To RedHat Linux 6.x san Internet Gateway gia spitiko diktyo Paul Ramsey 22 Ioynioy 2000 Ena aplo didaktiko keimeno gia th ru8mish toy RedHat 6 kai paromoiwn ekdosewn, gia na doylecei san Internet gateway s' ena mikro diktyo sto spiti h sto grafeio. Ta 8emata poy kaluptontai, perilambanoyn to maskarisma (masquerading), to DNS, to DHCP, kai basikes apaithseis asfaleias. ______________________________________________________________________ Table of Contents 1. Eisagwgh 1.1 Ekdoseis 1.2 Copyright 2. Kalwdiwnontas to susthma 2.1 Me hub 2.2 Xwris hub 2.3 Me mono mia karta diktuoy 3. Ry8mizontas th diktuwsh 3.1 Ry8mizontas enan driver diktuoy 3.1.1 Duo akribws idies kartes diktuoy 3.2 Ry8mizontas to eswteriko meros toy diktuoy 3.2.1 H syskeyh diktuoy 3.2.2 O DHCP server 3.2.3 Oi client H/Y 3.2.4 O DNS server 3.2.5 Testarontas to eswteriko diktyo 3.3 Ry8mizontas to ejwteriko diktyo 3.3.1 Me statikh dieu8ynsh IP 3.3.2 Me to DHCP 3.3.3 Parajenies kai anwmalies 3.3.3.1 PPP epanw se Ethernet (PPPoE) 3.3.3.2 Xaza kolpa me to DHCP 3.3.3.3 H etairia Road Runner 3.3.4 Koitazontas tis ry8miseis toy diktuoy 3.4 Asfaleia 4. Ry8miseis maskarismatos (masquerading) 5. Problhmata 5.1 To ICQ den doyleuei 5.2 Exw Caldera 2.x, oxi RedHat 6.x 5.3 8elw enas apo toys eswterikous H/Y moy na ginei o Web server moy ______________________________________________________________________ 1. Eisagwgh Ayto to keimeno periexei aples syntages gia th ru8mish toy RedHat 6.x san Internet gateway gia ena spitiko diktyo, h diktyo enos mikrou grafeioy. Oi odhgies einai oso ginetai aplopoihmenes : Den syzhtame gia eidikes periptwseis, kai 8a kanoyme merikes ypo8eseis, oson afora tis diey8unseis diktuoy poy 8a xrhsimopoih8oun, Oi shmantikoteres ypo8eseis mas einai : · Oti dia8etete diarkh kalwdiakh h ADSL sundesh sto Internet. · Oti mporeite na egkatasthsete me epityxia to RedHat 6.x se toylaxiston enan apo toys H/Y sas. Shmeiwste oti aytes oi odhgies isxuoyn kai gia ta paragwga toy RedHat, opws to Mandrake 6.x, poy dianemetai apo thn MacMillan Publishing katw apo mia poikilia emporikwn etiketwn. · Oti o H/Y sas me to Linux exei duo kartes diktuoy egkatesthmenes mesa toy, kai einai symbates me to Linux kai oi duo. · Oti dia8etete ena ethernet hub, an syndeete se diktyo perissoteroys apo enan ypologistes, h kalwdio cross-over, an syndeete monon enan H/Y. · Oti gnwrizete pws na epejergazeste arxeia morfhs text se H/Y me Linux. · Oti mporeite na mpeite ston H/Y ws root. Oti gnwrizete na egka8istate paketa RPM apo ta cd-roms toy Linux. An den plhreite aytes tis proupo8eseis, tote pi8anotata ayto to keimeno na mhn proorizetai gia sas. Den yparxei kati to asynh8isto, poy prepei na kanete kata th diadikasia egkatastashs. Apla, dialejte mia egkatastash poy sas tairiazei, kai jekinhste thn. Ayto to keimeno dinei odhgies gia na egkatasthsete o,tidhpote exei sxesh me thn prospa8eia diktuwshs poy jekinaei apo to mhden, gia n' apofugete tis tyfles ypo8eseis, ws pros to ti egkatasta8hke h ry8misthke kata th diarkeia ths egkatastashs ayths. Gia na bebaiw8eite pws to susthma doyleuei kai pws den yparxei sugxysh ws pros to ti-paei-pou, oles oi ry8miseis 8a ginoyne me katey8eian epembash sta arxeia ry8misewn, para me xrhsh twn ergaleiwn ry8misewn katw apo GUI's, ta opoia parexei to RedHat. Apo th mia pleyra, aytos o tropos einai ligaki dyskoloteros ap' o,ti prepei. Apo thn allh, omws, oi gnwseis sas 8a mporoun na efarmostoun polu eukola se diaforetikes dianomes toy Linux, h diaforetikes katastaseis. (Px, se fash opoy ta X-Windows den doyleuoyn, h an sthnete enan headless server.) 1.1. Ekdoseis H teleytaia ekdosh aytou edw toy keimenoy panta brisketai sto http://www.coastnet.com/~pramsey/linux/homenet.html (se HTML), kai sto http://www.coastnet.com/~pramsey/linux/homenet.sgml (se SGML). · 21 Dekembrioy 1999 : Prwth ekdosh. · 2 Ianoyarioy 2000 : Perielaba ypodeijeis toy John Mellor, gia tis parajenies toy ejwterikou diktuoy. · 22 Ianoyarioy 2000 : Mikrh pros8hkh sxetika me tis kartes diktuoy poy einai akribws idies, kai plhrofories gia to IP aliasing apo ton Chris Lea. · 16 Martioy 2000 : Merikes plhrofories sxetikes me thn asfaleia toy name server kai sxetika me thn yposthrijh toy Caldera Linux, apo ton Nelson Gibbs. · 22 Ioynioy 2000 : Tekmhriwsh gia tis parajenies ths ru8mishs toy RedHat 6.2 . Perissoteres plhrofories gia to PPPoE (PPP over Ethernet), apo ton Kerr First. 1.2. Copyright Copyright © 2000, Paul Ramsey. Ayto to keimeno mporei n' anaparax8ei oloklhro h kata tmhmata, xwris xrewsh, ypo toys parakatw oroys : · H parapanw anafora sto copyright kai h anafora sthn adeia xrhshs prepei na diathrountai akeraies epanw se ola ta antigrafa, plhrh h tmhmatika. · Ka8e metafrash h paragwgh ergasia prepei na egkri8oun graptws apo ton syggrafea, prin dianemh8oun. · Ean dianeimete ena kommati aytou toy keimenoy, prepei na symperilabete odhgies gia to pws mporei kapoios na brei to plhres keimeno, ka8ws ki ena meson, gia na bre8ei to plhres keimeno. · Mikra tmhmata aytou toy keimenoy mporoun n' anaparax8oun ws paradeigmata se entypa, h ws anafores se alles ergasies, xwris na periexoyn aythn edw thn adeia, ean yparxei h anafora toy arxikou keimenoy. Gia akadhmaikous skopous, mporoun na ginoyn ejaireseis sta parapanw : Gracte ston syggrafea kai zhthste to. Aytoi oi periorismoi yparxoyn edw, gia na prostateuoyn emas, ws syggrafeis, oxi gia na periorizoyn esas, ws ekpaideytes h ma8htes. 2. Kalwdiwnontas to susthma Analoga me to an xrhsimopoieite hub h oxi, h diktyakh sas topologia 8a diaferei ligaki. Edw kaluptw monaxa thn sundesh me kalwdio RJ45 (ayto poy moiazei me thlefwniko kalwdio poy paxyne, epeidh phre anabolika), kai oxi thn sundesh me lepto omoajoniko. Me to lepto omoajoniko mporeite na syndesete pollous H/Y xwris na xreiastei hub, alla prepei na prosexete ton termatismo twn syndesewn, klp. An hdh gnwrizete apo diktuwsh, oi odhgies aytes 8a sas fanoun se megalo ba8mo perittes. 