  Firewalling and Proxy Server HOWTO

  David Rudder, drig@execpc.com <mailto:drig@execpc.com>
  v0.2, 17 July 1995
  : , sudoer@nownuri.net <mailto:sudoer@nownuri.net>

    PC   ȭ  ⺻ ġ 
   Ǿ.  ȭ  Ѿ ͳ  ִ
     ġ  Ŀϰ ִ.
  ______________________________________________________________________

  

  1. Ұ
     1.1 ǵ
     1.2 
     1.3 ۱
     1.4    
     1.5 ؾ  
     1.6  о  

  2. ȭ 
     2.1 ȭ 
     2.2  

  3. Setting This All Up
     3.1 ϵ 䱸
     3.2 software setting
     3.3 Ʈ ּ 
     3.4 ׽Ʈϱ
     3.5 ȭ ȣ

  4. Firewalling Software
     4.1 밡 Ű
     4.2 The TIS Firewall Ŷ
     4.3 TCP Wrapper
     4.4 Ipfw and Ipfw Admin

  5.  
     5.1   
     5.2   ȯ漳
        5.2.1 the  
        5.2.2 The Routing 
        5.2.3 ȭ ھ DNS
     5.3 Working With a Proxy Server
        5.3.1 Unix
        5.3.2 MS Windows with Trumpet Winsock
     5.4 UDP Ŷ Բ ۾ϴ   
     5.5   

  ______________________________________________________________________

  1.  Ұ

  ȭ ͳ  ñ ·μ ֱ   Դ.
     ͵ ׷ϵ    ظ  Դ. 
  Ͽ  ȭ̶ , װ  ϴ,  
   , װ  ϴ  ⺻  ٷ
  ̴.   о߰ ƴ ٸ    
  α׷ ؼ ٷ ̴.

  1.1.  ǵ

   ǵ鵵 ȯѴ. Ųÿ   ϱ  Ư
  Ų  ڷκ ǵ ٶ ִ.   Ȯ 
   ִ  ε  ˷ֱ ٶ!!  ̹Ƿ Ǽ 
   ִ.   Ǽ ߰  װ͵ ġ   ְ
  ſ̴.    ڿ   Ϸ  ̳, 
  ٻڹǷ Ȥ   ߴٰ ؼ    ٶ.  
  ڿ ּҴ drig@execpc.com <mailto:drig@execpc.com>̴.

  1.2.  

    ȭ    ۵ϴ°  Ұڷμ
  ǹ̸ Ѵ.    ƴϸ  ü 
  ʴ´.   ٸ 츶 ǻ͸ ϰ    å 
    ʴ .    ٰ   
  ջ ؼ å  ʴ´.     
  ģ  ֱ  ̱   ̴.   
  Ȯ  λ ΰ  ʴ.

  1.3.  ۱

  ٸ  ٸ,  Ͽ ۱Ǵ ޴ ڿ
  ־ .  Ͽ  纻  ۱ǰ Ǵ ,
  ü   κ   Ǹ,  Ǵ 
    Ǿ .   롤ݷȴ.
  ׷    ڴ  Ѵ.

      ̶  ϴ ۾ Ǵ,
  װ  ۾ ۱ǰ ˷ Ͽ ̷ Ѵ. ٽ
  ,    Ѽؼ ȵǸ װ ÿ װ ̰
  ȾƼ ȵȴ.    ܴ Ư ǳ ޾Ƶ鿩;
  Ʒ ּ  ڵ Ϳ  õ϶.

  ϸ,   ä ؼ    Ȱ⸦
  츮 Ѵ. ׷, Ͽ  ۱ǰ ֱ⸦ ٶ,
  Ͽ      ȹ̶ 츮 ˷⸦
  ٶ.   ִٸ, David Rudder  ϶.  <drig@execpc.com
  <mailto:drig@execpc.com>>.

  1.4.     

    Ⱓ comp.os.linux.*  а ȭ 
  û ӵǾ. Դ ġ ƹ  ַ ʴ 
  ó .    ƹ  ؾϴ  ̶
  Ѵ. ׷Ƿ, ȭ    ð , θ
  ߴ.   ׷   û鿡  ̴.

