q�ΰ� 7648 (�D�n�� cu-seeme ��)�i�X�u�@��C �ĤG
�Өϥ� ipautofw ��覡�Ȥ��p cu-seeme �i�X www.xxx.yyy.zzz�C �ڸ��w�e
��o�اΦ��A�]��󦳼u�ʦӥB�S��n��w�@�ӯS�O��u�@�� IP�C �M�ӡA
�o�Ӥ覡�|�n�D�@�u�@��ব��I�s�e��e�X�I�s�C

�`�N�o��ؤ覡��N�Ȥ�ݾ�� UDP �� 7648-7649 �}�񵹥~�� -- ��M�o
��ܩ��Y��w��M�I�A�A�٬O��S�O�p�ߡC

�̫�A�H�U�k��J�s�� ip_masq_cuseeme �Ҳ�:

modprobe ip_masq_cuseeme

�{�b�A�i�H�q�A�ϰ��W�@��Q��˪��W�� CU-SeeMe �ós��컷�ݪ�
�^��(reflector)�W�A�Υt�@�� CU-SeeMe ��ϥΪ̡C �A��Ӥ]�i�H��I�s
�C�`�N�~�ɪ��I�s�̥��ϥΧA Linux �X�D�� IP, �Ӥ��O�Q��ˤu�@��
IP�C

��/ĵ�i

�K�X�O�@��^��

�ثe�S��k�ϥΡC White Pine �ϥΨӷ� IP (�ѫȤ�ݵ{��p��)�b�ǰe
�e�N�K�X�s�X�O�@�C �]��ڭ̧�g�F��}�A�^��ϥο��~��ӷ� IP �ӸѽX�A
�]��o�줣��T��K�X�C ��D White Pine ��ܥL�̱K�X�s�X��(�ڤw�g��
ĳ�L�F)�A�άO�L��@�N�}��L�̱K�X�s�X��H�K��گ�[��
ip_masq_cuseeme�C �ѩ�᭱�@�ӿ�k��i��ʫܤp�A�]��ګD�`��y�ݨ�o��
��󪺤H�P White Pine �p��ë�ĳ�L�̱ĥΫe�@�ا@�k�C �]��y�q�۷�
��A��h�çڭ̯�_��ͨ��q�l�l��H�Ϧ��D��i�J White Pine ��
�u��B�z�W�椤�C

�P�� Thomas Griwenka ��ڳo��ơC

��^��

�A��զb�A�] ip_masq_cuseeme �� ipautoforwarding �� 7648 ��ۦP��
��W��^��(reflector)�C �o�S��ΡA�]��̳��ݭn�t�m�� 7648�C ��
�̥Υt�@��i��F��ں��D��Ӱ��A�άO�b��^��e��U CU-SeeMe
��Ȥ�ݤ䴩�C

�h CU-SeeMe �ϥΪ�

�A��@��h�� CU-SeeMe �ϥΪ̦P�ɦb�@�Ӱϰ��W��C �o�O�ѩ�
CU-SeeMe �x�T�a��ϥΰ� 7648, �ϱo�b�ϰ��@��ȯ঳�@�x�u�@��
��(�e��a)�Q��ɦV�C

�ϥ� -c (control port) �өI�s ipautofw, �A�i�H�קK��w�@�T�w��u�@��
�}�h�ϥ� CU-SeeMe -- �Ĥ@��ϥα�� 7648 �e�X��F�誺�u�@��|�Q��
�w��Ӧ۰� 7648-7649 ��y�q�C �p�G�g�L��k�o��u�@��A��
�ΰ� 7648, �t�@��u�@��N�i��ۨϥΡC

��U�]�w CU-SeeMe

�Y��שΰ��D�мg�H�� [61][email protected]�C �Ϊ̦p�G�A�@�N��
�A�A�i�H [62]�z�L CU-SeeMe �өI�s�ڡC

4.9 �䥦��u��

�ڭ̷|��֧�s��`�[�W��h�䥦��ˬ��u��p ipportfw �H�� masqadmin
�C

5. �`��D�ѵ�

�p�G�A�Q��󦳥Ϊ��`��D�P�ѵ��A�мg�H�� [63][email protected] ��
[64][email protected]�C �вM��a��D�ê��W�A��ѵ��C��!