2.1. Me hub An dia8etete hub, to diktyo sas 8a moiazei m' ayto edw . Syndeste thn karta diktuoy eth0 toy H/Y sas me to kalwdiako (cable) modem, h to koyti ths sundeshs ADSL, xrhsimopoiwntas to kalwdio poy sas edwse o texnikos ths sundeshs kata thn egkatastash poy ekane. (H, ena kalwdio poy gnwrizete oti 8a doylecei m' ayth th sundesh.) Ayto to bhma xreiazetai prosoxh, epeidh merikes fores sta cable modems aresei h sundesh me crossover, kai merikes fores h katey8eian sundesh me kalwdio. To kalwdio poy sas dinei h etairia sundeshs, einai ayto akribws poy xreiazeste. Syndeste thn karta diktuoy eth1 toy H/Y sas me to hub, katey8eian me kalwdio. Kante to idio kai gia toys alloys H/Y sas. 2.2. Xwris hub Akomh ki an den exete hub, panta mporeite na syndesete enan H/Y epanw ston H/Y sas poy exei Linux, me kalwdio crossover. H topologia sas 8a moiazei me aythn edw . Syndeste thn karta diktuoy eth0 me to cable modem, h to koyti ths sundeshs ADSL, xrhsimopoiwntas to kalwdio ths syskeyasias twn syndesewn. Syndeste thn karta diktuoy eth1 me ton allon H/Y, xrhsimopoiwntas kalwdio crossover. 2.3. Me mono mia karta diktuoy Ayto to sthsimo den to synistw. M' ayton ton tropo, to eswteriko kai to ejwteriko sas diktyo briskontai epanw sto idio kommati diktuoy, kai ara einai pio epidektika se cracking ( = zhmies apo kakoboyloys hackers). Sthn pragmatikothta, o kindynos aytos einai pi8anotata ashmantos, alla yparktos. Analoga ti 8a sas tuxei. O pyrhnas toy Linux perilambanei yposthrijh gia to "IP aliasing", h opoia epitrepei se mia karta diktuoy tupoy ethernet na yposthrizei duo diey8unseis IP taytoxrona. (Ayto to xarakthristiko einai sumfyto stoys pyrhnes poy briskontai stis dianomes ths RedHat kai ths Mandrake.) Gia na ry8misete mia gateway me mono mia karta ethernet, antikatasthste se ola ta efejhs paradeigmata to eth1 me to eth0:0. Se susthma monhs kartas diktuoy, den synistatai na trejete enan DHCP server. Syndeste oloys toys H/Y sas kai to cable modem sas (h to koyti ths sundeshs ADSL) sto hub. Stayrwste ta daxtyla sas, kai synexizoyme. 3. Ry8mizontas th diktuwsh Entajei loipon, mexri twra exete egkatasthsei to Linux ston H/Y, poy apotelei thn gateway sas. Mporei akomh kai na 'xete ry8misei mia apo tis kartes diktuoy sas, kai th sundesh me to Internet. Wstoso, 8' arxisoyme apo to mhden, kai 8a kanoyme sa na mhn egine kammia ru8mish. Kante login ws root. Oles oi odhgies aytou toy keimenoy proupo8etoyn oti exete kanei login ws root. O pyrhnas toy Linux anaferetai stis duo ethernet kartes sas ws eth0 kai eth1, ara me ton idio tropo 8' anaferomai ki egw s' aytes eis to ejhs. To problhma, omws, einai oti den jeroyme poia einai poia. Oriste enas "aplos" tropos na to broume, poy doyleuei eggyhmena toylaxiston sto 50% twn periptwsewn : Balte ton H/Y sas epanw sto grafeio me th motherboard se orizontia 8esh, kai na blepete to pisw meros. (Sa na eprokeito na ton anoijete, kai na kanete kapoia ergasia sto eswteriko toy.) H eth0 karta einai h pio aristera - isws na 8elete na shmeiwsete th 8esh ths me mia etiketa. Twra, shmeiwste s' ena fullo xarti th marka kai to montelo kai ths eth0, kai ths eth1. Entajei, as doume twra an kai thn eth0 kai thn eth1 tis anagnwrizei aytomata o pyrhnas. Dwste : ifconfig eth0 kai : ifconfig eth1. Kai stis duo periptwseis, an o pyrhnas anagnwrizei thn antistoixh karta, prepei na deite ena mhnyma san to parakatw (me ta noumera kai ta ypoloipa, bebaia, na einai diaforetika) : eth0 Link encap: Ethernet HWaddr 00:60:67:4A:02:0A inet addr:0.0.0.0 Bcast:0.0.0.0 Mask:255.255.255.255 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:466 errors:0 dropped:0 overruns:0 frame:0 TX packets:448 errors:0 dropped:0 overruns:0 carrier:0 collisions:85 txqueuelen:100 Interrupt:10 Base address:0xe400 An o pyrhnas den anagnwrizei thn karta diktuoy sas, 8a deite ena mhnyma san to parakatw : eth0: error fetching interface information: Device not found. 