  Linux IP Masquerade HOWTO

  David Ranch, dranch@trinnet.net; Ambrose Au, ambrose@writeme.com
  v1.79, 21 October 1999

     ȣƮ IP Ŀ̵  ϴ 
  ϰ ִ. IP Ŀ̵ Network Address Translation(NAT) 
  ·,  box  Ѱ ͳ IP ּҸ ؼ ϵ IP
  ּҰ   ǻ͵ ͳ ̿ϵ ϴ ̴.
  ______________________________________________________________________

  

  1. Ұ
     1.1 IP Masquerading(ٿ IP MASQ)   Ұ
     1.2 Ӹ, ǰ  
     1.3 Ǳǰ 

  2.  
     2.1 IP Ŀ̵ ΰ?
     2.2  Ȳ
     2.3  IP Ŀ̵带 ؼ ̵ °?
     2.4  IP Ŀ̵尡 ʿ °?
     2.5 IP Ŀ̵  ϴ°?
     2.6  2.0.x  IP Masqeurade ϱ  䱸׵
     2.7  2.2.x  IP Masqeurade ϱ  䱸׵

  3. IP Ŀ̵ 
     3.1 Ŀο IP Ŀ̵带 ϵ  ϱ
        3.1.1  2.0.x Ŀ
        3.1.2  2.2.x Ŀ
     3.2  LAN   IP ּҸ Ҵϱ
     3.3 IP  å ϱ
        3.3.1  2.0.x Ŀ
        3.3.2  2.2.x Ŀ

  4. Ŀ̵  ǻ͵ ϱ
     4.1 Microsoft Windows 95 
     4.2 Windows NT 
     4.3 Windows Workgroup 3.11 
     4.4 UNIX  ý 
     4.5 NCSA ڳ Ű ϴ DOS 
     4.6 MacTCP ϴ MacOS  ý 
     4.7 Open Transport ϴ MacOS  ý 
     4.8 DNS ϴ Novell Ʈ 
     4.9 OS/2 Warp 
     4.10 ׿ ٸ ý 

  5. IP Ŀ̵ 
  6. ׿ IP Ŀ̵  װ Ʈ 
     6.1 IP Ŀ̵ 
     6.2 ܺηκ  
     6.3 Ǵ Ŭ̾Ʈ Ʈ ׿   ˾Ƶ 
        6.3.1 IP Ŀ̵ Բ -ϴ-  Ʈ Ŭ̾Ʈ
        6.3.2  ʴ Ŭ̾Ʈ:
     6.4     IP ȭ(IPFWADM) å
     6.5     IP ȭ(IPCHAINS) å
     6.6   Ʈ IP Ŀ̵ϴ 
     6.7 IP Ŀ̵ ȭ 
     6.8 IPPORTFW, IPMASQADM, IPAUTOFW, REDIR, UDPRED  Ÿ Ʈ  
        6.8.1 2.0.x Ŀο IPPORTFW 
        6.8.2 2.2.x Ŀο IPPORTFW Բ IPMASQADM 
     6.9 CU-SeeMe  IP Ŀ̵
     6.10 Mirabilis ICQ
     6.11 :  LooseUDP ġ

  7.   (FAQ)
     7.1 IP Ŀ̵带 ٷ   ִ    Դϱ?
     7.2 IP Ŀ̵尡 ϱ  ּ ϵ  ѻ Դϱ?  Դϱ?
     7.3   Ȯ,  IP Ŀ̵尡  ʽϴ.  ؾ մϱ?
     7.4 IP Ŀ̵峪 IP Ŀ̵  ϸ Ʈ ϰų  ؼ  ؾ մϱ?
     7.5 IP Ŀ̵尡 Ͻ(Proxy) NAT 񽺿 ٸ  Դϱ?
     7.6 GUI  ȭ /  ֽϱ?
     7.7 IP Ŀ̵尡  Ҵ IP ּҿ͵ մϱ?
     7.8 ͳݿ ϱ  ̺ (   ϴ  ), DSL,     ϸ鼭 IP Ŀ̵带   ֽϱ?
     7.9 Diald PPPd ȭ  IP Ŀ̵ Բ   ֽϱ?
     7.10 IP Ŀ̵ Բ   ִ α׷  ͵Դϱ?
     7.11 Redhat, Debian, Slackware Ÿ   IP Ŀ̵带 մϱ?
     7.12 TELNET      ʴ  ϴ.  ׷ϱ?
     7.13 ͳ  ó ̷  ƹ͵  ʽϴ. , ٽ õϸ    մϴ.  ׷ϱ?
     7.14 IP Ŀ̵尡  ϴ    Ʈ ؼ  ʽϴ. ַ  FTP ׷ϴ.
     7.15 IP Ŀ̵   ϴ.
     7.16  IP Ŀ̵ , SYSLOG α ȭϿ  ̻ ޽  ϴ. IPFWADM/IPCHAINS ȭ  ޽ ǹ̵   ?
     7.17 ܺ ͳ ڵ ο Ŀ̵Ǵ 鿡    ֵ IP Ŀ̵带   ֽϱ?
     7.18 SYSLOG ȭϿ "kernel: ip_masq_new(proto=UDP): no free ports." ޽ ϴ.  ׷?
     7.19 IPPORTFW Ϸ ϸ "ipfwadm: setsockopt failed: Protocol not available"  ϴ!
     7.20 Microsoft ȭ Ʈ  Microsoft  Ŭ̾Ʈ(SAMBA) IP Ŀ̵带 ؼ  ʽϴ!
     7.21 Ŀ̵Ǵ IRC ڵ IRC    ϴ.  ׷?
     7.22 mIRC DCC   մϴ.
     7.23 Ѱ ̴ Ʈ ī常 ־ (IP Aliasing ؼ) IP Ŀ̵带   ֽϱ?
     7.24 Ŀ̵Ǵ  ؼ NETSTAT  Ϸ ϴµ  ʽϴ.
     7.25 IP Ŀ̵带 ؼ Microsoft PPTP (GRE tunnels)̳ IPSEC (Linux SWAN) tunnels  ϰ ͽϴ.
     7.26 IP Ŀ̵带 ؼ XYZ Ʈ  ϰ   ʽϴ. ּ!
     7.27 IP Ŀ̵尡 󸶰   ڱ ϴ. ϰ  ѵ   մϴ.  ׷?
     7.28  Ŀ̵Ǵ ǻ͵ SMTP POP-3   մϴ!
     7.29   ٸ Ŀ̵ Ʈ  ܺ IP ּҸ ؼ  ϰ ͽϴ. (IPROUTE2)
     7.30 Why do the new 2.1.x and 2.2.x kernels use IPCHAINS instead of IPFWADM?
     7.31 I've just upgraded to the 2.2.x kernels, why isn't IP Masquerade working?
     7.32 I've just upgraded to a 2.0.36+ kernels later, why isn't IP Masquerade working?
     7.33 I need help with EQL connections and IP Masq
     7.34 I can't get IP Masquerade to work!  What options do I have for Windows Platforms?
     7.35 I want to help on IP Masquerade development.  What can I do?
     7.36 Where can I find more information on IP Masquerade?
     7.37 I want to translate this HOWTO to another language, what should I do?
     7.38 This HOWTO seems out of date, are you still maintaining it?  Can you include more information on ...?  Are there any plans for making this better?
     7.39 I got IP Masquerade working, it's great!  I want to thank you guys, what can I do?

  8. Ÿ ׵
     8.1  ڷ
     8.2 Linux IP Ŀ̵ ڷ(Linux IP Masquerade Resource)
     8.3 縦   ..
     8.4  ڷ
     8.5 Changes

  ______________________________________________________________________

  1.  Ұ

  1.1.  IP Masquerading(ٿ IP MASQ)   Ұ

  (: [ masquerade ] n,  ȸ, ,  [ masquerade ] v,
    ϴ, ϴ, üϴ)

     ȣƮ IP Ŀ̵  ϴ 
  ϰ ִ. IP Ŀ̵ Network Address Translation(NAT) 
  ·,  box  Ѱ ͳ IP ּҸ ؼ ϵ IP
  ּҰ   ǻ͵ ͳ ̿ϵ ϴ ̴.
   ǻ͵ ̴(Ethernet), ū (TokenRing), FDDI LAN
  ̳ ̾ PPP(:  ȭ Ʈŷ), Ȥ SLIP
    ؼ  ȣƮ   ִ.  
  ̴(Ethernet) ̿ϴ  켱 ٷ.

          IBM ȣȯ PC 2.0.36̻, 2.2.9̻ 
       Ŀ ϴ ڵ ؼ . 1.2.x  1.3.x
        Ŀ ٷ ʰ,   Ŀο ߸
          ִ. IP Ŀ̵带 ϱ 
       ο  Ŀη ׷̵ϱ ٶ.

       IP Ŀ̵带 Ųÿ ϰ Ѵٸ, Taro
       Fukunaga, tarozax@earthlink.net    
  HOWTO  MkLinux   ٶ..

  1.2.  Ӹ, ǰ  

  ο ڵ鿡Դ  Ŀ(1.2.x   ) IP Masq
  ϴ  ſ ȥ. FAQ ϸ Ʈ , IP Masq
  ؼ   . ׸, ϸ Ʈ IP Masq 
  HOWTO ûϴ  ־. ׷, ο ڵ 
    ֵ  HOWTO  ߰, õ ڵ Ŀ 
  ߰  ֱ ٶ.      ̵,
  ׵鵵 ȯѴ. ׷      Ǳ ٶ.

    Ken Eves FAQ IP Ŀ̵ ϸ Ʈ 
  ޽ Ͽ .  IP Masq ϴµ  ְ,
  ħ   µ   Mr. Matthew Driver  Ư
  縦 ǥѴ. ֱٿ David Ranch HOWTO ۼ ,HOWOT
   section ߰Ͽ    Ϻ  ߴ.

  ؾ  ̳, , URL, Ÿ  ǰ̶ ź
  ambrose@writeme.com  dranch@trinnet.net ֱ ٶ. 
    HOWTO    ̴.

   HOWTO    ðȿ  IP Ŀ̵
  Ʈ ۵ϵ ϴµ   ǵ . Ambrose
  David  ڰ ƴϱ ,    Ϲ
  ʰų    ʴ  ߰    ̴. 
  HOWTO  ֽ  Ÿ IP Ŀ̵忡  ڼ 
  츮 ǿ ϰ ִ web page IP Masquerade Resource
  <http://ipmasq.cjb.net/>    ִ.  IP Ŀ̵忡
  ؼ  ǹ ִٸ, Amrose David  
  ſ IP Ŀ̵ ϸ Ʈ ϱ ٶ. IP
  Ŀ̵忡    κ 鿡  ̰,
  ϸ Ʈ Լ      ̴.
  ٿ, Ambrose Davidκ  ޴ ð ϸ
  Ʈκ   ð ξ  ɸ ̴.

    ֽ   Ʈ   ְ, װ HTML̳
  postscript    ִ.

  o  http://ipmasq.cjb.net/: The IP Masquerade Resources

  o  http://ipmasq2.cjb.net/: The IP Masquerade Resources MIRROR

  o  The Linux Documentation Project

  o  Dranch's Linux page

  o  IP Masquerade Resource Mirror Sites Listing
     <http://ipmasq.cjb.net/index.html#mirror>  ̷ Ʈ Ȯ
      ִ.

  1.3.  Ǳǰ 

    Ambrose Au David Ranch Ǳ ְ, Ӱ ̿
   ̴.   GNU General Public License ؼ 
    ִ.

  This document is copyright(c) 1999 Ambrose Au and David Ranch and it
  is a FREE document. You may redistribute it under the terms of the GNU
  General Public License.

    Ambrose David ּ  μ, ǹٸ  
  ִ. ׷,  IP Ŀ̵   ؼ ߵ
  ̹Ƿ,  Ǽ ׵   ִ.

      ؼ ,  ǻ ջ̳
   սǿ ؼ ƹ å  ʴ´.

              ߻  ջ
       ڴ å ʴ´.

  No person, group, or other body is responsible for any damage on your
  computer(s) and any other losses by using the information on this
  document. i.e.

       THE AUTHORS AND ALL MAINTAINERS ARE NOT RESPONSIBLE FOR ANY
       DAMAGES INCURRED DUE TO ACTIONS TAKEN BASED ON THE INFORMA
       TION IN THIS DOCUMENT.

  ,    ϰ...   ..

  2.   

  2.1.  IP Ŀ̵ ΰ?

  IP Ŀ̵  Ʈŷ , 
  ȭ(firewall)̳ Ʈ (network router)    ִ
  1  (one-to-many)  NAT(Network Address Translation: Ʈ
  ּ ؼ) ϴ.  ,   ȣƮ PPP(:
   ȭ Ʈŷ ش), ̴(Ethernet), Ÿ
   ͳݿ Ǿ ִٸ,   ڽ (PPP,
  Ethernet, Ÿ)  ǻ͵鵵 IP Ŀ̵带 ؼ
  ͳݿ   ִ.  IP Ŀ̵带 ϸ, 
  ǻ͵  Ҵ IP ּҰ  ϴ.

  MASQ ϸ, MASQ Ʈ(gateway: ΰ Ǵ ǻ) ؼ
   ǻ͵  ͳ   ִ. , ͳݿ ִ
  ٸ ǻ͵鿡Դ, IP MASQ ؼ ٱ   IP MASQ
  Linux  ü  ó δ. ̷ ɿ ٿ, IP
  Ŀ̵   Ʈ ȯ Ѵ.  
  Ŀ̵ ý۰  LAN   ,   ȭ
     ŭ̳ ƴ.

  2.2.   Ȳ

  IP Ŀ̵ ó ߵ  ,  Ŀ 2.2.x 
  鼭 ſ .  Ŀ 1.3.x  MASQ 
  ü ߴ.   , Ǵ   Ǹϰ
  ϰ ִ.

    , TELNET , FTP, PING, TRACEROUTE, Ÿ
   Ʈ  IP Ŀ̵带 ؼ  ۵Ѵ. FTP,
  IRC Real Audio  ͵,  IP MASQ  ϸ 
  ۵Ѵ. MP3 Ʈ ġ(True Speech) Ʈ (streaming
  audio)  Ʈ  α׷鵵  ۵Ѵ. ϸ Ʈ
    ڵ ȭȸ Ʈ    
  ִ.

  Ǵ ü Ʈ   ``'' section Ȯϱ ٶ.

  IP Ŀ̵  ٸ OS ϵ ÷ ϴ 
  ǻ͵(client machines)Ե μ  Ѵ. MASQ ο
    ý۵   :

  o  Unix:  Sun Solaris, *BSD, Linux, Digital UNIX, Ÿ

  o  Microsoft Windows 95/98, Windows NT Windows for Workgroups
     (TCP/IP Ű ġ )

  o  IBM OS/2

  o  MacTCP or Open Transport ϴ Apple Macintosh MacOS machine

  o  packet ̹ NCSA Telnet Ű ϴ DOS  ý

  o  VAXen

  o   NT ϴ Compaq/Digital Alpha ý

  o  AmiTCP  AS225-stack ϴ Amiga ǻͱ..

  Ʈ  ӵ     . TCP/IP  
  ִ OS Ѵٸ ݵ IP Ŀ̵ Բ   ־
  Ѵ!

  2.3.   IP Ŀ̵带 ؼ ̵ °?

  o   ͳݿ   ȣƮ  ְ,

  o  TCP/IP ġǾ ְ  (local subnet) ؼ 
     ȣƮ  ǻ 븦  ְų,

  o    ȣƮ ΰ ̻   PPP SLIP
     ϸ  ٸ ǻ͵ Ǿ ְ,

  o   ٸ ǻ͵  IP ּҸ Ҵ ʾҴٸ,

  o  ׸ , ISPκ  IP ּҸ Ҵް 
     (router) ϰų ܺ ͸ ϴµ ߰
      ʰ  ٸ ǻ͵ ͳ ϵ ϰ ʹٸ.

  2.4.   IP Ŀ̵尡 ʿ °?

  o   ǻͰ ܵ ġǾ ְ ͳݿ Ǿ ְų
     (׷ ܵ ϴ ȭ ϴ    
     ִ),

  o  ٸ ǻ͵ ؼ Ҵ  IP ּҸ  ִٸ,

  o  ׸ ,   ϴ ' '  
     ʰ,    ϱ   밡 ϴ  
     ϰ Ѵٸ.

  2.5.  IP Ŀ̵  ϴ°?

  >Ken Eves IP Ŀ̵ FAQκ :

      ġ   ׸ :

     SLIP/PPP         +------------+                         +-------------+
     ISP ڷ     |  Linux     |         SLIP/PPP        | ٸ ǻ |
    <---------- modem1|    #1      |modem2 ----------- modem3|             |
      111.222.333.444 |            |           192.168.0.100 |             |
                      +------------+                         +-------------+

       ׸, IP_MASQUERADING ġ  box Linux #1 Ǿ
    ְ modem1  SLIP Ȥ PPP ͳݿ Ǿ ִ. Linux #1
    111.222.333.444 IP ּҰ ҴǾ ִ. Linux #1 modom2 ؼ ٸ
    ǻͰ SLIP Ȥ PPP   ֵ Ǿ ִ.

      ι° ý(ٸ ǻ: ݵ   ʿ ) Linux #1
    SLIP Ȥ PPP  Ѵ. ٸ ǻʹ  Ҵ IP ּҸ 
     ʴ. ׷  ּ 192.168.0.100̶ ּҰ ҴǾ ִ.
    (Ʒ )

         Ǿ  IP Ŀ̵带 ؼ "ٸ ǻ"
    ġ ͳݿ  Ǿ ִ ó( ϰ) ͳ 
      ִ.

  Pauline Middelink ϸ:

    "ٸ ǻ" Linux #1 Ʈ(gateway) ؾ Ѵٴ  
    ƾ Ѵ(⺻ (default route)ΰ  (subnet)ΰ .)
     "ٸ ǻ" Linux #1 Ʈ̷  ʴ´ٸ, Linux #1
    proxy arp ϵ Ǿ ϴµ, proxy arp    
    ָ  ̴.

   comp.os.linux.networking õ ۿ    
  ̸ µ  ̴:

     o  "ٸ ǻ" PPPȤ SLIP   Linux #1 gateway ν
       ϵ Ͽ.
     o "ٸ ǻ"κ Linux #1 Ŷ ޵ , Linux #1  Ŷ
       ο ߽Ʈȣ(source port number) Ҵϰ  ּҴ 
        д. MASQ  Ŷ SLIP/PPP ؼ ͳ
       Ѵ.
     o ͳκ Linux #1 Ŷ ǵƿ , Linux #1 Ʈȣ(port
       number) ˻ؼ "ٸ ǻ"κ ûǾ  ȮѴ. ´ٸ,
       MASQ  ص״  Ʈȣ IP ּҸ ͳκ 
       Ŷ ٽ Ҵϰ "ٸ ǻ" ش.
     o ͳݿ Ŷ  ȣƮ ̷  Ͼ     .

  IP Masquerading Ǵٸ :

  Ʒ ׸   ִ:

      +----------+
      |          |  Ethernet
      | A-box    |::::::
      |          |.2   : 192.168.0.x
      +----------+     :
                       :      +----------+
      +----------+     :   .1 |  Linux   |   PPP 
      |          |     :::::::| Masq-Gate|:::::::::::::::::::// Internet
      | B-box    |::::::      |          |  111.222.333.444
      |          |.3   :      +----------+
      +----------+     :
                       :
      +----------+     :
      |          |     :
      | C-box    |::::::
      |          |.4
      +----------+

      |                       |          |
      | <---- Ʈ----> |          | <------ܺ Ʈ------>
      |                       |          |

     װ ǻͰ ִ.  쿡  
   PPP   ִ  ְ,   
  ȯϰ ϴ ͳݻ ȣƮ ִٰ Ѵ.  ý
  Masq-Gate  Ʈ A-box, B-box, C-box ܺ ͳ
  ϵ ִ IP Masquerading Ʈ̴.   Ʈ
  RFC-1918    Ʈ ּ Ѱ µ, 
  쿡 C Ŭ Ʈ 192.168.0.0̴.  ڽ
  192.168.0.1 IP ּҸ ϸ, ٸ ý۵   ּҸ
  ´:

  o  A-Box: 192.168.0.2

  o  B-Box: 192.168.0.3

  o  C-Box: 192.168.0.4

    ǻ, A-box, B-box and C-box TCP/IP   ִٸ
   OS ϰ ִ  .  95, Ų MacTCP
  Ǵ OpenTransport ٸ  ڽ IP MASQ ؼ ͳݿ
    ִ. Ǵ , Ŀ̵ ϴ ý, Ȥ MASQ-
  gate ηκ   MASQ-gate ü  ó
  ȯϰ ȴ. MASQ ܺηκ ȣ(Ǵ ) , ο ִ
   ǻͷ  Ѵ. ׷  ƮԴ ġ
  ͳݿ  Ǿ ִ ó , Ŀ̵ ϰ
  ִ ƴ    ȴ. ̰ "" ̶ Ѵ.

  NOTE:   ׿  ڼ  ``'' ϱ ٶ:

  o  NAT, MASQ, proxy  .

  o  Ŷ ȭ ϴ .

  2.6.   2.0.x  IP Masqeurade ϱ  䱸׵

  **  ֱ  IP Masquerade Resource
  <http://ipmasq.cjb.net/> ϱ ٶ. **

  o   ϵ.  ڼ  ``''.

  o  Ŀ 2.0.x ҽ http://www.kernel.org/   ִ.
     ( 5.2  ֱ  ``'' IP Ŀ̵ 
      ǵ ϵǾ ִ Ŀ Ѵ. ׷ 쿡
     Ŀ   ʿ䰡 .   ϴ Ŀ
     ׷̵ Ϸ Ѵٸ, õ ٸ α׷鵵 ׷̵ؾ
     Ѵ.(Ŀ ޵)

  o  簡 Ŀ , 2.1.85̻ .
     http://www.pi.se/blox/modules/   ִ.
     (modules-1.3.57  䱸̴)

  o  TCP/IP Ʈ̳ LAN  Linux NET-3 HOWTO
     <http://metalab.unc.edu/mdw/HOWTO/NET-3-HOWTO.html> Network
     Administrator's Guide
     <http://metalab.unc.edu/mdw/LDP/nag/nag.html> ٷ ִ.
     TrinityOS
     <http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri> Ȯ
      ٶ.  TrinityOS 󿡼 Ʈŷ   
     ȳ̸, IP MASQ, security, DNS, DHCP, Sendmail, PPP, Diald,
     NFS, IPSEC VPNs, ׸  ɿ  ͵ ٷ
     ִ.  50  ǵ ִ!!

  o   ȣƮ ͳݿ ϴ Ϳ   Linux ISP Hookup
     HOWTO <http://metalab.unc.edu/mdw/HOWTO/ISP-Hookup-HOWTO.html>,
     Linux PPP HOWTO <http://metalab.unc.edu/mdw/HOWTO/PPP-HOWTO.html>,
     TrinityOS
     <http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri>, Linux
     DHCP mini-HOWTO <http://metalab.unc.edu/mdw/HOWTO/mini/DHCP.html>,
     Linux Cable Modem mini-HOWTO
     <http://metalab.unc.edu/mdw/HOWTO/mini/Cable-Modem.html> Ȯ
      ִ.

  o  Ipfwadm 2.3 Ȥ  ̻ 
     ftp://ftp.xos.nl/pub/linux/ipfwadm/ipfwadm-2.3.tar.gz  
     ִ.
      α׷  䱸׿  ߰ Linux IPFWADM page
     <http://www.xos.nl/linux/ipfwadm/> Ȯ  ִ.

  o  2.0.36̻ Ŀο IPCHAINS Ϸ Ѵٸ Willy Tarreau's
     IPCHAINS enabler for 2.0.36 <http://www-
     miaif.lip6.fr/willy/pub/linux-patches/>̳ Rusty's IPCHAINS for
     2.0.x kernels ϶.

  o  ο Ŀ , , ġϴ  Linux Kernel HOWTO
     <http://metalab.unc.edu/mdw/HOWTO/Kernel-HOWTO.html> Ȯ 
     ִ.

  o   ޵  ġ ؼ IP Ŀ̵忡 ٸ
     ɵ ߰  ִ:

  o  TCP/IP port-forwarders Ǵ re-directors:    ؼ,
     밳 MASQ   ʴ α׷ ۵ϵ  
     ִ.   ܿ, ܺ ͳ ڵ  WWW, TELNET,
     SMTP, FTP(ġ ʿ)   ϵ MASQ 
      ִ.  ڼ   HOWTO ``''  ϱ ٶ.
     2.0.x Ŀ  IP Masquerading ġ Ʈ:

  o  Steven Clarke  IP PortForwarding (IPPORTFW) - õ

  o  IP AutoForward a mirror
     <ftp://ftp.netis.com/pub/members/rlynch/ipautofw.tar.gz> (IPAUTOFW)
     - õ 

  o  TCP ؼ REDIR <http://ipmasq.cjb.net/redir_0.7.orig.tar.gz>
     (REDIR) - õ 

  o  UDP redirector (UDPRED) - õ 

     PORTFWed FTP:

  o  ܺηκ FTP  FTP  ϰ ʹٸ Fred
     Viles's FTP server patch ޾ ϶.  ̿  ڼ
       HOWTO ``'' ǿ Ȯ  ִ.