5.1 IP Masquerade ��_�M�ʺA�t�m�� IP �@�P�B�@?

�O��A��M�A ISP �ʺA�t�m�� IP, �q�`�O�Ѥ@�� DHCP ��A��t��}�@
�_�B�@�C �u�n�A��@�ӦX�k��ں��}�A��N��B�@�C��M�A�T�w�� IP �@
�˨S��D�C

5.2 �گ�ϥμƾھ��ADSL, �ìP�s�u��ӳs��ں��èϥ� IP Masquerade ��?

��M�A�u�n Linux �䴩�Ӻ��ɭ��A��N��B�@�C

5.3 IP Masquerade �䴩��ε{��?

�n�O��@��"��Ϊ��ε{��"�C��O�۷�x��C ��L�A�j��`��ں��
��ε{��Q�䴩�A�Ҧp�s��(Netscape, MSIE ��), ftp (�� WS_FTP), Real
Audio, telnet, SSH, POP3 (��H�{�� - Pine, Outlook ��), SMTP(�e�H�{
��), ��C

�ϥν��w�ίS��s�u�覡��ε{��A�Ҧp��T�|ĳ�n��N�ݭn�S�O��U
�u��C

�i�@�B��Ӹ`�A�аѦ� Lee Nevo ��@�� [65]applications that work thru
Linux IP masquerading�C

5.4 �ڦp��b Redhat, Debian, Slackware ��ϥ� IP Masquerade �O?

��קA�ϥΦ�صo��M��A��󤤴y�z��k��ӯ�A�ΡC �Y�ǮM��i��]
�t�F GUI �άO�S�O��]�w�ɮׯ�²�ưt�m��B�J�C �ڭ̬O�ɤO��o��g�o
�A�γ̤@��ƪ��ΡC

5.5 �ڤɯŨ� 2.2.x ��֤ߡA�� IP Masquerade ��ΤF?

��]�A�� Linux �D��w�g�A��a�s�W��ں��P�A��A��X��ƧA��
�ˬd:

* �T�w�A�w�sĶ�ø��J��n��S�ʻP�ҲաC�Ѩ��e��`��C
* �ˬd /usr/src/linux/Documentation/Changes �ýT�w�A�w�ˤF�̧C�ݨD��
��u��C
* �T�w�A��}�F IP ��e��C�յ۰��

echo "1" > /proc/sys/net/ipv4/ip_forwarding

* �A��ϥ� [66]ipchains �ӳB�z IP ��ˤΨ��W�h�C
* �N��ӳ]�w�t�m��L�{�A��@��! �ܦh�ɭԥu�O��r�άO�A��F�@�ӷM
��~�C

5.6 �ڤw�g�ɯŨ� 2.0.30 �᪺�֤ߡA�� IP Masquerade �٤��?

��]�A�� Linux �D��w�g�A��a�s�W��ں��P�A��A��X��ƧA��
�ˬd:

* �T�w�A�w�sĶ�ø��J��n��S�ʻP�ҲաC�Ѩ��e��`��C
* �ˬd /usr/src/linux/Documentation/Changes �ýT�w�A�w�ˤF�̧C�ݨD��
��u��C
* �T�w�A��}�F IP ��e��C�յ۰��

echo "1" > /proc/sys/net/ipv4/ip_forwarding

* �A��ϥ� [67]ipfwadm �ӳB�z IP ��ˤΨ��W�h�C�n�b 2.0.x �ϥ�
ipchains ��ܧA��[�W�׸ɡC
* �N��ӳ]�w�t�m��L�{�A��@��! �ܦh�ɭԥu�O��r�άO�A��F�@�ӷM
��~�C

5.7 �ڵL�k� IP Masquerade �B�@! �� Windows ��x��ܶ�?