3.1. Ry8mizontas enan driver diktuoy An to Linux brei kai tis duo kartes sas, pate thn epomenh enothta. Alliws, diabaste aythn edw. As poume oti o pyrhnas den anagnwrizei th mia karta, h kai tis duo. Ayto den einai kanena spoydaio problhma. O,ti prepei na kanoyme, einai na ejhghsoyme ston pyrhna pws na brei tis kartes. Yparxoyn polla kolpa edw, alla den 8a t' anaferw ola. Monaxa 8ymh8eite pws, otan ta pragmata dyskoleuoyn, yparxei kai to Ethernet HOWTO. Idou, omws, merikes symboyles se syntomia : · Dia8etete mia PCI karta diktuoy. Kai pi8anotata exete jenoiasei, ypo8etontas pws den einai toso kainourgia, wste na mhn yparxoyn ka8oloy drivers gi' aythn. Syxna, omws, mporeite na breite para polles plhrofories gia tis kartes diktuoy sas (ka8ws kai gi' alla pragmata), diabazontas to /proc/pci kai shmeiwnontas markes kai montela. · Dia8etete mia ISA karta diktuoy. Einai pi8ano na xreiastei na ma8ete th basikh dieu8ynsh IO kai thn IRQ ths kartas. H karta exei ena egxeiridio, swsta; An den exei, prepei na pate sto site toy kataskeyasth ths, kai na deite an exei on-line tipote keimena anaforas. H, an h karta exei mia disketa ry8misewn sto DOS, jekinhste me thn disketa ayth kai koitajte an exei programma ry8misewn (to opoio 8a diabasei kai 8a ry8misei th dieu8ynsh kai thn IRQ). · Dia8etete mia ISA Plug'n'Play karta diktuoy. Prwta prepei na ma8ete pws na th ry8mizete - diabaste to Plug'n'Play HOWTO. Eytyxws, afou ry8misete mia fora thn karta sas, 8a gnwrizete akribws poies einai h basikh dieu8ynsh IO kai h IRQ ths. Twra, mia poy jerete tis markes - montela twn eth0 kai eth1, mporeite na pate sth selida symbatothtas toy Ethernet HOWTO, kai na cajete gia tis kartes sas. Shmeiwste ton synistwmeno driver, ka8ws kai ka8e plhroforia gia eidikes ry8miseis, poy tyxon apaitoun oi kartes sas. Eftase h stigmh na epemboyme s' ena arxeio ry8misewn! To arxeio poy 8a dior8wsoyme, einai to /etc/conf.modules. Anoijte to me ton text editor ths epiloghs sas. Epeidh yparxoyn polles epiloges kai syndyasmoi, poy mporoun na proste8oun sto sygkekrimeno arxeio, 8a sas dwsw san paradeigma tis ry8miseis gia th dikh moy gateway. Exw mia PCI karta twn 10/100 Mbps, poy basizetai sto oloklhrwmeno VIA Rhine, ki enan typikotato ISA klwno toy protupoy NE2000, sta 10 Mbps. Xrhsimopoiw thn karta twn 100 Mbps gia to eswteriko diktyo, kai thn 10ara gia th sundesh me to ejwteriko diktyo. To diko moy /etc/conf.modules arxeio einai kapws etsi : alias parport_lowlevel parport_pc alias eth0 ne options ne io=0x300 irq=10 alias eth1 via-rhine H ejhghsh twn grammwn toy conf.modules arxeioy moy einai h ejhs : · H prwth grammh ka8orizei oti h parallhlh 8ura moy einai gia ektypwseis. Pi8anotata exete ki eseis mia tetoia grammh, thn opoia afhste thn ws exei. · H deuterh grammh (alias eth0 ne) leei ston pyrhna na xrhsimopoihsei ton ne driver gia th syskeyh eth0. · H trith grammh (options ne io=0x300 irq=10) leei ston ne driver se poia dieu8ynsh IO kai se poia IRQ 8a brei thn ISA karta. An exete kai seis karta ISA, pi8anotata prepei na gracete mia paromoia grammh sto arxeio. Apla, antikatasthste ton driver kai tis IO kai irq me ta antistoixa gia thn karta sas. · H tetarth grammh (alias eth1 via-rhine) leei ston pyrhna na xrhsimopoihsei sthn karta eth1 ton driver gia oloklhrwmena via- rhine. Epeidh, twra, h eth1 karta moy einai PCI, den xreiazetai na gracw odhgies gia tis io kai irq : To yposusthma PCI ry8mizei thn karta aytomata. Prepei na bebaiw8eite oti yparxoyn grammes alias kai gia tis dyo kartes sas sto arxeio conf.modules , kai na balete tis swstes grammes epilogwn gia oles tis ISA kartes sas. Mporei kai na yparxoyn hdh grammes sto conf.modules, gia ka8e karta ethernet poy ry8misate kata thn egkatastash Otan teleiwsete th dior8wsh toy conf.modules, janadokimaste tis entoles ifconfig eth0 kai ifconfig eth1. Isws sas xreiastei na kanete kamposes dokimes, an skalizete tis diey8unseis IO kai tis IRQs, xwris na koitazete to egxeiridio toy kataskeyasth. 3.1.1. Duo akribws idies kartes diktuoy Eseis o jupnios, poy agorasate duo akribws idies kartes diktuoy, twra den mporeite na tis balete na doylecoyn mazi; Mhn anhsyxeite, to n' anagkastoun na symbiwsoyn einai apla 8ema swsths suntajhs twn grammwn toy arxeioy /etc/conf.modules. Sto paradeigma mas, oi ari8moi IO diey8unsewn kai IRQ's einai apla ths fantasias mas, alla 8a ypo8esw oti agorasate ena tairiasmeno zeygari klwnwn toy protupoy NE2000 (pragma poy einai mia synh8ismenh epilogh). To diko sas arxeio /etc/conf.modules logika moiazei kapws etsi : alias eth0 ne alias eth1 ne options ne io=0x330,0x360 irq=7,9 Oi parametroi diey8ynsiodothshs didontai oles sthn idia grammh, kai o prwtos ari8mos se ka8e parametro anaferetai sthn eth0. O deuteros sthn eth1. 3.2. Ry8mizontas to eswteriko meros toy diktuoy To "eswteriko" diktyo einai ayto, me to opoio epikoinwnoun oloi oi H/Y mas sto spiti h sto grafeio. To "ejwteriko" diktyo einai to megalo, tromaktiko Internet, sthn allh pleyra toy gateway H/Y mas. Gia ton perissotero xrono, to eswteriko diktyo 8a einai plhrws apomonwmeno apo to ejwteriko me th boh8eia toy gateway H/Y, o opoios 8a energei ws firewall metrias isxuos. 