     X-Windows display (forwarders):

  o  X-windows forwarding (DXCP)
     <ftp://sunsite.unc.edu/pub/Linux/X11/compress/dxpc-3.7.0.tar.gz>

     MASQ  ICQ ϱ  

  o  Andrew Deryabin's ICQ MASQ module

     PPTP (GRE) SWAN (IPSEC) VPNs ͳθ (tunneling forwarders):

  o  John Hardin's VPN Masquerade forwarders, Ȥ  ġμ PPTP
     Support <http://ipmasq.cjb.net/ip_masq_pptp.patch.gz>.

       ġ:

  o  Glenn Lamb LooseUDP for 2.0.36+
     <ftp://ftp.netcom.com/pub/mu/mumford/loose-udp-2.0.36.patch.gz>
     ġ.

     WWW  , .gz Ȯ ȭ ڵ  ִ.
     ٿε常 ϱ ؼ SHIFTŰ ¿  URL
     Ŭ϶.

      ڼ  ˷ Dan Kegel NAT Page
     <http://www.alumni.caltech.edu/~dank/peer-nat.html> Ȯϱ
     ٶ.  ``'' ǰ ``'' ǿ ٸ  Ȯ  ִ.

      ġ鿡     ׿ ٸ  IP
     Masquerade Resource <http://ipmasq.cjb.net/>  Ȯ  ִ.

  2.7.   2.2.x  IP Masqeurade ϱ  䱸׵

       **  ֱ  IP Masquerade Resource
       <http://ipmasq.cjb.net/>  ϱ ٶ. **

  o  Ŀ 2.2.x ҽ http://www.kernel.org/   ִ.
     NOTE #1:  2.2.x ߿ 2.2.11   IPCHAINS
     fragmentation bug  ִ.  ̷ ,  IPCHAINS
     ruleset ϸ ݿ ǰ ȴ. Ŀ ׷̵Ͽ
      ذϱ ٶ.

     NOTE #2: Redhat 5.2  ֱ ``'' 2.2.x Ŀ  
      𸥴. DHCP, NetUtils   ׷̵ؾ 
     ̴.  ڼ   HOWTO ޵ ̴.

  o  簡 Ŀ , 2.1.121 ̻ .
     http://www.pi.se/blox/modules/   ִ.

  o  TCP/IP Ʈ̳ LAN  Linux NET-3 HOWTO
     <http://metalab.unc.edu/mdw/HOWTO/NET-3-HOWTO.html> Network
     Administrator's Guide
     <http://metalab.unc.edu/mdw/LDP/nag/nag.html> ٷ ִ.

  o   ȣƮ ͳݿ ϴ Ϳ   Linux ISP Hookup
     HOWTO <http://metalab.unc.edu/mdw/HOWTO/ISP-Hookup-HOWTO.html>,
     Linux PPP HOWTO <http://metalab.unc.edu/mdw/HOWTO/PPP-HOWTO.html>,
     TrinityOS
     <http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri>, Linux
     DHCP mini-HOWTO <http://metalab.unc.edu/mdw/HOWTO/mini/DHCP.html>,
     Linux Cable Modem mini-HOWTO
     <http://metalab.unc.edu/mdw/HOWTO/mini/Cable-Modem.html> Ȯ
      ִ.

  o  IP Chains 1.3.9 Ȥ  ̻ 
     http://www.rustcorp.com/linux/ipchains/   ִ.
      α׷  䱸׿  ߰ Linux IP Firewalling
     Chains page <http://www.rustcorp.com/linux/ipchains/> Ȯ 
     ִ.

  o  ο Ŀ , , ġϴ  Linux Kernel HOWTO
     <http://metalab.unc.edu/mdw/HOWTO/Kernel-HOWTO.html> Ȯ 
     ִ.

  o   ޵  ġ ؼ IP Ŀ̵忡 ٸ
     ɵ ߰  ִ:

  o  TCP/IP port-forwarders Ǵ re-directors:

  o  IP PortForwarding (IPMASQADM) - õ
     <http://juanjox.kernelnotes.org/> Ǵ   mirror.

  o  ICQ MASQ module

  o  Andrew Deryabin's ICQ MASQ module

   ġ鿡     ׿ ٸ  IP Masquerade
  Resource <http://ipmasq.cjb.net/>  Ȯ  ִ.

  3.  IP Ŀ̵ 

         Ʈ ߿  ִٸ, IP Ŀ̵带
       ϱ  ""̶    ٶ.
       ⺻, IP MASQ  ͳݿ   ֵ ϴ
       , ͳݻ    Ʈ
        ΰ   ִ.

       ϴ IP MASQ ϰ Ǹ, IPFWADM/IPCHAINS ȭ ſ
        å(ruleset)    ǰѴ. 
       ڼ  ``''  ``''  ϱ ٶ.

  3.1.  Ŀο IP Ŀ̵带 ϵ  ϱ

           ׸ ϵ 
       Ǿ ְ Ŀ̵忡   ϵǾ
       ǰ ִٸ Ŀ   ʿ䰡 (κ
        ԵǾ  ̴.):

       o  IPFWADM/IPCHAINS

       o  IP forwarding

       o  IP masquerading

       o  IP Firewalling

       o  Ÿ 

            Ŀ̵带 ϴ Ȯ
          ʴٸ, ``'' ̳ IP Masquerade Resource
          <http://ipmasq.cjb.net/>  ڼ  Ȯ 
          ִ.   IP Ŀ̵ ϴ 
           ٸ,  ʴ´ٰ ϰ  ܰ
          Ѿ.

       ϵ Ǿ ֵ ƴϵ ,  ǿ ٸ
          Ƿ оα⸦ Ѵ.

  3.1.1.   2.0.x Ŀ

  ʿ Ʈ ġ  ``''  ϱ ٶ.

  o  켱, Ŀ ҽ ʿϴ.( ֱ  2.0.36̳  ̻
     )

  o   Ŀ  ó̶ ̸  ٶ.   ,
     ״  ʰ ``'' ǿ   URL  
      ϰ ִ.

  o  tar xvzf linux-2.0.x.tar.gz -C /usr/src  Ͽ Ŀ
     /usr/src/  Ǭ.(2.0.x Ŀ )  Ǭ ,
     /usr/src/linux/  丮 ɺ ũ ִ ȮѴ.

  o  ġ     Ǭ Ŀ ҽ ġ Ѵ. 2.0.36
     ̻ , IP Ŀ̵ ϱ  Ư ġ
     ʿ ʴ. IPPORTFW, PPTP, Xwindows forwarders  
     ɵ  ʿ  û׵̴. URL ``'' 
     ϰ, ֽ  ׿ ġ õ URL IP Masquerade
     Resources <http://ipmasq.cjb.net/>  ϱ ٶ.

  o  Ʒ Ŀο ԵǾ ϴ ּ ɼǵ  ִ. 
     ġǾ ִ Ʈ ̽(LAN ī,  )  
     ֵ ϴ ͵  ƾ Ѵ. Ŀ ϴ  ڼ
      ؼ Linux Kernel HOWTO
     <http://metalab.unc.edu/mdw/HOWTO/Kernel-HOWTO.html>  Ŀ ҽ
     丮  README ȭ ϱ ٶ.

      ɼǵ鿡 YESΰ Ǵ NOΰ Ȯϱ ٶ. 
     HOWTO ߿ ϴ  ġ  ʴ´ٸ Ʒ
     ɼǵ     ִ:

    * Prompt for development and/or incomplete code/drivers (CONFIG_EXPERIMENTAL) [Y/n/?]
      - YES: ̷ ؾ ߿ IP Ŀ̵    ִ.

    * Enable loadable module support (CONFIG_MODULES) [Y/n/?]
      - YES: IP Ŀ̵    ֵ Ѵ.

    * Networking support (CONFIG_NET) [Y/n/?]
      - YES: Ʈ  ϰ Ѵ.

    * Network firewalls (CONFIG_FIREWALL) [Y/n/?]
      - YES: IPFWADM ȭ  ϰ Ѵ.

    * TCP/IP networking (CONFIG_INET)
      - YES: TCP/IP   ϰ Ѵ.

    * IP: forwarding/gatewaying (CONFIG_IP_FORWARD)
      - YES:  Ʈ Ŷ   ϰ Ѵ.
             - IPFWADM  ؼ ȴ.

    * IP: syn cookies (CONFIG_SYN_COOKIES) [Y/n/?]
      - YES: ⺻ Ʈ  ؼ  Ѵ.

    * IP: firewalling (CONFIG_IP_FIREWALL) [Y/n/?]
      - YES: ȭ   ϰ Ѵ.

    * IP: firewall packet logging (CONFIG_IP_FIREWALL_VERBOSE) [Y/n/?]
      - YES: ( ʿ   ):  ȭ    
             ֵ Ѵ.

    * IP: masquerading (CONFIG_IP_MASQUERADE [Y/n/?]
      - YES: IP Ŀ̵  Ͽ  Ʈ Ư ּҷκ
             Ŷ ּҸ Ͽ ܺ TCP/IPƮ  Ѵ.

    * IP: ipautofw masquerade support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_IPAUTOFW) [Y/n/?]
      - NO:  IPautofw  TCP/IP 並 ϴ ô ̴. 
             ۵ϱ , IPPORTFW    ̴. ׷Ƿ IPAUTOFW
             õ ʴ´.

    * IP: ipportfw masq support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_IPPORTFW) [Y/n/?]
      - YES:  ɼ 2.0.x Ŀο ϱ ؼ ġ ؾ Ѵ.

              ɼ ϸ, ͳݿ ִ ܺ ǻͰ Ŀ̵
              Ư ǻͷ    ְ ȴ.   
              SMTP, TELNET, WWW  ϴ  ȴ. FTP Ʈ
              ϱ ؼ FAQǿ ޵Ǿ ִ ߰ ġ 
             ؾ Ѵ. Ʈ   ߰   HOWTO
             Forwards  ϱ ٶ.

    * IP: ICMP masquerading (CONFIG_IP_MASQUERADE_ICMP) [Y/n/?]
      - YES: ICMP Ŷ Ŀ̵  ֵ Ѵ.  ʿ  
             , ICMP  ̴  α׷   
              ִ.

    * IP: loose UDP port managing (EXPERIMENTAL) (CONFIG_IP_MASQ_LOOSE_UDP) [Y/n/?]
      - YES:  ɼ 2.0.x Ŀο ϱ ؼ ġ ؾ Ѵ.

              ɼ ؼ,  ǻ͵鿡 NAT   ۵ϴ
             Ʈ ӵ ͳ    ִ.  ڼ 
              HOWTO FAQǿ Ȯ  ִ.

    * IP: always defragment (CONFIG_IP_ALWAYS_DEFRAG) [Y/n/?]
      - YES:   IP Ŀ̵  ȭ ش. -  õ

    * IP: optimize as router not host (CONFIG_IP_ROUTER) [Y/n/?]
      - YES:   Ŀ Ʈ  ȭ ش.

    * IP: Drop source routed frames (CONFIG_IP_NOSR) [Y/n/?]
      - YES: ⺻ Ʈ  ؼ  õѴ.

    * Dummy net driver support (CONFIG_DUMMY) [M/n/y/?]
      - YES:  ʿ ,  ɼ  ߻ؼ   
               ̴.

    * /proc filesystem support (CONFIG_PROC_FS) [Y/n/?]
      - YES:  Ʈ  ϱ ؼ ʿϴ.

  NOTE:  ɼǵ  IP Ŀ ϱ  ҵ̴.
  Ư Ʈ Ư ϵ ϱ ؼ ʿ ٸ ɼǵ
   ؾ Ѵ.

  o  Ŀ ü ϰ ,    Ŀ IP
     Ŀ   ϰ ġؾ Ѵ:

       make modules; make modules_install

  o  , /etc/rc.d/rc.local ȭϿ    ߰ؼ IP
     Ŀ̵带 ϱ  ũƮ loadϵ ؾ Ѵ.
     ̷ ϸ    ڵ IP Ŀ̵ 
       ִ:

               .
               .
               .
               #rc.firewall script - Start IPMASQ and the firewall
               /etc/rc.d/rc.firewall
               .
               .
               .

  3.1.2.   2.2.x Ŀ

  ʿ Ʈ ġ  ``''  ϱ ٶ.

  o  켱, 2.2.x  Ŀ ҽ ʿϴ. (ֱ  2.2.11̳ 
     ̻ )

     NOTE #1:  2.2.x ߿ 2.2.11   IPCHAINS
     fragmentation bug  ִ.  ̷ ,  IPCHAINS
     ruleset ϸ ݿ ǰ ȴ. Ŀ ׷̵Ͽ
      ذϱ ٶ.

  o   Ŀ  ó̶ ̸  ٶ.   ,
     ״  ʰ ``'' ǿ   URL  
      ϰ ִ.

  o  tar xvzf linux-2.2.x.tar.gz -C /usr/src  Ͽ Ŀ
     /usr/src/  Ǭ.(2.2.x Ŀ )  Ǭ ,
     /usr/src/linux/  丮 ɺ ũ ִ ȮѴ.

  o  ġ     Ǭ Ŀ ҽ ġ Ѵ. 2.2.1
     ̻ , IP Ŀ̵ ϱ  Ư ġ
     ʿ ʴ. PPTP, Xwindows forwarders   ɵ 
     ʿ  û̴. URL ``''  ϰ, ֽ
      ׿ ġ õ URL IP Masquerade Resources
     <http://ipmasq.cjb.net/>  ϱ ٶ.

  o  Ʒ Ŀο ԵǾ ϴ ּ ɼǵ  ִ. 
     ġǾ ִ Ʈ ̽(LAN ī,  )  
     ֵ ϴ ͵  ƾ Ѵ. Ŀ ϴ  ڼ
      ؼ Linux Kernel HOWTO
     <http://metalab.unc.edu/mdw/HOWTO/Kernel-HOWTO.html>  Ŀ ҽ
     丮  README ȭ ϱ ٶ.

      ɼǵ鿡 YESΰ Ǵ NOΰ Ȯϱ ٶ. 
     HOWTO ߿ ϴ  ġ  ʴ´ٸ Ʒ
     ɼǵ     ִ:

    * Prompt for development and/or incomplete code/drivers (CONFIG_EXPERIMENTAL) [Y/n/?]
      - YES: IP Ŀ̵带   ʿ  ƴ,  ɼ ϸ
             Ŀ̵  ϰ Ʈ (port forwarding)  
             ִ.

    * Enable loadable module support (CONFIG_MODULES) [Y/n/?]
      - YES: IP Ŀ̵    ֵ Ѵ.

    * Networking support (CONFIG_NET) [Y/n/?]
      - YES: Ʈ  ϰ Ѵ.

    * Packet socket (CONFIG_PACKET) [Y/m/n/?]
      - YES:  ʿ ,   TCPDUMP ؼ IP Ŀ̵
                 Ƿ   Ѵ.

    * Kernel/User netlink socket (CONFIG_NETLINK) [Y/n/?]
      - YES:  ʿ ,   ȭ     ֵ
             Ѵ.

    * Routing messages (CONFIG_RTNETLINK) [Y/n/?]
      - NO:   ɼ Ŷ ȭ   Ͱ ƹ  .

    * Network firewalls (CONFIG_FIREWALL) [Y/n/?]
      - YES: IPCHAINS ȭ    ְ Ѵ.

    * TCP/IP networking (CONFIG_INET) [Y/n/?]
      - YES: TCP/IP    ְ Ѵ.

    * IP: advanced router (CONFIG_IP_ADVANCED_ROUTER) [Y/n/?]
      - NO:  CONFIG_IP_ROUTE_VERBOSE  ϱ ؼ ʿϰ  
             ؼ ʿϴ. (ipchains/Ŀ̵ ʹ .)

    * IP: verbose route monitoring (CONFIG_IP_ROUTE_VERBOSE) [Y/n/?]
      - YES:   IP Ǫ() Ŷ ϰ    ڵ带
             Ѵٸ ſ  ̴.

    * IP: firewalling (CONFIG_IP_FIREWALL) [Y/n/?]
      - YES: ȭ    ְ Ѵ.

    * IP: firewall packet netlink device (CONFIG_IP_FIREWALL_NETLINK) [Y/n/?]
      - YES:  ʿ ,   ȭ    
               ̴.

    * IP: always defragment (required for masquerading) (CONFIG_IP_ALWAYS_DEFRAG) [Y/n/?]
      - YES:   ؾ IP Ŀ̵  Ͻ  
              ִ.   IP Ŀ̵  ȭ ϱ⵵ Ѵ.

    * IP: masquerading (CONFIG_IP_MASQUERADE) [Y/n/?]
      - YES:  ּҸ ܺη  Ŷ ȯ ִ IP Ŀ̵ 
              ϰ Ѵ.

    * IP: ICMP masquerading (CONFIG_IP_MASQUERADE_ICMP) [Y/n/?]
      - YES: ICMP  Ŷ Ŀ̵ ϱ  ȴ. ( ʴ
             ICMP  ڵ ü Ŀ̵  ̴.) ӿ  
              ذϱ  Ǵ ߿ ̴.

    * IP: masquerading special modules support (CONFIG_IP_MASQUERADE_MOD) [Y/n/?]
      - YES:  ʿ ,   ߿ TCP/IP Ʈ  
             ϰ ϱ ؼ ؾ Ѵ. Ʈ  ؼ ܺηκ
             Ŀ̵Ǵ  ǻͷ    ִ.

    * IP: ipautofw masq support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_IPAUTOFW) [N/y/m/?]
      - NO:  IPautofw  Ʈ  ϱ ؼ Ǵ ô
             ̴.      ϴ   .

    * IP: ipportfw masq support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_IPPORTFW) [Y/m/n/?]
      - YES: IPPORTFW 밡ϰ Ѵ.

              ɼ ϸ, ͳݻ ܺ ǻ͵ 
             Ŀ̵Ǵ ǻͿ    ְ ȴ.  
               SMTP, TELNET, WWW  ϱ ؼ ȴ.
             FTP Ʈ  FAQ ǿ Ǵ ߰ ġ ؾ Ѵ.
             Ʈ   ߰   HOWTO Forwards ǿ
             ٷ ִ.

    * IP: ip fwmark masq-forwarding support (EXPERIMENTAL) (CONFIG_IP_MASQUERADE_MFW) [Y/m/n/?]
      - NO:  IPCHAINS   IP    ְ Ѵ.   ڵ
             ̸, ϴ  IPMASQADM  IPPORTFW ϴ ̴.

    * IP: optimize as router not host (CONFIG_IP_ROUTER) [Y/n/?]
      - YES:   Ŀ Ʈ  ȭ  ش.

    * IP: GRE tunnels over IP (CONFIG_NET_IPGRE) [N/y/m/?]
      - NO:     ʿ , IP Ŀ̵ ؼ PPTP
             GRE ͳ 밡ϰ Ѵ.

    * IP: TCP syncookie support (not enabled per default) (CONFIG_SYN_COOKIES) [Y/n/?]
      - YES: ⺻ Ʈ  ؼ    Ѵ.

    * Network device support (CONFIG_NETDEVICES) [Y/n/?]
      - YES:  Ʈ ġ   ְ Ѵ.

    * Dummy net driver support (CONFIG_DUMMY) [M/n/y/?]
      - YES:  ʿ ,  ߻      
             ̴.

    * /proc filesystem support (CONFIG_PROC_FS) [Y/n/?]
      - YES:  Ʈ  ý ϱ ؼ ʿϴ.

  NOTE:  ɼǵ  IP Ŀ̵ ϱ  ҵ̴.
  Ư Ʈ Ư ϵ ϱ ؼ ʿ ٸ ɼǵ
   ؾ Ѵ.

  o  Ŀ ü ϰ ,    Ŀ IP
     Ŀ̵   ϰ ġؾ Ѵ:

         make modules; make modules_install

  o  , /etc/rc.d/rc.local ȭϿ    ߰ؼ IP
     Ŀ̵带 ϱ  ũƮ loadϵ ؾ Ѵ.
     ̷ ϸ    ڵ IP Ŀ̵ 
       ִ:

          .
          .
          .
          #rc.firewall script - Start IPMASQ and the firewall
          /etc/rc.d/rc.firewall
          .
          .
          .

  3.2.   LAN   IP ּҸ Ҵϱ

    Ŀ̵  ǻ͵鿡  ͳ ּҰ
  ҴǾ  ʱ , ܺ ͳ ּҿ 浹 ʵ 
  ǻ͵鿡 ּҸ Ҵ  ־ Ѵ.

  >IP Ŀ̵ FAQ κ ο:

  RFC 1918  ܺο  ʴ "ο" Ʈ Ǵ IP
  ּҵ鿡   ̴. ̷ 쿡 Ǳ ؼ 
   ּ  ִ.

       Section 3: ο ּ 

       ͳ ּ Ҵ ⱸ(The Internet Assigned Numbers Authority : IANA)
       IP ּ߿    ο Ʈ ؼ  ξ:

                     10.0.0.0        -   10.255.255.255
                     172.16.0.0      -   172.31.255.255
                     192.168.0.0     -   192.168.255.255

       ù°  "24-bit ", ι° "20-bit ", ° "16-bit "
       θ Ѵ. ù°  class A Ʈ ּ ̸, ι° class B
       Ʈ ּ ӵ 16 ȣ̰, ° class C Ʈ ּ ӵ
       255 ȣ̴.

   ؼ, ڴ 192.168.0.0 Ʈ 255.255.255.0 class-C
   ũ ߰,  HOWTO  ּҸ  ̴.
  ׷,  ִ ο Ʈ ּ߿   ص
  ϴ. ,  쿡   ũ ؾ Ѵ.

   Class-C Ʈ Ѵٸ, Ŀ̵  ǻ͵鿡
  192.168.0.1, 192.168.0.2, 192.168.0.3, ..., 192.168.0.x  
  ּҸ Ҵؾ Ѵ.

  192.168.0.1    Ʈ Ȥ  Ŀ̵ ӽ
  ּҷμ ܺη Ǵ ̴. 192.168.0.0 192.168.0.255 
  "Ʈ" ü ּҿ "εĳƮ" ̴ּ. ( ּҵ 
  ּҵ̴.)  ּҵ ǻ͵鿡 Ҵ, Ʈ  
   ̴.

  3.3.  IP  å ϱ

  , Ŀΰ Ÿ ʿ Ű غǾ ־ Ѵ. 
  Ŀ̵   Ʈ IP ּҵ, Ʈ, DNS
  ּҵ ؾ Ѵ. Ʈ ī ϴ  𸥴ٸ, ``''
  Ȥ ``'' ǿ ޵ HOWTO ϱ ٶ.

     IP ȭ  ؼ  Ŀ̵
  ϵ ϴ ̴:

       **      , ڴ 
          ؼ ߴ. ,  ٸ
           ̴.

       **  ǿ ϴ  IP Ŀ̵  ۵ϱ
        ּ ȭ å̴. ϴ IP Ŀ̵尡 
       ϸ( HOWTO ߿ Ѵ) ``''  ``'' ǿ
           å鿡  ˾ƺ ٶ. 
       ڼ  IPFWADM (2.0.x) Ȥ IPCHAINS(2.2.x) man
        ϱ ٶ.

  3.3.1.   2.0.x Ŀ

    "" ʱ å /etc/rc.d/rc.firewall ȭ
  Ѵ:

  # rc.firewall - Initial SIMPLE IP Masquerade setup for 2.0.x kernels using IPFWADM
  #
  # Load all required IP MASQ modules
  #
  #   NOTE:  Only load the IP MASQ modules you need.  All current available IP MASQ modules
  #          are shown below but are commented out from loading.

  # Needed to initially load modules
  #
  /sbin/depmod -a

  # Supports the proper masquerading of FTP file transfers using the PORT method
  #
  /sbin/modprobe ip_masq_ftp

  # Supports the masquerading of RealAudio over UDP.  Without this module,
  #       RealAudio WILL function but in TCP mode.  This can cause a reduction
  #       in sound quality
  #
  #/sbin/modprobe ip_masq_raudio

  # Supports the masquerading of IRC DCC file transfers
  #
  #/sbin/modprobe ip_masq_irc

  # Supports the masquerading of Quake and QuakeWorld by default.  This modules is
  #   for for multiple users behind the Linux MASQ server.  If you are going to play
  #   Quake I, II, and III, use the second example.
  #
  #Quake I / QuakeWorld (ports 26000 and 27000)
  #/sbin/modprobe ip_masq_quake
  #
  #Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
  #/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960

  # Supports the masquerading of the CuSeeme video conferencing software
  #
  #/sbin/modprobe ip_masq_cuseeme

  #Supports the masquerading of the VDO-live video conferencing software
  #
  #/sbin/modprobe ip_masq_vdolive

  #CRITICAL:  Enable IP forwarding since it is disabled by default since
  #
  #           Redhat Users:  you may try changing the options in /etc/sysconfig/network from:
  #
  #                       FORWARD_IPV4=false
  #                             to
  #                       FORWARD_IPV4=true
  #
  echo "1" > /proc/sys/net/ipv4/ip_forward

  # Dynamic IP users:
  #
  #   If you get your Internet IP address dynamically from SLIP, PPP, or DHCP, enable this following
  #       option.  This enables dynamic-ip address hacking in IP MASQ, making the life
  #       with DialD, PPPd, and similar programs much easier.
  #
  #echo "1" > /proc/sys/net/ipv4/ip_dynaddr

  # MASQ timeouts
  #
  #   2 hrs timeout for TCP session timeouts
  #  10 sec timeout for traffic after the TCP/IP "FIN" packet is received
  #  160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users)
  #
  /sbin/ipfwadm -M -s 7200 10 160

  # DHCP:  For people who receive their external IP address from either DHCP or BOOTP
  #        such as ADSL or Cablemodem users, it is necessary to use the following
  #        before the deny command.  The "bootp_client_net_if_name" should be replaced
  #        the name of the link that the DHCP/BOOTP server will put an address on to?
  #        This will be something like "eth0", "eth1", etc.
  #
  #        This example is currently commented out.
  #
  #
  #/sbin/ipfwadm -I -a accept -S 0/0 67 -D 0/0 68 -W bootp_clients_net_if_name -P udp

  # Enable simple IP forwarding and Masquerading
  #
  #  NOTE:  The following is an example for an internal LAN address in the 192.168.0.x
  #         network with a 255.255.255.0 or a "24" bit subnet mask.
  #
  #         Please change this network number and subnet mask to match your internal LAN setup
  #
  /sbin/ipfwadm -F -p deny
  /sbin/ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0

  /etc/rc.d/rc.firewall ȭ ؼ å ϰ , "chmod 700
  /etc/rc.d/rc.firewall"  ؼ డ ȭϷ .

