NET-3-HOWTO, Linux Networking. Ͻ : 1997 7 12 (2/3 з) : Terry Dawson, VK2KTJ, terry@perf.no.itg.telstra.com.au : , sudoer@nownuri.net vandal@danjae.skku.ac.kr Linux NET-3-HOWTO, Linux Networking. Terry Dawson, VK2KTJ, terry@perf.no.itg.telstra.com.au v1.0, 22 February 1997 ۷ ý κ scratch ۼ Ŀα Ʈ ŷ ڶ . ֱ Ŀο ԵǾ ִ tcp/ip implementa tion ؼ װ ġִ ش. Ʈŷ Ʈ, õ ġ ϴµ ǥ ΰִ. 1. ޶ . Additions: lots of things. Corrections/Updates: everything. 2. Ұ NET-FAQ ťƮ Ʈ ۵DZ Matt Welsh Ʈŷ õǾ Ÿ 鿡 ϱؼ ۼǾ. װ ʱ Ʈŷ Ŀο κ ٷ ִ. net-2-howto net-faq ̾ ̸, LDP howt o ϳ, Ʈŷ Ʈ 2, Ŀ 3 Ҹ ͵鿡 밡 ϰ ִ. ٽ net-2-howto ̾ ̸ ̰ 3 Ʈŷ Ŀΰ 谡 ִ. ʱ װ  ũⰡ ô Ŀ. ̷ ذϱ Ư Ʈŷ ٷ howto ܳ Ǿ. 谡 Ǵ κп ׵ ͸ ϸ, ٸ ٷ ʴ ٷ ̴. 2.1 Feedback feedback ġ ִ ׻ Ѵ.  feedback̳ e-mail ֱ ٶ. . 3.  ΰ(net-3-howto-howto?). Ͱ 繵 ٸ. ĥ ִ Ŀٶ ͵ պκп, κ Ư κ ϱ ؼ ݵ ˾Ƶξ Ϲ ͵ ֵ ٽ ׷ Ҵ. Read the generic sections κ , ߿ κп Ǹ, ϱ ؼ ſ ߿ ͵̴. Consider your network ڽ Ʈũ  Ǿ ִ°(Ǵ  ɰΰ) ˾ƾϸ Ȯ  ϵ  ΰ ˰ ־ Ѵ. Read the technology specific sections related to your requirements ϴ ˰, Ʈ ִ. κ Ư ׸ ٷ. Do the configuration work ڽ Ʈũ ϵ ؾ ϸ, ߻ϴ ؾ Ѵ. Look for further help if needed ذῡ ʴ ߻Ͽٸ, , Ǵ ׸ Ʈؾ ϴ κ оƶ. Have fun! Ʈŷ̶ ſ ִ ̴. װ ܶ~! 4. General Information about Linux Networking. 4.1 Ʈŷ Ŀ . ̹ ִ implementation ŭ̳ ϴ ο tcp/ip Ŀ implementation Ѵٴ ƴϾ. ִ implementation ϳ ʱ ϴ U.S.L ѵ īǶƮ ؼ ϴ implementat ion Ȯ , Ǵ ̹ ִ°ͺ ο ̷. Ŀ Ʈũ ڵ ̲ ڿڴ Ross Brio. . Ross ϰ ҿϳ ſ implementati on ƾ µ ̰ WD-8003 Ʈũ ̽ ī ̴ ̹ ϵǾ. ̰ Ʈ ׽ð ϱ⿡ ,  ڽ ӽ  ͳݻ ÷⵵ Ͽ. ̷ Ʈŷ ϰ ִ ü з Ͼ, ᱹ Ross ־ Ұ з° ġϴ ȸ Ͽ Ross ڸ . ︸ ϻ ȯӿ Ʈ ϰ 𰡸 å ޾Ƶ̴ ۾ ˸Ű Ǿ, ҷ ڸ ִ. Orest Zborowski BSD α׷ ̽ ´. ̰ ̹ ִ Ʈũ α׷ Ҽ ְ ν Ŀٶ ̷´. ̶ ٸ 򰡿 Laurence Culhane SILP ϱ ̹ ´. ̰ Ʈŷ \ Ҽ ο Ʈŷ Ʈ Ҽ ֵ ־.  Ʈ ͳ µ ϱ⵵ Ͽ. ̰ Ʈũ Եȴٸ ɼִ ɼ ְ Ͽ, Ʈ ŷ Ʈ ϰ ϴ ڼ þ ߴ. Ʈŷ ϴµ ѻ ٷ Fred Van Kempen̾ . . Ross ڷμ ġ Ȯ ⰣĿ Fred ð Ͽ ޾Ƶ鿴. Fred Ʈŷ Ʈ ̲ ⿡ ߽ ȹ ־, ̷ . Fred 'NET-2' Ŀ ڵ Ҹ Ϸ Ʈŷ ڵ带 ´µ(Ros s Ϳ 'NET'), ̰ ϰ ̿Ҽ ־. Fred  ȿ ־µ, ̳ ̽ ̽, Ƹ߾ AX.25 , ε Ʈŷ implementation װ͵̴. Fred NET-2 ڵ ڵ鿡 Ǿ, Ʈ Ѵٴ ؼ þ. ñ Ʈŷ Ʈ Ĵٵ Ŀ ο ġ Ұ,  Ե ʾҴ. net -faq ̾ net-2-howto ͵ ϵ ν Ѵ. Fred Ĵٵ Ʈũ implementation ű ߿ ־ ̰ ð ɸ ̾. ڵ ϰ ϰ 80% ڸ ų ִ ϸ γ Ҿ Ross ڷμ Fred з ܳ. Alan Cox ̷ Ȳ Ÿϱ ذå ߴ. ״ Fred net-2 ڵ带 ϰ γɾ Ű, зκ Fred ִµ ڽ ۾ Ҽ ְ ־. Alan `Net-2D(ebugged)' Ҹ ڽ ù° Ʈŷ ڵ带 Ű ̷ ϵ س . ڵ ȯӿ ϰ ڵ ϰ ־. Alan Ȯ Ʈ ִ ڽŸ ־, NET-2 ڵ ǵ . ű⿡ Ʈŷ ȸӿ δٸ ΰ ׷ µ, ϳ 'ϴ ϰ , ڿ ' ö ־, ٸ ϳ 'ƿ ó ' ö ־ . Linus ᱹ 縦 ϰ, Alan ¿ ǥϸ, ڵ带 Ĵٵ Ŀ Խ״. ̰ Fred . ӵǴ ߵ ڵ带 ϰ ׽ Ұ Ǹ, ǹߴ. Fred ª Ⱓ ϴ ᱹ ϰ , Alan Ʈŷ Ŀ ο Ǿ. Donald Becker Ʈũ ο ڽ 巯 ̴ ̹ س´. Ŀο  ̴ ̹ Donald ߵȰ ̴. ߿ ٸ 鵵 Donald dz Ư ̾ Ѵ. Alan 󸶵 ؼ NET-2-Debugged ڵ带 'TODO' Ʈ 巹 ä ִ . Ŀ 1.3.* ̻ 巯 Ŀ Ʈŷ ڵ ̵Ǵ NET-3 . Alan Ʈŷ ڵ ٸ 鿡 ۾ س Ʈŷ Ŀ´Ƽ ִ ޾ ⿡ ڵ带 . Alan ̳ Ʈũ ̽ ǥ AX.25 ׸ IPX implemenatation ´. Alan ؼ ڵ带 ֹŷȰ(? ^^;) ¿ ̸ . PPP Michel Callahan Al Longyear ؼ ߰Ǿµ ̰ ũŷ ϴ ġ ̾. Jonathon Naylor Alan AX.25 ڵ忡 NetRom ߰ν Ŀٶ ߴ. AX>25/NetRom ߿ ѵ ٸ  ü ̸ ǥ ̴. Ʈŷ Ʈ ߿ ܿ ִ. ̵ Ưκп ġ ɰ̴. ٸ , ̹, , , ׽Ʈ Ʈ, ׸  ߴ. ͵ ߿ ߴٰ ׵ Ҽִ ͵ ߴ. Ŀ Ʈŷ ڵ Ÿ Ǹ ȴ. װ ʾҴٸ, غ ϶. װ ʾҴ. 4.2 Ʈŷ ٸ 𿡼 ΰ? Ʈŷ Ͽ ִ  Ұ ִ. Ŀ Ʈŷ ڵ ̳ Alan Cox Ʈŷ ׸ ߵǴ ͵ ϴ www ϰ ִ. . ٸ Ҵ Olaf Kirch Network Administration Guide å̴. Linux Document Project ۾̸ ̰ Network Administration Guide HTML ִ. ׷ the sunsite.unc.edu LDP ftp archive پ Ȱ Ҽ . Olaf Kirch å ϱⰡ 󿡼 Ʈũ Ѵ. Ʈŷ õ о߿ ϴ ׷쵵 ִ. comp.os.linux.networking Ʈŷ Ҽִ Ҽ ִ ϸ Ʈ ִ. ϱ ؼ : To: majordomo@vger.rutgers.edu Subject: anything at all Message: subscribe linux-net IRC Ʈũ 󿡴 ä #linux ⿡ Ʈŷ ִ.  Ҷ õ ؾ ϴ° ض. Ư ڽ ϴ Ʈ ؾ ϴ Ư Ŀ , pppd dip , ׸ Ư Ȯ ؾ Ѵ. ̰ ɰ Ÿ ޽ Ȯ ؾ ǹѴ. 4.3 𿡼 ѵ Ʈũ ִ°? tcp/ip Ʈŷ ⺻ н ģ¶ ã Ѵ. tcp/ip introduction this document comes as both a text version and a postscript version . tcp/ip administration this document comes as both a text version and a postscript version . tcp/ip ˰ ڶ õ Ѵ. "Internetworking with TCP/IP" by Douglas E. Comer ISBN 0-13-474321-0 Prentice Hall publications. н ȣȯ ȯ濡 Ʈũ ø̼ ۼ ʹٸ, õѴ. "Internetworking with TCP/IP" by Douglas E. Comer ISBN 0-13-474321-0 Prentice Hall publications. comp.protocols.tcp-ip ִ. ͳݰ tcp-ip suite õ Ư ߿ ҽϳ ٷ RFCs̴. RFC 'Request For Comment' Ӹ̸, ͳ ǥ ϰ ť ϴ ǥ ̴. RFC ϰ ִ° ִ. Ʈ κ FTP Ʈ̸ Ư Ű RFC ͺ̽ ˻Ҽ ְ ѳ www Ʈ ִ. RFC ҽ ϳ ִ. 5. Ϲ Ʈũ õ . κе ڽ Ʈũ ϱ ˰ ʿ䰡 ִ ͵̴. ̵ ġϷ Ʈũ Ȯ Ư Ǵ ⺻ ̴. 5.1. Ϸ ʿѰ? Ʈũ ġϰ ϱ ʿ  ִ. ߿Ѱ ͵̴. 