3.2.1. H syskeyh diktuoy Mia poy oi drivers sas doyleuoyne twra, kai mporeite na deite kai thn eth0 kai thn eth1 me to ifconfig, hr8e h stigmh na ry8misoyme to eswteriko diktyo. Ypo8etw oti 8a balete to eswteriko sas diktyo sthn eth1, kai to ejwteriko diktyo sthn eth0. To eswteriko sas diktyo 8a einai idiwtikhs xrhshs, kai ara prepei na to kanoyme diktyo tetoias morfhs : 192.168.1.0. Ayto epishma legetai "idiwtiko diktyo Tajhs C", se periptwsh poy 8elete na entypwsiasete toys filoys sas. Prwta, prepei na bebaiw8oume oti exei energopoih8ei h diktuwsh. Allajte to arxeio /etc/sysconfig/network, kai bebaiw8eite pws periexei tis ejhs grammes : NETWORKING=yes FORWARD_IPV4=yes H prwth grammh leei sto Linux pws epi8ymoume h diktuwsh na energopoieitai katey8eian me thn ekkinhsh toy H/Y. H deuterh grammh leei sto Linux na energopoihsei thn prow8hsh ari8mwn IP (IP forwarding). Ayth apaiteitai gia th ru8mish toy maskarismatos (masquerading), poy 8a poume sthn enothta 4 toy HowTo. Shmeiwsh gia to RedHat : To RedHat 6.2 apaitei allages sto arxeio /etc/sysctl.conf, gia na yposthrijei swsta to IP forwarding kai to masquerading. Bebaiw8eite oti yparxoyn ki exoyn tis swstes times parametrwn oi akoloy8es grammes : net.ipv4.ip_forward = 1 net.ipv4.ip_always_defrag = 1 Oles oi ry8miseis diktuoy gia to RedHat kai tis paragwges dianomes toy RedHat periexontai se arxeia, sto directory /etc/sysconfig/network- scripts directory. Kante cd s' ayto to directory, kai ftiajte ena neo arxeio, to ifcfg-eth1. Mesa s' ayto gracte ta ejhs : DEVICE=eth1 IPADDR=192.168.1.1 ONBOOT=yes Aytos o kwdikas leei sta scripts diktuoy na ry8misoyn thn eth1 kata thn ekkinhsh, kai na ths dwsoyn mia sygkekrimenh dieu8ynsh IP. Energopoieiste tis nees ry8miseis sto diktyo sas me thn akoloy8h entolh : /etc/rc.d/init.d/network restart 3.2.2. O DHCP server Enas DHCP server apodidei aytomata diey8unseis IP stoys H/Y poy briskontai syndedemenoi sto spitiko sas diktyo. Einai polu xrhsimos, otan exoyme forhtous H/Y : Mporoume apla na syndesoyme toys forhtous H/Y sto diktyo, kai amesws na diktyw8oun swsta. An den 8elete DHCP server sto eswteriko sas diktyo, na proxwrhsete sthn epomenh enothta. Prwta prepei na bebaiw8eite oti o DHCP server einai egkatesthmenos. Kante mount to CD toy Linux sas, kai egkatasthste to paketo dhcp RPM. Twra, allajte to arxeio /etc/dhcpd.conf, kai pros8este ta ejhs (kai monon ayta) : subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.2 192.168.1.60; default-lease-time 86400; max-lease-time 86400; option routers 192.168.1.1; option ip-forwarding off; option broadcast-address 192.168.1.255; option subnet-mask 255.255.255.0; } An prokeitai na sthsete ton Linux H/Y sas san caching domain name server, dwste thn akoloy8h epilogh : option domain-name-servers 192.168.1.1; Ean gnwrizete thn ejwterikh DNS dieu8ynsh sas, kai den prokeitai na xrhsimopoihsete ton Linux H/Y gia DNS, dwste thn akoloy8h epilogh (opoy x.x.x.x kai y.y.y.y einai ari8moi IP twn DNS servers) : option domain-name-servers x.x.x.x, y.y.y.y; Ean prokeitai na balete thn koinh xrhsh arxeiwn me to protypo Samba ston Linux H/Y sas (gia xarh twn H/Y sas me Windows), pros8este tis akoloy8es grammes, wste o Linux H/Y na ginei o ej orismou WINS kai browsing server : option netbios-name-servers 192.168.1.1; option netbios-dd-server 192.168.1.1; option netbios-node-type 8; option netbios-scope ""; Oi ry8miseis twn Samba kai WINS briskontai polu ejw apo ta oria toy parontos keimenoy. An xreiazeste kapoies ypodeijeis, jekinhste me to SMB HOWTO, kai synexiste apo ekei. Yparxoyn akomh liga bhmata. Twra, anoijte to arxeio /etc/rc.d/init.d/dhcpd, kai cajte na breite thn ejhs grammh : /sbin/route add -host 255.255.255.255 dev eth1 Oi DHCP clients me Windows apaitoun ekpomph mias sygkekrimenhs dieu8ynshs stis apokriseis DHCP, kai h parapanw entolh anagkazei ton TCP/IP stack toy Linux na thn paragei. Ean den mporeite na breite ayth th grammh sto arxeio ayto, pros8este thn. An breite mia paromoia grammh, bebaiw8eite oti h syskeyh sthn opoia anaferetai, einai h eth1. To epomeno bhma einai n' allajoyme to arxeio /etc/rc.d/init.d/dhcpd, wste na dexetai san default th syskeyh eth1. Antikatasthste th grammh : daemon /usr/sbin/dhcpd me : daemon /usr/sbin/dhcpd eth1 Twra eimaste etoimoi na jekinhsoyme to DHCP. Prwta jekiname ton DHCP server, me thn entolh : /etc/rc.d/init.d/dhcpd start. Telika, prepei na bebaiw8oume oti o DHCP server 8a jekinhsei kata thn epanekkinhsh. Merika paketa RPM toy DHCP server den periexoyn entoles, poy na sigoyreuoyn oti o server 8a jekinaei ka8e fora, ara prepei na bebaiw8oume emeis oti jekinaei, dinontas thn entolh : chkconfig dhcpd on. Ayth h entolh kanei to RedHat na pros8esei to script ekkinhshs toy dhcp sta diafora directories twn runlevels, katw apo to /etc/rc.d. O DHCP server jekinaei sta runlevels 3 kai 5 (multiuser konsola kai multiuser X). Sta runlevels 0, 1 kai 6 (shutdown, monoxrhsia kai reboot), o DHCP server stamataei. 3.2.3. Oi client H/Y An exete hdh ry8misei to DHCP, einai polu eukolo na ry8misete kai toys client H/Y sas : Apla energopoieiste th ru8mish toy DHCP. Gia H/Y me Windows, ayto shmainei n' anoijete ton Pinaka Ry8misewn ("Control Panel"), kai meta thn epilogh diktuwshs ("Networking"). Breite to prwtokollo "TCP/IP", kai balte Ru8mish ("Configure"). Kante tsekarisma sto koytaki, poy leei na ry8misoyme aytomata th dieu8ynsh TCP/IP ("Configure TCP/IP address automatically"), efarmoste tis allages sas, kai epanekkinhste. Prin epanekkinhsete, omws, ton server, mporeite na dwsete kai thn ejhs entolh : tail -f /var/log/messages. Ayth parakoloy8ei synexws ta logs sto Linux. An ola pane kala, me thn epanekkinhsh twn Windows H/Y sas 8a deite na zhtane dieu8ynsh IP, kai o DHCP server n' antapokrinetai. (H entolh tail -f termatizetai, an pathsoyme Control-C.) An den exete ry8misei to DHCP, h ru8mish ejakoloy8ei na paramenei eukolh. 