   ó ü TCP/IP Ʈ ؼ ƴ϶,  ӽź IP
  Ŀ̵   ִ.  , 192.168.0.2
  192.168.0.8 ּҸ  ȣƮ ͳݿ ٰϵ ϰ ٸ
   ӽŵ  ϵ ϰ Ѵٸ, 
  /etc/rc.d/rc.firewall ȭϿ "Enable simple IP forwarding and
  Masquerading" ̶ Ǿ ִ κ ٲָ ȴ.

       # Enable simple IP forwarding and Masquerading
       #
       #  NOTE:  The following is an example to only allow IP Masquerading for the 192.168.0.2
       #         and 192.168.0.8 machines with a 255.255.255.0 or a "24" bit subnet mask.
       #
       #         Please use the following in ADDITION to the simple ruleset above for specific
       #         MASQ networks.  Also change the network numbers and subnet masks to match your
       #         internal LAN setup
       #
       /sbin/ipfwadm -F -p deny
       /sbin/ipfwadm -F -a m -S 192.168.0.2/32 -D 0.0.0.0/0
       /sbin/ipfwadm -F -a m -S 192.168.0.8/32 -D 0.0.0.0/0

  IP Ŀ̵ ó ϴ    Ǽ 
   ϴ ̴:

  ipfwadm -F -p masquerade

  Ʈ Ŀ̵ ϵ ؼ ȵȴ.  ׷ ϸ
   ̺ ٷ  ƴ    Ʈ̸
  ؼ ڽ ź  򰡷   ְ ȴ!

   ȭ , /etc/rc.d/rc.firewall ȭ̳ Ȥ ϴ ٸ
  rc ȭϿ   ְ, ƴϸ IP Ŀ̵尡 ʿ 
     ִ.

  ``''  ``'' ǿ IPFWADM  ڼ ȳ   IPFWADM
  å   ִ.

  3.3.2.   2.2.x Ŀ

  2.1.x  2.2.x Ŀο IP Ŀ̵ å ٷ  ȭ
  μ IPFWADM ̻  ʴ´    Ŀε 
  IPCHAINS  Ѵ. ̷  ڼ  ``'' 
  ϱ ٶ.

    "" ʱ å /etc/rc.d/rc.firewall ȭ
  Ѵ:

  #!/bin/sh
  #
  # rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x and 2.2.x kernels using IPCHAINS
  #
  # Load all required IP MASQ modules
  #
  #   NOTE:  Only load the IP MASQ modules you need.  All current IP MASQ modules
  #          are shown below but are commented out from loading.

  # Needed to initially load modules
  #
  /sbin/depmod -a

  # Supports the proper masquerading of FTP file transfers using the PORT method
  #
  /sbin/modprobe ip_masq_ftp

  # Supports the masquerading of RealAudio over UDP.  Without this module,
  #       RealAudio WILL function but in TCP mode.  This can cause a reduction
  #       in sound quality
  #
  #/sbin/modprobe ip_masq_raudio

  # Supports the masquerading of IRC DCC file transfers
  #
  #/sbin/modprobe ip_masq_irc

  # Supports the masquerading of Quake and QuakeWorld by default.  This modules is
  #   for for multiple users behind the Linux MASQ server.  If you are going to play
  #   Quake I, II, and III, use the second example.
  #
  #Quake I / QuakeWorld (ports 26000 and 27000)
  #/sbin/modprobe ip_masq_quake
  #
  #Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
  #/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960

  # Supports the masquerading of the CuSeeme video conferencing software
  #
  #/sbin/modprobe ip_masq_cuseeme

  #Supports the masquerading of the VDO-live video conferencing software
  #
  #/sbin/modprobe ip_masq_vdolive

  #CRITICAL:  Enable IP forwarding since it is disabled by default since
  #
  #           Redhat Users:  you may try changing the options in /etc/sysconfig/network from:
  #
  #                       FORWARD_IPV4=false
  #                             to
  #                       FORWARD_IPV4=true
  #
  echo "1" > /proc/sys/net/ipv4/ip_forward

  # Dynamic IP users:
  #
  #   If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following
  #       option.  This enables dynamic-ip address hacking in IP MASQ, making the life
  #       with Diald and similar programs much easier.
  #
  #echo "1" > /proc/sys/net/ipv4/ip_dynaddr
  # MASQ timeouts
  #
  #   2 hrs timeout for TCP session timeouts
  #  10 sec timeout for traffic after the TCP/IP "FIN" packet is received
  #  160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users)
  #
  /sbin/ipchains -M -S 7200 10 160

  # DHCP:  For people who receive their external IP address from either DHCP or BOOTP
  #        such as ADSL or Cablemodem users, it is necessary to use the following
  #        before the deny command.  The "bootp_client_net_if_name" should be replaced
  #        the name of the link that the DHCP/BOOTP server will put an address on to?
  #        This will be something like "eth0", "eth1", etc.
  #
  #        This example is currently commented out.
  #
  #
  #/sbin/ipchains -A input -j ACCEPT -i bootp_clients_net_if_name -s 0/0 67 -d 0/0 68 -p udp

  # Enable simple IP forwarding and Masquerading
  #
  #  NOTE:  The following is an example for an internal LAN address in the 192.168.0.x
  #         network with a 255.255.255.0 or a "24" bit subnet mask.
  #
  #         Please change this network number and subnet mask to match your internal LAN setup
  #
  /sbin/ipchains -P forward DENY
  /sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ

  /etc/rc.d/rc.firewall ȭ ؼ å ϰ , chmod 700
  /etc/rc.d/rc.firewall ؼ డ ȭϷ .

   ó ü TCP/IP Ʈ ؼ ƴ϶,  ӽź IP
  Ŀ̵   ִ.  , 192.168.0.2
  192.168.0.8 ּҸ  ȣƮ ͳݿ ٰϵ ϰ ٸ
   ӽŵ  ϵ ϰ Ѵٸ, 
  /etc/rc.d/rc.firewall ȭϿ "Enable simple IP forwarding and
  Masquerading" ̶ Ǿ ִ κ ٲָ ȴ.

       #!/bin/sh
       #
       # Enable simple IP forwarding and Masquerading
       #
       #  NOTE:  The following is an example to only allow IP Masquerading for the 192.168.0.2
       #         and 192.168.0.8 machines with a 255.255.255.0 or a "24" bit subnet mask.
       #
       #         Please change this network number and subnet mask to match your internal LAN setup
       #
       /sbin/ipchains -P forward deny
       /sbin/ipchains -A forward -s 192.168.0.2/32 -j MASQ
       /sbin/ipchains -A forward -s 192.168.0.8/32 -j MASQ

  IP Ŀ̵ ó ϴ    Ǽ 
   ϴ ̴:

  /sbin/ipchains -P forward masquerade

  Ʈ Ŀ̵ ϵ ؼ ȵȴ.  ׷ ϸ
   ̺ ٷ  ƴ    Ʈ̸
  ؼ ڽ ź  򰡷   ְ ȴ!

   ȭ , /etc/rc.d/rc.firewall ȭ̳ Ȥ ϴ ٸ
  rc ȭϿ   ְ, ƴϸ IP Ŀ̵尡 ʿ 
     ִ.

  ``''  ``'' ǿ IPCHAINS  ڼ ȳ   IPCHAINS
  å    ִ. IPCHAINS   ڼ 
  Linux IP CHAINS HOWTO ϱ ٶ.

  4.  Ŀ̵  ǻ͵ ϱ

   Ŀ̵ Ǵ ǻ͵ IP ּҸ  ϴ  ܿ,
    ǻ͵  Ŀ̵  ּҸ Ʈ
  ּҷ ϰ DNS  ּҸ  ؾ Ѵ. 밳 쿡
  ̰  ϴ. , Ʈ ּҿ  ȣƮ
  ּ(Ϲ 192.168.0.1) Էϸ ȴ.

    (DNS) 쿡,    DNS 
  ּҶ ߰  ִ.      ϰ
  ִ DNS  Էϴ ̴. ߰, " ˻" ̻縦 ߰
   ִ.

  Ŀ̵ Ǵ  ǻ͵  ϰ , ش
  ǻ Ʈ õϵ ƴϸ Ѵ.

    ,  Class C Ʈ ּҵ ϰ,
   Ŀ̵  ּҰ 192.168.0.1̶ Ѵ.
  192.168.0.0 192.168.0.255  ̴ּ  ǻ ּҷ
  ؼ ȵȴ.

    ÷ Ŀ̵ ο ׽ƮǾ:

  o  Linux 1.2.x, 1.3.x, 2.0.x, 2.1.x, 2.2.x

  o  Solaris 2.51, 2.6, 7

  o  Windows 95, OSR2, 98

  o  Windows NT 3.51, 4.0, 2000 (̼ǰ  )

  o  Windows For Workgroup 3.11 (TCP/IP Ű ġ)

  o  Windows 3.1 (Netmanage Chameleon Ű ġ)

  o  TCP/IP 񽺸 ġ Novell 4.01 

  o  OS/2 (Warp v3 )

  o  Macintosh OS (MacTCP Ȥ Open Transport ġ)

  o  DOS (NCSA Telnet Ű ġ, DOS Trumpet κ )

  o  Amiga (AmiTCP Ȥ AS225-stack ġ)

  o  UCX ġ VAX Stations 3520 3100 (VMS 쿡 TCP/IP stack)

  o  Linux/Redhat ġ Alpha/AXP

  o  SCO Openserver (v3.2.4.2 5)

  o  AIX ġ IBM RS/6000

  4.1.  Microsoft Windows 95 

  1. Ʈ ġ ̹ ġ ʾҴٸ  ġѴ. ̹
     ġ     ٷ ʴ´.

  2.

  3. TCP/IP  ġ ʾҴٸ, ߰ -->  -->
     ȸ: Microsoft --> : 'TCP/IP '  ʷ
     ؼ ġѴ.

  4. TCP/IP ׸ Windows95 Ʈ ī (bound)ǵ ϰ
     '' åѴ. 'IP ּ'  Ŭϰ IP ּҸ
     192.168.0.x(1 < x < 255) Ѵ. ׸  ũ
     255.255.255.0 Ѵ.

  5. "Ʈ"  Ŭϰ 'Ʈ' 192.168.0.1̶
     Է "߰" ŬѴ.

  6.

  7.     Ѵٸ ״ ε Ѵ.

  8.  ȭڿ 'Ȯ(OK)'  Ŭϰ Ѵ.

  9. Ʈ    ؼ  ȣƮ Ping  غ:
     '/', ping 192.168.0.1 Է.
     (̰   LAN  ϴ ̴.  ٱ 
     ping    .)  PING  Ϳ   ٸ Ʈ
      ٽ ȮѴ.

  10.
     C:\Windows 丮 HOSTS ȭ , DNS  
     "ȣƮ" LAN ȿ ִ ǻ͵鿡 PING   ִ.
     C:\windows 丮 HOSTS.SAM   ȭ  ̴.

  4.2.  Windows NT 

  1. Ʈ ġ ̹ ġ ʾҴٸ  ġѴ. ̹
     ġ     ٷ ʴ´.

  2.

  3. TCP/IP 񽺰  ġǾ  ʴٸ 'Ʈ ߰'
     ޴ TCP/IP ݰ ׿ ׸ ߰Ѵ.

  4.

  5.

  6. Windows NT    ʰų  ׸  ǹϴ 
       'Automatic DHCP Configuration' Ȱȭ ϰ,
     'WINS Server' κп ƹ͵ Է , Enable IP
     Forwardings Ȱȭ Ѵ.

  7.

  8.

  9.  ȭڿ 'Ȯ' Ŭϰ ý Ѵ.

  10.
     Ʈ    ؼ  ȣƮ Ping  غ:
     'ȭ/', ping 192.168.0.1 Է.
     (̰   LAN  ϴ ̴.  ٱ 
     ping    .)  PING  Ϳ   ٸ Ʈ
      ٽ ȮѴ.

  4.3.  Windows Workgroup 3.11 

  1. Ʈ ġ ̹ ġ ʾҴٸ  ġѴ. ̹
     ġ     ٷ ʴ´.

  2. TCP/IP 32b Ű  ġǾ  ʴٸ ġѴ.

  3.

  4.

  5. IP ּҸ 192.168.0.x (1 < x < 255) Ѵ. ׸ 
     ũ 255.255.255.0 Ʈ Ʈ̸ 192.168.0.1
     Ѵ.

  6. Windows NT    ʰų  ׸  ǹϴ 
       'Automatic DHCP Configuration' Ȱȭ ϰ,
     'WINS Server' κп ƹ͵ Է  Ѵ.

  7.

  8.

  9.  ȭڿ 'Ȯ' Ŭϰ ý Ѵ.

  10.
     Ʈ    ؼ  ȣƮ Ping  غ:
     'ȭ/', ping 192.168.0.1 Է.

  4.4.  UNIX  ý 

  1.  Ʈ ī带 ġ ʾҰų ش ̹ ϵ
     Ŀ ٽ   ʾҴٸ  Ѵ.    
     ٷ ʴ´.

  2. TCP/IP Ʈ  ġǾ  ʴٸ, net-tools Ű 
     TCP/IP Ʈ  ġѴ.

  3. IPADDR 192.168.0.x (1 < x < 255) Ѵ. NETMASK
     255.255.255.0, GATEWAY 192.168.0.1, ׸ BROADCAST
     192.168.0.255 Ѵ.

         ý̶, /etc/sysconfig/network-
     scripts/ifcfg-eth0ȭ ϰų, ϰ Control Panel
     ذ  ִ. SunOS, BSDi, Slackware Linux, Solaris, SuSe, Debian
     .. ٸ UNIX  ٸ  ִ.   
     Ѵٸ  ش UNIX  ϱ ٶ.

  4. /etc/resolv.confȭϿ   (DNS) ߰ϰ 
     ˻ ̻縦 ߰Ѵ. UNIX   󼭴,
     /etc/nsswitch.conf ȭ ؼ DNS 񽺸 밡ϰ Ѵ.

  5.  󼭴 /etc/networks ȭ ؼ ٲپ  
     ִ.

  6.  񽺵 õϰų, Ȥ ϰ ƿ ý ü
     Ѵ.

  7. Ʈ̰ Ǵ ǻͷ  ϱ ؼ  
     ping  : ping 192.168.0.1.
     (̰   LAN  ϴ ̴.  ٱ 
     ping    .)  PING  Ϳ   ٸ Ʈ
      ٽ ȮѴ.

  4.5.  NCSA ڳ Ű ϴ DOS 

  1.  Ʈ ī带 ġ ʾҴٸ  ġѴ. Ʈ ī
     ġ     ٷ ʴ´.

  2.  Ŷ ̹ εѴ.  : NE2000 ̴ ī带
     I/O Ʈ 300, IRQ 10 Ѵٸ, nwpd 0x60 10 0x300
     Ѵ.

  3. ο 丮 ,  丮 NCSA ڳ Ű Ǯ
     ´: pkunzip tel2308b.zip

  4. ؽƮ ͷ config.tel ȭ .

  5. myip=192.168.0.x (1 < x < 255), netmask=255.255.255.0 Ѵ.

  6.  , hardware=packet, interrupt=10, ioaddr=60 ؾ
     Ѵ.

  7. Ʈ ̷μ  Ѱ ǻͿ   ־ Ѵ(
       쿡  ȣƮ):

       name=default
       host=ȣƮ̸
       hostip=192.168.0.1
       gateway=1

  8.   񽺸 ؼ  ϳ   Ѵ:

       name=dns.domain.com ; hostip=123.123.123.123; nameserver=1

  Note:  ȣƮ ϰ ִ     ش.

  9. config.tel ȭ Ѵ.

  10.
     Ʈ  ϱ ؼ  ȣƮ ڳ   :
     telnet 192.168.0.1   α Ʈ  ʴ´ٸ, Ʈ
      ٽ ȮѴ.

  4.6.  MacTCP ϴ MacOS  ý 

  1. ̴ ͸  Ʈ  ġ ʾҴٸ 
     ġѴ.  ġ     ٷ ʴ´.

  2. MacTCP control panel .  Ʈ ̹
     Ѵ(EtherTalk ƴϰ Ethernet ). ׸ 'More...'
     ư ŬѴ.

  3.

  4.

  Address:'

  5.

  6.

  7.

  8. MacTCP control panel ݴ´.   ȭڰ Ÿ
     ý Ѵ.

  9. Ʈ  ϱ ؼ  ȣƮ ping   ִ.
     MacTCP Watcher  Ʈ ġǾ ִٸ, 'Ping'
     ư , Ÿ ȭڿ  ȣƮ
     ּ(192.168.0.1) ԷѴ.  (̰   LAN 
     ϴ ̴.  ٱ  ping    .)  PING 
     Ϳ   ٸ Ʈ  ٽ ȮѴ.

  10.
      LAN IP ּ  ȣƮ ̸ ϱ ؼ, ý
      Hosts ȭ   ִ. ý   ȭ ̹
     ϰ  ̴.  ȭϿ  쿡 缭 ؼ
      ִ    ̴.

  4.7.  Open Transport ϴ MacOS  ý 

  1. ̴ ͸   ̹  ġǾ  ʴٸ,
      ġѴ. ̹ ġ     ٷ ʴ´.

  2. TCP/IP Control Panel  Edit ޴ 'User Mode ...'
     Ѵ. user mode  ּ 'Advanced' ̻ Ǿ ִ
     Ȯϰ 'OK' ư .

  3. File ޴ 'Configurations...' Ѵ. 'Default'  Ǿ
     ִ  ϰ 'Duplicate...' ư ŬѴ. 'Duplicate
     Configuration' ȭڿ, 'IP Masq' (Ȥ  쿡
      ƴ϶  ǹϴ ) ԷѴ. ̷ ϸ 'Default
     copy'   Ÿ ̴. ׷ 'OK' ư Ŭϰ, 'Make
     Active' ư ŬѴ.

  4.

  5.

  6.

  Address:'

  7.

  8.

  9.

  10.

  11.
       ̴. ߸ ϸ     ִ.
      𸣰ڴٸ, ƹ͵ Է  ΰų, ƹ͵ õ
      ä δ   ̴. ʿϴٸ, ԷµǾ ִ 
      ֵ Ѵ. ڰ ƴ , TCP/IP ȭڸ ؼ
     ý  õǾ ִ ٸ "Hosts" ȭ  ʵ
     ϴ  .     ˰ ִٸ, ڿ
     ˷ֱ ٶ.

      Ʈ 802.3 Ÿ  ʿ Ѵٸ '802.3'
     üũѴ.

  12.

  13.
     Ʈ  ϱ ؼ  ȣƮ ping   ִ.
     MacTCP Watcher  Ʈ ġǾ ִٸ, 'Ping'
     ư , Ÿ ȭڿ  ȣƮ
     ּ(192.168.0.1) ԷѴ.  (̰   LAN 
     ϴ ̴.  ٱ  ping    .)  PING 
     Ϳ   ٸ Ʈ  ٽ ȮѴ.

  14.
      LAN IP ּ  ȣƮ ̸ ϱ ؼ, ý
      Hosts ȭ   ִ.  ȭ ý  
      ְ   ִ.  ȭ Ѵٸ,  쿡
     缭 ؼ  ִ    ̴. 
     ʴ´ٸ, MacTCP ϰ ִ ýκ  ͼ 
     ų, ׳  ڽ  ص ȴ( ȭ 
     UNIX /etc/hosts ȭ  Ϻθ ϸ, RFC952 Ǿ
     ִ). ϴ ȭ  , TCP/IP control panel ,
     'Select Hosts File...' ư  Hosts ȭ .

  15.
     ݱ ڸ Ŭϰų File ޴ 'Close' Ȥ 'Quit' 
     Ѵ. ׸ 'Save' ư Ŭؼ  Ѵ.

  16.
        ݿ, ý ϴ ͵ .

  4.8.  DNS ϴ Novell Ʈ 

  1. ̴   ̹ Ʈ  ġǾ 
     ʴٸ,  ġѴ. ̹ ġ     ٷ
     ʴ´.

  2. The Novell LanWorkPlace page
     <ftp.novell.com/pub/updates/unixconn/lwp5> tcpip16.exe
     ٿεѴ.
  3.

     c:\nwclient\startnet.bat Ѵ

     SET NWLANGUAGE=ENGLISH
     LH LSL.COM
     LH KTC2000.COM
     LH IPXODI.COM
     LH tcpip
     LH VLM.EXE
     F:

  4.

     c:\nwclient\net.cfg Ѵ

     Link Driver KTC2000
             Protocol IPX 0 ETHERNET_802.3
             Frame ETHERNET_802.3
             Frame Ethernet_II
             FRAME Ethernet_802.2

     NetWare DOS Requester
                FIRST NETWORK DRIVE = F
                USE DEFAULTS = OFF
                VLM = CONN.VLM
                VLM = IPXNCP.VLM
                VLM = TRAN.VLM
                VLM = SECURITY.VLM
                VLM = NDS.VLM
                VLM = BIND.VLM
                VLM = NWP.VLM
                VLM = FIO.VLM
                VLM = GENERAL.VLM
                VLM = REDIR.VLM
                VLM = PRINT.VLM
                VLM = NETX.VLM

     Link Support
             Buffers 8 1500
             MemPool 4096

     Protocol TCPIP
             PATH SCRIPT     C:\NET\SCRIPT
             PATH PROFILE    C:\NET\PROFILE
             PATH LWP_CFG    C:\NET\HSTACC
             PATH TCP_CFG    C:\NET\TCP
             ip_address      192.168.0.xxx
             ip_router       192.168.0.1

   "ip_address" κ  IP ּҷ Ѵ (192.168.0.x, 1 < x < 255)
  ׸  c:\bin\resolv.cfg Ѵ:

  SEARCH DNS HOSTS SEQUENTIAL
  NAMESERVER xxx.xxx.xxx.xxx
  NAMESERVER yyy.yyy.yyy.yyy

  5.  "NAMESERVER" κ  ϴ DNS  üѴ.

  6. Ʈ ǻͷ Ʈ  ϱ ؼ ping 
     Ѵ: ping 192.168.0.1
     (̰   LAN  ϴ ̴.  ٱ 
     ping    .)  PING  Ϳ   ٸ Ʈ
      ٽ ȮѴ.

  4.9.  OS/2 Warp 

  1. ̴ ͸   ̹ Ʈ  ġǾ
      ʴٸ  ġѴ. ̹ ġ    
     ٷ ʴ´.

  2. TCP/IP   ġǾ  ʴٸ  ġѴ.

  3. Programs/TCP/IP (LAN) / TCP/IP  .

  4.

  5.

  6.

  7. TCP/IP control panel ݰ ̾  鿡 yes Ѵ.

  8. ý Ѵ.

  9. Ʈ  ϱ ؼ  ȣƮ ping   ִ.
     'OS/2 Command prompt Window' 'ping 192.168.0.1' ԷѴ.
     ping Ŷ ƿ    ̴.

  4.10.  ׿ ٸ ý 

  ׿ ٸ ý   ݱ   Ѵ. 
  ǵ ϱ ٶ.  ٷ  ʴ ýۿ 
  ؼ   ֽ ,  ڼ  ambrose@writeme.com
  dranch@trinnet.net ֱ ٶ.

  5.  IP Ŀ̵ 

   , IP Ŀ̵  .  ȣƮ 
  غ ʾҴٸ,  ϰ  ϴ Ȯϰ,
  /etc/rc.d/rc.firewall å Ѵ. ,  LAN 
  ܺ ͳ   Ǿ ִ ȮѴ.