  1.5.  ؾ  

   Ų 󿡼 ̰  Ǵ° Ѵ
   ٸ windows tcp/ip Ű Ѵ
    ȣȯǴ Ǹ UDP   ã´

  1.6.   о  

   tis ȭ Ŷ  
   net-2 Ͽ 
   ppp Ͽ 
   ̼Ʈ Ͽ 
   multiple ̼Ʈ Ͽ 
    Ʈŷ
   O'Reilly and Associates簡  TCP/IP Network Administrator's Guide

  tis ȭ Ŷ ȭ      
   ִ. ȭ Ŷ     ȭ Ʈ
    ã ƶ.

  2.  ȭ 

  ȭ̶  ڵ  κ ±  Ǵ ̴.
  ڵ  ȭ̶  Ƿκ   иϱ 
   ġ ̴. װ͵ ڵ ߽ÿ ° ȣϱ  ǵ
  Ǿ.  ǻͿ ȭ κ  Ʈũ
  ȣϴ  ġ ̴.

  ȭ ۵:

  1. ( ڽ ó)  ɷ  ǻ͸ ´.

  2. 2 ̽ ִ´. (ø Ʈs, ̼Ʈ, Token Ring
     ..)

  3. ip forwarding Ѵ.

  4. ϳ ̽ ͳݿ Ѵ.

  5. ٸ ̽ ȣ Ʈũ Ѵ.

     , ϳ ǻ͸ ϴ 2  Ʈũ  ȴ.
     ȭ ǻʹ , δ ׳ "ȭ"̶ Ѵ, ȣ޴
     Ʈũ ͳ   ο  ϴ. ȣ Ʈũ
     ͳݿ  ȵǸ,    ȣ Ʈũ  
     .

   ȣ Ʈũ ηκ ͳ  Ϸ,
  telnet ȭ   װκ ͳ ؾѴ.
  , ȣ޴  Ʈũ ϱ ؼ ݵ ȭ
  ľ߸ Ѵ.

  ̰ ͳκ ݿ  پ ȱ  ش.
  ȣ޴ Ʈũ   Ϸ Ѵٸ, ݵ ȭ ļ
   ϸ, ̰   ְ   ư . 
  ȣ޴ Ʈũ  ź  Ǵ "ͳ worm"  Ϲ
     Ѵٸ, ׵ ȣ޴ Ʈũ   
  ̴. ̰ پ   ش.

  2.1.  ȭ 

  ȭ  ū  ȭηκ ͳ  Ѵٴ
   ̴. ⺻, ׵ ̾ shell   ͳ
    . ݽó ͳ   䱸ϴ
  α׷ ȭ ڿ ۵  ̴.   
  ذå    ̴.

  2.2.   

    ȭ Ѿ ͳ  ϴ
   . ׵  ִ     
  ͳ communication Ѵ. ,  ǻ ,
  drig(۰ ̵  ϴ) ȣ޴ Ʈ ʿ ,
  ݽ Ͽ  ˻  ʹٸ  ȭ󿡼 
   Ѵ.    ǻ ͷκ û ϵ
  ȯ漳 ɰ̸, Ʈ 1080 ϱ  , Ʈ 80 
  ̴. ׸  û  ҷ ٽ  ̴.

  TIA TERM غ ̶ ̷    ̴. ̵
   α׷ ϸ   Ʈ    ִ. ģ ϳ
    192.251.139.21 Ʈ 4024 ϸ    
    ϴ TIA ¾ ϰ ִ.   ̷, ׷
  backward ۾  ۵Ѵ.  Ʈ 80 ϱ ؼ Ʈ
  1080 (Ǵ ڽ س) ؾ Ѵ.

     ùٸ ȯ漳 ƴٸ, Ϻϰ ϴٴ
   ̴.    ׵    
    .