�ҥH�A�n��@�ӥi�b�̧C�w��ݨD�ϥΪ��K�O�A�i�a�A��Ĳv��ѨM��סA��
�Q��b�Y�ӻݭn�󰪵w��A�C�Ĳv�B��i�a��? (��A�O��A�گu��J�L�o
�˪��g�� ;-) )

�n�a�A��O�A��ơC�ηj�M�� MS Proxy Server, Wingate, �άݬ�
www.winfiles.com�C �O��O�ڧi�D�A�C

5.8 ��ˬd�L�کҦ��]�w�F�A��L�k� IP Masquerade �u�@�C�ڸӫ��?

* �N�R�@�U�C��A�ۤv�@�M�@�بå𮧤@�U�A�M��ոդU��ĳ�C
* �ݤ@�U [68]IP Masquerade Mailing List Archive, �j��A�n��פw�g
�b��ۧA�F�C
* ��A��D�e�� IP Masquerade �q�H�׾¤W�A�Ӹ`�ЬݤU�@�h��D�C �ж�
��b�A�L�k��쵪�׮ɤ~�o�򰵡C
* �b Linux ��Q�׸s��o�ݡC
* �g�H�� [69][email protected] �� [70][email protected]�C �P�ɰe�H
��ڭ̧A�|��Ϊ��|�o��^��CDavid �^�H��p��ΡA�ܩ�ڪ��^��
�ɶ��A��m��C
* �A��ˬd�A��]�w :-)

5.9 �ڦp��[�J IP Masquerade �q�H�׾�?

�n�[�J IP Masquerade �q�H�׾ª��ܡA�g�H��
[71][email protected]�C

��D�P�H�󤺮e�N�Q��C�o�i�ϱo�A��Ӧ۽׾ª��C�@�ӰT��C �p�G�A�ݭn
��ܡA�w��A�ϥΦ��覡�C��p�G�i�H��ܡA�Ч�κ�ذ�(digest)�C �ϥκ��
�ϥi���A��t��C�`�N�A�u��ϥΧA�Ψӭq�\��b��/��}�o�e�H��C

�Q�o��h��O��A�g�H�� [72][email protected]�C

5.10 �ڷQ��U IP Masquerade ��o�i�C�ڸӫ��?

�g�H�� [73][email protected] (�άO��ذϧΦ��A�ϥ�
[74][email protected])�C �[�J IP
Masquerading DEVELOPERS ��q�H�׾¨ýбШ��䰶�j��}�o�̡C

�O�b��߰ݻP IP Masquerade �o�i�L��D!!!!

5.11 �b��̥i��h IP Masquerade ��T?

�A�i�b David �Χڴ��L�� [75]Linux IP Masquerade Resource ��h IP
Masquerade ��T�C�Ѩ� 6.2 �p�`�C

�A�]�i�b Indyramp Consulting ��@�� [76]The Semi-Original Linux IP
Masquerading Web Site ��h��T�C�o�]�O�� IP Masquerade �q�H�׾ª�
�a��C

5.12 �ڷQ½Ķ��󦨨䥦�y��A�ڸӫ��?

�Х��T�w�A�Q½Ķ��y��٨S��䥦�H��L�C �@��i��o��½Ķ��C��i�q
[77]Linux IP Masquerade Resource �o��C

�g�H��ڨ� [78][email protected], �ڷ|�H�̷s�� SGML ��l�ɵ��A�C

5.13 �o��I�L�ɤF�A�A�٦��b��@��?�A��[�i��h ... ��T��? ��ﵽ��p
��?

�O��A��󦳳Q��@�C�]��u�@�ϧڤӦ��ӨS��Ӧh�ɶ��b�o��ϧڷP
�줺��A�ګܩ�p�C �M�ӡA��F David Ranch �[�J��󪺺��@�A��p��
��C

�p�G�Aı�o�Y�@�D�D��Q�[��󤤡A�мg�H��ڤ� David�C �̦n�A�i�H��Ѹ�
��T�C�p�G�X�A��ܧڤ� David �|��o��T�[��󤤡C�D�`�P�§A��^�m�C

�ڭ̤]��@�Ƿs��I�l�P�p��ӧ�i�o��A��O�]�t��P��]�w��רұ�
�Q�A ��h��w��ʡAipchains ��ϥΡAipfwadm/ipchains �W�h�d�ҡA��h��
�`��D�P�ѵ��A �H�Υ]�t��h��w�P��e��u�㹳�O masqadmin ��C
�p�G�Aı�o�A�i�H��ܡA�о��ް��C��¡C

5.14 �ڲש�� IP Masquerade ��ʤF�A�n��! �ڷQ��§A�̡A�ڸӫ��?