     Ѵ:

  o  ù°:  Ŀ̵  ǻͿ,  ٸ ǻͷ
     ping غ(  ping 192.168.0.10  ). ̰ 
     LAN ǻͿ TCP/IP  ϴ Ȯ  ִ. 
       ʴ´ٸ,  ǻ͵鿡 TCP/IP   HOWTO
        ߴ ٽ ȮѴ.

  o  ι°:  Ŀ̵  ü, Ŀ̵ Ʈ  IP
     ּҷ ping غ(  ping 192.168.0.1 ).  
     ͳ  ܺ IP ּҷ ping غ.   ܺ ּҴ ISP
      ڱ ڽ PPP, ̴  ּҿ ȴ.   IP ּҸ
     𸥴ٸ, "/sbin/ifconfig" ؼ ͳ ּҸ ˾Ƴ.
     ̰ Ŀ̵  Ʈ  Ǿ ִ 
      ִ.

  o  °:  ٽ Ŀ̵ Ǵ  ǻͿ, Ŀ̵
      ȣƮ  ̴ ī忡  IP ּҷ ping
     غ(  ping 192.168.0.1 ).  ̰  Ʈ
       ǰ ִ Ȯ  ִ.   ̰
     Ѵٸ, Ŀ̵   ǻ ̴ ī尡
     "" Ǿ ִ ȮѴ.  ̴ ̴ ī ޸̳
     ̴ /ġ( ִٸ) LED ϴ Ȯϸ ȴ.

  o  ׹°:   ǻͿ, Ŀ̵  ܺη 
     TCP/IP ּҷ ping غ.   ּҴ ISP   PPP,
     ̴  ּ ̴.   ping ׽Ʈ, Ŀ̵(Ư
     ICMP Ŀ̵)  ۵ϰ ִ Ȯ  ִ.  
     ̰   ʴ´ٸ, Ŀ "ICMP Masquerading"
     ϵ Ǿ ִ /etc/rc.d/rc.firewall ũƮ "IP
     Forwarding" ߴ ȮѴ.  /etc/rc.d/rc.firewall å
      εǾ ȮѴ.  /etc/rc.d/rc.firewall ũƮ
      ؼ  ϴ ȮѴ.

    ۵ ʴ´ٸ,     Ȯ .

  o  "ifconfig" : ͳ  UP Ǿ ִ ͳ ῡ  
     IP ּҰ Ǿ ִ ȮѴ.

  o  "netstat -rn" : Ʈ Ʈ(Gateway κп 0.0.0.0 ƴ IP
     ּҰ ִ ) Ǿ ִ ȮѴ.

  o  "cat /proc/sys/net/ipv4/ip_forward" : "1" ϸ 
      Ǿ ִ ε ̷  ȮѴ.

  o  Ŀ 2.0.x "/sbin/ipfwadm -F -l", Ŀ 2.2.x
     "/sbin/ipchains -F -L" : Ŀ̵ Ȱȭ Ǿ ִ
     ȮѴ.

  o  ټ°:  Ŀ̵Ǵ  ǻͿ, ͳݻ ִ 
     IP ּҷ ping غ ( , ping 152.19.254.81   (
     ּҴ LDP Ȩ http://metalab.unc.edu  ̴ּ).  ̰
     ϸ, ͳ  ICMP Ŀ̵  ̷
     ִٴ  ǹѴ.    , ͳ  ٽ
     ȮѴ.  ٽ Ȯߴµ  ,   
     rc.firewall å ϰ ִ Ŀ ICMP Ŀ̵
     Ͽ ߴ ȮѴ.

  o  °:   ܺ "IP ּ" telnet غ(  telnet
     152.2.254.81 (metalab.unc.edu -   ϰ  ɸ 
     α Ʈ ޱ ð ɸ  ִ).   ð
      Ŀ α Ʈ ޴°?  ̰ ϸ, TCP
     Ŀ̵  ϰ ִ ̴.   
     ߴٸ, telnet ϴ  ߿  ˰ ִ 
     õ . (  198.182.196.55 (www.linux.org).  
      ʴ´ٸ,     rc.firewall å ϰ
     ִ ȮѴ.

  o  ϰ°:   ܺ "ȣƮ ̸" telnet غ( 
     "telnet metalab.unc.edu" (152.2.254.81).  ̰ ϸ, DNS
      ϰ ִ ̴.  ̰   "׹°"
     ܰ ߴٸ, Ŀ̵  ǻͿ DNS  
      ߴ ȮѴ.

  o  °:   ν, Ŀ̵  ǻͿ 
      ؼ 'INTERNET' WWW Ʈ  
     ǥð Ǵ ȮѴ.   , Linux Documentation Project
     site  .  ̰ ϸ,   Ǹϰ ϰ
     ִ ̴!

    Ʈ Ȩ   ִٸ, Ѵ!  ߴ!
    Ʈ    ִٸ, PING, TELNET, SSH ǥ Ʈ
  ŵ, õ IP Ŀ̵  ϸ FTP, Real Audio, IRC
  DCCs, Quake I/II/III, CuSeeme, VDOLive   ̴!  FTP,
  IRC, RealAudio, Quake I/II/III   ʰų νϰ
  Ѵٸ, "lsmod" õ Ŀ̵  
  Ǿ ִ Ȯϰų   Ʈ Ǿ ִ
  ȮѴ.  ʿ  Ǿ  ʴٸ, /etc/rc.d/rc.firewall
  ũƮ   ϵ Ǿ ִ ȮѴ. ( 
  ش IP Ŀ̵  ִ κ "#" ڸ )

  6.  ׿ IP Ŀ̵  װ Ʈ 

  6.1.  IP Ŀ̵ 

   TCP/IP  α׷ , Ʈ ȣ  ͵ ڱ
   ϰų ׵  TCP/IP ּҳ Ʈ ȣ ȣȭϱ
  ,  IP Ŀ̵ ؼ   ʴ´.
  ȣȭ   Ǵ  ϴ α׷, Ư
  Ͻ 簡, Ŀ̵ ڵ  Ư IP Ŀ̵ 
  ߰ؾ ۵Ѵ.

  6.2.  ܺηκ  

  ⺻,  IP Ŀ̵ ܺηκ  񽺵
   ó Ѵ. , ̰ ó  ִ  
  ִ.

      ʿ  ʴ´ٸ,  û 
  IP Ʈ  ָ ȴ.  ̸ ϴ   ,
     IPPORTFW ϴ ̴.   ڼ 
  ``''  Ѵ.

  ܺηκ  񽺵鿡 ؼ   
  Ϸ, TCP-wrappers Xinetd  ؼ Ư IP ּҸ ų
   ִ.     ؼ TIS Firewall Toolkit
  캸  ̴.

  ܺηκ   ȿ  ڼ  TrinityOS
  <http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri>  IP
  Masquerade Resource <http://ipmasq.cjb.net> ã   ̴.

  6.3.  Ǵ Ŭ̾Ʈ Ʈ ׿   ˾Ƶ 

       ** Linux Masquerade Application list <http://www.tsmser
       vices.com/masq>  IP Ŀ̵ ؼ ϴ
       α׷鿡  ٷ     ִ.
        Ʈ  Steve Grevemeyer ϰ , ״
       ǳ Ÿ̽  Ҵ.  Ǹ
       ڿ̴!

  Ϲ, ǥ TCP UDP ϴ α׷  ۵
  ̴.   ̳ Ʈ ִٸ IP Masquerade Resource
  <http://ipmasq.cjb.net/> Ȯؼ ڼ  Ȯϱ ٶ.

  6.3.1.  IP Ŀ̵ Բ -ϴ-  Ʈ Ŭ̾Ʈ

  Ϲ Ŭ̾Ʈ:

     Archie
        Ǵ  ÷, ȭ ˻ Ŭ̾Ʈ ( archie
        Ŭ̾Ʈ  ʴ´).

     FTP
        Ǵ  ÷, active FTP  ؼ ip_masq_ftp.o
        Ŀ  .

     Gopher client
        Ǵ  ÷.

     HTTP
        Ǵ  ÷,  .

     IRC
        Ǵ  ÷ ϴ  IRC Ŭ̾Ʈ, DCC
        ip_masq_irc.o  ؼ .

     NNTP (USENET)
        Ǵ  ÷, USENET  Ŭ̾Ʈ.

     PING
         ÷, ICMP Ŀ̵ Ŀ ɼ 

     POP3
        Ǵ  ÷, ̸ Ŭ̾Ʈ.

     SSH
        Ǵ  ÷, Ȼ  TELNET/FTP Ŭ̾Ʈ.

     SMTP
        Ǵ  ÷, Sendmail, Qmail, PostFix ̸ .

     TELNET
        Ǵ  ÷,  .

     TRACEROUTE
        UNIX Windows  ÷,     
        ִ.

     VRML
        Windows(Ǵ  ÷ ¼ ),  .

     WAIS client
        Ǵ  ÷.

  Ƽ̵  Ŭ̾Ʈ:

     Alpha Worlds
        Windows, Ŭ̾Ʈ-  3D ä α׷.

     CU-SeeMe
        Ǵ  ÷, ip_masq_cuseeme  , ڼ 
        ``''  .

     ICQ
        Ǵ  ÷.   Ŀ IPPORTFW ϵ
        ϵǾ ϸ, ICQ NON-SOCKS Ͻ ʿ ϵ
        Ǿ Ѵ.     ڼ  ``'' ǿ
        Ȯ  ִ.

     Internet Phone 3.2
        Windows, Peer-to-peer   ,  ȭ ûϴ
        쿡  , ٸ  ſ ȭ û
         ְ Ϸ Ư Ʈ ϵ ؾ Ѵ. ڼ
         ``''  Ѵ.

     Internet Wave Player
        Windows, Ʈ Ʈ (network streaming audio).

     Powwow
        Windows, Peer-to-peer  ؽƮ, ,  , 
        ȭ ûϴ 쿡  , ٸ 
        ſ ȭ û  ְ Ϸ Ư Ʈ ϵ
        ؾ Ѵ. ڼ  ``''  Ѵ.

     Real Audio Player
        Windows, Ʈ Ʈ (network streaming audio),
        ip_masq_raudio UDP  ϸ      ִ.

     True Speech Player 1.1b
        Windows, Ʈ Ʈ (network streaming audio)

     VDOLive
        Windows, ip_masq_vdolive ġ .

     Worlds Chat 0.9a
        Windows, Ŭ̾Ʈ-  3D ä α׷.

   - LooseUDP ġ  ڼ  ``''  ϱ ٶ.

     Battle.net
         , TCP Ʈ 116 118 UDP Ʈ 6112 
        ϴ ǻͷ IP (IPPORTFW) Ѵ. ڼ 
        ``''  ϱ ٶ. FSGS Bnetd  NAT 
        ϵ   ʱ  IPPORTFW ʿ Ѵ.

     BattleZone 1.4
        LooseUDP ġ ϰ ο NAT  ϴ .DLLs from
        Activision ϸ Ѵ.

     Dark Reign 1.4
        LooseUDP ġ ϰų TCP Ʈ 116 118 UDP Ʈ 6112
         ϴ ǻͷ IP (IPPORTFW) Ѵ. ڼ
         ``''  ϱ ٶ.

     Diablo
        LooseUDP ġ ϰų TCP Ʈ 116 118 UDP Ʈ 6112
         ϴ ǻͷ IP (IPPORTFW) Ѵ.
        Diablo ο  TCP Ʈ 6112 UDP Ʈ 6112
        Ѵ. ڼ  ``''  ϱ ٶ.

     Heavy Gear 2
        LooseUDP ġ ϰų TCP Ʈ 116 118 UDP Ʈ 6112
         ϴ ǻͷ IP (IPPORTFW) Ѵ. ڼ
         ``''  ϱ ٶ.

     Quake I/II/III
        ٷ ۵, Ŀ̵  ʿ Quake I/II/III
        ÷̾   ̻   ip_masq_quake  ʿϴ.
        ,,   ⺻δ Quake I QuakeWorld Ѵ.
        Quake II ϰ ϰų  ⺻  ̿ Ʈ
        ϰ  , ``'' ``''  ġ  ϶.

     StarCraft
        LooseUDP ġ ϰ TCP UDP 6112 Ʈ Ŀ̵
          Ϸ ǻͷ (IPPORTFW)־ Ѵ.
        ڼ  ``''  ϱ ٶ.

     WorldCraft
        LooseUDP ġ ϸ Ѵ.

  ׿ Ŭ̾Ʈ:

     Linux net-acct package
        Linux, Ʈ -ī  Ű

     NCSA Telnet 2.3.08
        DOS, TELNET, FTP, PING Ե Ű

     PC-anywhere for Windows
        MS-Windows, TCP/IP ؼ  PC Ѵ. Ư
        Ʈ ϵ  , Ŭ̾Ʈδ 
        ȣƮ()δ  ʴ´. ڼ  ``'' 
        ϱ ٶ.

     Socket Watch
        NTP  - Ʈ ð 

  6.3.2.   ʴ Ŭ̾Ʈ:

     All H.323 programs
        - MS Netmeeting, Intel Internet Phone Beta 2 -  
        Ҹ θ( ) ޵ȴ. ̸ ذ 
        ν, Equivalence's PhonePatch
        <http://www.equival.com.au/phonepatch/index.html> H.323
        gateway ϱ ٶ.

     Intel Streaming Media Viewer Beta 1
           .

     Netscape CoolTalk
           .

     WebPhone
          ʴ´. ( α׷ IP ּҿ  ߸
         Ѵ.)

  6.4.      IP ȭ(IPFWADM) å

   ǿ Ŀ 2.0.x Ǵ ȭ  IPFWADM  
  ɵ ִ ȳ Ƿ ִ. IPCHAINS(2.2.x ) å鿡 ؼ
    Ѵ.

    ȭ/Ŀ̵ ý  ּҸ  PPP 
  ؼ ϴ ̴.( PPP  ͵ ԵǾ  ڸƮ
  óǾ ִ.)   ̽ 192.168.0.1̰, PPP ̽
  IP ּҴ ߸  ؼ  ٸ ּҷ üǾ :)  IP
  Ǫ()  ̳ Ŀ̵ ϱ ؼ
    ̽   .   
    Ǿ ִ (δ źεȴ).  ⿡ 
  rc.firewall ũƮ ϰ  IP Ŀ̵ ڽ ״´ٸ,
   Ȳ µ  ߴ Ȯϰ, /var/log/messages
  /var/adm/messages ý αȭ Ѵ.
  PPP, ̺  ؼ  ϱ , "  IP
  Ŀ̵ IPFWADM å" ؼ, TrinityOS - Section 10
  <http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri>
  GreatCircle's Firewall WWW page ϱ ٶ.

  : ISPκ(PPP, ADSL, ̺  )  TCP/IP ּҸ ޾Ҵٸ
  ýÿ  " " å ε  .   IP ּҸ
  Ҵ  ȭ åȭ ٽ εϰų,
  /etc/rc.d/rc.firewall åȭ    ʿ䰡 ִ.
  PPP  쿡, "Dynamic PPP IP fetch" κ   ٽ о
    κ ڸƮ  ش.    ȭ å
   IP ּҿ   ڼ  TrinityOS - Section 10
  <http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri> 
  Ѵ.

    GUI  ȭ   ִ. ڼ  ``''
   Ѵ.

  ,  PPP IP ּҸ ϰ ִٸ, "ppp_ip =
  "your.static.PPP.address""  Ǿ ִ   IP ּҿ °
  ٲ۴.

  ----------------------------------------------------------------

  #!/bin/sh
  #
  # /etc/rc.d/rc.firewall: An example of a semi-STRONG IPFWADM firewall ruleset
  #

  PATH=/sbin:/bin:/usr/sbin:/usr/bin

  # testing, wait a bit then clear all firewall rules.
  # uncomment following lines if you want the firewall to automatically
  # disable after 10 minutes.
  # (sleep 600; \
  # ipfwadm -I -f; \
  # ipfwadm -I -p accept; \
  # ipfwadm -O -f; \
  # ipfwadm -O -p accept; \
  # ipfwadm -F -f; \
  # ipfwadm -F -p accept; \
  # ) &

  # Load all required IP MASQ modules
  #
  #   NOTE:  Only load the IP MASQ modules you need.  All current IP MASQ modules
  #          are shown below but are commented from loading.

  # Needed to initially load modules
  #
  /sbin/depmod -a

  # Supports the proper masquerading of FTP file transfers using the PORT method
  #
  /sbin/modprobe ip_masq_ftp

  # Supports the masquerading of RealAudio over UDP.  Without this module,
  #       RealAudio WILL function but in TCP mode.  This can cause a reduction
  #       in sound quality
  #
  #/sbin/modprobe ip_masq_raudio

  # Supports the masquerading of IRC DCC file transfers
  #
  #/sbin/modprobe ip_masq_irc

  # Supports the masquerading of Quake and QuakeWorld by default.  This modules is
  #   for for multiple users behind the Linux MASQ server.  If you are going to play
  #   Quake I, II, and III, use the second example.
  #
  #Quake I / QuakeWorld (ports 26000 and 27000)
  #/sbin/modprobe ip_masq_quake
  #
  #Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
  #/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960

  # Supports the masquerading of the CuSeeme video conferencing software
  #
  #/sbin/modprobe ip_masq_cuseeme

  #Supports the masquerading of the VDO-live video conferencing software
  #
  #/sbin/modprobe ip_masq_vdolive

  #CRITICAL:  Enable IP forwarding since it is disabled by default since
  #
  #           Redhat Users:  you may try changing the options in /etc/sysconfig/network from:
  #
  #                       FORWARD_IPV4=false
  #                             to
  #                       FORWARD_IPV4=true
  #
  echo "1" > /proc/sys/net/ipv4/ip_forward

  # Dynamic IP users:
  #
  #   If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following
  #       option.  This enables dynamic-ip address hacking in IP MASQ, making the life
  #       with Diald and similar programs much easier.
  #
  #echo "1" > /proc/sys/net/ipv4/ip_dynaddr

  # Specify your Static IP address here.
  #
  #   If you have a DYNAMIC IP address, you need to make this ruleset understand your
  #   IP address everytime you get a new IP.  To do this, enable the following one-line
  #   script.  (Please note that the different single and double quote characters MATTER).
  #
  #   You will also need to either create the following link or have your existing
  #   /etc/ppp/ip-up script run the /etc/rc.d/rc.firewall script.
  #
  #       ln -s /etc/rc.d/rc.firewall /etc/ppp/ip-up
  #
  #   If the /etc/ppp/ip-up file already exists, you should edit it and add a line
  #   containing "/etc/rc.d/rc.firewall" near the end of the file.
  #
  #   If you aren't already aware, the /etc/ppp/ip-up script is always run when a PPP
  #   connection comes up.  Because of this, we can make the ruleset go and get the
  #   new PPP IP address and update the strong firewall ruleset.
  #
  #   PPP users:  If your Internet connect is via a PPP connection, the following
                  one-line script will work fine.
  #
  #   DHCP users:  If you get your TCP/IP address via DHCP, you will need to replace
  #                the word "ppp0" with the name of your external Internet connection
  #               (eth0, eth1, etc).  It should be also noted that DHCP can change
  #               IP addresses on you.  To fix this, users should configure their
  #               DHCPc or DHCP client to re-run the firewall ruleset when their
  #               DHCP lease is renewed.  For DHCPcd users, use the "-c" option.
  #
  #ppp_ip = "`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
  #
  ppp_ip = "your.static.PPP.address"

  # MASQ timeouts
  #
  #   2 hrs timeout for TCP session timeouts
  #  10 sec timeout for traffic after the TCP/IP "FIN" packet is received
  #  60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec firewall timeout in ICQ itself)
  #
  /sbin/ipfwadm -M -s 7200 10 60

  #############################################################################
  # Incoming, flush and set default policy of reject. Actually the default policy
  # is irrelevant because there is a catch all rule with deny and log.
  #
  /sbin/ipfwadm -I -f
  /sbin/ipfwadm -I -p reject

  # local interface, local machines, going anywhere is valid
  #
  /sbin/ipfwadm -I -a accept -V 192.168.0.1 -S 192.168.0.0/24 -D 0.0.0.0/0

  # remote interface, claiming to be local machines, IP spoofing, get lost
  #
  /sbin/ipfwadm -I -a reject -V $ppp_ip -S 192.168.0.0/24 -D 0.0.0.0/0 -o

  # remote interface, any source, going to permanent PPP address is valid
  #
  /sbin/ipfwadm -I -a accept -V $ppp_ip -S 0.0.0.0/0 -D $ppp_ip/32

  # loopback interface is valid.
  #
  /sbin/ipfwadm -I -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0

  # catch all rule, all other incoming is denied and logged. pity there is no
  # log option on the policy but this does the job instead.
  #
  /sbin/ipfwadm -I -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o

  #############################################################################
  # Outgoing, flush and set default policy of reject. Actually the default policy
  # is irrelevant because there is a catch all rule with deny and log.
  #
  /sbin/ipfwadm -O -f
  /sbin/ipfwadm -O -p reject

  # local interface, any source going to local net is valid
  #
  /sbin/ipfwadm -O -a accept -V 192.168.0.1 -S 0.0.0.0/0 -D 192.168.0.0/24

  # outgoing to local net on remote interface, stuffed routing, deny
  #
  /sbin/ipfwadm -O -a reject -V $ppp_ip -S 0.0.0.0/0 -D 192.168.0.0/24 -o

  # outgoing from local net on remote interface, stuffed masquerading, deny
  #
  /sbin/ipfwadm -O -a reject -V $ppp_ip -S 192.168.0.0/24 -D 0.0.0.0/0 -o

  # outgoing from local net on remote interface, stuffed masquerading, deny
  #
  /sbin/ipfwadm -O -a reject -V $ppp_ip -S 0.0.0.0/0 -D 192.168.0.0/24 -o

  # anything else outgoing on remote interface is valid
  #
  /sbin/ipfwadm -O -a accept -V $ppp_ip -S $ppp_ip /32 -D 0.0.0.0/0

  # loopback interface is valid.
  #
  /sbin/ipfwadm -O -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0

  # catch all rule, all other outgoing is denied and logged. pity there is no
  # log option on the policy but this does the job instead.
  #
  /sbin/ipfwadm -O -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o

  #############################################################################
  # Forwarding, flush and set default policy of deny. Actually the default policy
  # is irrelevant because there is a catch all rule with deny and log.
  #
  /sbin/ipfwadm -F -f
  /sbin/ipfwadm -F -p deny

  # Masquerade from local net on local interface to anywhere.
  #
  /sbin/ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/24 -D 0.0.0.0/0
  #
  # catch all rule, all other forwarding is denied and logged. pity there is no
  # log option on the policy but this does the job instead.
  #
  /sbin/ipfwadm -F -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o

  IPFWADM ϸ,  -I, -O, -F  ɼ ̿ؼ Ư
  Ʈ    ִ.   å ɵ  Ʒ
  , "-a"   å "δ"  Ѵ.  ׷Ƿ,
  Ư    å տ ; Ѵ.   :

  -I  ϸ,      ǻ͵鿡Ը
  ȴ. ȭ ǻ ü  "" Ʈ  
  ִ.   ̰͵ ؼ   ִ.

  /etc/rc.d/rc.firewall å ȭ ߿:

  ... start of -I rules ...

  # reject and log local interface, local machines going to 204.50.10.13
  #
  /sbin/ipfwadm -I -a reject -V 192.168.0.1 -S 192.168.0.0/24 -D 204.50.10.13/32 -o

  # local interface, local machines, going anywhere is valid
  #
  /sbin/ipfwadm -I -a accept -V 192.168.0.1 -S 192.168.0.0/24 -D 0.0.0.0/0

  ... end of -I rules ...

  -O  ϸ, Ŷ Ŀ̵  ϱ  ӵ
   , ȭ ǻ ü  Ʈ   .

  ... start of -O rules ...

  # reject and log outgoing to 204.50.10.13
  #
  /sbin/ipfwadm -O -a reject -V $ppp_ip -S $ppp_ip/32 -D 204.50.10.13/32 -o

  # anything else outgoing on remote interface is valid
  #
  /sbin/ipfwadm -O -a accept -V $ppp_ip -S $ppp_ip/32 -D 0.0.0.0/0

  ... end of -O rules ...

  -F  ϸ, -I   ͺٴ     Ŀ̵
  Ǵ () ǻ͵鸸 ϰ ȭ ǻ ü  Ʈ
    ִ.

  ... start of -F rules ...

  # Reject and log from local net on PPP interface to 204.50.10.13.
  #
  /sbin/ipfwadm -F -a reject -W ppp0 -S 192.168.0.0/24 -D 204.50.10.13/32 -o

  # Masquerade from local net on local interface to anywhere.
  #
  /sbin/ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/24 -D 0.0.0.0/0

  ... end of -F rules ...

  192.168.0.0/24 204.50.11.0   ֵ ϱ  Ư
  å ʿ ʴ.  å ԵǾ ֱ ̴.

   åȭϿ ̽ ϴ    
  ִ.   , "-V 192.168.255.1" ſ "-W eth0"  
  ְ, "-V $ppp_ip" ſ "-W ppp0"   ִ.  "-V" 
  ϴ  IPCHAINS ȣȯ ؼ  ̰, IPFWADM
  Ѵٸ   ̴.

  6.5.      IP ȭ(IPCHAINS) å

   ǿ Ŀ 2.2.x Ǵ ȭ  IPCHAINS  
  ɵ ִ ȳ Ƿ ִ. IPFWADM(2.0.x ) å鿡 ؼ 
   Ѵ.