3ananoijte th Diktuwsh ("Networking") toy Pinaka Ry8misewn ("Control Panel"), kai epilejte th ru8mish toy prwtokolloy TCP/IP. Mporeite na dwsete stoys client H/Y sas opoiadhpote dieu8ynsh toy diktuoy 192.168.1.0 , ektos ths 192.168.1.0 (dhl. ths dieu8ynshs toy idioy toy diktuoy), ths 192.168.1.255 (dhl. ths dieu8ynshs broadcast), h ths 192.168.1.1 (ths dieu8ynshs toy Linux server H/Y). Pote mh dwsete thn idia dieu8ynsh IP se duo H/Y. Kante th dieu8ynsh "Gateway" 192.168.1.1, wste h kykloforia pros to ejw diktyo na pernaei apo ton gateway H/Y. To IP Masquerading HOWTO exei leptomereis plhrofories gia tis ry8miseis twn clients, sto kefalaio twn ry8misewn. Genika, gia na ry8misoyme enan client H/Y, eite energopoioume th ru8mish DHCP, eite ths dinoyme me to xeri mia dieu8ynsh sthn perioxh 192.168.1.x, me gateway 192.168.1.1 . O DNS server prepei na einai eite o 192.168.1.1, an trexete enan caching DNS server (des parakatw), h na katey8unei to DNS stis diey8unseis poy sas edwse o Internet Provider sas. 3.2.4. O DNS server Ry8mizontas ton Linux H/Y sas san caching DNS server, 8a kalytereusei (elafra) thn taxuthta serfarismatos, epeidh oi syxnhs xrhshs diey8unseis DNS 8a kasaristoun mesa sto diktyo sas, kai den 8a tis pairnete ka8e fora ap' ejw. Ean endiafereste na ylopoihsete ena plhres DNS, yparxoyn polla sun8eta pragmata poy prepei na ma8ete. Yparxei ena DNS HOWTO dia8esimo, kai to biblio DNS and BIND apotelei mia kalh (kai polu katanohth) grapth phgh anaforas. Gia na ekmetalleytoun ton caching server oi client H/Y sas, prepei na ry8mistoun, wste na xrhsimopoihsoyn th Linux gateway ws ton prwteuonta DNS server toys. Ena tropos gia na ginei ayto, einai oi katey8ynthries entoles gia to DHCP, poy didontai sthn enothta 3.2.2 . An ry8mizete me to xeri toys client H/Y sas, mporeite n' allajete tis ry8miseis toy DNS me ton idio tropo poy xrhsimopoihsate gia na gracete th dieu8ynsh IP. Gia na egkatasthsete ton DNS server, prwta egkatasthste to paketo bind RPM, kai meta to caching-nameserver RPM. S' ayto to shmeio, exoyme sxedon teleiwsei. O caching server 8a doylecei mia xara me ton tropo poy ton egkatasthsame. Wstoso, an gnwrizete tis diey8unseis IP twn DNS servers toy Internet Provider sas (sto ejhs "ISP" - s.t.m.), mporeite n' ayjhsete akomh ligo thn apodosh, allazontas to arxeio /etc/named.conf, kai pros8etontas thn ejhs grammh meta th grammh directory (opoy x.x.x.x kai y.y.y.y einai antistoixa o prwteuwn kai o deytereuwn DNS servers) : forwarders { x.x.x.x; y.y.y.y; }; Ayth h allagh kanei ton DNS server prwta na rwtaei toys DNS servers toy ISP, prin diasxisei to Internet caxnontas gia mia sygkekrimenh dieu8ynsh. Oi servers toy ISP synh8ws exoyne para polles diey8unseis kasarismenes, kai epomenws mporoun na dwsoyn taxuterh apanthsh ap' o,ti 8a mporouse o dikos sas server. O daemon named eixe kapoia problhmata asfaleias to prohgoumeno 12mhno, ara einai polu shmantiko to na exete thn pleon prosfath ekdosh, kai na kanete kapoies allages stis ej orismou ry8miseis, wste n' ayjhsete thn asfaleia toy systhmatos. 1. Elegjte thn ekdosh toy bind sas, kai bebaiw8eite oti einai toylaxiston h 8.2.2. Phgainete sto site Ananewseis toy RedHat, h sto Ananewseis toy Mandrake, wste na cajete gia thn pio prosfath ekdosh. 2. Perioriste thn prosbash ston name server sas, wste na thn exei mono to topiko diktyo. Pros8este th grammh allow-query { 192.168.1/24; 127.0.0.1/32; }; sto arxeio /etc/named.conf, meta th grammh forwarders. 3. Apofugete na trexete ton name server sas ws root. Ean o server trexei ws root, ena xakema toy server 8a dwsei ston xaker ta pronomia toy root. An trexete ton server ws xrhsths xwris polla dikaiwmata, px san nobody, 8a xamhlwsete to epipedo kindunoy xakematos toy name server. Gia na trejete ton name server ws nobody, dior8wste to arxeio /etc/rc.d/init.d/named, kai allajte th grammh daemon named se daemon named -u nobody -g nobody. Bebaiw8eite oti o DNS server sas 8a energopoih8ei me to bootarisma : chkconfig named on. Pali, ayto sigoyreuei oti o server 8a jekinhsei sta synh8ismena runlevels (3 kai 5) kata to bootarisma. Entajei, twra mporeite na jekinhsete ton DNS server sas : /etc/rc.d/init.d/named start 3.2.5. Testarontas to eswteriko diktyo To DNS den 8a doylecei mexri na ry8misoyme to ejwteriko diktyo, (mia poy prepei na epikoinwnhsei me alloys DNS servers epanw sto Internet), alla me to programma ping mporoume na testaroyme thn basikh eswterikh sundesh. Anoijte ena para8yro termatikou (MS-DOS) s' enan apo toys client H/Y sas, kai dwste : ping 192.168.1.1. Ayth h entolh 8a stelnei se taktika xronika diasthmata paketa pros ton Linux H/Y sas, ki aytos 8a ta janastelnei pisw. An ola doyleuoyn swsta, 8a blepete ena sunolo xronwn epistrofhs twn paketwn. 3.3. Ry8mizontas to ejwteriko diktyo Twra eimaste etoimoi na ry8misoyme to ejwteriko diktyo. Merikes fores ayto 8a einai duskolo, analoga me to poso kala yposthrizei to Linux o ISP sas. An exete dyskolies, yparxei to ADSL mini-HOWTO, poy kaluptei ta 8emata ths sundeshs ADSL arketa leptomereiaka. Ean brw kai kanena Cable Modem HOWTO, 8a balw link kai gi' ayto. To kurio problhma me tis perissoteres ejwterikes syndeseis einai to na pareis mia dieu8ynsh IP. Merikoi ISPs dinoyn statikes diey8unseis IP se syndromhtes me sundesh cable (kalwdiako) modem h ADSL, kai s' ayth thn periptwsh h ru8mish einai eukolh. Wstoso, oi perissoteroi ISPs exoyne pleon prosanatolistei se dynamikh sundesh mesw (swsta mantecate!) DHCP. Ayto shmainei oti o Linux H/Y sas 8a einai DHCP server sthn karta diktuoy eth1 interface, kai DHCP client sthn karta diktuoy eth0. Epipleon, polloi ISPs parexoyn tis yphresies toys me ejeidikeymeno tropo, poy proupo8etei oti oi pelates toys xrhsimopoioun Windows. Merikes ap' aytes tis periptwseis 8a syzhth8oun sto telos ths enothtas 3.3.2. . 