�P�³o�ǵo�i�̨÷P�E�L�̩ҧ�J��ɶ��P�V�O�C�g�H��ڭ̨��ڭ̪��D�A��
�h�ּ֡C �V�䥦�H�� Linux ��L�̸ѨM��D�C

6. �䥦

6.1 ��Ϊ��귽

* [79]IP Masquerade Resource page ��h�إ� IP Masquerade ��T�C
* [80]IP masquerade mailing list archive �]�t�̪�e��q�H�׾¤W��H��
�C
* ��֤� 2.2.x �P 2.0.x �� [81]Linux IP Masquerade mini HOWTO�C
* �p�G�A�Χ��ª��֤ߡA�Ь� [82]IP Masquerade HOWTO for kernel 1.2.x
* [83]IP masquerade FAQ ��Y�Ǥ@�몺��T�C
* [84]Linux IPCHAINS HOWTO ��
[85]http://www.rustcorp.com/linux/ipchains/ ��\�h�� ipchains ��
�Ϊ��T�A�æ� ipchains ��l�X�ΤG�i��ɡC
* [86]X/OS Ipfwadm page �]�t ipfwadm �M�󪺭�l�X�A��ɡA��Ψ䥦
��T�C
* �� Lee Nevo �Һ��@�� [87]�i�P Linux IP masquerading �B�@��
�{�� Ѵ��ܻP�ޥ��ϱo��ε{��P IP Masquerade �B�@�C
* The [88]LDP Network Administrator's Guide �o�O�s��ճ]�w��
�n��T�C
* [89]Trinity OS Doc, �@�� Linux ��۷�e��z�Ѫ��ޡC
* [90]Linux NET-3 HOWTO �]��\�h�� Linux ��譱��Ϊ��T�C
* [91]Linux ISP Hookup HOWTO �H�� [92]Linux PPP HOWTO ��A�p��
Linux �D��s�W��ں��T�C
* [93]Linux Ethernet-Howto ��]�w��A�Ӻ��ϰ��ܴΪ��T��
��C
* �A�]�i�� [94]Linux Firewalling and Proxy Server HOWTO ��C
* [95]Linux Kernel HOWTO �N�|��ާA�sĶ�֤ߪ��L�{�C
* �䥦�� [96]Linux HOWTOs ��O Kernel HOWTO�C
* �i�K��o�� USENET �s�D�s��: [97]comp.os.linux.networking

6.2 Linux IP Masquerade �귽

[98]Linux IP Masquerade Resource �O�@�M��ΨӴ�� Linux IP Masquerade
��T��x�A�]�O�� David Ranch �ΧڨӺ��@�C �o�䦳�� IP Masquerade ��
�s��T�A�i��]��]�t�b��󪺨䥦��T�C

�A�i�b�U�C�a�I�� Linux IP Masquerade Resource:
* [99]http://ipmasq.cjb.net/, �D��x�A��ɦ�
[100]http://www.tor.shaw.wave.ca/~ambrose/
* [101]http://ipmasq2.cjb.net/, �ĤG��, ��ɦ�
[102]http://www.geocities.com/SiliconValley/Heights/2288/