    ȭ/Ŀ̵ ý  ּҸ  PPP 
  ؼ ϴ ̴.( PPP  ͵ ԵǾ  ڸƮ
  óǾ ִ.)   >̽ 192.168.0.1̰, PPP
  ̽ IP ּҴ ߸  ؼ  ٸ ּҷ
  üǾ :)  IP Ǫ()  ̳ Ŀ̵
  ϱ ؼ   ̽   .
      Ǿ ִ (δ źεȴ).
  ⿡  rc.firewall ũƮ ϰ  IP Ŀ̵
  ڽ ״´ٸ,  >Ȳ µ  ߴ Ȯϰ,
  /var/log/messages /var/adm/messages ý αȭ Ѵ.

  PPP, ̺  ؼ  ϱ , "  IP
  Ŀ̵ IPFWADM å" ؼ, TrinityOS - Section 10
  <http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri>
  GreatCircle's Firewall WWW page ϱ ٶ.

   #1: 2.2.11    2.2.x Ŀ IPCHAINS
  fragmentation bug  ִ.   ,   IPCHAINS å
  ϸ ݿ ǰ ȴ.  װ  Ŀη ׷̵ϱ
  ٶ.

   #2: ISPκ(PPP, ADSL, ̺  )  TCP/IP ּҸ
  ޾Ҵٸ ýÿ  " " å ε  .   IP
  ּҸ Ҵ  ȭ åȭ ٽ εϰų,
  /etc/rc.d/rc.firewall åȭ    ʿ䰡 ִ.
  PPP  쿡, "Dynamic PPP IP fetch" >κ   ٽ
  о   κ ڸƮ  ش.    ȭ
  å  IP ּҿ   ڼ  TrinityOS - Section 10
  <http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri> >
  Ѵ.

    GUI  ȭ   ִ. ڼ  ``''
   Ѵ.
  ,  PPP IP ּҸ ϰ ִٸ, "ppp_ip =
  "your.static.PPP.address""  Ǿ ִ   IP ּҿ °
  ٲ۴.

  ----------------------------------------------------------------

  #!/bin/sh
  #
  # /etc/rc.d/rc.firewall: An example of a Semi-Strong IPCHAINS firewall ruleset.
  #

  PATH=/sbin:/bin:/usr/sbin:/usr/bin

  # Load all required IP MASQ modules
  #
  #   NOTE:  Only load the IP MASQ modules you need.  All current IP MASQ modules
  #          are shown below but are commented from loading.

  # Needed to initially load modules
  #
  /sbin/depmod -a

  # Supports the proper masquerading of FTP file transfers using the PORT method
  #
  /sbin/modprobe ip_masq_ftp

  # Supports the masquerading of RealAudio over UDP.  Without this module,
  #       RealAudio WILL function but in TCP mode.  This can cause a reduction
  #       in sound quality
  #
  /sbin/modprobe ip_masq_raudio

  # Supports the masquerading of IRC DCC file transfers
  #
  #/sbin/modprobe ip_masq_irc

  # Supports the masquerading of Quake and QuakeWorld by default.  This modules is
  #   for for multiple users behind the Linux MASQ server.  If you are going to play
  #   Quake I, II, and III, use the second example.
  #
  #Quake I / QuakeWorld (ports 26000 and 27000)
  #/sbin/modprobe ip_masq_quake
  #
  #Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
  #/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960

  # Supports the masquerading of the CuSeeme video conferencing software
  #
  #/sbin/modprobe ip_masq_cuseeme

  #Supports the masquerading of the VDO-live video conferencing software
  #
  #/sbin/modprobe ip_masq_vdolive

  #CRITICAL:  Enable IP forwarding since it is disabled by default since
  #
  #           Redhat Users:  you may try changing the options in /etc/sysconfig/network from:
  #
  #                       FORWARD_IPV4=false
  #                             to
  #                       FORWARD_IPV4=true
  #
  echo "1" > /proc/sys/net/ipv4/ip_forward

  # Get the dynamic IP address assigned via DHCP
  #
  extip="`/sbin/ifconfig eth1 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
  extint="eth1"
  # Assign the internal IP
  intint="eth0"
  intnet="192.168.1.0/24"

  # MASQ timeouts
  #
  #   2 hrs timeout for TCP session timeouts
  #  10 sec timeout for traffic after the TCP/IP "FIN" packet is received
  #  60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec firewall timeout in ICQ itself)
  #
  ipchains -M -S 7200 10 60

  #############################################################################
  # Incoming, flush and set default policy of reject. Actually the default policy
  # is irrelevant because there is a catch all rule with deny and log.
  #
  ipchains -F input
  ipchains -P input REJECT

  # local interface, local machines, going anywhere is valid
  #
  ipchains -A input -i $intint -s $intnet -d 0.0.0.0/0 -j ACCEPT

  # remote interface, claiming to be local machines, IP spoofing, get lost
  #
  ipchains -A input -i $extint -s $intnet -d 0.0.0.0/0 -l -j REJECT

  # remote interface, any source, going to permanent PPP address is valid
  #
  ipchains -A input -i $extint -s 0.0.0.0/0 -d $extip/32 -j ACCEPT

  # loopback interface is valid.
  #
  ipchains -A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT

  # catch all rule, all other incoming is denied and logged. pity there is no
  # log option on the policy but this does the job instead.
  #
  ipchains -A input -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT

  #############################################################################
  # Outgoing, flush and set default policy of reject. Actually the default policy
  # is irrelevant because there is a catch all rule with deny and log.
  #
  ipchains -F output
  ipchains -P output REJECT

  # local interface, any source going to local net is valid
  #
  ipchains -A output -i $intint -s 0.0.0.0/0 -d $intnet -j ACCEPT

  # outgoing to local net on remote interface, stuffed routing, deny
  #
  ipchains -A output -i $extint -s 0.0.0.0/0 -d $intnet -l -j REJECT

  # outgoing from local net on remote interface, stuffed masquerading, deny
  #
  ipchains -A output -i $extint -s $intnet -d 0.0.0.0/0 -l -j REJECT

  # anything else outgoing on remote interface is valid
  #
  ipchains -A output -i $extint -s $extip/32 -d 0.0.0.0/0 -j ACCEPT

  # loopback interface is valid.
  #
  ipchains -A output -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT

  # catch all rule, all other outgoing is denied and logged. pity there is no
  # log option on the policy but this does the job instead.
  #
  ipchains -A output -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT

  #############################################################################
  # Forwarding, flush and set default policy of deny. Actually the default policy
  # is irrelevant because there is a catch all rule with deny and log.
  #
  ipchains -F forward
  ipchains -P forward DENY

  # Masquerade from local net on local interface to anywhere.
  #
  ipchains -A forward -i $extint -s $intnet -d 0.0.0.0/0 -j MASQ
  #
  # catch all rule, all other forwarding is denied and logged. pity there is no
  # log option on the policy but this does the job instead.
  #
  ipchains -A forward -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT

  IPCHAINS ϸ,  "input", "output", "forward" Ģ
  ؼ Ư Ʈ    ִ.   å ɵ
   Ʒ , "-A"   å "δ" 
  Ѵ.  ׷Ƿ, Ư    å տ ;
  Ѵ.   :

  "input" Ģ:     ǻ͵鿡Ը ȴ.
  ȭ ǻ ü  "" Ʈ   ִ. 
   ̰͵ ؼ   ִ.

  /etc/rc.d/rc.firewall å ȭ ߿:

  ... start of "input" rules ...

  # reject and log local interface, local machines going to 204.50.10.13
  #
  /sbin/ipfwadm -I -a reject -V 192.168.0.1 -S 192.168.0.0/24 -D 204.50.10.13/32 -o

  # local interface, local machines, going anywhere is valid
  #
  /sbin/ipfwadm -I -a accept -V 192.168.0.1 -S 192.168.0.0/24 -D 0.0.0.0/0

  ... end of "input" rules ...

  "output" ϸ, Ŷ Ŀ̵  ϱ 
  ӵ  , ȭ ǻ ü  Ʈ  
  .

  ... start of "output" rules ...

  # reject and log outgoing to 204.50.10.13
  #
  /sbin/ipfwadm -O -a reject -V $ppp_ip -S $ppp_ip/32 -D 204.50.10.13/32 -o

  # anything else outgoing on remote interface is valid
  #
  /sbin/ipfwadm -O -a accept -V $ppp_ip -S $ppp_ip/32 -D 0.0.0.0/0

  ... end of "output" rules ...

  "forward" ϸ, "input"  ͺٴ    
  Ŀ̵ Ǵ () ǻ͵鸸 ϰ ȭ ǻ ü
   Ʈ   ִ.

  ... start of "forward" rules ...

  # Reject and log from local net on PPP interface to 204.50.10.13.
  #
  /sbin/ipfwadm -F -a reject -W ppp0 -S 192.168.0.0/24 -D 204.50.10.13/32 -o

  # Masquerade from local net on local interface to anywhere.
  #
  /sbin/ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/24 -D 0.0.0.0/0

  ... end of "forward" rules ...

  192.168.0.0/24 204.50.11.0   ֵ ϱ  Ư
  å ʿ ʴ.  å ԵǾ ֱ ̴.

  IPFWADMʹ ٸ,  åȭϿ ̽ ϴ 
   Ѱ ̴.  IPCHAINS "-i eth0" ɼ Ѵ.  "-V"
  IPFWADM  IPCHAINS ȣȯ ؼ  ̰,
  IPFWADM Ѵٸ   ̴.

  6.6.    Ʈ IP Ŀ̵ϴ 

    Ʈ Ŀ̵ϴ  ſ ϴ. 켱
  ο ܺ  Ʈ  ϴ Ȯؾ Ѵ.  ׷
  Ŀ Ʈ Ʈ  ٸ ǻ͵鿡Ե ޵ǰ ͳ
  Ŀ̵ǵ  Ѵ.

  ,  ̽ Ŀ̵ 밡ϵ 
  Ѵ.    eth1 (192.168.0.1) eth2 (192.168.1.1) ΰ 
  ̽ ܺη ϴ eth0 ̽ Ŀ̵ǵ
  ϴ ̴.  rc.firewall åȭϿ   ߰Ѵ:

  o  IPFWADM ϴ 2.0.x Ŀο

       #Enable internal interfaces to communication between each other
       /sbin/ipfwadm -F -a accept -V 192.168.0.1 -D 192.168.1.0/24
       /sbin/ipfwadm -F -a accept -V 192.168.1.1 -D 192.168.0.0/24

       #Enable internal interfaces to MASQ out to the Internet
       /sbin/ipfwadm -F -a masq -W eth0 -S 192.168.0.0/24 -D 0.0.0.0/0
       /sbin/ipfwadm -F -a masq -W eth0 -S 192.168.1.0/24 -D 0.0.0.0/0

  o  IPCHAINS ϴ 2.2.x Ŀο

       #Enable internal interfaces to communication between each other
       /sbin/ipchains -A forward -i eth1 -d 192.168.1.0/24
       /sbin/ipchains -A forward -i eth2 -d 192.168.0.0/24

       #Enable internal interfaces to MASQ out to the Internet
       /sbin/ipchains -A forward -j MASQ -i eth0 -s 192.168.0.0/24 -d 0.0.0.0/0
       /sbin/ipchains -A forward -j MASQ -i eth0 -s 192.168.1.0/24 -d 0.0.0.0/0

  6.7.  IP Ŀ̵ ȭ 

  1. ͳݿ ϱ ؼ ڵ ȭ  ϵ ϰ
     Ѵٸ, Diald  ȭɱ⳪ PPPd   ϴ 
      ̴.    Diald ϴ  Ѵ.

  2. Diald ϱ ؼ, Setting Up Diald for Linux Page
     <http://home.pacific.net.sg/~harish/diald.config.html> TrinityOS
     - Section 23
     <http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri>
     캸 ٶ.

  3. ϴ Diald IP Ŀ̵  ǰ ,
     Ŀ̵Ǵ Ŭ̾Ʈ ̳ telnet, ftp 
     Ϸ ϸ  box ڵ ͳ   ̴.

  4. ó   ð ʰ   ִµ, Ƴα 
     Ѵٸ ¿  .  ü Ӱ PPP   ð
     , Ŭ̾Ʈ α׷(  ) ð ʰ ų
      ִ.   ׷  ƴϴ.  ̷  Ͼ,
      õ(̸׸,   ٽ ) ϸ  ʹ
       ̴. Ǵ, echo "1" >
     /proc/sys/net/ipv4/ip_dynaddr Ŀο ɼ ־ ̷ ʱ
        ذ  ִ.

  6.8.  IPPORTFW, IPMASQADM, IPAUTOFW, REDIR, UDPRED  Ÿ Ʈ
   

  IPPORTFW, IPAUTOFW, REDIR, UDPRED  Ÿ ٸ α׷ 
  IP Ŀ̵带  Ϲ TCPǴ UDP Ʈ  ̴.
  ̷  Ϲ,  FTP, Quake   Ư IP
  Ŀ̵  Բ ǰų üؼ ȴ. Ʈ 
   ϸ, ͳκ  ӵ, IP Ŀ̵
  ڿ  ּҸ  ִ ǻͷ    ִ. ̷
    TELNET, WWW, SMTP, FTP (Ư ġ ʿ Ѵ -
  Ʒ  ), ICQ  ٸ  Ʈ ݵ ó  ִ.

  :  IP Ŀ̵   Ʈ  ϱ Ѵ ص,
   Ŀΰ IPFWADM IPCHAINS å  IP Ŀ̵ 
  ߰ϰ  Ʈ   ؾ Ѵ.

  ׷ ̰͵ ̴ ΰ? IPAUTOFW, REDIR UDPRED( URL
  ``'' ǿ ִ) IP Ŀ̵ ڰ   ϱ
  ؼ ʿ ʱ ̾. ð 帣,  IP
  Ŀ̵尡 ϸ鼭,     ذå IPPORTFW
  üǾ. ο  밡ϰ Ǿ , IPQUTOFW
  REDIR    ϴ  *ſ ٶ ʴ*.
  ̵ Ŀΰ Բ   ϰų   
   ı  ִ.

  2.0.x  IPPORTFW 2.2.x  IPMASQADM IPPORTFW Բ
  ϱ , ٸ Ʈ   ϸ Ʈ  
  ų  ִ.   ̷  TCP/UDP Ʈ ϱ
  ؼ ⺻ Ŷ ȭ   ̴. ̰ 
  ӽſ   , Ŷ Ǵ  ǻͿԴ
     ִ. ū  ƴ, IPPORTFW  Steven
  Clarke   Ѵ:

               "شϴ IPFWADM/IPCHAINS å µ, Ʈ 
               Ŀ̵ Լ ҷ. Ŀ̵ IP 
               Ȯȴ. ׷, ipportfw Է° ipfwadm å ο ´
               Ŷ   ִ."

  ̷ ,  ȭ å ϴ  ߿ϴ. 
  ȭ å  ڼ  ``'' ``''  ϱ ٶ.

  , IPPORTFW  2.0.x 2.2.x Ŀο ϱ ؼ, 
  Ŀ IPPORTFW ϵ ؾ Ѵ.

  o  2.0.x Ŀ ڵ Ʒ   Ŀ ɼ ġ ؾ
     Ѵ.

  o  2.2.x Ŀ ڵ IPMASQADM ؼ ̹ IPPORTFW Ŀ ɼ
        ̴.

  6.8.1.  2.0.x Ŀο IPPORTFW 

  켱, /usr/src/linux 丮  ֽ 2.0.x Ŀ ϴ
  ȮѴ.  ٸ, ``'' ǿ ڼ  Ѵ. ,
  ``'' ǿ "ipportfw.c" α׷ "subs-patch-x.gz" Ŀ ġ
  ٿεؼ /usr/src/ 丮  Ǭ.

  : "subs-patch-x.gz" ȭϸ "x"  Ʈ   ִ
   ֽ  ġѴ.

  , IPPORTFW ġ(subs-patch-x.gz)  丮 Ѵ.

               cp /usr/src/subs-patch-1.37.gz /usr/src/linux

  , IPPORTFW Ŀ ɼ ϱ ؼ Ŀ ġ Ѵ:

          cd /usr/src/linux
          zcat subs-patch-1.3x.gz | patch -p1

  , FTP    Ʈ ϰ Ѵٸ, ``''
  ǿ   ִ ο IP_MASQ_FTP  ġ ؾ Ѵ. ڼ
      κп  ִ.

  , ``'' ǿ ִ ó Ŀ  ̴. Ŀ ϴ
  ܰ迡 IPPORTFW ɼǿ YES ϵ Ѵ. ϴ  
  ο Ŀη Ʈϰ , ٽ   ƿ´.

     Ŀ ؼ,  "IPPORTFW" α׷
  ϰ ġѴ.

               cd /usr/src
               gcc ipportfw.c -o ipportfw
               mv ipportfw /usr/local/sbin

  ,     (Ʈ 80) Ŀ̵Ǵ  ӽ
  ߿ 192.168.0.10 ּҷ  ӽ Ϸ Ѵٰ .

  : ϴ Ʈ 80 Ʈ ϸ,  IP Ŀ̵  
  Ʈ ̻  Ѵ.  ü,  
  Ŀ̵  ̹   ϰ ְ Ʈ 80 
  Ŀ̵Ǵ ǻͷ Ʈ Ѵٸ,  ͳ ڵ IP
  Ŀ̵    ƴ --   
    ̴. ̸ ذϱ      8080
   ٸ Ʈ  Ŀ̵Ǵ ӽ Ʈ ϴ
  ̴. ̷ ϸ Ǳ ,  ͳ ڵ 
  Ŀ̵Ǵ   ϱ ؼ URL :8080 ٿ
  Ѵ.

  ·, Ʈ  ϱ ؼ, /etc/rc.d/rc.firewall
  åȭ Ѵ.  ִ  ߰ϵ, "$extip" 
  ͳ IP ּҷ ġѴ.

  :   ISP κ(PPP, ADSL, ̺ , Ÿ ) 
  TCP/IP ּҸ ޾Ƽ Ѵٸ, /etc/rc.d/rc.firewall åȭ 
     ̴.  å  IP ּҿ 
  ڼ  TrinityOS - Section 10
  <http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri> ϱ
  ٶ.

          /etc/rc.d/rc.firewall
          --

          #echo "Enabling IPPORTFW Redirection on the external LAN.."
          #
          /usr/local/sbin/ipportfw -C
          /usr/local/sbin/ipportfw -A -t$extip/80 -R 192.168.0.10/80

          --

    ƴ! /etc/rc.d/rc.firewall åȭ ٽ Ű 
  !

  ࿡ "ipfwadm: setsockopt failed: Protocol not available"  
  ޽  ȴٸ,   Ŀ ϰ  ʴ ̴.
  ο Ŀ   ġ Ű Ҵ, LILO  ߴ
  Ȯϰ ٽ ѹ ƮѴ.

  FTP  Ʈ :

  FTP  ӽ Ʈ ϰ Ѵٸ,    .
    ǥ IP_MASQ_FTP Ŀ  ̷   
  ʱ ̴.  Fred Viles ̷  ϵ 
  IP_MASQ_FTP  ۼߴ. Ȯ   ˰ ʹٸ,
  Fred  ſ  ۼ  װ ٿε  ٶ.
   ġ ټ   ִٴ ͵ ˾Ƶα ٶ.   
  ġ 2.0.x Ŀο뿡   ִٴ ͵ ˾Ƶα ٶ. 2.2.x
  Ŀη õ   ̷ , ⿡  ְ ʹٸ
  Fred Viles - fv@episupport.com  ̸  ٶ.

     ļ 2.0.x ġ Ѵ:

  o  켱    κп ִ Ͱ  IPPORTFW Ŀ ġ
     Ѵ.

  o  ``'' ǿ ϵ Fred Viles FTP  "msqsrv-patch-36"
     ٿεϰ /usr/src/linux ִ´.

  o  "cat msqsrv-patch-36 | patch -p1" ؼ  ο ڵ
     Ŀ  ġѴ.

  o  ,  "ip_masq_ftp.c" Ŀ  ο  üѴ.

  o  mv /usr/src/linux/net/ipv4/ip_masq_ftp.c
     /usr/src/linux/net/ipv4/ip_masq_ftp.c.orig

  o  mv /usr/src/linux/ip_masq_ftp.c
     /usr/src/linux/net/ipv4/ip_masq_ftp.c

  o   ο ڵ尡  Ŀ ؼ νѴ.

   , /etc/rc.d/rc.firewall åȭ ؼ  
  ߰ϵ "$extip"  ͳ IP ּҷ ġѴ.

  :   ISP κ(PPP, ADSL, ̺ , Ÿ ) 
  TCP/IP ּҸ ޾Ƽ Ѵٸ, /etc/rc.d/rc.firewall åȭ 
     ̴.  å  IP ּҿ 
  ڼ  TrinityOS - Section 10
  <http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri> ϱ
  ٶ.

       FTP (Ʈ 21)  Ŀ̵Ǵ
  ӽ  192.168.0.10 ּҸ  ӽ Ʈ  ̴.

  : ϴ Ʈ 21 Ʈ ϸ,  Ŀ̵  
  Ʈ  ̻   ̴.  ü,  
  Ŀ̵  ̹ FTP  ϰ ִٸ,  ͳ
   FTP  IP Ŀ̵  ƴ϶ -- FTP 
   ̴.

               /etc/rc.d/rc.firewall
               --

               #echo "Enabling IPPORTFW Redirection on the external LAN.."
               #
               /usr/local/sbin/ipportfw -C
               /usr/local/sbin/ipportfw -A -t$extip/21 -R 192.168.0.10/21

               --

    ƴ! /etc/rc.d/rc.firewall åȭ ٽ Ű 
  !

  ࿡ "ipchains: setsockopt failed: Protocol not available"  
  ޽  ȴٸ,   Ŀ ϰ  ʴ ̴.
  ο Ŀ   ġ Ű Ҵ, LILO  ߴ
  Ȯϰ ٽ ѹ ƮѴ. ο Ŀ ϰ ִ 
  Ȯϴٸ, "ls /proc/net"̶ ؼ "ip_portfw" ȭ ִ
  ȮѴ. ٸ, Ŀ ϴ ܰ迡 ΰ Ʈ ̴.
  Ŀ ٽ .

  6.8.2.  2.2.x Ŀο IPPORTFW Բ IPMASQADM 

  켱, /usr/src/linux 丮 ֽ 2.2.x Ŀ ִ ȮѴ.
  ٸ, ``'' ǿ ڼ  Ѵ. , ``'' ǿ
  "ipmasqadm.c" α׷ ٿεؼ /usr/src/ 丮 ִ´.

  , ``'' ǿ ִ Ͱ  2.2.x Ŀ ؾ Ѵ.
  Ŀ ϴ ܰ迡 IPPORTFW ɼǿ YES  Ѵ. ϴ Ŀ
  ؼ Ʈ Ŀ   ƿ´.

  , IPMASQADM  ϰ ġѴ:

               cd /usr/src
               tar xzvf ipmasqadm-x.tgz
               cd ipmasqadm-x
               make
               make install

  ,     (Ʈ 80)  Ŀ̵Ǵ
  ӽ߿ 192.168.0.10 ּҷ  ӽ Ʈ Ѵٰ .

  : FTP  Ʈ ϱ ؼ  IP_MASQ_FTP 
  δ 2.2.x Ŀο    𸥴.  ̸ 
   ʹٸ,   2.2.x Ŀο  . ׸ Ambrose 
  David   Ϸ  ֱ ٶ.

  : ϴ Ʈ 80 Ʈ ϰ ,  IP Ŀ̵
    Ʈ  Ѵ.  ü,  Ŀ̵
   ̹   ϰ ִٸ,  ͳ ڵ 
  IP Ŀ̵  ƴ --     ޾ 
  ̴.

  ·, Ʈ  ϱ ؼ /etc/rc.d/rc.firewall å ȭ
  Ѵ.   ߰ϵ, "$extip"  ͳ IP ּҷ
  ġѴ.

  :  ISPκ(PPP, ADSL, ̺ , Ÿ )  TCP/IP
  ּҸ ޾Ƽ ϰ ִٸ, /etc/rc.d/rc.firewall åȭ 
    ʿ䰡 ִ.  ȭ å  IP ּҿ 
  ڼ ׿ ؼ TrinityOS - Section 10
  <http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri> ϱ
  ٶ. ⿡ Ʈ Ѱ Ѵ:  PPP ڵ 
  /etc/ppp/ip-up ȭ.

               /etc/rc.d/rc.firewall
               --

               #echo "Enabling IPPORTFW Redirection on the external LAN.."
               #
               /usr/sbin/ipmasqadm portfw -f
               /usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 80 -R 192.168.0.10 80

               --

    ƴ! /etc/rc.d/rc.firewall åȭ ٽ Ű 
  !

  ࿡ "ipchains: setsockopt failed: Protocol not available"  
  ޽  ȴٸ,   Ŀ ϰ  ʴ ̴.
  ο Ŀ   ġ Ű Ҵ, LILO  ߴ
  Ȯϰ ٽ ѹ ƮѴ. ο Ŀ ϰ ִ 
  Ȯϴٸ, "ls /proc/net/ip_masq" ؼ "portfw" ȭ ִ
  ȮѴ. ٸ, Ŀ ϴ ܰ迡 ΰ Ʈ ̴.
  Ŀ ٽ .

  6.9.  CU-SeeMe  IP Ŀ̵

   IP Ŀ̵ "ip_masq_cuseeme" Ŀ  ؼ
  CuSeeme Ѵ.  Ŀ  /etc/rc.d/rc.firewall ũƮ
  ޸𸮿 Ǿ Ѵ. ϴ "ip_masq_cuseeme"  ġǸ,
   reflector̳ ڵ鿡  ȣ ų 
  ޾Ƶ  ְ ȴ.