5.1.1. Ŀ ҽ ϰ ִ Ŀ ϰ ;ϴ Ʈũ Ÿ ̳ ī ֱ⶧ ɼ Ŀ ٽ ϱ ؼ Ŀ ҽ ʿϴ. ftp.funet.fi ֽŹ Ŀ ҽ ִ. Ŀ ҼҴ /usr/src/linux 丮 tar̹ Ǯ Ѵ. ġ ϰ Ŀ ΰ ˱ ؼ kernel- howto о Ѵ. kernel-module ˰ʹٸ module-howto о Ѵ. Ư ʴ ǥ Ŀ ( ѹ ι dig it ¦ Ȱ) ϱ ٶ. Ŀ(ι° digit Ȧ ) ýۻ ٸ Ʈ ų ִ ü ٸ ȭ ִ. ׷ ذҼ ִٰ Ȯ ʴ, Ʈ ó Ȯ װ . 5.1.2. Ʈũ . Ʈũ Ʈũ ̽ ϱ ϴ ׷̴. ̷ ̽ ּҸ Ҵϰ ְų Ʈ Ҽ ְ ش. κ ֽ Ʈũ Բ ǹǷ, νϰ, Ʈũ ν ʾҴٸ ̰ ؾ Ѵ. ġ ʾҴٸ ҽ شٰ ؾ ʿ䰡 ִ. ̰ ״ ʴ. Ʈũ Bernd Eckenfels Ǹ, ftp.inka.de ִ. and are ̷Ǿ ִ. . ϰ ϴ Ŀ ؾ ϶. ׸ ν Ϸ Ű ø . ̱ ۼϴ νϰ ϰ Ѵٸ ؾѴ. # # cd /usr/src # tar xvfz net-tools-1.32-alpha.tar.gz # cd net-tools-1.32-alpha # make config # make # make install # ߰, ̾ ϰ, IP ӽĿ̵带 ϰ ʹٸ ipfwadm ־ Ѵ. װ ֱٹ ftp.xos.nl Ҽִ. ., װ Ҽִ Ƿ, Ŀΰ ϵ ؾ . ۼϴ ñ ġϰ Ϸ, ϶. # # cd /usr/src # tar xvfz ipfwadm-2.3.0.tar.gz # cd ipfwadm-2.3.0 # make # make install # 5.1.3. Ʈũ α׷ Ʈũ α׷̶ telnet, ftp α׷ α Ѵ. David Holland ̵ α׷ κ ϰ ִ. ftp.linux.uk.org װ Ҽ ִ. . ۼϴ ñ ġ, Ϸ ϶. # # cd /usr/src # tar xvfz /pub/net/NetKit-B-0.08.tar.gz # cd NetKit-B-0.08 # more README # vi MCONFIG # make # make install # 5.1.4 Addresses. ͳ 巹 4 Ʈ ̷. ̰Ϳ Ǵ Ҹ 'dotted decimal notation'̶ Ҹ ÷ ϴ ̴. ̷ for m Ʈ 0 ƴ ̻󿡴 0 (0~255) 10 ȯǸ, Ʈ '.' ڷ иǾ . װ ȣƮ ̽ IP 巹 . ȯ ӿ ӽŻ Ʈ Ͽ IP 巹 ϴ չ ̽ ڽŸ ּҸ ⸶̴. ͳ Ʈũ ִ IP 巹 ̴. Ʈ ũ 巹  (digit) 巹 ϰ ִ. Ʈũ 巹 κ 'network portion'̶ . 'network portion' κ 'host portion'̶ Ҹ . Ʈũ 巹 Ǵ bit netmask Ҹµ, 巹 װ Ʈũ ϴ, ʴ netmask ̴. 캸. ----------------- --------------- Host Address 192.168.110.23 Network Mask 255.255.255.0 Network Portion 192.168.110. Host portion .23 ----------------- --------------- Network Address 192.168.110.0 Broadcast Address 192.168.110.255 ----------------- --------------- netmask 'bitwise anded' 巹 ڽ Ʈũ 巹 ϰ ɰ̴. ׷Ƿ Ʈũ 巹 ߿ 巹 ׻ network address Ǵ°̴. ׻ 0 ڵ 'host portion' ȴ. εijƮ 巹 ڽ Ư 巹 Ͽ Ʈũ ȣƮ Ư 巹̴. 巹 Ʈũ ȣƮ ÿ Բ Ҷ ͱ׷ 巹̴. 'εijƮ ̾ ϴ°' Ǵ Ǵ ΰ ǥػ ִ. θ ޾Ƶ鿩 ִ° ش Ʈũ ϴ 巹 εijƮ 巹 ϴ ̴. 192.168.110.255 ȴ. ٸ Ʈ  Ʈũ εijƮ 巹 ϴ äߴ. ϴ° ϴ° Ʈũ ȣƮ εijƮ 巹 Ǿ ִ° ݵ Ȯؾ Ѵ. IP ʱ ׷ 巹 Ʈũ Ǿ, ̷ Ʈũ 'class' Ҹ ׷ȭǾ. Ŭ ҴҼ ִ ǥ Ʈũ ش. Ҵ . ---------------------------------------------------------- | Network | Netmask | Network Addresses | | Class | | | ---------------------------------------------------------- | A | 255.0.0.0 | 0.0.0.0 - 127.255.255.255 | | B | 255.255.0.0 | 128.0.0.0 - 191.255.255.255 | | C | 255.255.255.0 | 192.0.0.0 - 223.255.255.255 | |Multicast| 240.0.0.0 | 224.0.0.0 - 239.255.255.255 | ----------------------------------------------------------  巹 ؾ ϴ° Ȯ ؾ ΰ ޶. ʿ 巹 ؼ ؼ ؾ Ѵ. IP Ʈũ ӽ ġѴ. IP Ʈũ ӽ ġϰ Ѵٸ Ʈũ ڿ Ͽ Ѵ. o Host IP Address o IP network address o IP broadcast address o IP netmask o Router address o Domain Name Server Address ׷ Ʈũ ̽ λ Ѵ. ̰ ʰ ϸ Ҽ . ͳݿ ʴ ο Ʈũ ͳݿ Ʈũ ٸ ƹ 巹 Ҽ ִ. ׷ ϰ Ư Ǿִ IP 巹 ִ. ̰ RFC1597 õǾ ִ. ----------------------------------------------------------- | RESERVED PRIVATE NETWORK ALLOCATIONS | ----------------------------------------------------------- | Network | Netmask | Network Addresses | | Class | | | ----------------------------------------------------------- | A | 255.0.0.0 | 10.0.0.0 - 10.255.255.255 | | B | 255.255.0.0 | 172.16.0.0 - 172.31.255.255 | | C | 255.255.255.0 | 192.168.0.0 - 192.168.255.255 | ----------------------------------------------------------- 켱 Ʈũ ũ⸦ ѵ ϴ ŭ 巹 ؾ Ѵ. 5.2. ־ ϴ°? ý Ʈ ν δٵ ٹ  ִ. Ŀ ڿ װ ׻ 'init'̶ α׷ Ѵ. init /etc/inittab ̶ а Ʈ Ѵ. init  ٸ Ư(fla vours) , ̷ پ缺 ӽ پ缺 ū ȴ. /etc/inittab Ʈ ϰ ִ. si::sysinit:/etc/init.d/boot Ʈ ϴ shell ũƮ ̸ Ѵ. MS-DOS autoexec.bat ϰ ټ ϴ. Ʈ ũƮ ȣǴ ٸ ũƮ Ʈũ ̵ ȴ. ̺ ý ̵ 𸣰ڴ. ------------------------------------------------------------------------ |Interface Config/Routing |Server Initialisation ------------------------------------------------------------------------ |/etc/init.d/network |/etc/init.d/netbase | |/etc/init.d/netstd_init | |/etc/init.d/netstd_nfs | |/etc/init.d/netstd_misc ------------------------------------------------------------------------ |/etc/rc.d/rc.inet1 |/etc/rc.d/rc.inet2 ------------------------------------------------------------------------ |/etc/sysconfig/network-scripts/ifup-|/etc/rc.d/init.d/network ------------------------------------------------------------------------ < Debian, Slackware, RedHat> 밳 Ǵ Ʈũ ̽ Ҽ ִ α׷ ϰ ִ. ̰ ִٸ õϱ ϴ ִ ˾ƺ Ѵ. ----------------------------------------- Distrib | Network configuration program ----------------------------------------- RedHat | /sbin/netcfg Slackware | /sbin/netconfig ----------------------------------------- 5.3. Ʈũ ̽ н ýۿ Ʈũ ̽ /dev 丮 δ. ׷ ׷ ʴ. Ʈũ ̽ Ʈ ǹǷ ̽ ʿ䰡 . 