6.3 �P��

* David Ranch, [email protected]
��U��@�� Linux IP Masquerade �귽��, ..., ��c��γƸ�
:-)
* Michael Owings, [email protected]
�� CU-SeeMe ��²�u��C
* Gabriel Beitler, [email protected]
on providing section 3.3.8 (setting up Novel)
* Ed Doolittle, [email protected]
��ĳ�b ipfwadm �[�W -V �ﶵ�H�W�[�w��ʡC
* Matthew Driver, [email protected]
on helping extensively on this HOWTO, and providing section 3.3.1
(setting up Windows 95)
* Ken Eves, [email protected]
on the FAQ that provides invaluable information for this HOWTO
* Ed. Lott, [email protected]
for a long list of tested system and software
* Nigel Metheringham, [email protected]
on contributing his version of IP Packet Filtering and IP
Masquerading HOWTO, which make this HOWTO a better and technical
in-depth document
section 4.1, 4.2, and others
* Keith Owens, [email protected]
on providing an excellent guide on ipfwadm section 4.2
on correction to ipfwadm -deny option which avoids a security
hole, and clarified the status of ping over IP Masquerade
* Rob Pelkey, [email protected]
on providing section 3.3.6 and 3.3.7 (setting up MacTCP and Open
Transport)
* Harish Pillay, [email protected]
on providing section 4.5 (dial-on-demand using diald)
* Mark Purcell, [email protected]
on providing section 4.6 (IPautofw)
* Ueli Rutishauser, [email protected]
on providing section 3.3.9 (setting up OS/2 Warp)
* John B. (Brent) Williams, [email protected]
on providing section 3.3.7 (setting up Open Transport)
* Enrique Pessoa Xavier, [email protected]
on the bootp setup suggestion
* developers of IP Masquerade for this great feature

+ Delian Delchev, [email protected]
+ Nigel Metheringham, [email protected]
+ Keith Owens, [email protected]
+ Jeanette Pauline Middelink, [email protected]
+ David A. Ranch, [email protected]
+ Miquel van Smoorenburg, [email protected]
+ Jos Vos, [email protected]
+ Paul Russell, [email protected]
+ �٦��䥦�ڧѤF��(��ڪ��D)

* �Ҧ��e�^�X�Ϋ�ĳ��q�H�׾¤W��ϥΪ̡A�S�O�O��ǳ��i��W��~�H
�Τw�䴩�P��䴩��Ȥ�ݪ��C
* �p�G�ڨS��]�A�Y�ǨϥΪ̰e��ڪ��T�ڷP��p�C��p��h��ĳ�P�Q
�k�e��ڳo�̡A��ڥu�O�S��ɶ��h�T�w�Ϊ̧ڤ��p�ߥ�F�C �ڥ��
�ڳ̤j��V�O��X�Ҧ��e��ڪ��T��o��̡C�P�§A��ҡA�ӧڤ]
�Ʊ�A��̧ڪ��p�C

6.4 �ѦҸ��

* Ken Eves �� IP masquerade �`��ݵ��
* Indyramp Consulting �� IP masquerade �q�H�׾�
* X/OS �� Ipfwadm ��
* �U�� Linux HOWTOs