  : CuSeeme ϱ ؼ  IPAUTOFW  ſ IPPORTFW
     Ѵ.

  CuSeeme ϴ  ־  Ȯ  ʿϴٸ, Michael
  Owings's CuSeeMe page <http://www.swampgas.com/vc/ipmcus.htm>
  ̴-Ͽ ų The IP Masquerade Resources ̴-Ͽ
  ̷     ̴.

  6.10.  Mirabilis ICQ

   Ŀ̵  ڿ ICQ ϴ  ΰ ִ.
  Ѱ  ο ICQ Ŀ̵  ϴ ̰, ٸ
  Ѱ IPPORTFW ϴ ̴.

  ICQ   ̵ Բ ѵ ִ.    
  Ŀ̵  ڿ  ICQ   ְ Ѵ. ICQ
  Ŭ̾Ʈ Ư  ʿ  ʴ´. ׷,  ȭ
  ۰ ǽð ä  ʴ´.

  IPPORTFW ؼ ϸ, Ŀ̵  ICQ Ŭ̾Ʈ
  ο    , ICQ ޽ , URL ,
  ä, ȭ      ̴.

  Andrew Deryabin djsf@usa.net 2.2.x Ŀ  ICQ IP Ŀ̵
  ⿡  ִٸ, ``'' ǿ ڼ  Ȯϱ ٶ.

  Ŀ̵  ڿ ICQ ϱ  ټ   
  Ѵٸ   Ѵ:

  o  켱,  Ŀο IPPORTFW  ԽŲ. ڼ  ``''
      Ѵ.

  o  ,   /etc/rc.d/rc.firewall ȭϿ ߰Ѵ. 
      ܺη ϴ  ͳ IP ּҸ 10.1.2.3, 
     Ŀ̵Ǵ ICQ Ŭ̾Ʈ 192.168.0.10 ߴ:

     IPFWADM ϴ 2.0.x Ŀ :

       ΰ  Խ״:  ̵   ̴:

        #1
       --
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2000 -R 192.168.0.10/2000
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2001 -R 192.168.0.10/2001
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2002 -R 192.168.0.10/2002
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2003 -R 192.168.0.10/2003
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2004 -R 192.168.0.10/2004
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2005 -R 192.168.0.10/2005
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2006 -R 192.168.0.10/2006
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2007 -R 192.168.0.10/2007
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2008 -R 192.168.0.10/2008
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2009 -R 192.168.0.10/2009
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2010 -R 192.168.0.10/2010
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2011 -R 192.168.0.10/2011
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2012 -R 192.168.0.10/2012
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2013 -R 192.168.0.10/2013
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2014 -R 192.168.0.10/2014
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2015 -R 192.168.0.10/2015
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2016 -R 192.168.0.10/2016
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2017 -R 192.168.0.10/2017
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2018 -R 192.168.0.10/2018
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2019 -R 192.168.0.10/2019
       /usr/local/sbin/ipportfw -A -t10.1.2.3/2020 -R 192.168.0.10/2020
       --

        #2
       --
       port=2000
       while [ $port -lt 2020 ]
         do
             /usr/local/sbin/ipportfw -A t10.1.2.3/$port -R 192.168.0.10/$port
             port=$((port+1)
         done
       --

  IPCHAINS ϴ 2.2.x Ŀ :

    ΰ  Խ״:  ̵   ̴:

     #1
    --
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2000 -R 192.168.0.10 2000
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2001 -R 192.168.0.10 2001
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2002 -R 192.168.0.10 2002
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2003 -R 192.168.0.10 2003
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2004 -R 192.168.0.10 2004
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2005 -R 192.168.0.10 2005
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2006 -R 192.168.0.10 2006
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2007 -R 192.168.0.10 2007
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2008 -R 192.168.0.10 2008
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2009 -R 192.168.0.10 2009
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2010 -R 192.168.0.10 2010
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2011 -R 192.168.0.10 2011
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2012 -R 192.168.0.10 2012
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2013 -R 192.168.0.10 2013
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2014 -R 192.168.0.10 2014
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2015 -R 192.168.0.10 2015
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2016 -R 192.168.0.10 2016
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2017 -R 192.168.0.10 2017
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2018 -R 192.168.0.10 2018
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2019 -R 192.168.0.10 2019
    /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2020 -R 192.168.0.10 2020
    --

     #2
    --
    port=2000
    while [ $port -lt 2020 ]
      do
          /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 $port -R 192.168.0.10 $port
          port=$((port+1)
      done
    --

  o  ο rc.firewall غǸ,  "/etc/rc.d/rc.firewall"
     ؼ å ٽ εϰ  Ǵ ȮѴ.  
     ٸ, Ŀο IPPORTFW  ԽŰ ʾҰų rc.firewall
     ȭϿ Ÿ  ̴.

  o  , ICQ Preferences()-->Connection(), "Behind a
     LAN(LAN ؼ )" "Behind a firewall or Proxy(ȭ̳
     Ͻø ؼ )" Ѵ. , "Firewall Settings(ȭ
     )" Ŭϰ "I don't use a SOCK5 proxy(SOCK5 Ͻø
      )" Ѵ.  ICQ "Firewall session
     timeouts(ȭ  ѽð)" "30"ʷ ϴ  ,
     ICQ Ҿ ˷. stock timeout setting ϰ
     ܼ Ŀ̵  ѽð 160ʷ ϸ ICQ 
      ȴٴ  ˷.  ѽð ϴ  ``''
     ``'' å Ȯ  ִ. , Next Ŭϰ "Use the
     following TCP listen ports..( TCP Ʈ Ȯ..)"κ
     "2000" "2020" Ѵ.  "Ϸ" ŬѴ.

      ICQ  ݿϱ  ICQ   䱸
     ̴. , ڴ    ǵ ϱ ؼ
     Windows9x Ʈؾ߸  ٸ  ٸ Ѵ. ׷
     ϰ Ϸ ΰ   (ICQ , Ʈ)

  o  ƿ﷯ ˸  ,  ڴ ܼ Ʈ 4000  ICQ
     Ŭ̾Ʈ Ʈ ϴ    Ѵٰ ߴ. ״
     ICQ ⺻  ʰ  (ä, ȭ , Ÿ
     )  ߴٰ ߴ.     ,
     ̷ ǰ߿ ؼ ˰ ;ϴ   ̴.

  6.11.  :  LooseUDP ġ

  LooseUDP ġ, Ϲ  IP Ŀ̵  ڿ
  ϸ鼭 UDP  ϴ, NAT  ϴ ӵ  
  ֵ  ش. , LooseUDP 2.0.36̻ Ŀο ġμ ǰ
  2.2.3̻ Ŀο ̹ ü ԵǾ ִ. ̸ ϱ ؼ,
   ϸ ָ ȴ:

  o  /usr/src/linux 丮 ֽ 2.0.x Ŀ ҽ  ִ
     ȮѴ.

  o   2.0.x  ʿ : ``'' ǿ IPPORTFW
     ġ ٿε ϰ  Ͽ ``'' ǿ   ġѴ.

  o  ``'' ǿ LooseUDP ġ ٿεѴ.

  , LooseUDP ġ /usr/src/linux 丮 ִ´.  
    Ѵ:

        ġ ȭ :  zcat loose-udp-2.0.36.patch.gz | patch -p1

        ʴ ġ ȭ :  cat loose-udp-2.0.36.patch | patch -p1

  , "patch" α׷  ,   ޽ 
  ̴:

       patching file `CREDITS'
       patching file `Documentation/Configure.help'
       patching file `include/net/ip_masq.h'
       patching file `net/ipv4/Config.in'
       patching file `net/ipv4/ip_masq.c'

  ġ  ó "Hunk FAILED" ޽  ȴٸ, ɰ
   ƴϴ. Ƹ  ġ ȭ   ̴. 
   ġ  Ѵٸ, IPPORTFW Ŀ ġ "" ߴ
  Ȯ .

  ġ ġǸ, ``'' ǿ  ִ  Ŀ 籸ϰ "IP:
  loose UDP port managing (EXPERIMENTAL) (CONFIG_IP_MASQ_LOOSE_UDP)
  [Y/n/?]" ɼǿ "Y" Ѵ.

  ϴ LooseUDP  ߰  Ŀ ϸ, NAT  ϴ
  ӵ   ̴. BattleZone̳ ٸ ӵ NAT 
  ϵ  ִ ġ   ִ  URL ִ. ڼ
   ``''  Ѵ.
  7.    (FAQ)

   FAQ ִٸ, ambrose@writeme.com dranch@trinnet.net
  ֱ ٶ.  Ȯϰ ǥϰ  亯 ޾ֱ
  ٶ. ̸ 帰!

  7.1.  IP Ŀ̵带 ٷ   ִ   
  Դϱ?

     IP Ŀ̵带 ٷ    ص
   ʽÿ.   Ͽ   Ŀ ϱ⸸
  ϸ ˴ϴ.

  :  ǥ Ϻ äµ  ְ  
  ambrose@writeme.com̳ dranch@trinnet.net ̸ ֽʽÿ.

  o  Caldera       < v1.2 : NO  - ?

  o  Caldera         v1.3 : YES - 2.0.35 

  o  Caldera         v2.2 : YES - 2.2.5 

  o  Debian          v1.3 : NO  - ?

  o  Debian          v2.0 : NO  - ?

  o  Debian          v2.1 : NO  - 2.2.1 

  o  DLX Linux       v?   :  ?  - ?

  o  DOS Linux       v?   :  ?  - ?

  o  Hal91 Linux     v?   :  ?  - ?

  o  Linux Mandrake  v5.3 : YES - ?

  o  Linux Mandrake  v6.0 : YES - 2.2.5 

  o  Linux PPC       vR4  :  NO - ?

  o  Linux Pro       v?   :  ?  - ?

  o  LinuxWare       v?   :  ?  - ?

  o  MkLinux         v?   :  ?  - ?

  o  MuLinux         v3rl : YES - ?

  o  Redhat        < v4.x : NO  - ?

  o  Redhat          v5.0 : YES - ?

  o  Redhat          v5.1 : YES - ?

  o  Redhat          v5.2 : YES - 2.0.36 

  o  Redhat          v6.0 : YES - 2.2.5 

  o  Slackware       v3.0 :  ?  - ?

  o  Slackware       v3.1 :  ?  - ?

  o  Slackware       v3.2 :  ?  - ?

  o  Slackware       v3.3 :  ?  - 2.0.34 

  o  Slackware       v3.4 :  ?  - ?

  o  Slackware       v3.5 :  ?  - ?

  o  Slackware       v3.6 :  ?  - ?

  o  Slackware       v3.9 :  ?  - 2.0.37pre10 

  o  Slackware       v4.0 :  ?  - ?

  o  Stampede Linux  v?   :  ?  - ?

  o  SuSE            v5.2 : YES - ?

  o  SuSE            v5.3 : YES - ?

  o  SuSE            v6.0 : YES - ?

  o  SuSE            v6.1 : YES - 2.2.5 

  o  Tomsrbt Linux   v?   :  ?  - ?

  o  TriLinux        v?   :  ?  - ?

  o  TurboLinux      v?   :  ?  - ?

  o  Yggdrasil Linux v?   :  ?  - ?

  7.2.  IP Ŀ̵尡 ϱ  ּ ϵ 
  ѻ Դϱ?  Դϱ?

  16MB RAM  486/66ε 1.54Mb/s T1 100% óϰ Ҿ!
  Ŀ̵ 386SX-16s  8BM RAM   Ѵٰ
  ˷ ִ. ׷, Ŀ̵ ׸ 500   IP
  Ŀ̵嵵 ̱ Ѵٴ ͵ ˾Ƶξ  ̴.

   IP Ŀ̵带 ó ߰   ִ 
  α׷δ, ڰ ƴ  GameSpy̴.   
   , ſ ª ð 10,000   ʿ ϱ
  ̴.    , Ŀ̵ ̺ ""  ȴ.
  ڼ  FAQ ``''  캸 ٶ.

  ϴ 迡  :

  TCP UDP 4096   Ѱ谡 ִ.  Ѱ
  /usr/src/linux/net/ipv4/ip_masq.h  ǵ帮   ִ -
   Ѱ 32000  . Ѱġ ϰ ʹٸ -
  PORT_MASQ_BEGIN  PORT_MASQ_END  32K  64K  
  ϸ ȴ.

  7.3.    Ȯ,  IP Ŀ̵尡 
  ʽϴ.  ؾ մϱ?

  o  켱   ʽÿ.  ϵ簡, Ŀǳ, 簡.
     ׸  ʽÿ. ϴ  Ǿ, Ʒ ִ ȴ
     Ͻʽÿ.  IP Ŀ̵带 ϴ   ,
          ֽϴ.

  o  ,  ٽ ``'' ǿ ִ ʹ Ͻʽÿ. Ŀ̵带
     ó ϴ  ߿  ߻  99%  
      ʾ ̴ϴ.

  o  IP Masquerade Mailing List Archives
     <http://www.indyramp.com/lists/masq/> Ȯ ʽÿ. 
     ̳   κ  ̰,  Archive
     ˻   ã   ̴ϴ.

  o  TrinityOS
     <http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri> 
     Ȯ ʽÿ.   2.0.x  2.2.x Ŀο IP
     Ŀ̵ ϴ Ϳ ؼ ٷ , PPPd, DialD,
     DHCP, DNS, Sendmail̳ ׿  ٷ ֽϴ.

  o  Ȥó  ROUTED GATED ϰ  ʴ
     ȮϽʽÿ. Ȯϱ ؼ, "ps aux | grep -e routed -e
     gated"  ʽÿ.

  o    IP Ŀ̵ ϸ Ʈ ʽÿ(ڼ
      FAQ   Ͻʽÿ). ,    IP
     Ŀ̵ Archive ã   ʽÿ. ̸ 
      ``'' ǿ ִ     ݵ
     ԽŰʽÿ!!

  o    õ  NNTP ׷ ʽÿ.

  o  ambrose@writeme.com dranch@trinnet.net ̸ ʽÿ.
     , 츮鿡 ϴ ͺ IP Ŀ̵ ϸ
     Ʈ ϴ  Ⱑ  ̴ϴ.

  o    ٽ ȮϽʽÿ. :-)

  7.4.  IP Ŀ̵峪 IP Ŀ̵  ϸ Ʈ
  ϰų  ؼ  ؾ մϱ?

   IP Ŀ̵ ϸ Ʈ ϴ  ΰ
  ֽϴ. ù°  masq-request@indyramp.com  
  Դϴ.  IP Ŀ̵  ϸ Ʈ ϱ
  ؼ, masq-dev-request@indyramp.com  ʽÿ. 
  ڼ  Ʒ 縦 Ͻʽÿ.

  o  ̸ ؼ ()ϱ:   ̳ 
     "subscribe" ܾ ԷϽʽÿ.  Ŀ̵  ϸ
     Ʈ Ŀ̵  Ʈ ǿ ϱ Ѵٸ
     ( Ʈ   ̸ Ͽ ѹ   "ū"
     ̸Ϸ п  ̴ϴ),  ̳ 
     "subscribe"  "subscribe digest" ԷϽʽÿ.

     ϴ   û ,  û Ʈ
     ԽŰ п н带  ̴ϴ.  н带
     򰡿  ʽÿ. ɼ ϰų Ʈ Ż 
     ʿմϴ.

  ι°    ̿ؼ ϴ ̴ϴ. Ŀ̵ 
  Ʈ Ϸ http://www.indyramp.com/masq-list/ Ŀ 缭
  ϰ, Ŀ̵  Ʈ Ϸ
  http://www.indyramp.com/masq-dev-list/ ̿Ͻʽÿ.

  ϴ Եǰ , Ե Ʈ ̸  ̴ϴ.  Ѱ
  ˷  Ʈ ϵ  ʵ,  Ʈ archive 
   ֽϴ. ڼ   ִ    URL Ͻʽÿ.

   ˷ , Ŀ̵ Ʈ  ø ؼ
  ó ߴ  ּҸ ̿ؾ Ѵٴ ̴ϴ.

  ϸ Ʈ ϸ Ʈ archive   ߻ϸ, Robert
  Novak Ͻʽÿ.

  7.5.  IP Ŀ̵尡 Ͻ(Proxy) NAT 񽺿 ٸ 
  Դϱ?

  Proxy:  Ͻ   ȯ濡 밡: Win95, NT, Linux, Solaris, Ÿ.

                  :   + Ѱ IP ּ ; 
                          +   ( ) ؼ  ĳ 

                  :   - Ͻ  ڿ ִ  α׷
                            Ͻ (SOCKS) ؾ ϰ Ͻ 
                            ϵ Ǿ Ѵ
                          -  īͳ   α׷ ȥŲ

           Ͻ , IP Ŀ̵ ,  Ѱ  IP ּҸ
           ϰ,  LAN ִ Ŭ̾Ʈ(  ) 
            Ѵ.  Ͻ   Ʈκ  TELNET, FTP,
                ̽ ؼ ޾Ƶδ. ׸ ,
           Ͻ  ü  û ó ٲپ ܺη .
           ϴ  ͳ  û  , Ͻ 
           TCP/IP ּҸ  Ŭ̾Ʈ ּҷ ٽ ϰ ο
           ûߴ ȣƮ ش. ̷  "Ͻ(븮)" 
           θ.

                   :   ӽŵ鿡 ϴ  α׷
                          *ݵ* Ͻ   ؾ Ѵ.  ,
                          Netscape   TELNET̳ FTP Ŭ̾Ʈ.
                          Ͻ   ʴ Ŭ̾Ʈ 
                           ̴.

           Ͻ     Ѱ   ĳ ɵ ߰
           ִٴ ̴(WWW ϴ Squid). ׷, 50 ϽõǴ
           ȣƮ ְ,  Ѳ Netscape Ѵٰ . ׵
           Ʈ Ǿ ִ Ȩ URL Ǿٸ, 50  Netcape
             ݿ ޾ƿͼ شϴ ǻͷ ־ Ѵ.
           ĳ  ִ Ͻ , Ͻ  κ ѹ
            εϰ, Ͻ  ǻ͵ ĳκ  
           ޾ƺ ̴. ̷ ϸ, ܺη ͳ  뿪  
             ƴ϶, Ͻ  ӽŵ  д  ־
              ̴.

  MASQ:    IP Ŀ̵  Zytel Prestige128, Cisco 770, NetGear ISDN
  Ȥ        Ϳ  ϴ.
  1
   NAT
                  :   +  Ѱ IP ּҸ ʿϴ ()
                          + α׷ Ư   ʿ䰡 
                          + Ʈ  ȭϱ ؼ ȭ Ʈ
                            Ѵ.

                  :   -  ȣƮ Ư ISDN ͸ ʿ Ѵ
                            (ٸ ǰ鵵     ִµ..  )
                          - ܺηκ  ,  LAN ǻͿ
                            û  ƴϰų, Ư Ʈ  Ʈ
                            ġǾ    LAN   .
                             NAT  ̷   ʴ´.
                          - Ư ݵ ȭ (redirector) 
                              óǾ Ѵ.  ̷
                            (FTP, IRC, Ÿ)   
                            ͵  ʴ´ (NetGear Ѵ).

           Ŀ̵峪 1() NAT,  IP ּҸ ȯؼ, ġ 
           ӽ ƴ϶ Ŀ̵  ü  û ó( 
             )   δٴ , Ͻ  ϴ.

           Ŀ̵ Ͻ  ֵ , Ŀ̵ 
           Ŭ̾Ʈ ӽ( ӽ)   浵 䱸 ʴ´ٴ
           ̴. ܽ  ӽŵ  ȣƮ ׵ ⺻ Ʈ̷
           ϵ ϱ⸸ ϸ     ̴. (, FTP
            ϱ ؼ Ư   ġؾ Ѵ!)

           ,   IP Ŀ̵带 TELNET, FTP  ϸ鼭,
           *ÿ*   ȣƮ    ĳ Ͻø ġؼ
           ߰   ⵵ Ѵ.

  NAT:     NAT  Windows 95/NT, Linux, Solaris, ׸   ISDN
           (Ascend )   ִ

                  :   + ϱ ſ 
                          + Ư  Ʈ ʿ  ʴ´

                  :   - ISPκ  Ҵ޾ƾ Ѵ (δ)

           Network Address Translation(Ʈ ּ ȯ), ͳ
           ̽,   IP ּ   ִ ȣƮ
           ĪѴ.   Ʈ ͳ  ϰ  ,  ȣƮ
            û ǻ   IP ּҿ, ͳ ̽
            IP ּҸ ҴѴ.  Ŀ,   ȯ NAT 
           IP ּҿ NAT   ּҷ ȯؼ ̷. ̹ Ҵ
            NAT ּҰ ̸  󸶰 ð   ,
             IP ּҴ ٽ   NAT ּ  ǵ .

           NAT  ֵ ,   IP ּҵ Ǹ, 
           ڵ 밡 ּҰ   ͳݿ   
           ٴ ̴.

  7.6.  GUI  ȭ /  ֽϱ?

  ׷ϴ! ׵  ̽ ⼺  ̰ ֽϴ.
  ׷, ݱ κ IPFWADM   Ǹմϴ.  
   ִ  ĺ    ϴ. ٸ
   ˰ ְų    ڰ ٷο ϰ ʹٸ,
  Ambrose David ̸ ֱ ٶϴ.

  o  John Hardin IPFWADM Dot file generator - IPCHAINS  ̹
     ǰ .

  o  Sonny Parlin IPFWADM IPCHAINS FWCONFIG
     <http://www.mindstorm.com/~sparlin/fwconfig.shtml>

  o  William Stearns Mason <http://www.pobox.com/~wstearns/mason/> -
     ǽð å   ý

  7.7.  IP Ŀ̵尡  Ҵ IP ּҿ͵ մϱ?

  , ISPκ PPP DHCP/BOOTp  ؼ Ҵ  IP ּҿ͵
  մϴ.  ͳ IP ּҰ ֱ⸸ ϸ ݵ 
  ̴ϴ. ,  IP մϴ. ,  
  IPFWADM/IPCHAINS å ϰ Ѵٰų, Ʈ  ϰ
  Ѵٸ,  å IP ּҰ ٲ  ٽ Ǿ մϴ.
   ȭ å  IP ּҿ  ߰  TrinityOS -
  Section 10
  <http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri>
  պκп ã  ֽϴ.

  7.8.  ͳݿ ϱ  ̺ (   ϴ
   ), DSL,     ϸ鼭 IP Ŀ̵带
    ֽϱ?

  ,   Ʈ ̽ ϱ⸸ ϸ, ݵ 
  ̴ϴ.  IP ּҸ Ҵ޾Ҵٸ,  FAQ "IP Ŀ̵尡
   Ҵ IP ּҿ͵ մϱ?" ׸ Ʒ ִ URL
  ʽÿ.

  7.9.  Diald PPPd ȭ  IP Ŀ̵ Բ  
  ֽϱ?

   մϴ! IP Ŀ̵ Diald PPPʹ  
  迡 ֽϴ(:   뿡  ). 
  ɸ  ,   IP ּҿ Բ  ȭ
  å  Դϴ. ڼ   FAQ "IP Ŀ̵尡
   Ҵ IP ּҿ͵ մϱ?" ׸ ʽÿ.

  7.10.  IP Ŀ̵ Բ   ִ α׷ 
  ͵Դϱ?

  "ϴ α׷"     ſ 
  ۾Դϴ. ,  ¡(Netscape, MSIE ), FTP(WS_FTP
  ͵), TELNET, SSH,  , POP3( ޱ - Pine, Eudora,
  Outlook ), SMTP( ), Ÿ   ͳ
  α׷ κ ˴ϴ. Ŀ̵ Բ ϴ
  Ŭ̾Ʈ      Ͽ ``'' ǿ ã 
   ̴ϴ.

  ȭȸ Ʈ ,   ̳ Ư 
   ϴ α׷ Ư   ؾ մϴ.

   ڼ , Linux IP masquerading Applications
  <http://www.tsmservices.com/masq>  ʽÿ.

  7.11.  Redhat, Debian, Slackware Ÿ   IP
  Ŀ̵带 մϱ?

      ϰ ֵ,  Ͽ  IP
  Ŀ̵    ȿմϴ.     
  ִ GUI Ư  ȭ   ̴ϴ. 츮  Ͽ
  ϸ Ϲ Ȳ   ϵ ۼϱ ؼ ּ
  ߽ϴ.

  7.12.  TELNET      ʴ  ϴ.
   ׷ϱ?

  IP Ŀ̵, ⺻, TCP ǰ TCP FIN, UDP ŵ
  ѽð 15 ߾ ϴ.  ( Ͽ
  /etc/rc.d/rc.firewall å ȭϿ ̹  ) ϸ 
  ڵ鿡    մϴ:

  IPFWADM ϴ  2.0.x:

  # MASQ timeouts
  #
  #   2 hrs timeout for TCP session timeouts
  #  10 sec timeout for traffic after the TCP/IP "FIN" packet is received
  #  60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec firewall timeout in ICQ itself)
  #
  /sbin/ipfwadm -M -s 7200 10 60

  IPCHAINS ϴ  2.2.x:

  # MASQ timeouts
  #
  #   2 hrs timeout for TCP session timeouts
  #  10 sec timeout for traffic after the TCP/IP "FIN" packet is received
  #  60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec firewall timeout in ICQ itself)
  #
  /ipchains -M -S 7200 10 60

  7.13.  ͳ  ó ̷  ƹ͵  ʽϴ.
  , ٽ õϸ    մϴ.  ׷ϱ?