3.3.1. Me statikh dieu8ynsh IP Ean o ISP sas sas edwse statikh dieu8ynsh IP, exete jenoiasei. Ftiajte ena neo arxeio ry8misewn ths sundeshs, to /etc/sysconfig/network- scripts/ifcfg-eth0, kai balte ta ejhs mesa toy : DEVICE=eth0 IPADDR=x.x.x.x NETMASK=y.y.y.y ONBOOT=yes Apla antikatasthste ta x.x.x.x kai y.y.y.y me tis times poy sas edwse o ISP. Twra, dior8wste to arxeio /etc/resolv.conf, kai gracte tis akoloy8es grammes : search provider_domain_here nameserver n.n.n.n nameserver m.m.m.m To provider_domain prepei kanonika na sas to dwsei o ISP sas. Epishs, balte toys prwteuonta kai deytereuonta DNS servers stis grammes n.n.n.n kai m.m.m.m . An exete ry8misei ton Linux H/Y san DNS server, pros8este mia grammh prin tis grammes gia toys alloys nameservers : nameserver 127.0.0.1. Ayth 8a kanei ton Linux server na xrhsimopoihsei ton caching server, prin zhthsei apo toys ejwterikous servers plhrofories gia DNS. 3.3.2. Me to DHCP An o ISP sas exei ry8mistei ws DHCP, prepei na ftiajete ena neo arxeio ry8misewn ths sundeshs, to /etc/sysconfig/network-scripts/ifcfg-eth0, kai pros8este toy ta ejhs : DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes Twra, bebaiw8eite oti o dhcpcd client daemon einai egkatesthmenos sto susthma sas. Phgainete sta Linux CD sas, ki egkatasthste to paketo dhcpcd RPM. Eftase loipon h stigmh na dokimasoyme tis ry8miseis toy neoy mas diktuoy. Apla dinoyme thn entolh /etc/rc.d/init.d/network restart. Meta, me ping kanoyme dokimh ths ejwterikhs sundeshs. Kanoyme ping s' enan H/Y sto Internet, san ton www.yahoo.com, kai perimenoyme mhpws epistrecei kapoio paketo. 3.3.3. Parajenies kai anwmalies H katastash me to diktyo sas mporei na einai diaforetikh apo ta apla paradeigmata poy perigrafontai parapanw. Idou merikes suntomes parathrhseis epanw stis diafores dyskolies, kai links kai diey8unseis pros perissotero egkyres phges. Eyxaristw ton John Mellor, poy moy edwse ta links kai thn w8hsh na pros8esw aythn thn enothta. 3.3.3.1. PPP epanw se Ethernet (PPPoE) Merikoi ADSL providers (px h Bell Atlantic) epimenoyn teleytaia na syndeontai oi neoi toys pelates mesw toy prwtokolloy "PPP over Ethernet" (PPPoE). Gia ton skopo ayto, dinoyne stoys neoys syndromhtes ena client programma gia Windows : kati oxi idiaitera xrhsimo se xrhstes Linux. Eytyxws, omws, to PPPoE einai ena aplo prwtokollo, kai ginontai hdh polles prospa8eies na yposthrix8ei kai apo to Linux. · O anagnwsths Kerr First synista en8erma to Roaring Penguin PPPoE Client. · Yparxei kai to PPPoE on Linux for Bell Sympatico, · kai ta General Info kai Linux Info. 3.3.3.2. Xaza kolpa me to DHCP Ena apo ta agaphmena kolpa twn ISPs einai to na se syndeoyn m' ena kai monadiko host name, h akomh kai me mia kai monadikh karta prosbashs sto diktyo. Ayto ypo8etika ginetai gia na s' empodisei na bazeis pollous H/Y sto diktyo soy, me th xrhsh hub. (Fysika, me xrhsh Linux kai masquerading exoyme to idio apotelesma me kaluterh asfaleia, kai o ISP den dia8etei tropo na gnwrizei an egine ayto!!) Ean o ISP sas edwse ena host name, kai epemeine na dwsete ston Windows H/Y sas ayto to onoma, wste na sas afhsei na xrhsimopoihsete th sundesh, tote prepei na sigoyreyteite oti o Linux H/Y sas stelnei prwta ayto to host name, otan zhtaei mia dieu8ynsh apo ton DHCP server. Otan bazete dhcp sto BOOTPROTO, sto arxeio ry8misewn ths sundeshs, kaleitai men o RedHat DHCP client, alla xwris n' anaferetai se kapoio host name. Gia na kaleite to programma me host name sto RedHat 6.1, dior8wste to arxeio /etc/sysconfig/network, kai allajte th grammh : HOSTNAME= wste na grafei : HOSTNAME=your_isp_assigned_name Ayto mporei na mh doylecei se merikes parallages toy RedHat. An den doylecei, elegjte to /sbin/ifup script kai koitajte an oi klhseis twn dhcpcd kai pump perilambanoyn mia parametro -h $HOSTNAME. An oxi, pros8este thn, wste oi klhseis na ginoyn kapws etsi : /sbin/dhcpcd -i $DEVICE -h $HOSTNAME kai /sbin/pump -i $DEVICE -h $HOSTNAME. 3.3.3.3. H etairia Road Runner H etairia kalwdiakwn syndesewn Road Runner exei mia eidikh diadikasia login, poy prepei na trejei prin xrhsimopoih8ei o server. Eytyxws, yparxei ena leptomeres Linux Road Runner HOWTO. 3.3.4. Koitazontas tis ry8miseis toy diktuoy Twra, mporeite na 8aymasete to ergo sas. Dwste ifconfig, gia na deite oles tis ry8mismenes syskeyes sas. Ston diko moy gateway H/Y, pairnw ta ejhs : eth0 Link encap:Ethernet HWaddr 00:60:67:4A:02:0A inet addr:24.65.182.43 Bcast:24.65.182.