References

1. mailto:[email protected]
2. mailto:[email protected]
3. http://www.phys.ntu.edu.tw/~cwhuang/pub/
4. mailto:[email protected]
5. mailto:[email protected]
6. mailto:[email protected]
7. http://ipmasq.cjb.net/
8. http://ipmasq.cjb.net/
9. http://ipmasq.cjb.net/
10. http://ipmasq2.cjb.net/
11. http://ipmasq.cjb.net/index.html#mirror
12. http://ipmasq.cjb.net/
13. http://www.kernel.org/
14. http://metalab.unc.edu/mdw/HOWTO/NET-3-HOWTO.html
15. http://metalab.unc.edu/mdw/LDP/nag/nag.html
16. http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri
17. http://metalab.unc.edu/mdw/HOWTO/ISP-Hookup-HOWTO.html
18. http://metalab.unc.edu/mdw/HOWTO/PPP-HOWTO.html
19. http://metalab.unc.edu/mdw/HOWTO/mini/DHCP.html
20. http://metalab.unc.edu/mdw/HOWTO/mini/Cable-Modem.html
21. http://www.rustcorp.com/linux/ipchains/
22. http://www.rustcorp.com/linux/ipchains/
23. http://ipmasq.cjb.net/
24. http://ipmasq.cjb.net/
25. http://www.kernel.org/
26. http://www.pi.se/blox/modules/modules-2.0.0.tar.gz
27. http://metalab.unc.edu/mdw/HOWTO/NET-3-HOWTO.html
28. http://metalab.unc.edu/mdw/LDP/nag/nag.html
29. http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri
30. http://metalab.unc.edu/mdw/HOWTO/ISP-Hookup-HOWTO.html
31. http://metalab.unc.edu/mdw/HOWTO/PPP-HOWTO.html
32. http://metalab.unc.edu/mdw/HOWTO/mini/DHCP.html
33. http://metalab.unc.edu/mdw/HOWTO/mini/Cable-Modem.html
34. ftp://ftp.xos.nl/pub/linux/ipfwadm/ipfwadm-2.3.0.tar.gz
35. http://www.xos.nl/linux/ipfwadm/
36. http://ipmasq.cjb.net/
37. file://localhost/tmp/Kernel-HOWTO.html
38. http://ipmasq.cjb.net/
39. file://localhost/tmp/Kernel-HOWTO.html
40. http://ipmasq.cjb.net/
41. file://localhost/tmp/zh-sgmltools.18889/ftp.novell.com/pub/updates/unixconn/lwp5
42. mailto:[email protected]
43. mailto:[email protected]
44. http://metalab.unc.edu/mdw/HOWTO/IPCHAINS-HOWTO.html
45. http://152.19.254.81/mdw/linux.html
46. http://ipmasq.cjb.net/
47. http://dijon.nais.com/~nevo/masq/
48. http://ipmasq.cjb.net/
49. http://dijon.nais.com/~nevo/masq/
50. http://ipmasq.cjb.net/
51. http://www.rustcorp.com/linux/ipchains/
52. http://metalab.unc.edu/mdw/HOWTO/IPCHAINS-HOWTO.html
53. http://home.pacific.net.sg/~harish/diald.config.html
54. ftp://ftp.netis.com/pub/members/rlynch/ipautofw.tar.gz
55. mailto:[email protected]
56. http://cu-seeme.cornell.edu/
57. http://www.wpine.com/
58. http://www.indyramp.com/masq/
59. http://ipmasq.cjb.net/
60. ftp://ftp.swampgas.com/pub/cuseeme/ip_masq_cuseeme.c
61. mailto:[email protected]
62. http://www.swampgas.com/vc/vc.htm
63. mailto:[email protected]
64. mailto:[email protected]
65. http://dijon.nais.com/~nevo/masq/
66. http://www.rustcorp.com/linux/ipchains/
67. http://www.xos.nl/
68. http://home.indyramp.com/lists/masq/
69. mailto:[email protected]
70. mailto:[email protected]
71. mailto:[email protected]
72. mailto:[email protected]
73. mailto:[email protected]
74. mailto:[email protected]
75. http://ipmasq.cjb.net/
76. http://www.indyramp.com/masq/
77. http://ipmasq.cjb.net/
78. mailto:[email protected]
79. http://ipmasq.cjb.net/
80. http://www.indyramp.com/masq/list/
81. http://ipmasq.cjb.net/ipmasq-HOWTO.html
82. http://ipmasq.cjb.net/ipmasq-HOWTO-1.2.x.txt
83. http://www.indyramp.com/masq/ip_masquerade.txt
84. http://metalab.unc.edu/mdw/HOWTO/IPCHAINS-HOWTO.html
85. http://www.rustcorp.com/linux/ipchains/
86. http://www.xos.nl/linux/ipfwadm/
87. http://dijon.nais.com/~nevo/masq/
88. http://metalab.unc.edu/mdw/LDP/nag/nag.html
89. http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri
90. http://metalab.unc.edu/mdw/HOWTO/NET-3-HOWTO.html
91. http://metalab.unc.edu/mdw/HOWTO/ISP-Hookup-HOWTO.html
92. http://metalab.unc.edu/mdw/HOWTO/PPP-HOWTO.html
93. http://metalab.unc.edu/mdw/HOWTO/Ethernet-HOWTO.html
94. http://metalab.unc.edu/mdw/HOWTO/Firewall-HOWTO.html
95. http://metalab.unc.edu/mdw/HOWTO/Kernel-HOWTO.html
96. http://metalab.unc.edu/mdw/HOWTO/HOWTO-INDEX-3.html
97. news:comp.os.linux.networking
98. http://ipmasq.cjb.net/
99. http://ipmasq.cjb.net/
100. http://www.tor.shaw.wave.ca/~ambrose/
101. http://ipmasq2.cjb.net/
102. http://www.geocities.com/SiliconValley/Heights/2288/