  3.  Setting This All Up

  3.1.  ϵ 䱸

  츮  , ǻʹ 486-dx66, ޸𸮴 8ް, 500M 
   Ƽ, 14400   ͳ ȸ ppp   ִ.
  ̰  ⺻  ڽ̴. ⿡ ȭ  ؼ NE2000
  ̼Ʈ card ϳ ߰Ѵ. ׸ װ windows 3.1 ϴ
  3 pc SunOS 4.1  2 sun ȴ. ̷  
   ̰ ſ Ϲ ͵̰   ÷   ģ
  ̱  .   ̾߱ϴ ͵ Ųÿ
  Ұ̶  Mac ׸   Ƿ 
   .

  3.2.  software setting

    14.4 ppp   Ʈũ ӵ  ڽ 
  Ǿ.  ׸  ٸ ǻ͵  ̼Ʈ Ʈ
  . 켱  ɼ ְ  Ŀ ٽ ؾ Ѵ.
  ⼭  Kernel- Ͽ, Ethernet-Ͽ, NET-2 Ͽ 
  캸, "make config" Ͽ.

  1. Ʈŷ SupƮ Ҵ

  2. TCP/IP Ʈŷ Ҵ

  3. IP Forwarding 

  4. IP Firewalling Ҵ

  5. IP ing Ҵ.   ϰ Ƿ ϰ δ

  6. Ʈŷ Device Support Ҵ

  7. 츮 PPP and ̼Ʈ support , ̰  interface
       ̴.

     ׷  츮 Ŀ ٽ ϰ, ġ  Ʈ ߴ. Ʈ
      ̽ Ÿ ̰, 츮  Ǿ. 
      ʴ´ٸ, ٸ Ͽ ϸ   غƶ.

  3.3.  Ʈ ּ 

  ̰ ſ ִ κ̴. 츮 ٸ ϱ ͳ
   Ƿ,  ּҸ  ʿ䰡 .  Ǹ C
  class 192.168.2.xxx  ϴµ, ̰ ߺ test
  doamin   ̴. ̿Ͱ, ƹ װ  ,
  ܺηκ  û 浹 Ű  ̴. ׷Ƿ, 
  ,  ϳ  IP ּҰ ʿ ̴. ٸ  ϴ
   ̸, Ʈ    ġ ʴ´.

  ppp  Ǵ ø Ʈ  IP ο϶. ȭ
  ̼Ʈ ī忡 192.168.2.1  ο϶. ׸ ȣ޴ Ʈ ٸ
   ӽ    ڵ οض.

  3.4.  ׽Ʈϱ

  ù°, ȭ ͳݿ ping غƶ.  ׽Ʈ 
  nic.ddn.mil ϰ ߴ. ping  Ǹ ׽Ʈ ̱
  ,  ߴ ŭ   ʾҴ. ó 
  ۵ ʴ´ٸ,  lan    ٸ ҷ õ
  ƶ. ׷ ۵ ʴ´ٸ, ppp  ߸ ̴. net-2
  Ͽ ٽѹ а, ٽ õ ƶ. , ȣ޴ Ʈ 
  ٸ ȣƮ ping غ.  ǻ͵  ping ؾ
  Ѵ. ׷ ʴٸ, net-2 Ͽ ٽа Ʈ 󿡼  
  غ.

  ׷ ȣ޴ Ʈ   ǻ ȭ ping ϴ.
    ʴٸ, ǵ Ͷ. ppp ּҰ ƴ϶ 192.168.2.1 ping
  ؾ Ѵٴ  ϶.  ׸, ȣ޴ Ʈ ηκ
  ȭ ppp ּҷ ping õ  . װ ȴٸ, IP
  forwarding   ̸, Ŀ ٽ  ؾ߸ Ѵ.
  ȣ޴ Ʈ 192.168.2.1 ̶  οϴ  
  Ŷ̶  Ʈ õ ʰ Ѵٴ  ǹѴ. ׷ 
  IP forwarding   ·  ϴ. ̰ Ʈ ppp
  ȸ簡 ƴ  տ ܳ´.

  , ȭκ ȣ޴ Ʈ  ӽſ ping غ
  . ̶  ƹ   Ѵ.  ȭ ⺻ 
   .