밳 Ʈũ ̽ ʱȭϴ ̽ ̹ ڵ ϵ ġѴ. ̴ ̽ ̹ eth[0...n] ̽ ̴ ϵ ġŲ. ù° ߰ߵǴ ̴ ī eth0 ι° ̴ ī eth1 ȴ. ׷ , slip Ǵ ppp , Ʈũ ̽ α ۿ . ̽ ̸ ̴° ̽ ýÿ ڵ ʴ´. ̷ ̹ ޸ Ȱȭ slip, ppp ̽ ӽ ۵ð ſ پϰ ޶ ̴. ̷ κп ڼ ٷ ̴. 5.4. Ʈũ ̽ . ʿ α׷ Ʈũ 巹, Ʈũ Ʈũ ̽ ִ. Ʈũ ̽ Ҷ 츮 Ʈũ ̽ ּ Ҵ ٸ ȯ ÿ ̾߱⸦ ϴ°̴. ̸ θ Ǵ ifconfig(interface configure)̴. Ʒ ̴. # ifconfig eth0 192.168.0.1 netmask 255.255.255.0 up 'eth0' ̴ ̽ IP 巹 '192.168.0.1' netmask 255.255.255.0 ϴ ̴. ɾ κ 'up' ̽ Ȱ ȭ ɰ ϰ ִ. Ŀ ̽ Ҷ  Ʈ Ѵ. Ʈũ 巹 εijƮ 巹 , ó ´ٸ Ŀ IP 巹 Ŭ ٰ ո ̴. Ŀ ̽ Ŭ-C Ʈũ ȴٰ ϰ Ʈũ 巹 '192.168.0.0', εijƮ 巹 '192.168.0.255' Ѵ. ifconfig ɿ ٸ ɼ ִ. ߿ ̴. up ̽ ȰȭŲ. down ̽ ȰȭŲ. -arp ̽ 󿡼 address resolution protocol 밡ϰ, Ұϰ Ѵ. -allmulti ̽ 󿡼 promiscuous 带 /Ұϰ Ѵ. Promoscu ous ش ̽ Ŷ̶ ޾Ƶϼ ֵ ϴ 带 Ѵ. ̰ tcpdump ٸ Ŷ Ǫ α׷ ſ ߿ϴ. mtu N ̽ MTU Ҽ ְ ش. netmask addr ̽ ϴ Ʈũ netmask ϰ ش. irq addr Ķʹ Ư Ÿ ϵ ϳ, ̽ IRQ Ҽ ְ ش. -broadcast addr Ķʹ εijƮ 巹 ͱ׷ ϰ ϰų, Ȥ ͱ׷ Ұϰ Ѵ. -pointopoint addr Ķʹ slip, ppp point to point ũ ݴ볡 ִ ּҸ ϵ ش. hw Ķʹ Ʈũ ̽ Ư Ÿ ϵ 巹 ϵ ش. ̴ݿ ״ AX.25 ٸ Ÿ Ʈũ ϴ. ifconfig Ʈũ ̽ Ҽ ̴. pppd, dip α׷ Ʈũ ̽ 鶧 ڵ ϹǷ ifconfig ɻ ʿ ʴ. 5.5. ؼ(Name Resolver) . 'Name Resolver' ǥ ̺귯 Ϻ̴. ̰ ū 'ftp.funet.fi' ΰ ģ ȣƮ 128.214.248.6 ó ӽſ ģ IP 巹 ȯϴ 񽺸 ϴ ̴. 5.5.1. ̸ ֳ? ͳ ȣƮ ͼϳ, װ  Ǵ 𸥴. ͳ , ٽ ؼ Ʈ ´. 'domain'̶ ϴ° Ǵ ׷ ̸̴. 'domain' 'subdomain' ִ. 'toplevel' 굵 ƴ ǹѴ. Top Level Domain RFC920 õǾ ִ.  TOP LEVEL ̴. COM Commercial Organisations() EDU Educational Organisations() GOV Government Organisations(α) MIL Millitary Organisations() ORG Other organisations(ٸ) Country Designator these are two letters codes that represent a particular country. (Ư Ÿ α ڵ. : ѹα -> kr) top level 굵 ִ. ̸ top level com, edu, gov, mil, org ο 굵 ȴ. ν, Ʈϸ Ǵ α Ÿ com.au, gov.au . '.us' ڵ带 ϰ, top level ʴ ̱ Ÿ ȴ. ̸ Ÿ ؼ ȴ. ſ پѵ, ι ٰϰ ȴ. ׷ ̰ Ʈũ ڿ ո ǹְ ؿ ΰ ȴ. κ ׻ ȣƮ ӽſ Ҵ Ư ̸̸ 'ȣƮ '̶ Ҹ. ӿ ȣƮ κ ' '̶ ̰ Ǯ 'Fully Qualified Domain Name'̴. ̸ ȣƮ , 'Fully Qualified Domain Name' 'perf.no. itg.telstra.com.au'̴. ̰ ȣƮ 'perf' γ 'no.itg.t elstra.com.au' ǹѴ. Australia ٰ to p level ο θ ̸ 巹 ϹǷ '.com' ִ. ȸ ̸ 'Telstra'̸ ۸ δµ, ӽ Infomartion Technol ogy Group Network Operation μ Ѵ. 5.5.2. п ʿ . ڽ ȣƮ ο ϰ Ǵ ˾ƾ ʿ䰡 ִ. Name resolver Ʈ 'Domain Name Server' ó ν 񽺸 Ѵ. ׷Ƿ ڽ Ҽ ִ Ӽ IP 巹 ˾ƾ ʿ䰡 ִ. ʿ䰡 ִ 3 ִµ, ̰ ʷ ٷ ڴ. 5.5.3. /etc/resolv.conf /etc/resolv.conf ؼ ڵ带 ̴. ̰ ſ ϴ. ϳ ο ϳ Ű带 ؽƮ ̴. Ǵ Ű 3 ִµ . domain Ű Ѵ. search Ű ȣƮ ã Ҽ ִ γ Ʈ Ѵ. nameserver Ű ٵ, ؼ Ҷ Ǹ IP 巹 ϱ ȴ. /etc/resolv.conf ó δ. domain maths.wu.edu.au search maths.wu.edu.au wu.edu.au nameserver 192.168.10.1 nameserver 192.168.12.1 з (γ ȣƮ) Ʈ γ maths.wu.edu.au ϰ, ȣƮ ο ߰ߵ wu.edu.au ο ãƺ Ѵ. ΰ Ӽ Ʈ Ǵµ, ̵ ؼҶ Ѵ. 5.5.4 /etc/host.conf /etc/host.conf name resolver ڵ ൿ ϴ ̴. 'resolv+' ڼ Ǿ ִ. ȯ濡 Ұ̴. order hosts,bind multi on ؼ⿡, Ӽ ϱ /etc/hosts üũ /etc/hosts Ͽ ߰ߵǴ ù° 巹 Ӹƴ϶ ȿ Ұ ش. 5.5.5 /etc/hosts /etc/hosts ȣƮ Ӱ IP 巹 ִ ̴. Ͽ ȣƮ IP 巹 ʿ䰡 . ϴµ ȣƮ IP 巹 ڽ Ʈ ؾѴٴ ̴. Ǵ ý Ͽ ̴ ȣƮ ̽ ȣƮ Ʈ ̴. # /etc/hosts 127.0.0.1 localhost loopback 192.168.0.1 this.host.name ù° Ʈ ִ ٿͰ ο Ѱ ̻ ȣƮ ִ. ù° Ʈ ̽ ǥ Ʈ ̴. 5.6. ̽ . 'loopback' ̽ ڽſ Ҽ ֵ ִ Ư ̴̽. ̸ ϰ ſ پѵ, Ʈũ ٸ ڸ ʰ Ʈũ Ʈ ׽Ʈϰ .. ȴ. ӿ IP 巹 '127.0.0.1' Ǿ ִ. ׷Ƿ  ӽ ϴ, 127.0.0.1 ڳ Ŀؼ ȣƮ ϰ ȴ. ̽ ϴ° ϸ, и ־ Ѵ. # ifconfig lo 127.0.0.1 # route add -host 127.0.0.1 lo κп 츮 route ɿ ڼ ٷ̴. 5.7. . Ŵ ̴. ̰Ϳ ؼ û ؽƮ ۼϴ ϴ. κ ÿ 䱸 Ұ̳, ׷ ʴ. ⺻׸ ٷ̴. ִٸ ۺκп ִ ۷ ٶ. ǿ Բ . IP ̶ ü ΰ? ϴ ϳ ִ. IP ̶ ȣƮ Ƽ Ʈũ ͱ׷ ̴. ϴ° ڴ. ǽ ͸ غ. װ Ƹ ͳݿ ppp ũ, ũ̼ǿ ϴ  ̴ ׸Ʈ ٸ ǽ ppp ũ ̴. Ʈũ Ŀؼκ Ͱ ͱ׷ , ̶ ͱ׷ Ʈ ΰ Ŀ̴. ȣƮ ʿϸ ͳ ȣƮ ΰ Ʈũ ̽ µ ̸̽ ٸ ϳ ̴ Ȥ PPP, SLIP Ʈũ ̾߱⸦ ϱ ϴ ̴̽. OK, ׷ ̶  ϴ ΰ? ȣƮ ̺ Ҹ Ư Ʈ ִ. ̺ ּ 3 ʵ带 ϴµ, ù° ʵ 巹, ι° ʵ ͱ׷ õ ̽ ̸, ° ɼ Ʈũ ͱ׷ ٸ ӽ 巹 ִ. ̿Ͽ ̺ 캼 ִ. # cat /porc/net/route μ ſ ϴ: ͱ׷ ް, 巹 Ͽ ̺ Ʈ Ѵ. ش 巹 ϴ Ʈ ϰ õ ̽ ͱ׷ Ѵ. Ʈ ʵ尡 ä ִٸ ͱ׷ ̽ ȣƮ Ǹ, ׷ ̽ ϴ Ʈũ ִٰ . ̺ ϱ ؼ Ư Ѵ. Ŀǵ ޾Ƽ Ŀ ̺ Ʈ ߰, , ϵ û ϴ Ŀ ý ݷ ȯѴ. 'route' Ҹ. ִ. ̴ Ʈũ ִٰ غ. 192.168.1.0 巹 class-C Ʈũ . ڽ ϱ 192.168.1.10 ϰ, 192.168.1.1 ͳݿ Ͷ ´. ù° Ѵ ̽ ϴ ̴. Ѵ. # ifconfig eht0 192.168.1.10 netmask 255.255.255.0 up 192.168.1.