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:487167 errors:0 dropped:0 overruns:0 frame:0 TX packets:467064 errors:0 dropped:0 overruns:0 carrier:0 collisions:89 txqueuelen:100 Interrupt:10 Base address:0xe400 eth1 Link encap:Ethernet HWaddr 00:80:C8:D3:30:2C inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:284112 errors:0 dropped:0 overruns:0 frame:1 TX packets:311533 errors:0 dropped:0 overruns:0 carrier:0 collisions:37938 txqueuelen:100 Interrupt:5 Base address:0xe800 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:12598 errors:0 dropped:0 overruns:0 frame:0 TX packets:12598 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 Shmeiwste oti h karta eth0 exei mia entypwsiakh ejwterikh dieu8ynsh IP, kai h karta eth1 mia idiwtikh eswterikh dieu8ynsh. Mporeite na deite ta routes toy diktuoy, dinontas thn entolh route. Ston gateway H/Y moy, pairnw ena mhnyma san ayto : Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 255.255.255.255 * 255.255.255.255 UH 0 0 0 eth1 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1 24.65.182.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 24.65.182.1 0.0.0.0 UG 0 0 0 eth0 Edw mporoume na doume oti to ejwteriko diktyo einai ry8mismeno, to eswteriko diktyo einai ry8mismeno, h topikh syskeyh epishs, h eidikh dieu8ynsh broadcast 255.255.255.255 epishs, kai to default route einai ry8mismeno na deixnei thn gateway toy ISP. Teleio! Twra exoyme kai ta ejw, kai ta mesa. Apomenei n' anoijoyme thn porta metaju toys. Wstoso, prwta prepei na bebaiw8oume oti den mporoun na mpoyn mesa tipote terata ap' ejw. 3.4. Asfaleia Ena apo ta meionekthmata ths monimhs sundeshs sto Internet mesw ADSL h kalwdiakou modem, einai pws o H/Y mas einai ekte8eimenos se pi8anes apeiles ths asfaleias toy 24 wres th mera, 7 meres thn ebdomada. H xrhsh toy Linux ws gateway periorizei to risko, epeidh krubei oloys toys ypoloipoys H/Y sto diktyo sas : Oson afora to ypoloipo Internet, syndedemenos einai monon o Linux H/Y sas. Ayto shmainei oti to diktyo sas mporei na einai toso sigoyro, oso o Linux H/Y sas, epomenws s' ayto to shmeio 8a sas dwsw merikes basikes symboyles, gia na ton kanete asfalestero. Prwta, prepei na kleisete ejw oloys toys kakous. Gia na ginei ayto, dior8wste to arxeio /etc/hosts.deny, kai bebaiw8eite oti egine akribws opws parakatw : # # hosts.deny Ayto to arxeio perigrafei ta onomata twn host H/Y, poy # *den* epitrepetai na xrhsimopoioun tis topikes yphresies # INET, opws ka8orizetai apo ton "/usr/sbin/tcpd" server. # # H grammh gia ton portmap einai peritth, alla afhnetai gia # na sas 8ymizei oti o neos asfalhs portmap xrhsimopoiei to # hosts.deny kai to hosts.allow . Eidikotera, 8a eprepe na # gnwrizete oti to NFS xrhsimopoiei ton portmap! ALL: ALL Ta parapanw lene stoys "TCP wrappers" (oi opoioi elegxoyn to 95% twn eiserxomenwn syndesewn) na arnh8oun ka8e sundesh apo ka8e host H/Y. Ayth einai arketa kalh apagoreysh! Alla epishs 8a sas empodisei kai na synde8eite me ton Linux H/Y sas apo to eswteriko spitiko sas diktyo, pragma enoxlhtiko. Epomenws, 8a kanoyme mia ejairesh. Dior8wnoyme to arxeio /etc/hosts.allow, kai to kanoyme akribws etsi : # # hosts.allow Ayto to arxeio perigrafei ta onomata twn host H/Y, poy # toys epitrepetai na xrhsimopoioun tis topikes yphresies # INET, opws ka8orizetai apo ton "/usr/sbin/tcpd" server. # ALL: 127.0.0.1 ALL: 192.168.1. Ta parapanw lene stoys "TCP wrappers" oti mporoun na epitrecoyn syndeseis pros oles tis yphresies ths topikhs syskeyhs (local device, 127.0.0.1), kai pros to spitiko diktyo (192.168.1.) . Twra exete kleidwsei ta terata ejw, me isxyro loyketo. An 8elete na balete mpares kai synagermous, prepei na exete polu perissoteres gnwseis. To Security HOWTO einai ena kalo meros gia n' arxisete to diabasma, an 8elete na ma8ete perissotera gia to pws n' asfalizete ton Linux H/Y sas. 4. Ry8miseis maskarismatos (masquerading) Ola kala! Ta prokatarktika teleiwsane, ki edw akribws arxizei h mageia. To maskarisma IP einai mia apo tis pragmatika magikes eykolies toy Linux. Yparxoyn emporika proionta gia ta Windows, poy kanoyne to idio pragma, alla oxi toso apotelesmatika. Enas arxaios 386 mporei mia xara na kanei maskarisma IP gia ena oloklhro grafeio mesaioy mege8oys, alla den mporei kan na trejei Windows 95 - as afhsoyme kata meros to programma maskarismatos gia Windows. (San ysterografo, diabasa se prosfates eidhseis oti ta Windows 2000 8a yposthrizoyn "koinh xrhsh syndesewn" xwris epipros8eto software. Fainetai oti oi etairies poy poylousan programmata koinhs xrhshs syndesewn, "agkaliasthkan apo kai platynan me th boh8eia ths" MicroSoft. Wstoso, den 8a synistousa na dokimasete Windows 2000 epanw se 386.) To Linux dia8etei mia tromera eyelikth ikanothta firewalling, thn opoia kai 8a xrhsimopoihsoyme edw me ton pleon aplo kai xondroeidh tropo. An epi8ymeite na kanete firewalling san eidikos sto 8ema, prepei na diabasete to Firewalling HOWTO gia katanohsh ths 8ewrias, kai to IPChains HOWTO gia odhgies epanw sto neo ergaleio firewalling, to ipchains, poy paei mazi me ton pyrhna 2.2.x toy Linux (kai, kat' epektash, toy RedHat 6.x). Epishs, einai dia8esimo shmera kai to polu kalo IP Masquerading HOWTO, poy kaluptei me perissoteres leptomereies ta kolpa toy maskarismatos. Einai para polu eukolo to na ry8misoyme ena aplo maskarisma, apo th stigmh poy 8a doyleuoyn kai to eswteriko kai to ejwteriko diktyo. Dior8wnoyme to arxeio /etc/rc.d/rc.local, kai pros8etoyme tis ejhs grammes sto telos toy : # 1) Adeiazoyme toys pinakes kanonwn. /sbin/ipchains -F input /sbin/ipchains -F forward /sbin/ipchains -F output # 2) Orizoyme toys xronismous MASQ kai epitrepoyme na mpoyn paketa gia # ru8mish