  3.5.  ȭ ȣ

  ȭ ݿ   Ǿ ִٸ ƹ ȿ . 켱
  /etc/inetd.conf 캸.   "super " Ҹ װ̴.
  װ  û   ѹ   Ѵ.

  :
   + Telnet
   + Talk
   + FTP
   + Daytime

  ʿġ    ƶ. Ư netstat, systat, tftp, bootp,
  finger  Ȯ  ض.  telnet  rlogin Ǵ 
  ݴ븸 Ҽ ִ. ׷, kill -HUP <pid> ԷϿ ش
  μ SIG-HUP ޽  . ̰ inetd Ͽ config
   ٽа  ϰ   ̴. ȭ Ʈ 15 ڳϿ
  װ ׽Ʈض. Ʈ 15 netstat Ʈ̴. netstat 
  ִٸ,     ̴.

  4.  Firewalling Software

  4.1.  밡 Ű

   ȭ  Ŀΰ ⺻ Ʈŷ Ű(inetd,
  telnetd telnet, ftpd ftp)    Ʈ
  ʿ ʴ´.

  ׷, ̷ ȭ ſ ̸, ״  ʴ.
  ׷, Ʈ Ű ȭ  ϰ ϵ 
  Ѵ.     غ   "socks" Ҹ ȭ
  Ű̴.  ̰Ϳܿ   Ѹ α׷ 2 ִ.
   װ͵鿡    캸 ϰڴ.
  4.2.  The TIS Firewall Ŷ

  TIS ȭ ϰ 鵵   α׷ 
  Ҵ.   α׷ ⺻ socks Ű 
  ,  ٸ    Ǿ. socks  ͳ
  ó ϴ ϳ  α׷  ִ ݸ鿡, TIS ϳ
  α׷ ȭ  ϴ  ƿƼ  Ҵ.

   ΰ   ϱ www telnet ٸ  .
  socks , ϳ config ϰ ϳ  Ѵ. 
  ϰ  , telnet www ΰ  ϴ. 
  Ұϵ    ٸ 񽺵鵵 ̴.

  TIS Ŷ ,   Ӹƴ϶  www telnet Ͽ
  ϳ  ش. ̰ ģ ,  set up  
   ٸ ͳ ٴ ȴ. (talk )  
  ʾҴٸ, "plug-in"  Ҽ , ٸ tooló 
   ϱ   ʴ.

  ̰  ޶ , ſ Ŀٶ ̰ ȴ. socks 
   ϰ   ִ. ϰ  socks , 
     ǵ    ͳ ٸ   ֵ
  . TIS Ŷ  ϸ,   ý ڰ 
  ٸ   ִ.  socks ϱ , ϱ , 
  ϴ. ȣ޴ Ʈ   ϰ ʹٸ, TIS 
  ϴ. ΰ  ܺη  ʹ  ȣ Ѵ.

  4.3.  TCP Wrapper

  tcp wrapper ȭ ƿƼ ƴ,   ȿ ش.
  tcp wrapper ϸ log Ҽ Ӹ ƴ϶,  
  ӽŰ 񽺿 ٸ   ΰ Ҽ ִ.  ⺻
   ߰  ش.

  tcp wrapper   ̰  ̻ ϰ ٷ
  ʴ .

   tcp wrapper  ȭ ƴϴ.   װ Ϸ ͳݿ
  Ǿ ־ ϸ, ó IP ּҸ  ߸ Ѵ.    ڽ
  ġǾִ ӽŸ ϸ, Ʈ ȿ  .
  ȭ  Űó ӽ ȣ  , TCP wrapper
  Ųÿ MS  ۵ ʴ´.

  4.4.  Ipfw and Ipfw Admin

  5.   

  5.1.    

    ΰ software ʿ Ѵ. װ͵  ּҿ
     ִ:

  sunsite.unc.edu/pub/linux/system/network/misc/socks-linux-src.tgz
  <ftp://sunsite.unc.edu/pub/linux/system/network/misc/socks-linux-
  src.tgz>  丮 "socks-conf" Ҹ  config ϵ
  ִ.    ӽ 丮  Ǯ, makeϴ
    ø .   װ make   
  ־. Makefile ùٸ Ȯ .   ٸ,  
  ׷ ʴ.