* ġǴ 巹 ͱ׷ ̴ ̽ ̺ Ʈ ߰ؾ Ѵ. # route add -net 192.168.0.0 netmask 255.255.255.0 eth0 '-net' Ʈ Ʈũ Ʈ route α׷ ˷ ֱ ؼ̴. ⼭ Ҽִ ٸ 'ȣƮ' Ʈε ̰ IP 巹 õǴ route̴. Ʈ ̴ ׸Ʈ ִ ȣƮ Ŀؼ ϰ ش. ڽ ̴ ׸Ʈ ٸ IP ȣƮ  Ǵ°? Ʈũ route ߰ϴ° ̹Ƿ, ۾ ϰ ִ Ư Ʈ ִ. Ʈ 'Ʈ' Ʈ Ҹ. Ʈ Ʈ ġ ϹǷ û 巹 ġϴ 巹 ִٸ Ʈ Ʈ ſ ̰ ȴ. Ʈ Ʈ ̵ " ̰" ϴ° ش. Ʈ ϵ Ͽ. # route add default gw 192.168.1.1 eth0 'gw' Ʈ(Ȥ ӽ) IP ּ, Ǵ route ɿ ˷ش. Ʈ ġϴ ͱ׷ Ʈ̷ Ѵ. ׷, ϼ ϰ̴. # ifconfig eth0 192.168.1.10 netmask 255.255.255.0 up # route add -net 192.168.0.0 netmask 255.255.255.0 eth0 # route add default gw 192.168.1.1 eth0 ڽ Ʈũ 'rc' 캻ٸ ̿ ϰ ̴°  ϳ ߰ϰ ɰ̴. ̰ ſ Ϲ ̴. ణ 캸. ͳ PPP ũ 繫 ũ̼ǿ ׸Ʈ ϴ ͸ Ѵٰ غ. P PP ũ ϳ ̴ ׸Ʈ 3 ͸ Ѵٰ غ . ϰ̴. # route add 192.168.1.0 netmask 255.255.255.0 eth0 # route add 192.168.2.0 netmask 255.255.255.0 eht1 # route add 192.168.3.0 netmask 255.255.255.0 eth2 # route add default ppp0 ũ̼ Ÿͺ ϰ, ʹ Ʈũ Ʈ(route) ʿ䰡 ִ. ũ̼ǿ ־ Ʈ Ŀ Ͱ иؾ ϴ° Ƴ̱ ̴. Ÿ Ʈ Ʈ 'gw' ñ 𸥴. ſ ѵ PPP SLIP ø ũ Ʈũ ܿ Ѵ뾿, δ ȣƮۿ ̴. ũ ݴ볡 ִ ȣƮ Ʈ̷ ϴ ǹϰ ̴. ĸ ٸ ̷ Ÿ Ʈũ Ŀؼǿ Ʈ̸ ʿ䰡 . ̴, ũ(arcnet), ū Ʈ̸ ϴµ ̵ Ʈũ ȣƮ ֱ . 5.7.1 õ α׷ ϴ°? ޵ ± ϳ Ʈũ Ʈ ȴ. Ʈũ ؾ ϴ. ̵ κ 鿡 ̰ ȭŸ ʴ´. ' '̳ ' ' ū ٿ , Ʈ ũ ӽ̳ ũ ͱ׷ ٸ Ѵٸ(ٸ ) ̵ ϰ ؾ Ѵٴ ̴. 翬 ̰ , û糳, ǿ̰, ٶ ̴. Ʈ ũ Ʈ ڵ Ű پ ũ ߵǾµ, ̷ ׷ '̳ '̶ ϰ ִ. Ϲ ̳ ݿ 𸥴. θ ˷ Ƹ RIP(Routing Information Protocol) OSPF(Open Shor test Path First Protocol) ̴. RIP ߰ ü Ʈũ Ʈũ  ȴ. OSPF ̰ ū Ʈ ũ ٷ ɷ ִ. Ʈũ (pat h) ִ ȯ濡 ϴ. ݵ Ϲ 'routed'-RIP, 'gated'-RIP,OSPF ̴. 'routed' α׷ Բ Ǹ, 'NetKit' Ű ԵǾ ִ. ̳  ΰ ϴ , ó ϰ̴. 192.168.1.0 / 192.168.2.0 / 255.255.255.0 255.255.255.0 - - | | | /-----\ /-----\ | | | |ppp0 // ppp0| | | eth0 |---| A |------//---------| B |---| eth0 | | | // | | | | \-----/ \-----/ | | \ ppp1 ppp1 / | - \ / - \ / \ / \ / \ / \ / \ / \ / \ / ppp0\ /ppp1 /-----\ | | | C | | | \-----/ |eth0 | |---------| 192.168.3.0 / 255.255.255.0 A,B,C Ͱ ִ. Class C IP Ʈũ(netmask 255.255.25 5.0) ̴ ׸Ʈ Ѵ. Ϳ ٸ ͷ PPP ũ ִ. Ʈũ ﰢ ̷. A ̺ ó ϰ ϴ. # route add -net 192.168.1.0 netmask 255.255.255.0 eth0 # route add -net 192.168.2.0 netmask 255.255.255.0 ppp0 # route add -net 192.168.3.0 netmask 255.255.255.0 ppp1 ̰ A B ũ ̴. ũ Ʈ A ̴ ׸Ʈ ȣƮ ̴ ׸Ʈ B ִ ȣƮ ϴµ, ͱ׷ A ppp0 ̴. ׵ ׸Ʈ C ȣƮδ Ҽ , C ̴ ׸Ʈ ȣƮ B ̴ ׸Ʈ ȣƮ ̾߱⸦ Ҽִµ, B C ũ ʰ ֱ ̴. , A C Ҽ ְ, C B Ҽ ִٸ ° A C B C Ͽ ͱ׷ B ʴ°? ̷ ٷ RIP ̳ ذϵ ׷ ̴. A, B, C Ͱ  , ũ ϳ ٸ ̺ ο Ʈũ Ȳ ݿϿ ڵ ɰ̴. ̷ Ʈ ũ ϴ ϸ, Ϳ ΰ ָ ȴ. A Ͽ, # route add -net 192.168.1.0 netmask 255.255.255.0 eth0 # /usr/sbin/routed 'routed' Ҷ ڵ Ȱȭ Ʈũ Ʈ ã ȣƮ ̺ ϰ Ʈ ֵ Ʈ ũ ̽ ޼ ´. ̰ ̳ ִ ̴. ڼ Ѵٸ ùκп õ ٶ. ̳ ÿ Ͽ ߿ .. 1. ӽ پ Ʈ ̳ ʿ䰡 ִ. 2. ̳ Ʈũ ȭ Ͽ ڵ ̴. 3. RIP Ǵ ߰ Ʈũ ϴ. 5.8. Ʈũ . Ʈũ 񽺴 ڰ ӽ Ҽְ ϱ α׷̴. ڴ ӽ, α׷ Ǵ Ʈũ Ŀؼ Ͽ ش Ʈ Ŀؼ ޾Ƶ Ѵ. Ʈũ ϴ ΰ ִ. standalone Ʈũ Ʈũ Ʈ ޼ Ŀ ؼ Ǿ Ʈũ Ŀؼ ϰ 񽺸 Ѵ. slave to the inetd server inetd Ŀؼ ϴ Ư Ʈũ α׷̴. tcp Ȥ udp Ʈ Ư , α׷ Ǿ ϴ° ִ ִ. Ʈ ٸ Ͽ Ǿ ̿ ؼ ̾߱ Ұ̴. ؾߵ ΰ ߿ ִ. Ʈѹ Ҵϴ /etc/services ϰ inetd Ʈũ /etc/inetd.conf ̴. 5.8.1. /etc/services /etc/services ΰ ģ Ӱ 迡 ģ Ʈѹ ִ ͺ̽ ̴. ̰ ſ ϴ. ͺ̽ Ʈ Ÿ ؽƮ ̴. Ʈ  ̽(tab Ǵ space) ʵ ִ. ʵ Ʒ . name port/protocol aliases #comment name Ǵ 񽺸 Ÿ ̴ܾ. port/protocol ʵ ΰ ʵ . port 񽺰 Ʈѹ ϴ ̴. ϴ 񽺿 Ҵ ѹ ִ. ̵ RFC-1340 ִ. protocol ʵ tcp udp õȴ. 18/tcp 18/udp Ʈ ٸ ϸ, 񽺰 ΰ ؾ ϴ Ƶδ° ߿ϴ. Ϲ θ ְ, Ư tcp, udp ϴٸ ο Ʈ ̴. aliases Ʈ Ÿ Ǵ ٸ ̸ '#' ڿ Ÿ ؽƮ õǸ ּ ֵȴ. 5.8.1.1. /etc/services . Ǹ /etc/services Ѵ. ο ӽ Ҷ, ϴ /etc/services ִ. # /etc/services: # $Id: services,v 1.3 1996/05/06 21:42:37 tobias Exp $ # # Network services, Internet style # # Note that it is presently the policy of IANA to assign a single well-kn own # port number for both TCP and UDP; hence, most entries here have two ent ries # even if the protocol doesn't support UDP operations. # Updated from RFC 1340, ``Assigned Numbers'' (July 1992). Not all ports # are included, only the more common ones. tcpmux 1/tcp # TCP port service multip lexer echo 7/tcp echo 7/udp discard 9/tcp sink null discard 9/udp sink null systat 11/tcp users daytime 13/tcp daytime 13/udp netstat 15/tcp qotd 17/tcp quote msp 18/tcp # message send protocol msp 18/udp # message send protocol chargen 19/tcp ttytst source chargen 19/udp ttytst source ftp-data 20/tcp ftp 21/tcp ssh 22/tcp # SSH Remote Login Protoc ol ssh 22/udp # SSH Remote Login Protoc ol telnet 23/tcp # 24 - private smtp 25/tcp mail # 26 - unassigned time 37/tcp timserver time 37/udp timserver rlp 39/udp resource # resource location nameserver 42/tcp name # IEN 116 whois 43/tcp nicname re-mail-ck 50/tcp # Remote Mail Checking Pr otocol re-mail-ck 50/udp # Remote Mail Checking Pr otocol domain 53/tcp nameserver # name-domain server domain 53/udp nameserver mtp 57/tcp # deprecated bootps 67/tcp # BOOTP server bootps 67/udp bootpc 68/tcp # BOOTP client bootpc 68/udp tftp 69/udp gopher 70/tcp # Internet Gopher gopher 70/udp rje 77/tcp netrjs finger 79/tcp www 80/tcp http # WorldWideWeb HTTP www 80/udp # HyperText Transfer Prot ocol link 87/tcp ttylink kerberos 88/tcp kerberos5 krb5 # Kerberos v5 kerberos 88/udp kerberos5 krb5 # Kerberos v5 supdup 95/tcp # 100 - reserved hostnames 101/tcp hostname # usually from sri-nic iso-tsap 102/tcp tsap # part of ISODE. csnet-ns 105/tcp cso-ns # also used by CSO name s erver csnet-ns 105/udp cso-ns rtelnet 107/tcp # Remote Telnet rtelnet 107/udp pop-2 109/tcp postoffice # POP version 2 pop-2 109/udp pop-3 110/tcp # POP version 3 pop-3 110/udp sunrpc 111/tcp portmapper # RPC 4.0 portmapper TCP sunrpc 111/udp portmapper # RPC 4.0 portmapper UDP auth 113/tcp authentication tap ident sftp 115/tcp uucp-path 117/tcp nntp 119/tcp readnews untp # USENET News Transfer Pr otocol ntp 123/tcp ntp 123/udp # Network Time Protocol netbios-ns 137/tcp # NETBIOS Name Service netbios-ns 137/udp netbios-dgm 138/tcp # NETBIOS Datagram Servic e netbios-dgm 138/udp netbios-ssn 139/tcp # NETBIOS session service netbios-ssn 139/udp imap2 143/tcp # Interim Mail Access Pro to v2 imap2 143/udp snmp 161/udp # Simple Net Mgmt Proto snmp-trap 162/udp snmptrap # Traps for SNMP cmip-man 163/tcp # ISO mgmt over IP (CMOT) cmip-man 163/udp cmip-agent 164/tcp cmip-agent 164/udp xdmcp 177/tcp # X Display Mgr. Control Proto xdmcp 177/udp nextstep 178/tcp NeXTStep NextStep # NeXTStep window nextstep 178/udp NeXTStep NextStep # server bgp 179/tcp # Border Gateway Proto. bgp 179/udp prospero 191/tcp # Cliff Neuman's Prospero prospero 191/udp irc 194/tcp # Internet Relay Chat irc 194/udp smux 199/tcp # SNMP Unix Multiplexer smux 199/udp at-rtmp 201/tcp # AppleTalk routing at-rtmp 201/udp at-nbp 202/tcp # AppleTalk name binding at-nbp 202/udp at-echo 204/tcp # AppleTalk echo at-echo 204/udp at-zis 206/tcp # AppleTalk zone informat ion at-zis 206/udp z3950 210/tcp wais # NISO Z39.50 database z3950 210/udp wais ipx 213/tcp # IPX ipx 213/udp imap3 220/tcp # Interactive Mail Access imap3 220/udp # Protocol v3 ulistserv 372/tcp # UNIX Listserv ulistserv 372/udp # # UNIX specific services # exec 512/tcp biff 512/udp comsat login 513/tcp who 513/udp whod shell 514/tcp cmd # no passwords used syslog 514/udp printer 515/tcp spooler # line printer spooler talk 517/udp ntalk 518/udp route 520/udp router routed # RIP timed 525/udp timeserver tempo 526/tcp newdate courier 530/tcp rpc conference 531/tcp chat netnews 532/tcp readnews netwall 533/udp # -for emergency broadcas ts uucp 540/tcp uucpd # uucp daemon remotefs 556/tcp rfs_server rfs # Brunhoff remote filesys tem klogin 543/tcp # Kerberized `rlogin' (v 5) kshell 544/tcp krcmd # Kerberized `rsh' (v5) kerberos-adm 749/tcp # Kerberos `kadmin' (v5) # webster 765/tcp # Network dictionary webster 765/udp # # From ``Assigned Numbers'': # #> The Registered Ports are not controlled by the IANA and on most system s #> can be used by ordinary user processes or programs executed by ordinar y #> users. # #> Ports are used in the TCP [45,106] to name the ends of logical #> connections which carry long term conversations. For the purpose of #> providing services to unknown callers, a service contact port is #> defined. This list specifies the port used by the server process as i ts #> contact port. While the IANA can not control uses of these ports it #> does register or list uses of these ports as a convienence to the #> community. # ingreslock 1524/tcp ingreslock 1524/udp prospero-np 1525/tcp # Prospero non-privileged prospero-np 1525/udp rfe 5002/tcp # Radio Free Ethernet rfe 5002/udp # Actually uses UDP only bbs 7000/tcp # BBS service # # # Kerberos (Project Athena/MIT) services # Note that these are for Kerberos v4, and are unofficial. Sites running # v4 