      IP ּҸ  ְ, ͳ 
  ó ̷ , IP Ŀ̵尡 IP ּҸ    
  ׷ϴ. ̸  ذå ֽϴ. 
  /etc/rc.d/rc.firewall åȭϿ,   ߰Ͻʽÿ:

  # Dynamic IP users:
  #
  #   If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following
  #       option.  This enables dynamic-ip address hacking in IP MASQ, making the life
  #       with Diald and similar programs much easier.
  #
  echo "1" > /proc/sys/net/ipv4/ip_dynaddr

  7.14.  IP Ŀ̵尡  ϴ    Ʈ ؼ
   ʽϴ. ַ  FTP ׷ϴ.

  ̿, ΰ     ֽϴ. ù° ſ 
  Ͼ ̰, ι° ſ 幮 Դϴ.

  o  2.0.36 2.2.9  Ŀο  ã  װ Ŀ̵
     ڵ  ־, DF Ȥ "Don't Fragment( )" Ʈ
     Ǿ ִ Ŷ  ŵϴ. ⺻, Ŀ̵
     ڽ 1500   MTU ͳݿ  ,  Ŷ DF
     ʵ尡   ֽϴ.  ڽ MTU 1500 ϸ
      ذǴ  ϱ , ״   ֽϴ.
      Ǵ , Ŀ̵ ڵ尡, ICMP 3 sub 4 ڵ带
      ICMP Ŷ ƿ  Ŀ̵Ǵ ǻͷ 
      ó Ѵٴ Դϴ.  , Ŷ ߰
     ˴ϴ.   Ʈ α׷̰   ĥ 
     ִٰ Ǹ..  ʽÿ!

        ϴ. ſ Ǹ å  ͳ
      MTU 1500 ϴ Դϴ. ׷ Ǹ 
     ڵ ϰ  ε, װ TELNET̳ ӵ 
     ɷ¿ ΰ α׷  Ű Դϴ. ,
     ش   Դϴ. HTTP FTP ӵ   Դϴ!

       ġ ؼ, 켱  ͳ  MTU
        ˾ƾ մϴ. Ȯϴ ,
     "/bin/ifconfig" ϴ Դϴ.   ͳ ῡ
     شϴ ε 캸 MTU  Ȯմϴ.  
     1500̾ մϴ.  Ethernet(̴)  ⺻ 
      Ǿ  ̰, PPP ⺻ 576 Ǿ  ̴ϴ.

  o  PPP ӿ MTU  ġ ؼ, /etc/ppp/options ȭ
     ؼ κп "mtu 1500" "mru 1500"̶ ε
     ߰մϴ.  ϰ PPP մϴ.  
      PPP     MTU   Ȯմϴ.

  o  ADSL̳ ̺   Ethernet ῡ MTU  ġ
     ؼ,  Ʈ  ũƮ ؾ մϴ. Ʈ
     ȭ ؼ TrinityOS - Section 16
     <http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri> 
     ʽÿ.

  o  ,  Ͼ  ƴ,   ̷ ذå
     ʿ 찡 ֽϴ. PPP  쿡, PPPd ڵ尡 
     Ʈ ϴ° ϴ Դϴ. /dev/cua* Ʈΰ, /dev/ttyS*
     Ʈΰ ϴ Դϴ. /dev/ttyS* Ʈ մϴ. cua Ÿ
      ̰, ſ Ư   ŵϴ.

  7.15.  IP Ŀ̵   ϴ.

  ̰Ϳ     ֽϴ:

  o  Ȥó   Ʈ ܺ Ʈ IP Alias  ؼ
      Ʈ ī忡 ϰ  ʴ ȮϽʽÿ. 
     ׷ٸ, Ʈ ī ϳ  ؼ  Ʈ ܺ Ʈ
     ׵ ڽ ̽ ϵ    մϴ.

  o      ϰ ִٸ, ǰ  
     ̺ ϰ ִ ȮϽʽÿ. ,  PC α
      ̺ 峪 I/O ī  Ʈ ܺ  Ʈ 
     ڸ ϰ ֽϴ. ̷ 쿡 شȴٸ, ̺ 
     ° ȣ ȮϽʽÿ. , ڴ   ̺
      Ʈ (£ ȸ ձ ݼ) Ƴ ֽϴ.

  o   Ͽ  FAQ   MTU 1500 Ǿ ִ
     ȮϽʽÿ.

  o  ø Ʈ 16550A̰ų Ȥ   UART ȮϽʽÿ.
     Ȯϱ ؼ "dmesg | more" Ͻʽÿ.

  o  PPP   ø Ʈ 115200 ϴ
     ȮϽʽÿ(𵩰 ø Ʈ ó  ִٸ   ..
     ̸ ׸ ISDN ͹̳ (TA).

  o  2.0.x Ŀ:  2.0.x Ŀ    ־ Ŀο ø
     Ʈ ӵ 115200 ߵ    ϴ. ׷,
     /etc/rc.d/rc.local̳ /etc/rc.d/rc.serial  ʱ ũƮ,
       ϵ մϴ( COM2  ):

  o  setserial /dev/ttyS1 spd_vhi

  o  PPPd ũƮ,  pppd ϴ  ӵ "38400"
     ǵ Ĩϴ(pppd man page ).

  o  2.2.x Ŀ:  2.0.x Ŀΰ ٸ, 2.1.x 2.2.x Ŀ ̷
     "spd_vhi"  ϴ.

  o  ׷, PPPd ũƮ,  pppd ϴ  ӵ
     "115200" ǵ ġ⸸ մϴ(pppd man page ).

  o  TCP Sliding window ּ 8192 ǵ մϴ.

  o        , ̷ ϸ /
     PPP, Ethernet, TokenRing   Ʈ   ֵ 
       Դϴ.  ڼ , TrinityOS - Section 16
     Ʈ ȭ  ʽÿ.

  o  ø Ʈ IRQ-Tune 

  o  κ PC ϵ, Craig Estey IRQTUNE
     <http://www.best.com/~cae/irqtune/>  ϸ ø Ʈ
      SLIP PPP ؼ ȹ  ̴ϴ.

  7.16.   IP Ŀ̵ , SYSLOG α ȭϿ
   ̻ ޽  ϴ. IPFWADM/IPCHAINS ȭ
   ޽ ǹ̵   ?

      ޽ Ƹ  ΰ ̴ϴ:

  o  MASQ: Failed TCP Checksum error:    ̴ ,
     ͳݿ  Ŷ Ÿ ǿ    
     "" Դϴ.  ڽ ̷ Ŷ , Ŷ CRC
     ؼ Ŷ  ִٴ  Ǵմϴ. Microsoft Windows
      OS ϴ κ ӽŵ, ̷ Ŷ ׳ 
       IP Ŀ̵ װ SYSLOG մϴ.
      PPP ӿ ̷ ޽ " " ϰ ȴٸ,  FAQ
     ׸  "Ŀ̵尡 ϴ" ñ ٶϴ.

  o   ׸     , /etc/ppp/options ȭϿ
     "-vj"  ߰ϰ PPPd  ñ ٶϴ.

  o  Firewall hits:  ͳ ϸ鼭 ( ) ȭ
     Ѵٸ, 󸶳     ڽ ħϷ
     ϴ    ̴ϴ! ׷ ̷ ȭ α׵
     ǹϴ  ?

     TrinityOS - Section 10
     <http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri>
     :

             Ʒ å,  Ʈ  Ǵ źϴ ε "-o"
             ɼ  ־ ȭ    ġ ִ
             SYSLOG ޽ ȭϿ ϴ:

                     Redhat:         /var/log
                     Slackware:      /var/adm

              ȭ α׵ 캸,  ͵     ̴ϴ:

             ---------------------------------------------------------------------
             IPFWADM:
             Feb 23 07:37:01 Roadrunner kernel: IP fw-in rej eth0 TCP 12.75.147.174:1633
                100.200.0.212:23 L=44 S=0x00 I=54054 F=0x0040 T=254

             IPCHAINS:
             Packet log: input DENY eth0 PROTO=17 12.75.147.174:1633 100.200.0.212:23
               L=44 S=0x00 I=54054 F=0x0040 T=254
             ---------------------------------------------------------------------

          ٿ    ֽϴ.   м 鼭 
       ԵǴ ȭ   Ȯ ô.   IPFWADM ϰ 
       IPCHAINS ڵ鵵 ٷ     ̴ϴ.

             --------------

             -  ȭ "" "Feb 23 07:37:01" ߻߽ϴ.

             -   "RoadRunner" ǻͿ  Դϴ.

             -   "IP" Ȥ TCP/IP   Դϴ.

             -   ȭ ""("fw-in") Դϴ.
                     * ٸ α׵ "" Ϳ ؼ "fw-out" Ȥ FORWARDϴ
                       Ϳ ؼ "fw-fwd"  Դϴ.

             -   "źεǾϴ(rejECTED)".
                     * ٸ α׵ "deny" Ȥ "accept"   ֽϴ.

             -  ȭ  "eth0" ̽(ͳ ) Ͼϴ.

             -   "TCP" Ŷ̾ϴ.

             -   "12.75.147.174"fksms IP ּҷκ  ̰ "1633"
               Ʈ ϴ.

             -   "100.200.0.212" ּҿ "23" Ʈ Ȥ TELNET
               ϱ  ̾ϴ.
                     * 23 Ʈ TELNET    𸣰ڴٸ,
                       /etc/services ȭϿ Ʈ ȮϽʽÿ.

             -  Ŷ ũⰡ "44" Ʈϴ.

             -  Ŷ "Type of Service( )"   ʾҽϴ.
                     --   ϴ  ʽÿ..  ʿ
                       ϴ.
                     * ipchains     4   
                       ˴ϴ.

             -  Ŷ "IP ID" ȣ "18" ̾ϴ.
                     --   ϴ  ʽÿ..  ʿ
                       ϴ.

             -  Ŷ 16Ʈ  ġ  ְ TCP/IP Ŷ ÷״
               "0x0000"̾ϴ.
                     --   ϴ  ʽÿ..  ʿ
                       ϴ.
                     * "0x2..." "0x3..." ϴ  "  " Ʈ
                       Ǿ   Ŷ ؾ  "ū" Ŷ
                       ϼ ̶  ǹմϴ.
                     * "0x4..." "0x5..." ϴ  " " Ʈ
                       Ǿ ִٴ  ǹմϴ.
                     * ٸ   ġ (8  ) ̰ ߿ 
                       ū Ŷ   ˴ϴ.

             -  Ŷ ӽð(TimeToLive) (TTL) 20̾ϴ.
                     * ͳݻ󿡼       1 մϴ. ,
                       Ŷ   255     ڰ ᱹ 0
                       Ǹ, Ŷ  ̶   ̴ϴ.

  7.17.  ܺ ͳ ڵ ο Ŀ̵Ǵ 鿡 
    ֵ IP Ŀ̵带   ֽϱ?

  ! IPPORTFW ϸ, , Ȥ õ  ͳ ȣƮ
   Ŀ̵Ǵ ǻ͵鿡   ֵ   ֽϴ. 
   ؼ ``'' ǿ  ٷ ֽϴ.

  7.18.  SYSLOG ȭϿ "kernel: ip_masq_new(proto=UDP): no free
  ports." ޽ ϴ.  ׷?

   Ŀ̵Ǵ ӽ  ϳ ͳ  Ŷ
     ֱ Դϴ. IP Ŀ̵ 
  Ŀ̵ ̺   Ŷ ͳ µ, 
  ̺ ʹ  ä ̴ϴ. ϴ ̺   Ǹ, ̿
     ˴ϴ.

  ̷ Ȳ   α׷μ  ˰ ִ 
   "GameSpy"  α׷Դϴ. , Gamespy 
   Ʈ ,  Ʈ ִ õ   
  ping ϱ Դϴ. ̷ ping ν, ſ ª ð
     䱸մϴ. ̵ IP Ŀ̵ ðѿ
  ɷ  , Ŀ̵ ̺ ""  ˴ϴ.

  ׷  ϳ? ̻ Ѵٸ, ׷ α׷ 
  ʽÿ. α ȭϿ ׷  δٸ,  α׷
  ãƳ  Ͻʽÿ. ,  GameSpy 
   Ѵٸ,   ϴ    ʽÿ.
  ·, ׷ α׷  ʴ´ٸ, Ŀ̵尡 
     ̻ Ÿ  ̴ϴ.

  7.19.  IPPORTFW Ϸ ϸ "ipfwadm: setsockopt failed: Proto
  col not available"  ϴ!

  "ipfwadm: setsockopt failed: Protocol not available"  ޽
  ٸ, Ӱ  Ŀ ϰ   Դϴ. 
  Ŀ  ġ ű, LILO ٽ ϰ, ٽ  ʽÿ.

  ڼ  ``''   κ ʽÿ.

  7.20.  Microsoft ȭ Ʈ  Microsoft 
  Ŭ̾Ʈ(SAMBA) IP Ŀ̵带 ؼ  ʽϴ!

  Microsoft SMB   ϱ ؼ ׸ 
  Ŀ̵  ־ , μ  ȸ 
  ֽϴ.  ڼ , this Microsoft KnowledgeBase article
  ʽÿ.

  ù° ȸ, IPPORTFW ``'' ǿ   ϰ, TCP Ʈ
  137, 138, 139   ӽ IP ּҷ ϴ Դϴ.
  ̷ ϸ ϱ ,     ӽſ ؼ 
  Դϴ.

  ι ,  Ŀ̵  Samba ġϴ Դϴ.
  Samba ϸ,   ȭ Ʈ  Samba 
  ̰   ֽϴ. ׷, ܺ  Ŭ̾Ʈ  鿡
    ְ ˴ϴ. Samba ϴ    Ʈ
  HOWTO ã  ְ, TrinityOS   ã  
  Դϴ.

  ° ,  ޵ ӽ ̿, Ȥ  Ʈ ̿ VPN(
   Ʈ) ϴ Դϴ. ̰ PPTP IPSEC VPN ַ
  ؼ   ֽϴ.  ``'' ġ ְ, 2.0.x
  2.2.x Ŀο   ִ  IPSEC Ǿ ֽϴ. 
     ߿  ̰  Դϴ.

     HOWTO ٷ ʽϴ. IPSEC ؼ TrinityOS
       ̰,  ̻  JJohn Hardin
  PPTP    մϴ.

   ˾  , Microsoft SMB  ȿ ſ ϴٴ
  Դϴ.  , ͳ ؼ ȣȭ  Microsoft ȭ Ʈ
   ޵  α ϴ  ſ  ʽϴ.

  7.21.  Ŀ̵Ǵ IRC ڵ IRC   
  ϴ.  ׷?

  ֵ    ִ , κ   IDENT
  ""  IP Ŀ̵Ǵ  ó  Ѵٴ ̴ϴ.
     ϴ.  ϴ IDENT ϱ.

   Ʈ ġϴ   HOWTO   Դϴ.
       ֽϴ. ⿡  URL
  ϴ:

  o  Mident <ftp://ftp.code.org/pub/linux/midentd/> κ IRC
     ڵ ϴ Դϴ.

  o  Sident <http://insecurity.net/sidentd.gz>

  o  Other Idents including Oidentd
     <ftp://sunsite.unc.edu/pub/Linux/system/network/daemons/>

   ͳ IRC    ȣƮ   ϴ
    ʰ ֽϴ.   ؼ ڵ 
  ٸٴ    ִ Դϴ.     ڿ
  Ͻʽÿ. :)

  7.22.  mIRC DCC   մϴ.

  ̰ mIRC  Դϴ. ġ ؼ, 켱 mIRC IRC
  κ  ϴ. ׸, mIRC ȭ -->  
  "IRC servers tab" Ŭմϴ. Ʈ 6667 Ǿ ִ
  Ȯմϴ. ٸ Ʈ ؾ Ѵٸ,  Ʒ ִ 
  ʽÿ. , ȭ -->  -->    
  ȣƮ(ڽ ȣƮ) شϴ κа IP ּҸ ϴ. "LOCAL
  HOST" "IP address"(IP address üũǾ Ұ  
  ֽϴ) üũڽ մϴ. , "Lookup
  Method(˻)" "normal()" մϴ. ࿡ "servers"
  õǾ    ̴ϴ.  ϴ. IRC  ٽ
   ʽÿ.

  IRC  Ʈ 6667 ƴ  ؾ Ѵٸ, (  6969)
  IRC Ŀ̵  εϴ /etc/rc.c/rc.firewall ȭ ؾ
  մϴ.  ȭϿ "modprobe ip_masq_irc"  ִ  ؼ
  "ports=6667,6969" մϴ. ٸ Ʈ鵵 ޸ ؼ ߰
   ֽϴ.

  , Ŀ̵Ǵ ӽŵ IRC Ŭ̾Ʈ ϰ IRC
  Ŀ̵  ٽ εմϴ:

  /sbin/rmmod ip_masq_irc /etc/rc.d/rc.firewall

  7.23.  Ѱ ̴ Ʈ ī常 ־ (IP Aliasing ؼ) IP
  Ŀ̵带   ֽϱ?

  ׷⵵ ϰ ƴϱ⵵ մϴ. "IP Alias" Ŀ  ؼ,
  ڴ eth0:1, eth0:2    ̽  
  ֽϴ. , IP Ŀ̵忡 alias ̽ ϴ 
  õ ʽϴ. ֳı?   Ʈ ī带 ؼ 
  ȭ ϴ   ƽϴ. , Ŷ  
  ÿ   緮   Դϴ. ̷ 
  ְ   Ʈ ī尡 ϱ ,  п Ʈ
  ī带     մϴ.

    ˾Ƶ־  , IP Ŀ̵ eth0, eth1  
   ̽  Ѵٴ ̴ϴ. "eth0:1, eth1:1
   " alias  ̽ Ŀ̵   
  ̴ϴ. ڸ,      ̴ϴ:

  o  /sbin/ipfwadm -F -a m -W eth0:1 -S 192.168.0.0/24 -D 0.0.0.0/0

  o  /sbin/ipchains -A forward -i eth0:1 -s 192.168.0.0/24 -j MASQ"

    alias  ̽ ϰ ʹٸ, Ŀο "IP
  Alias"  Ѿ մϴ. ׸ Ŀ ٽ ϰ ؾ
  մϴ. ο Ŀη ϰ ,  ο ̽(
   /dev/eth0:1 ) ϵ   մϴ. ׸ ,
  ռ  Ͱ    װ͵  ̴
  ̽ó   ֽϴ.

  7.24.  Ŀ̵Ǵ  ؼ NETSTAT  Ϸ
  ϴµ  ʽϴ.

  "netstat" α׷  ֽϴ.  Ʈ Ŀ, "netstat
  -M" ϸ  , Ŀ̵Ǵ ǻͰ ping̳
  traceroute  ICMP  ϰ      
  ̴ϴ:

  masq_info.c: Internal Error `ip_masquerade unknown type'.

  ̸  ٸ  "/sbin/ipfwadm -M -l"  ϴ
  ̴ϴ.  ŵ ICMP Ŀ̵ ׸  ,
  "netstat" ٽ  ϴ    ̴ϴ.

  7.25.  IP Ŀ̵带 ؼ Microsoft PPTP (GRE tunnels)̳ IPSEC
  (Linux SWAN) tunnels  ϰ ͽϴ.

  մϴ.    ָ  ̹Ƿ, ڼ 
  John Hardin PPTP Masq ñ ٶϴ.

  7.26.  IP Ŀ̵带 ؼ XYZ Ʈ  ϰ 
   ʽϴ. ּ!

  켱, Steve Grevemeyer's MASQ Applications page
  <http://www.tsmservices.com/masq> 캸ʽÿ. ű⿡ ذå
  ٸ,  ``'' ǿ ִ Glenn Lamb LooseUDP
  <ftp://ftp.netcom.com/pub/mu/mumford/loose-udp-2.0.36.patch.gz> ġ
   Ŀ ġ ʽÿ.  ڼ  Dan Kegel NAT Page
  <http://www.alumni.caltech.edu/~dank/peer-nat.html> 캸ʽÿ.

    ɷ ִٸ, "tcpdump" α׷ ؼ
   Ʈ sniff  ʽÿ.  XYZ  ϰ ִ
  ݰ Ʈ ȣ ˾Ƴ ̴ϴ.   ˾Ƴ, IP Masq
  email list ϰ    Ϸ  
  ûϽʽÿ.

  7.27.  IP Ŀ̵尡 󸶰   ڱ ϴ.
  ϰ  ѵ   մϴ.  ׷?

   ϱ⿡  IPAUTOFW ϰ ְų Ŀο Խ
  ̴ϴ. ³?? ̰ IPAUTOFW  ˷ Դϴ.  Ŀο
  IPAUTOFW  ԽŰ ,  IPPORTFW ɼ Ͻʽÿ. 
   ``'' ǿ ڼ ٷ ֽϴ.

  7.28.   Ŀ̵Ǵ ǻ͵ SMTP POP-3  
  մϴ!

  ̰ Ŀ̵ õ  ,  鿡 
  ̱  ⿡ մϴ.

  SMTP:   Ƹ  ڽ SMTP ߰(relay) Ϸ
  ϰ     ̴ϴ:

       "error from mail server: we do not relay"

  Sendmail  ̳ ٸ   α׷(MTA) ⺻
  ߰踦  ʽϴ(̰ ٶ ̴ϴ).   ġ
    մϴ:

  o  Sendmail:  /etc/sendmail.cw ȭ ؼ  Ŀ̵Ǵ
     ӽŵ鿡  Ư ߰踦 ϰ,  Ŀ̵Ǵ ӽ
     ȣƮ   ߰մϴ.  /etc/hosts ȭϿ IP
     ּҵ    (Fully Qualified Domain Name:
     FQDN) Ǿ ִ Ȯմϴ. ̰ ϴ Ǿ,
     Sendmail ؼ ȭ ٽ о̵ մϴ. 
      TrinityOS - Section 25
     <http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri>
     ٷ ֽϴ.

  POP-3:   ڵ  Ŀ̵Ǵ ǻ POP-3
  Ŭ̾Ʈ ܺ SMTP  ϵ մϴ. ̰
  ,  SMTP  Ʈ 113  
  (IDENT)ϰ  Դϴ.  ߻ϴ , κ 
  ⺻ Ŀ̵ å DENY Ͱ õ ֽϴ. ̰ ٶ
  ʽϴ. ̰ REJECT ϰ rc.firewall å ٽ
  Ͻʽÿ.

  7.29.    ٸ Ŀ̵ Ʈ  ܺ IP ּҸ
  ؼ  ϰ ͽϴ. (IPROUTE2)

       ִٰ սô:

   LAN ----->  IP 192.168.1.x --> 123.123.123.11 192.168.2.x -->
  123.123.123.12

   켱, IPFWADM IPCHAINS  ý Ŷ  
  ΰ  *Ŀ* ȴٴ  ؾ մϴ.  
   IPFWADM/IPCHAINS/IPMASQ  Ŀٸ  ۾  
  մϴ. 켱   ǵ ϰ  IPFWADM/IPCHAINS
  Ŀ̵ ߰ؾ ϴ ̴ϴ.

   쿡, 켱  ý 192.168.1.xκ Ŷ
  123.123.123.11, 192.168.2.xκ Ŷ 123.123.123.12 
  ؾ մϴ.  ۾  ۾̰,   Ŀ̵带
  ϴ  ϴ.

   ۾ ؼ IPROUTE2   ֽϴ.

  Primary FTP site is:

  o  ftp://ftp.inr.ac.ru/ip-routing

     Mirrors are:

     ftp://linux.wauug.org/pub/net
     ftp://ftp.nc.ras.ru/pub/mirrors/ftp.inr.ac.ru/ip-routing/
     ftp://ftp.gts.cz/MIRRORS/ftp.inr.ac.ru/
     ftp://ftp.funet.fi/pub/mirrors/ftp.inr.ac.ru/ip-routing/ (STM1 to
     USA) ftp://sunsite.icm.edu.pl/pub/Linux/iproute/
     ftp://ftp.sunet.se/pub/Linux/ip-routing/
     ftp://ftp.nvg.ntnu.no/pub/linux/ip-routing/
     ftp://ftp.crc.ca/pub/systems/linux/ip-routing/ ftp://ftp.paname.org
     (France) ftp://donlug.ua/pub/mirrors/ip-route/
     ftp://omni.rk.tusur.ru/mirrors/ftp.inr.ac.ru/ip-routing/

     RPMs are available at ftp://omni.rk.tusur.ru/Tango/ and at
     ftp://ftp4.dgtu.donetsk.ua/pub/RedHat/Contrib-Donbass/KAD/

  NOTE:  The following instructions are given below ONLY because
  currently there is very little documentation to the IPROUTE2 tool
  available.  Check out http://www.compendium.com.ar/policy-routing.txt
  for the beginnings of a IPROUTE2 howto.

  The "iprule" and "iproute" commands are the same as "ip rule" and "ip
  route" commands (I prefer the former since it is easier to search
  for.)  All the commands below are completely untested, if they do not
  work, please contact the author of IPROUTE2.. not David Ranch, Ambrose
  Au, or anyone on the Masq email list as it has NOTHING to do with IP
  Masquerading.