    /etc/inetd.conf ߰Ǿ Ѵٴ ߿ 
  .     ߰ؾѴ: socks stream tcp nowait
  nobody /usr/local/etc/sockd sockd

  5.2.    ȯ漳

  socks α׷ 2 и   ʿϴ. ϳ ٰ
   Ǿ ˸ Ѱ̸, ٸ  û   
   routingϱ  ̴.     ־ Ѵ.
  routing    н ӽſ ־ Ѵ.  Ųô
  , ڽ routing  ̴.

  5.2.1.  the  

  socks 4.2 beta   "sockd.conf" Ҹ. װ permit
  deny    ؾ Ѵ.     Ʈ 
  ̴:

   + The Identifier (permit/deny)
   + The IP ּ
   + The ּ modifier

  IP ּҴ  dot ǥ ̷ 4Ʈ ּҸ Ѵ.
  , 192.168.2.0  ̴.  ּ modifier  4Ʈ 
  IP ̴ּ. װ ġ netmaskó Ѵ.  ڰ 32bit
  ǵ غ(1s Ǵ 0s).  bit 1̸, װ üũϴ 
  bit IP ּso  bit ¾ƾ Ѵ.

   , line ̷ٸ: permit 192.168.2.23 255.255.255.255 װ
   192.168.2.3  192.168.2.23  bit ´ IP

  ּҸ  ̴.  line : permit 192.168.2.0
  255.255.255.0 192.168.2.255  ׷ 192.168.2.0  ȣ
   ̴.     ȵȴ: permit 192.168.2.0
  0.0.0.0 ֳϸ ̰ ƹ ּҳ   ̱ ̴.

  ׷Ƿ, 켱 ϴ  ּҸ ϰ, ׷   ϶.
  domain 192.168.2.xxx   ϰ ʹٸ: permit
  192.168.2.0 255.255.255.0 deny 0.0.0.0 0.0.0.0 ̷ ϸ  ȴ.
  deny line ù ° "0.0.0.0"  ָض. "0.0.0.0" modifier
  , IP ּҴ  ʴ´. Էϱ Ƿ  '0' 
  ġ  ǥ̴.

   ϳ̻ Ʈ ȴ. Ư ڸ  㰡 Ǵ
   Ҽ ִ. ̰ ident  ؼ ̷.  ý
  idnet ϴ  ƴϹǷ, Ʈ  Ͽ, װ ⼭
   ̾߱  ʰڴ. socks ִ    
  ڼ ִ.

  5.2.2.  The Routing 

  routing  гڰԵ "socks.conf" Ҹ.  "
  ڴ" ̾߱   ̰   ̸ ſ Ͽ 
    ȥ   ̴.

  routing  socks Ŭ̾Ʈ  socks Ұ,  
     ˷ֱ Ѵ. , 츮 Ʈ
  , 192.168.2.3 ȭ 192.168.2.1 ϱ socks
   ʿ  . װ ̼Ʈ     ֱ
  ̴. װ  127.0.0.1 loopback ڵ Ѵ. 
  ڽſ ̾߱ϱ ؼ  socks  ʿ. ⿡ 3
  Ʈ ִ.

   + deny
   + direct
   + sockd

  deny socks  û ź ˷ش.  Ʈ 
  sockd.conf   indentifier, ּ, modifier  field 
  Ѵ.  Ϲ, ̰͵鵵 sockd.conf,  Ͽ  ٷǷ,
  modifier field  0.0.0.0 ȴ.    ȣ⵵
  Ұϰ ϰʹ , װ ⼭   ִ. direct Ʈ 
  ּҰ socks    ΰ ˷ش. ̰͵  
      ּҵ̴. ̰͵ identifier, ּ, modifier
   field  Ѵ. 츮   ̷.

  direct 192.168.2.0 255.255.255.0 Thus going direct for any on our
  ȣ޴ Ʈ.  sockd Ʈ ǻͿ  socks  
   ִ  ش.   ̷: sockd @=<list> <IP
  ּ> <modifier> @= Ʈ ָض. ̰   
  list ּҸ ϵ  ش. ׷    , ġ
   δ ְų  Ƶ    .