should uncomment these and comment out the v5 entries above. # kerberos4 750/udp kdc # Kerberos (server) udp kerberos4 750/tcp kdc # Kerberos (server) tcp kerberos_master 751/udp # Kerberos authentication kerberos_master 751/tcp # Kerberos authentication passwd_server 752/udp # Kerberos passwd server krb_prop 754/tcp # Kerberos slave propagation krbupdate 760/tcp kreg # Kerberos registration kpasswd 761/tcp kpwd # Kerberos "passwd" kpop 1109/tcp # Pop with Kerberos knetd 2053/tcp # Kerberos de-multiplexor zephyr-srv 2102/udp # Zephyr server zephyr-clt 2103/udp # Zephyr serv-hm connection zephyr-hm 2104/udp # Zephyr hostmanager eklogin 2105/tcp # Kerberos encrypted rlogin # # Unofficial but necessary (for NetBSD) services # supfilesrv 871/tcp # SUP server supfiledbg 1127/tcp # SUP debugging # # Datagram Delivery Protocol services # rtmp 1/ddp # Routing Table Maintenance Proto col nbp 2/ddp # Name Binding Protocol echo 4/ddp # AppleTalk Echo Protocol zip 6/ddp # Zone Information Protocol # # Debian GNU/Linux services rmtcfg 1236/tcp # Gracilis Packeten remote config server xtel 1313/tcp # french minitel cfinger 2003/tcp # GNU Finger postgres 4321/tcp # POSTGRES mandelspawn 9359/udp mandelbrot # network mandelbrot # Local services 5.8.2. /etc/inetd.conf /etc/inetd.conf inetd ̴. ̰ Ư 񽺿 ӿû ؾϴ inetd ˷ ִ ̴. ޾Ƶ̱⸦ ϴ 񽺿 inetd   Ұ ˷־ Ѵ. ̰ ſ ϴ. ϰ 񽺸 Ÿִ ؽ Ʈ ̴. '#' ؽƮ õǸ ּ ֵȴ. (tab Ǵ space) еǴ 7 ʵ带 ´. Ϲ . service socket_type proto flags user server_path server_args service /etc/services Ͽó ̴. socket_type ʵ ش Ʈ ȴٰ Ÿ Ѵ. stream, dgram, raw, rdw Ǵ seqpacket̴. ̰ ڿ ణ ε, ù° Ģ tcp 񽺴 stream ϰ udp 񽺴 dgram Ѵ. ٸ ϴ° ſ Ư ϶ ̴. proto Ʈ ȿϴٰ ֵǴ . ̰ /etc/services Ʈ ġǾ ϸ tcp Ǵ udp ϳ ̴.Sun RPC(Remote Procedure Call) rpc/tcp Ǵ rpc/udp Ѵ. flags ʵ带 ÿ ΰ ۿ . α׷ ѵ ־ Ŀؼ û ο ϰ ϴ³, ƴϸ ٸ ٸ ̹ Ѵٰ Ͽ ͳؼ ٷ Ұ̳ϴ ΰ̴. ̰ ٷ ణ ָ , tcp Ʈ nowait ϰ udp ̰ wait ϴ° ù° ̴. ̰Ϳ ܰ ׷Ƿ Ȯ ̵带 ϶. user Ʈũ Ҷ /etc/passwd ɰΰ ش. ̰ ȹ ġ Ҷ ϴ. Ʈ nobody ν Ʈũ ظ ּȭ Ҽִ. ׷ ʵ root Ǵµ ϱ ؼ root 䱸ϱ ̴. server_path Ʈ α׷ ̴. server_args ʵ κ ̷ ̴. ʵ α׷ ɶ α׷ Ѱְ Ŀǵ ־ִ κ̴. 5.8.2.1. /etc/inetd.conf . /etc/services Ͽ ؼ ó Ǹ /etc/inetd.co nf ϰ ִ. ⿡ ԵǾ ִ /etc/ inetd.conf ִ. # /etc/inetd.conf: see inetd(8) for further informations. # # Internet server configuration database # # # Modified for Debian by Peter Tobias # # # # Internal services # #echo stream tcp nowait root internal #echo dgram udp wait root internal discard stream tcp nowait root internal discard dgram udp wait root internal daytime stream tcp nowait root internal daytime dgram udp wait root internal #chargen stream tcp nowait root internal #chargen dgram udp wait root internal time stream tcp nowait root internal time dgram udp wait root internal # # These are standard services. # telnet stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.teln etd ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.ftpd #fsp dgram udp wait root /usr/sbin/tcpd /usr/sbin/in.fspd # # Shell, login, exec and talk are BSD protocols. # shell stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rshd login stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rlog ind #exec stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rexe cd talk dgram udp wait root /usr/sbin/tcpd /usr/sbin/in.talk d ntalk dgram udp wait root /usr/sbin/tcpd /usr/sbin/in.ntal kd # # Mail, news and uucp services. # smtp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.smtp d #nntp stream tcp nowait news /usr/sbin/tcpd /usr/sbin/in.nntp d #uucp stream tcp nowait uucp /usr/sbin/tcpd /usr/lib/uucp/uuc ico #comsat dgram udp wait root /usr/sbin/tcpd /usr/sbin/in.coms at # # Pop et al # #pop-2 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.pop2 d #pop-3 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.pop3 d # # `cfinger' is for the GNU finger server available for Debian. (NOTE: Th e # current implementation of the `finger' daemon allows it to be run as `r oot'.) # #cfinger stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.cfin gerd #finger stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.fing erd #netstat stream tcp nowait nobody /usr/sbin/tcpd /bin/nets tat #systat stream tcp nowait nobody /usr/sbin/tcpd /bin/ps -auwwx # # Tftp service is provided primarily for booting. Most sites # run this only on machines acting as "boot servers." # #tftp dgram udp wait nobody /usr/sbin/tcpd /usr/sbin/in.tftp d #tftp dgram udp wait nobody /usr/sbin/tcpd /usr/sbin/in.tftp d /boot #bootps dgram udp wait root /usr/sbin/bootpd bootpd -i -t 120 # # Kerberos authenticated services (these probably need to be corrected) # #klogin stream tcp nowait root /usr/sbin/tcpd /usr/sbin /in.rlogind -k #eklogin stream tcp nowait root /usr/sbin/tcpd /usr/sbin /in.rlogind -k -x #kshell stream tcp nowait root /usr/sbin/tcpd /usr/sbin /in.rshd -k # # Services run ONLY on the Kerberos server (these probably need to be cor rected) # #krbupdate stream tcp nowait root /usr/sbin/tcpd /usr/sbin /registerd #kpasswd stream tcp nowait root /usr/sbin/tcpd /usr/sbin /kpasswdd # # RPC based services # #mountd/1 dgram rpc/udp wait root /usr/sbin/tcpd /usr/sbin /rpc.mountd #rstatd/1-3 dgram rpc/udp wait root /usr/sbin/tcpd /usr/sbin /rpc.rstatd #rusersd/2-3 dgram rpc/udp wait root /usr/sbin/tcpd /usr/sbin /rpc.rusersd #walld/1 dgram rpc/udp wait root /usr/sbin/tcpd /usr/sbin /rpc.rwalld # # End of inetd.conf. ident stream tcp nowait nobody /usr/sbin/identd i dentd -i 5.9. Ʈũ ٸ ϵ. /etc/protocol ̵ ִ ͺ ̴̽. ̰ α׷Ӱ α׷ Ҽ ֵ ָ tcpdump α׷ ѹ ̸ ϵ . Ϲ ý . protocolname number aliases Բ Ǵ /etc/protocols . # /etc/protocols: # $Id: protocols,v 1.1 1995/02/24 01:09:41 imurdock Exp $ # # Internet (IP) protocols # # from: @(#)protocols 5.1 (Berkeley) 4/17/89 # # Updated for NetBSD based on RFC 1340, Assigned Numbers (July 1992). ip 0 IP # internet protocol, pseudo protocol numb er icmp 1 ICMP # internet control message protocol igmp 2 IGMP # Internet Group Management ggp 3 GGP # gateway-gateway protocol ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP '') st 5 ST # ST datagram mode tcp 6 TCP # transmission control protocol egp 8 EGP # exterior gateway protocol pup 12 PUP # PARC universal packet protocol udp 17 UDP # user datagram protocol hmp 20 HMP # host monitoring protocol xns-idp 22 XNS-IDP # Xerox NS IDP rdp 27 RDP # "reliable datagram" protocol iso-tp4 29 ISO-TP4 # ISO Transport Protocol class 4 xtp 36 XTP # Xpress Tranfer Protocol ddp 37 DDP # Datagram Delivery Protocol idpr-cmtp 39 IDPR-CMTP # IDPR Control Message Transport rspf 73 RSPF # Radio Shortest Path First. vmtp 81 VMTP # Versatile Message Transport ospf 89 OSPFIGP # Open Shortest Path First IGP ipip 94 IPIP # Yet Another IP encapsulation encap 98 ENCAP # Yet Another IP encapsulation 5.9.2 /etc/networks /etc/networks /etc/hosts ϰ ִ. ̰ Ʈũ ӿ 巹 ϴ ͺ̴̽. δ ΰ ʵ带 ´ٴ ٸ ʵ ڵȴ. # networkname networkaddress : loopnet 127.0.0.0 localnet 192.168.0.0 amprnet 44.0.0.0 route ϸ, Ʈũϰ Ʈũ /etc/net works Ʈ route 巹 ſ ÷ ̴ٰ. 5.10 Ʈũ Ȱ \ Ʈ. ݿ ڽ ӽŰ Ʈũ Ű° ſ ̶° ϸ κ ϰڴ. ڽ о ʴ´. ī ȴ ȹ ɰϴٸ ΰ õѴ. ͳݿ õ ִ. ߿ '  !' ̴. 񽺰 ǰ ڵ ϵ Ǿִ. ּҷ ؼ Ȯϰ ϰʹٸ /etc/inetd.conf 캸 Ʈ ּóض. ĺ(?) ̴. shell, login, exec, uucp, ftp ׸ finger, netstat, systat ̴. װ Ȱ \ Ʈ ī ׵ ҿ ̴. 5.10.1 /etc/ftpusers /etc/ftpusers Ư ftp ӽ ī̴. /etc/ftpusers ftp Ŀؼ ftp . α ʴ ڵ gA Ʈ̴. ̰ ϰ̴. # /etc/ftpusers - ftp α ȵǴ . root uucp bin mail 5.10.2. /etc/securetty /etc/securetty root α Ǵ tty ̽ ϵ . /etc/securetty α׷ login α׷( /bin/login) . ̰ root α Ǵ tty ̽ Ʈ̴. (̿ tty root login Ұ) #/etc/securetty - tty's on which root is allowed to login tty1 tty2 tty3 tty4 5.10.3. tcpd ȣƮ \ Ʈ ī. /etc/inetd.conf Ʈ Ȱ tcpd α׷ ȣϵ αΰ \ Ʈ ī Ѵ. ̰ inetd α׷ ȣǾ, ̰ \ ȣ ִ ƴ ϰ ִ ΰ д´. ̰ ù° ġ(match) ߰ߵɶ ã̴. ġ \ Գ Ѱ Ѵ. ̰ ã /etc/hosts.allow /etc/hosts.deny ̴. ̰ ʷ ϰڴ. Ϻ ؼ ؾ ʿ ִ. (hosts_access(5) ȴ.). 5.10.3.1. /etc/hosts.allow /etc/hosts.allow /usr/sbin/tcpd α׷ ̴. hosts.allo w  ȣƮ ӽŻ 񽺿 Ǵ ϴ ϴ ̴. ſ ϴ. # /etc/hosts.allow # #: [: commnad] service list Ǵ Ʈ ȣ̴. : ftpd, telnetd, fingerd host list ȣƮ Ʈ ȣ̴. ⿡ IP 巹 ִ. Դٰ ׷ ȣƮ ̿ϵ ȣƮ IP 巹 ϵ ī带 ̿Ͽ Ҽ ִ. : gw.vk2ktj.ampr.o rg õ ȣƮ Ӱ ġǰ, .uts.edu.au Ʈ  ȣƮӰ ġɰ̸, 44. ̰ ϴ IP ġɰ̴. ϰ ϱ  Ư ǥ ִµ, ̵  : ALL ȣƮ ġ , LOCAL '.' ʴ ȣƮ ġȴ. PARANOID IP 巹 ġ ʴ ȣƮӰ ġȴ(name spoofi ng). ū ϳ ִ. EXCEPT ܸ Ʈ ϴ Ұ̴. command ̰ ɼ Ķ̴. ̰ ɶ Ǵ Ǯ н̴. ̰ ν ȣƮ αߴ° ϴ õҼ ְ, Ǵ õѴٰ ý ڿ ų ޼ ִ.  