toy DHCP. /sbin/ipchains -M -S 7200 10 60 /sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 68 -d 0/0 67 -p udp # 3) Arnoumaste thn prow8hsh olwn twn paketwn, ektos oswn einai toy # topikou diktuoy. Ayta ta maskaroyme. /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ # 4) Fortwnoyme modules prow8hshs gia eidikous skopous. /sbin/modprobe ip_masq_ftp /sbin/modprobe ip_masq_raudio Oi teleytaies duo grammes eisagoyn modules toy pyrhna, poy epitrepoyn na doyleuoyn to FTP kai to RealAudio stoys H/Y toy eswterikou diktuoy. Yparxoyn ki alla modules gia eidikes yphresies, poy mporeite na ta skalisete, an ta xreiasteite pote : · CUSeeMe (/sbin/modprobe ip_masq_cuseeme) · Internet Relay Chat (/sbin/modprobe ip_masq_irc) · Quake (/sbin/modprobe ip_masq_quake) · VDOLive (/sbin/modprobe ip_masq_vdolive) Twra eisaste etoimoi na dokimasete to maskarisma! Trejte to rc.local script me thn entolh /etc/rc.d/rc.local, kai fugate! Ka8iste se kapoion allon H/Y sas, kai dokimaste ligo serfarisma sto Internet. Me ligh tuxh, ola twra einai kyrile! 5. Problhmata Yparxoyn ena swro pragmata poy mporei na mhn pane kala me thn efarmogh twn odhgiwn enos aplou keimenoy san ayto edw, epeidh yparxoyn polles eidikes periptwseis. H pleiochfia twn pi8anwn problhmatwn estiazetai sth ru8mish toy eswterikou kai toy ejwterikou diktuoy. 8a prospa8hsw n' apantw se anagnwstes me problhmata, na katanow to ti den phge kala, kai na pros8etw links edw sto telos, wste osoi exoyne eidikhs morfhs problhmata, na mporoun na broyn boh8eia. Epikoinwnhste eleu8era mazi moy sto pramsey@refractions.net. 5.1. To ICQ den doyleuei Merika kommatia toy ICQ doyleuoyn mia xara me to maskarisma. Kapoia alla den doyleuoyn ka8oloy kala. Wstoso, yparxei ena beta quality ICQ module ypo anaptyjh, poy asxoleitai me merikes (alla oxi oles) apo tis elleiceis ths leitoyrgias toy ICQ mazi me maskarisma. To arxeio README mesa ston kwdika source, perigrafei pws na kanete compile to module. Afou to kanete compile kai to egkatasthsete, kaleste to : /sbin/modprobe ip_masq_icq. 5.2. Exw Caldera 2.x, oxi RedHat 6.x Loipon, prwta ta sygxarhthria moy poy th spate sth moda! Deuteron, o Nelson Gibbs (ngibbs@pacbell.net) stelnei kala nea, epeidh oi perissoteres apo tis odhgies efarmozontai kai sto diko sas Linux. Wstoso, yparxoyn merikes shmantikes allages poy prepei na kanete : 1. Mia dhlwsh GATEWAY=xxx.xxx.xxx.xxx sto arxeio /etc/sysconfig/network-scripts/ifcfg-eth0 & eth1 gia th sundesh (h topikh sundesh xrhsimopoiei th dieu8ynsh IP ths makrinhs sundeshs, kai h makrinh sundesh xrhsimopoiei to IP ths gateway toy ISP). 2. Bebaiw8eite oti to /etc/sysconfig/daemons/dhcpd script deixnei to ROUTE_DEVICE ws eth1, oxi eth0. 3. To /etc/dhcpd.conf apaitei mia dhlwsh ypodiktuoy (subnet) kai gia tis duo kartes. Den jerw akribws to giati, ka8ws ekana th deuterh dhlwsh : subnet 216.102.154.201 netmask 255.255.255.255 { } xwris alles parametroys, kai o DHCP server akouei kai stelnei stis eth0 kai eth1, ka8ws kai sthn epistrofh (fallback). O DHCP server bgazei mhnyma sfalmatos, ean orisoyme mono to ena ypodiktyo. 4. Mhn pros8esete host route 255.255.255.255, to /etc/rc.d/init.d/dhcpd script poy xrhsimopoiei h Caldera dior8wnei to problhma apo mono toy. Bebaiw8eite pws allajate oles tis anafores sto eth0 toy script se eth1. 5.3. 8elw enas apo toys eswterikous H/Y moy na ginei o Web server moy Paneukolo! Wstoso, prepei na exete statikh dieu8ynsh IP, gia na exoyn apotelesma aytes oi aples odhgies. Ean exete dynamikh dieu8ynsh IP, 8a xreiasteite akomh kamposh doyleia sta scripts, gia na sigoyrecete to oti h IP dieu8ynsh sas ananewnetai me tis entoles prow8hshs paketwn, otan h dieu8ynsh allazei. Na 8ymaste oti h prow8hsh mias ejwterikhs 8uras pros enan eswteriko H/Y metatrepei ton "eswteriko" H/Y se ligotero "eswteriko" ap' o,ti prin, alla mporei na ginei diafanws kai me elaxisth ptwsh ths apodoshs. Ena apo ta pleonekthmata toy kwdika maskarismatos mesa ston pyrhna toy Linux, einai h ikanothta na kanoyme merika entypwsiaka pragmata me ta paketa poy ftanoyne sto epipedo toy diktuoy, kai h utility ipmasqadm grafthke gia na ekmetalleytei akribws ayta. Gia kapoio logo, h ipmasqadm den symperilambanetai se oles tis parallages toy RedHat kai toy Mandrake, ara mallon prepei na thn paroyme apo to web site toy programmatisth ths - yparxei ena paketo RPM dia8esimo ekei, ka8ws kai o source kwdikas. Afou parete to RPM, egkatasthste to, kai meta pros8este tis ejhs grammes sto /etc/rc.d/rc.local arxeio sas : /usr/sbin/ipmasqadm portfw -f /usr/sbin/ipmasqadm portfw -a -P tcp -L x.x.x.x 80 -R 192.168.1.x 80 H prwth entolh adeiazei toys kanones prow8hshs 8uras (port forwarding rules), kai h deuterh pros8etei mia prow8hsh apo th 8ura 80 ths ejwterikhs sundeshs pros th 8ura 80 toy eswterikou H/Y. Shmeiwste oti h ejwterikh statikh dieu8ynsh IP paei sth 8esh toy x.x.x.x , kai h dieu8ynsh IP toy eswterikou H/Y paei sth 8esh toy 192.168.1.x . Twra, oi ejwterikes aithseis gia th 8ura 80 8a staloun diafanws sth 8ura 80 toy eswterikou mhxanhmatos. Shmeiwste oti den mporeite na to testarete ayto me telnet, h me sundesh sth 8ura 80 ths gateway sas apo enan apo toys eswterikous H/Y sas : O prow8hths 8uras apokrinetai mono se eiserxomenes aithseis pros thn ejwterikh sundesh.