  IP ּҿ modifier field ٸ   ۵Ѵ. ̰
    ּҰ  ҷ  ش.

  5.2.3.  ȭ ھ DNS

  ȭ ڿ  Ӽ ϴ   
  . ܼ ȭ ӽſ dns  ָ ȴ. ׸ ȭ
    ӽ  dns ϵ Ѵ.

  5.3.  Working With a Proxy Server

  5.3.1.  Unix

   ø̼   ϰ ϱؼ, װ͵
  "sockified" ʿ䰡 ִ.   ϱ ,   
    , δٸ   telnet ʿ ̴.

  socks   α׷ sockify ϴ  ð ´.
     ؼ sockify  Ѵٸ, socks
  ڵ direct version ȯ  ̴.  , 츮
  ȣ޴ Ʈ   α׷ ̸ ٲپְ sokify
  α׷ üϱ Ѵ. "finger"  finger.orig" ǰ,
  "telnet" "telnet.orig"  ̴.   ̵ 
  include/socks.h  Ѵٴ  ˷Ѵ.   α׷
  routing sockifying ü ٷ⵵ Ѵ. ݽ ׷ α׷
   ϳ̴.   socks field ִ  ּҸ Է
  ν, ݽ 󿡼    ִ.  
  α׷ װ    ٷĿ , ּ
  ణ   ϴ.

  5.3.2.  MS Windows with Trumpet Winsock

  trumpet winsock   ɷ ä ´. setup ޴
   IP ּҿ     ǻ ּҸ Է϶.
  ׷, trumpet winsock  dutgoing Ŷ ٷ ̴.

  5.4.  UDP Ŷ Բ ۾ϴ   

  socks Ű  TCP Ŷ ϸ, UDPʹ  ʴ´. 
   socks Կ ణ  . talk archie  
   α׷ UDP ̿Ѵ. Tom Fitzgerald <fitz@wang.com
  <mailto:fitz@wang.com>>    UDPrelay UDP Ŷ 
    Ǳ  Ű ִ. ӰԵ,  
    װ  ȣȯ   ʾҴ.

  5.5.    

    ٵ   ġ̴. ѵ IP ּҸ 
  ͳ ٸ Ű  ø Ϸ   
   ̴.   ȣ޴ Ʈ ο ٱ  
  ٸ  , ܺ κ  δ Ϻϰ ѳ
   ̴. ̰ talk archie Ӱ   , 
  ǻͷ      Ұ ǹѴ. ̷ 
  ۾ƺ 𸣳,   غ:

   ȭ ȣ Ʈ ۼϴ Ʈ ܳҴ. 
    , װ(ȭ) Ѿ ʹٰ Ѵ. ׷  
  .  ǻͰ ȭ ʿ ִٴ     .
  켱   ȭ α Ϸ ,   
   ٸ  Ƿ, ƹ     
  ʾ ̴.

    ģ ٸ п ٴѴ.  ׳࿡ ڿ 
  ʹ.   ϰ ̾߱Ⱑ ,   ӽ
   ⸦ Ѵ.  systems administrator  ϰ
  , ̰   ̴.

   UDP Ŷ Ҽ      ū ̴. 
  UDP Ǹ Ѵ.

  FTP   ٸ  Ų. ls   , ftp
   client ӽ   װ   . 
   ̰  Ƿ, ftp ϰ  ʴ´.  
     Ѵ.   , ̰ 
  밳  ٸ  ξ  ̴.

  ⺻, IP ּҸ  ְ ȿ   ʴ´ٸ,
  ȭ /Ǵ     ƶ. IP ּҸ ʰ,
  ȿ   , term̳ slirp, TIA  Ͽ 縦
  ϰ  . term  <>