  The first few commands only need to be done once at boot, say in
  /etc/rc.d/rc.local file.

       # Allow internal LANs to route to each other, no masq.
         /sbin/iprule add from 192.168.0.0/16 to 192.168.0.0/16 table main pref 100
       # All other traffic from 192.168.1.x is external, handle by table 101
         /sbin/iprule add from 192.168.1.0/24 to 0/0 table 101 pref 102
       # All other traffic from 192.168.2.x is external, handle by table 102
         /sbin/iprule add from 192.168.2.0/24 to 0/0 table 102 pref 102

       These commands need to be issued when eth0 is configured, perhaps in
       /etc/sysconfig/network-scripts/ifup-post (for Redhat systems).  Be sure to
       do them by hand first to make sure they work.

       # Table 101 forces all assigned packets out via 123.123.123.11
         /sbin/iproute add table 101 via 62123.123.123.11
       # Table 102 forces all assigned packets out via 123.123.123.12
         /sbin/iproute add table 102 via 62123.123.123.12

       At this stage, you should find that packets from 192.168.1.x to the
       outside world are being routed via 123.123.123.11, packets from
       192.168.2.x are routed via 123.123.123.12.

       Once routing is correct, now you can add any IPFWADM or IPCHAINS rules.
       The following examples are for IPCHAINS:

       /sbin/ipchains -A forward -i ppp+ -j MASQ

       If everything hangs together, the masq code will see packets being
       routed out on 123.123.123.11 and 123.123.123.12 and will use those addresses
       as the masq source address.

  7.30.  Why do the new 2.1.x and 2.2.x kernels use IPCHAINS instead of
  IPFWADM?

  IPCHAINS supports the following features that IPFWADM doesn't:

  o  "Quality of Service" (QoS  support)

  o  A TREE style chains system vs. LINEAR system like IPFWADM  (Eg.
     this allows something like "if it is ppp0, jump to this chain
     (which contains its own difference set of rules)"

  o  IPCHAINS is more flexible with configuration.  For example, it has
     the "replace" command (in addition to "insert" and "add").  You can
     also negate rules (e.g. "discard any outbound packets that don't
     come from my registered IP" so that you aren't the source of
     spoofed attacks).

  o  IPCHAINS can filter any IP protocol explicitly, not just TCP, UDP,
     ICMP

  7.31.  I've just upgraded to the 2.2.x kernels, why isn't IP Masquer
  ade working?

  There are several things you should check assuming your Linux IP Masq
  box already have proper connection to the Internet and your LAN:

  o  Make sure you have the necessary features and modules are compiled
     and loaded.  See earlier sections for detail.

  o  Check /usr/src/linux/Documentation/Changes and make sure you have
     the minimal requirement for the network tools installed.

  o  Make sure you followed all the tests in the ``'' section of the
     HOWTO.

  o  You should use ipchains <http://www.rustcorp.com/linux/ipchains/>
     to manipulate IP Masq and firewalling rules.

  o  The standard IPAUTOFW and IPPORTFW port forwarders have been
     replaced by IPMASQADM <http://juanjox.kernelnotes.org/>.  You'll
     need to apply these patches to the kernel, re-compile the kernel,
     compile the new IPMASQADM tool and then convert your old
     IPAUTOFW/IPPORTFW firewall rulesets to the new syntax.  This is
     completely covered in the ``'' section.

  o  Go through all setup and configuration again!  A lot of time it's
     just a typo or a simple mistake you are overlooking.

  7.32.  I've just upgraded to a 2.0.36+ kernels later, why isn't IP
  Masquerade working?

  There are several things you should check assuming your Linux IP Masq
  box already have proper connection to the Internet and your LAN:

  o  Make sure you have the necessary features and modules are compiled
     and loaded.  See earlier sections for detail.

  o  Check /usr/src/linux/Documentation/Changes and make sure you have
     the minimal requirement for the network tools installed.

  o  Make sure you followed all the tests in the ``'' section of the
     HOWTO.

  o  You should use ipfwadm <http://www.xos.nl/> to manipulate IP Masq
     and firewalling rules.  If you want to use IPCHAINS, you'll need to
     apply a patch the 2.0.x kernels.

  o  Go through all setup and configuration again!  A lot of time it's
     just a typo or a simple mistake you overlooked.

  7.33.  I need help with EQL connections and IP Masq

  EQL has nothing to do with IP Masq though they are commonly teamed up
  on Linux boxes.  Because of this, I recommend to check out the NEW
  version of Robert Novak's EQL HOWTO for all your EQL needs.

  7.34.  I can't get IP Masquerade to work!  What options do I have for
  Windows Platforms?

  Giving up a free, reliable, high performance solution that works on
  minimal hardware and pay a fortune for something that needs more
  hardware, lower performance and less reliable?  (IMHO.  And yes, I
  have real life experience with these ;-)

  Okay, it's your call.  If you want a Windows NAT and/or proxy
  solution, here is a decent listing.  I have no preference of these
  tools since I haven't used them before.

  o  Firesock (from the makers of Trumpet Winsock)

  o  Does Proxy

  o  http://www.trumpet.com.au

  o  Iproute

  o  DOS program designed to run on 286+ class computers

  o  requires another box like Linux MASQ

  o  http://www.mischler.com/iproute/

  o  Microsoft Proxy

  o  Requires Windows NT Server

  o  Quite expensive

  o  http://www.microsoft.com

  o  NAT32

  o  Windows 95/98/NT compatible

  o  http://www.nat32.com

  o  Roughly $25 for Win9x and $47 for Win9x and WinNT

  o  SyGate

  o  http://www.sygate.com

  o  Wingate

  o  Does proxy

  o  Costs roughly $30 for 2-3 IPs

  o  http://www.wingate.com

  o  Winroute

  o  Does NAT

  o  http://www.winroute.cz/en/

  Lastly, do a web search on "MS Proxy Server", "Wingate", "WinProxy",
  or goto www.winfiles.com <http://www.winfiles.com>.  And definitely
  DON'T tell anyone that we sent you.

  7.35.  I want to help on IP Masquerade development.  What can I do?

  Join the Linux IP Masquerading DEVELOPERS list and ask the developers
  there what you can help with.  For more details on joining the lists,
  check out the ``'' FAQ section.

  Please DON'T ask NON-IP-Masquerade development related questions
  there!!!!

  7.36.  Where can I find more information on IP Masquerade?

  You can find more information on IP Masquerade at the Linux IP
  Masquerade Resource <http://ipmasq.cjb.net/> that both David Ranch and
  Ambrose Au maintain.

  You can also find more information at Dranch's Linux page
  <http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html> where
  the TrinityOS and other Linux documents are kept.

  You may also find more information at The Semi-Original Linux IP
  Masquerading Web Site <http://www.indyramp.com/masq/> maintained by
  Indyramp Consulting, who also provides the IP Masq mailing lists.

  Lastly, you can look for specific questions in the IP MASQ and IP MASQ
  DEV email archives or ask a specific question on these lists.  Check
  out the ``'' FAQ item for more details.

  7.37.  I want to translate this HOWTO to another language, what should
  I do?

  Make sure the language you want to translate to is not already covered
  by someone else.  But, most of the translated HOWTOs are now OLD and
  need to be updated.  A list of available HOWTO translations are
  available at the Linux IP Masquerade Resource
  <http://ipmasq.cjb.net/>.

  If a copy of a current IP MASQ HOWTO isn't in your proposed language,
  please download the newest copy of the IP-MASQ HOWTO SGML code from
  the Linux IP Masquerade Resource <http://ipmasq.cjb.net/>.  From
  there, begin your work while maintaining good SGML coding.  For more
  help on SGML, check out www.sgmltools.org <http://www.sgmltools.org>

  7.38.  This HOWTO seems out of date, are you still maintaining it?
  Can you include more information on ...?  Are there any plans for mak
  ing this better?

  Yes, this HOWTO is still being maintained.  In the past, we've been
  guilty of being too busy working on two jobs and don't have much time
  to work on this, my apology.  As of v1.50, David Ranch has begun to
  revamp the document and get it current again.

  If you think of a topic that could be included in the HOWTO, please
  send email to ambrose@writeme.com and dranch@trinnet.net.  It will be
  even better if you can provide that information.  We will then include
  the information into the HOWTO once it is both found appropriate and
  tested.  Many thanks for your contributions!

  We have a lot of new ideas and plans for improving the HOWTO, such as
  case studies that will cover different network setup involving IP
  Masquerade, more on security via strong IPFWADM/IPCHAINS firewall
  rulesets, IPCHAINS usage, more FAQ entries, etc.  If you think you can
  help, please do!  Thanks.

  7.39.  I got IP Masquerade working, it's great!  I want to thank you
  guys, what can I do?

  o  Can you translate the newer version of the HOWTO to another
     language?

  o  Thank the developers and appreciate the time and effort they spent
     on this.

  o  Join the IP Masquerade email list and support new MASQ users

  o  Send an email to us and let us know how happy you are

  o  Introduce other people to Linux and help them when they have
     problems.

  8.  Ÿ ׵

  8.1.   ڷ

  o  IP Masquerade Resource page <http://ipmasq.cjb.net/> 2.0.x,
     2.2.x,   1.2 Ŀο IP Ŀ̵带 ϱ 
       Ѵ.

  o  IP Masquerade mailing list Archives
     <http://www.indyramp.com/lists/masq> ϸ Ʈ 
     ֱ ޽ Ѵ.

  o  David Ranch's Linux page including the TrinityOS Linux document and
     current versions of the IP-MASQ-HOWTO.
     <http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html>.  IP
     Ŀ̵,  IPFWADM/IPCHAINS å, PPP, Diald, ̺
     , DNS, Sendmail, Samba, NFS, , Ÿ   
     ٷ.

  o  IP Masquerading Applications page
     <http://www.tsmservices.com/masq>: Linux IP Ŀ̵ 
     ؼ ϰų Ȥ ϵ   ִ α׷
     .

  o  MkLinux IP Ŀ̵带 ϱ ϴ , Taro
     Fukunaga tarozax@earthlink.net ̸   Ͽ
           ִ.

  o  IP masquerade FAQ
     <http://www.indyramp.com/masq/ip_masquerade.txt> 
     Ϲ  Ѵ.

  o  Paul Russel http://www.rustcorp.com/linux/ipchains/ 
     Ȥ   Linux IPCHAINS HOWTO   ִ.  
     Ͽ IPCHAINS ϴ      ,
     ipchains  ҽ ȭϵ   ִ.

  o  X/OS Ipfwadm page <http://www.xos.nl/linux/ipfwadm/> ipfwadm
     Ű    ҽ, ȭ,    ִ.

  o   ȭ å  û  ڷ GreatCircle's
     Firewall mailing list   ִ.

  o  LDP Network Administrator's Guide
     <http://metalab.unc.edu/mdw/LDP/nag/nag.html> Ʈ ϰ
     ϴ ʺ Linux ڵ  ̴.

  o  Linux NET-3 HOWTO
     <http://metalab.unc.edu/mdw/HOWTO/NET-3-HOWTO.html> Linux
     Ʈŷ ϰ ϴ Ϳ   ̴.

  o  Linux ISP Hookup HOWTO <http://metalab.unc.edu/mdw/HOWTO/ISP-
     Hookup-HOWTO.html> Linux PPP HOWTO
     <http://metalab.unc.edu/mdw/HOWTO/PPP-HOWTO.html> Linux
     ȣƮ ͳݿ ϴ Ϳ     ִ.

  o  Linux Ethernet-Howto <http://metalab.unc.edu/mdw/HOWTO/Ethernet-
     HOWTO.html> Ethernet(̴) ؼ LAN ϴ  
       Ѵ.

  o  Linux Firewalling and Proxy Server HOWTO
     <http://metalab.unc.edu/mdw/HOWTO/Firewall-HOWTO.html> 
     ִ    ִ.

  o  Linux Kernel HOWTO <http://metalab.unc.edu/mdw/HOWTO/Kernel-
     HOWTO.html> Ŀ    ȳ  ̴.

  o  Linux HOWTOs <http://metalab.unc.edu/mdw/HOWTO/HOWTO-INDEX-3.html>.
     Ŀ Ͽ  Ÿ Ͽ .

  o   ׷ε    ִ: comp.os.linux.networking

  8.2.  Linux IP Ŀ̵ ڷ(Linux IP Masquerade Resource)

  Linux IP Masquerade Resource  <http://ipmasq.cjb.net/> David Ranch
  Ambrose Au ϰ Linux IP Ŀ̵忡   ϴ
  Ʈ̴. IP Ŀ̵忡   ֽ  ϸ,
  Ͽ Ե  鵵 Ѵ.

   ġ Linux IP Ŀ̵ ڷ(Linux IP Masquerade
  Resource) ã   ̴:

  o  http://ipmasq.cjb.net/,  Ʈ, http://ipmasq.cjb.net/ 
     ̴.

  o  http://ipmasq2.cjb.net/,  Ʈ,
     http://www.geocities.com/SiliconValley/Heights/2288/ 
     ̴.

  8.3.  縦   ..

  ĺ :

  o  Gabriel Beitler, gabrielb@voicenet.com
      3.3.8 (Novell ) ۼ.

  o  Juan Jose Ciarlante, irriga@impsat1.com.ar
     IPMASQADM Ʈ   ۼ ⿩, 2.1.x 2.2.x Ŀ ڵ
      LooseUDP ġ ۼ ⿩, Ÿ .

  o  Steven Clarke, steven@monmouth.demon.co.uk
     IPPORTFW IP   ۼ.

  o  Andrew Deryabin, djsf@usa.net
     ICQ Ŀ̵  ۼ.

  o  Ed Doolittle, dolittle@math.toronto.edu
     ipfwadm ɿ  ̱  -V ɼ   .

  o  Matthew Driver, mdriver@cfmeu.asn.au
      Ͽ  ȹ ,  3.3.1 (Windows 95 ) ۼ.

  o  Ken Eves, ken@eves.com
      Ͽ       FAQ ۼ.

  o  John Hardin, jhardin@wolfenet.com
     PPTP IPSEC  .

  o  Glenn Lamb, mumford@netcom.com
     LooseUDP ġ.

  o  Ed. Lott, edlott@neosoft.com
      ý۰ Ʈ .

  o  Nigel Metheringham, Nigel.Metheringham@theplanet.net
      ڽ IP Ŷ ͸ IP Ŀ̵ Ͽ ۼ,  
     ؼ  Ͽ   Ͽ Ƿη   ɵ
     ֵ ߴ.
      4.1, 4.2 ׿ ٸ κе ۼ.

  o  Keith Owens, kaos@ocs.com.au
      4.2 ipfwadm  Ǹ ȳ .
     ipfwadm -deny ɼ     ְ IP Ŀ̵带
     ؼ ping        .

  o  Michael Owings, mikey@swampgas.com
     CU-SeeMe  ǰ Linux IP Ŀ̵ Teeny Ͽ ۼ

  o  Rob Pelkey, rpelkey@abacus.bates.edu
      3.3.6 3.3.7 (MacTCP Open Transport ) ۼ

  o  Harish Pillay, h.pillay@ieee.org
      4.5 (Diald ̿ ȭ ) ۼ

  o  Mark Purcell, purcell@rmcs.cranfield.ac.uk
      4.6 (IPautofw) ۼ

  o  David Ranch, dranch@trinnet.net
      Ͽ Linux Ŀ̵ ڷ(Linux IP Masquerade Resource),
     ׸ TrinityOS  Ʈϰ ϴ   , ...,
     ⿡    ŭ    :-)

  o  Paul Russell, rusty@rustcorp.com.au
     IP CHAINS, IP Ŀ̵ Ŀ ġ ׿  ⿩

  o  Ueli Rutishauser, rutish@ibm.net
      3.3.9 (OS/2 Warp ) ۼ

  o  Steve Grevemeyer, seg@cylexsys.com
     Lee Nevoκ IP Ŀ̵ α׷  Ѱܹ޾Ƽ
     ǳ ͺ̽ .

  o  Fred Viles, fv@episupport.com

  o  John B. (Brent) Williams, forerunner@mercury.net
      3.3.7 (Open Transport ) ۼ

  o  Enrique Pessoa Xavier, enrique@labma.ufrj.br
     BOOTp   

  o  IP Ŀ̵ ϸ Ʈ  ,
     masq@tiffany.indyramp.com
     ο Linux Ŀ̵ ڵ    .

  o  ׿ ٸ IP Ŀ̵ ڵ  ۾ڵ   û
     ۾ ؼ 
       o  Delian Delchev, delian@wfpa.acad.bg

       o  David DeSimone (FuzzyFox), fox@dallas.net

       o  Jeanette Pauline Middelink, middelin@polyware.iaf.nl

       o  Miquel van Smoorenburg, miquels@q.cistron.nl

       o  Jos Vos, jos@xos.nl

       o  ׸ ׿ܿ Ǽ Ʈ   (˷ֱ
          ٶϴ)

  o  ϸ Ʈ ǰ   ڵ, Ư  Ʋ
        е  Ŭ̾Ʈ  Ǵ  Ǵ
     ˷ е

  o  츮 ߿ ̸ ƮȰų, Ǵ  ڵ 
       ԽŰ ʾҴٸ ˼մϴ. 츮   
       Ȱ ̵  ̰͵ ϰ  
     籸 ð մϴ.      Ͽ
     ԽŰ ؼ Ambrose Au David Ranch  ּ ϰ
     ֽϴ.  ¿ 帮,  츮  
     ּ մϴ.

  8.4.   ڷ

  o  Ken Eves   IP Ŀ̵ FAQ

  o  Indyramp Consulting  IP Ŀ̵ ϸ Ʈ archive

  o  Ambrose Au  IP Ŀ̵  Ʈ

  o  X/OS  Ipfwadm 

  o  ׿ Ʈ õ  Linux Ͽ

  o  David Ranch  TrinityOS ޵  

  8.5.  Changes

  o  TO do - HOWTO:

  o  Add the scripted IPMASQADM example to the Forwarders section.  Also
     confirm the syntax.

  o  Add a little section on having multiple subnets behind a MASQ
     server

  o  Confirm the IPCHAINS ruleset and make sure it is consistant with
     the IPFWADM ruleset

     TO DO - WWW page:

  o  Update all PPTP urls from lowrent to
     ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html

  o  Update the PPTP patch on the masq site

  o  Update the portfw FTP patch

     Changes from 1.78 to 1.79 - 10/21/99

  o  Updated the HOWTO name to reflect that it isn't a MINI anymore!

     Changes from 1.77 to 1.78 - 8/24/99

  o  Fixed a typeo in "Section 6.6 - Multiple Internal Networks" where
     the -a policy was ommited.

  o  Deleted the 2.2.x kernel configure option "Drop source routed
     frames" since it is now enabled by default and the kernel compile
     option was removed.

  o  Updated the 2.2.x and all other IPCHAINS sections to notify users
     of the IPCHAINS fragmentation bug.

  o  Updated all the URLs point at Lee Nevo's old IP Masq Applications
     page to Seg's new page.

     Changes from 1.76 to 1.77 - 7/26/99

  o  Fixed a typo in the Port fowarding section that used "ipmasqadm
     ipportfw -C" instead of "ipmasqadm portfw -f"

     Changes from 1.75 to 1.76 - 7/19/99

  o  Updated the "ipfwadm: setsockopt failed: Protocol not available"
     message in the FAQ to be more clear instead of making the user hunt
     for the answer in the Forwarders section.

  o  Fixed incorrect syntax in section 6.7 for IPMASQADM and "portfw"

     Changes from 1.72 to 1.75 - 6/19/99

  o  Fixed the quake module port setup order for the weak IPFWADM &
     IPCHAINS ruleset and the strong IPFWADM ruleset as well.

  o  Added a user report about port forwarding ICQ 4000 directly in and
     using ICQ's default settings WITHOUT enabling the "Non-Sock" proxy
     setup.

  o  Updated the URLs for the IPMASQADM tool

  o  Added references to Taro Fukunaga, tarozax@earthlink.net for his
     MkLinux port of the HOWTO

  o  Updated the blurb about Sonny Parlin's FWCONFIG tool to note new
     IPCHAINS support

  o  Noted that Fred Vile's patch for portfw'ed FTP access is ONLY
     available for the 2.0.x kernels

  o  Updated the 2.2.x kernel step with a few clarifications on the
     Experiemental tag

  o  Added Glen Lamb's name to the credits for the LooseUDP patch

  o  Added a clarification on installing the LooseUDP patch that it
     should use "cat" for non-compressed patches.

  o  Fixed a typo in the IPAUTO FAQ section

  o  I had the DHCP client port numbers reversed for the IPFWADM and
     IPCHAINS rulesets.  The order I had was if your Linux server was a
     DHCP SERVER.

  o  Added explict /sbin path to all weak and strong ruleset examples.

  o  Made some clarifications in the strong IPFWADM section regarding
     Dynamic IP addresses for PPP and DHCP users.  I also noted that the
     strong rulesets should be re-run when PPP comes up or when a DHCP
     lease is renewed.

  o  Added reference in the 2.2.x requirements, updated the ICQ FAQ
     section, and added Andrew Deryabin to credits section for his ICQ
     MASQ module.

  o  Added some clarifcation in the FAQ section why the 2.1.x and 2.2.x
     kernels went to IPCHAINS.

  o  Added a little FAQ section on Microsoft File/Print/Domain services
     (Samba) through a MASQ server.  I also added a URL to a Microsoft
     Knowledge base document for more details.

  o  Added clarification in the FAQ section that NO Debian distribution
     supports IP masq out of the box.

  o  Updated the supported MASQ distributions in the FAQ section.

  o  Added to the Aliased NIC section of the FAQ that you CANNOT masq
     out of an aliased interface.

  o  Wow.. never caught this before but the "ppp-ip" variable in the
     strong ruleset section is an invalid variable name!  It has been
     renamed to "ppp_ip"

  o  In both the IPFWADM and IPCHAINS simple ruleset setup areas, I had
     a commented out section on enabling DHCP traffic.  Problem is, it
     was below the final reject line!  Doh!  I moved both up a section.

  o  In the simple IPCHAINS setup, the #ed out line for DHCP users, I
     was using the IPFWADM "-W" command instead of IPCHAINS's "-i"
     parameter.

  o  Added a little blurb to the Forwarders section the resolution to
     the famous "ipfwadm: setsockopt failed: Protocol not available"
     error.  This also includes a little /proc test to let people
     confirm if IPPORTFW is enabled in the kernel.  I also added this
     error to a FAQ section for simple searching.

  o  Added a Strong IPCHAINS ruleset to the HOWTO

  o  Added a FAQ section explaining the "kernel: ip_masq_new(proto=UDP):
     no free ports." error.

  o  Added an example of scripting IPMASQADM PORTFW rules

  o  Updated a few of the Linux Documentation Project (LDP) URLs

  o  Added Quake III support in the module loading sections of all the
     rc.firewall rulesets.

  o  Fixed the IPMASQADM forwards for ICQ

  o  1.72 - 4/14/99 - Dranch:  Added a large list of Windows NAT/Proxy
     alternatives with rough pricing and URLs to the FAQ.

  o  1.71 - 4/13/99 - Dranch:  Added IPCHAINS setups for multiple
     internal MASQed networks.  Changed the ICQ setup to use ICQ's
     default 60 second timeout and change IPFWADM/IPCHAINS timeout to
     160 seconds.  Updated the MASQ and MASQ-DEV email list and archive
     subscription instructions.

  o  1.70 - 3/30/99 - Dranch: Added two new FAQ sections that cover
     SMTP/POP-3 timeout problems and how to masquerade multiple internal
     networks out different external IP addresses with IPROUTE2.

  o  1.65 - 3/29/99 - Dranch: Typo fixes, clarifications of required
     2.2.x kernel options, added dynamic PPP IP address support to the
     strong firewall section, additional quake II module ports, noted
     that the LooseUDP patch is built into later 2.2.x kernels and its
     from Glenn Lamb and not Dan Kegel, added more game info in the
     compatibility section.

  o  1.62 - Dranch:  Make the final first-draft changes to the doc and
     now announce it the the MASQ email list.

  o  1.61 - Dranch:  Make editorial changes, cleaned things up and fixed
     some errors in the Windows95 and NT setups.

  o  1.58 - Dranch:  Addition of the port forwarding sections; LooseUDP
     setup; Ident servers for IRC users, how to read firewall logs,
     deleted the CuSeeme Mini-HOWTO since it is rarely used.

  o  1.55 - Dranch: Complete overhaul, feature and FAQ addition, and
     editing sweep of the v1.50 HOWTO.  Completed the 2.2.x kernel and
     IPCHAINS configurations.  Did a conversion from IPAUTOFW to
     IPPORTFW for the examples that applied.  Added many URLs to various
     other documentation and utility sites.  There are so many changes..
     I hope everyone likes it.  Final publishing of this new rev of the
     HOWTO to the LDP project won't happen until the doc is looked over
     and approved by the IP MASQ email list (then v2.00).

  o  1.50 - Ambrose: A serious update to the HOWTO and the initial
     addition of the 2.2.0 and IPCHAINS configurations.

  o  1.20 - Ambrose: One of the more recent HOWTO versions that solely
     dealt with < 2.0.x kernels and IPFWADM.