ɼִ Ȯ ִµ,  : %h Ŀ ȣ Ʈ Ǵ ƴ϶ IP 巹 Ȯ¡ϸ, %d ȣ ȮѴ. : #/etc/hosts.allow # # Allow mail to anyone in.smtpd: ALL # All telnet and ftp to only hosts within my domain and my host at home. telnetd, ftpd: LOCAL, myhost.athome.org.au # Allow finger anyone but keep a record of who they are. fingerd: ALL: (finger @%h | mail -s "finger from %h" root) 5.10.3.2. /etc/hosts.deny /etc/hosts.deny /usr/sbin/tcpd α׷ ̴. hosts.deny ӽŻ 񽺿 \ ʴ ȣƮ ϴ Ѵ. ִ. # /etc/hosts.deny # Disallow all hosts with suspect hostnames ALL: PARANOID # # Disallow all hosts. ALL: ALL ̰ Ʈ ȣƮ Ƿ PARANOID Ʈ ǹ ̴. ϳ Ʈ 䱸 ո Ʈ ɰ . /etc/hosts.deny ALL: ALL Ʈ /etc/hosts.allow ϴ ȣƮ ϴ° ̴. 5.10.4. /etc/hosts.equiv hosts.equiv Ư ȣƮ Ư н ӽŻ \ ֱ ȴ. ̰ ӽ Ҽ ִ ȯ濡 ſ ϳ, ׷ Ȼ ȴ. ȣƮ ӹ޴ ȣƮŭ һ̴. ִȭϱ ؼ ڵ鵵 .rhosts ʵ Ǹ ־. 5.10.5. ftp . Ʈ Ͽ Ư ̵ 䱸 ʰ Ǵ ٿε Ҽֵ ͸ ftp ϴµ ΰ ִ. ̰ ߴٸ anonymous \ ־ Ȯ . κ fptd(8) ̰Ϳ ϰ ִ. ׻ Ǹ ִ Ȯؾ Ѵ. ߿ anonymous /etc 丮 /etc/passwd 纻 ʴ°̴. ݵ ʿ ϰ ֹ ض. ׷ ũŷݿ ϰ ɰ̴. 5.10.6. Ʈũ ̾. ͱ׷ ӽſ ϰ ϴ° پ ȼ ̴. ̰Ϳ ڼ firewall-howto ٷ. 5.10.7 ٸ ȵ. ⿡ ٸ, غ ִ. sendmail װ ߼ ұϰ ηϴ ó δ. װ п ޷,  ʰڴ. NFS ׿ Sun RPC . ̰ ϶. 񽺿 exploit ִ. NFS ɼ ߰Ѵٴ ƴ. ׷ װ Ѵٸ Ʈ Ǹ οϴ° ϶. 6. Network Technology Specific Information. κе Ư Ʈũ ̴. κп Ե ٸ Ÿ Ʈũ ݵ Ǵ ƴϴ. 6.1. ARCnet ARCNET ̽ 'arc0s', 'arc1e', 'arc2e' ̸ٿ. Ŀο ó ߰ߵǴ ī 'eth0' ҴǸ ׵ ߰ߵǴ ʴ Ҵȴ. ڴ ̴ ĸ̼ Ŷ ߴ, RFC1051 Ŷ ߴ ˷ش. Ŀ ɼ: Network device support ---> [*] Network device support <*> ARCnet support [ ] Enable arc0e (ARCnet "Ether-Encap" packet format) [ ] Enable arc0s (ARCnet RFC1051 packet format) ѹ̶ ̴ ī Ŀ ִٸ ī ̴. ̴: # ifconfig arc0e 192.168.0.1 netmask 255.255.255.0 up # route add 192.168.0.0 netmask 255.255.255.0 arc0e ڼ /usr/src/linx/Documentation/networking/arcnet-hardware.txt ϶. ARCNet Avery Pennarun, apenwarr@foxnet.net ؼ ߵǾ. 6.2. Appletalk(AF_APPLETALK) Appletalk Ư ̽ ʴµ, ̰ Ʈũ ̽ ϱ ̴. ̰ ߿ ӽŰ ǻ Ͱ ͳ ũ ڿ ϱ ؼ̴. ߰ Ʈ ʿϸ ̰ netatalk Ҹ. Wesley Craig netatalk@umich.edu ð 'Research Systems Unix Groups'̶ ǥ ׵ neta talk Ű µ, ̰ Appletalk ð ƿƼ ϴ Ʈ Ѵ. netatalk Ű ǰų ƴϸ ̽ð п ִ ȨƮ ftp . Ű ġϱ ؼ ϶. # cd /usr/src # tar xvfz .../netatalk-1.4b2.tar.Z - ⼭ 'Makefile' ϰ ִµ, Ư ϵ ġ ΰ ִ DESTDIR ٲپ ֱ ̴. Ʈ /usr/local/atalk Ǿִµ ſ ϴ. # make - as root: # make install 6.2.1. Appletalk Ʈ . ̰ ϰ ϱ ؾ /etc/services Ͽ ο Ʈ ߰ϴ ̴. ߰ Ʈ : rtmp 1/ddp # Routing Table Maintenance Protocol nbp 2/ddp # Name Binding Protocol echo 4/ddp # AppleTalk Echo Protocol zip 6/ddp # Zone Information Protocol /usr/local/atalk/etc 丮(Ȥ Ű ġ 丮) ap pletalk ִ ̴. ó ϴ /usr/local/atalk/etc/atalkd.conf ̴. ó ӽ ִ Ʈũ ϴ Ʈũ ̽ ̸ ϴ ϳ θ ʿһ̴. eth0 Appletalk λ׵ ڿ ߰Ұ̴. 6.2.2. Appletalk Ͻý Ž. Ʈũ øӽ ϵ Ͻý Ʈũ export Ҽ ִ. ̰ ؼ /usr/local/atalk/etc/AppleVolumes.system ؾ Ѵ. /usr/local/atalk/etc/AppleVolumes.default Ҹ ٸ ϵ ִµ ̰ , ԽƮ ڰ  ý ΰ Ѵ. λװ  پ ɼ ִ° afpd ã ִ. ִ: /tmp Scratch /home/ftp/pub "Public Area" ̰ /tmp Ͻý AppleShare Volume 'Scratch', ftp public 丮 AppleShare Volume 'Public Area' export Ұ̴. Volume ̸ ƴϰ  ϸ, ¶ ׵ ƶ. 6.2.3. Appletalk ϱ. ϰ ͸ ӽŰ Ҽ ִ. Apple Pr inter Access Protocol Daemon papd ʿ䰡 ִ. α׷ ϸ ̰ ӽ û ޾Ƶ̰ Ʈ ǮҰ̴. ؼ /usr/local/atalk/etc/papd.conf 䰡 ִ. ǿ ־ ̸ Appletalk naming ݰ Բ ϵɰ ̴. ִ: TricWriter:\ :pr=lp:op=cg: ̰ Appletalk Ʈũ 'TricWriter' ̸ ͸ job lpd ϴ 'lp'(/etc/printcap ǵ ٿ ) ͷ Ʈ ɰ̴. 'op=cg' Ʈ 'cg' ۷ ش. 6.2.4. Appletalk Ʈ ϱ. ok, ⺻ ׽Ʈ غ Ǿ. netatalk Ű Ǹ ϴ rc.atalk ִ. ׷Ƿ ָ ȴ. # /usr/local/atalk/etc/rc.atalk ϰ ư̴. ƹ ޼ ̰, Ҷ Ʈ ַܼ ޼ ̴. 6.2.5. appletalk Ʈ ׽Ʈ. Ʈ ϰ ϴ° ׽Ʈϱ ؼ øӽ , Apple ޴ Ǯٿϰ, Chooser ѵ, AppleShare Ŭ . ׷ ڽ ϰ̴. 6.2.6. appletalk Ʈ . A IP Ʈũ ϱ appletalk ؾ 𸥴. Appletalk α׷ ϴµ ִٸ, Ȥ װ ѵڿ IP Ʈũ ٸ, /etc/rc.d/rc.inet1 ϱ Appletalk α׷ ƶ. A afpd(Apple Filing Protocol Daemon) ϰ ϵũ ƸԴ´. Ʈ Ʈ Ʒ ̰  丮 . ̰ .AppleDouble 丮  resource fork ִ. ׷Ƿ '/' ͽ (exporting)ϱ ι ϶. ߿ ϴµ ð ɸ̴. A afpd α׷ κ Ŭ ؽƮ н带 Ѵ. Ƿ ͳݿ ӽſ Ҷ ϶. Ѵٸ ڽ ؾ Ѵ. A netstat, ifconfig м Appletalk ʴ´. ʿ ٸ /proc/net 丮 ִ. 6.2.7. ׿ . Aplletalk ϴ ڼ thehamptons.c om Anders Brownworth Linux Net atalk-HOWTO ϶. 6.3. ATM Asynchronous Transfer Mode ϱ Ʈ Werner Alme sberger ̴. Ʈ Ȳ ִ. 6.4. AX25 (AF_AX25) AX.25 ̽ Ŀ 2.0.* 'sl0', 'sl1' ̰, Ŀ 2.1.* 'ax0', 'ax1' ̴. Kernel Compile Options: Networking options ---> [*] Amateur Radio AX.25 Level 2 AX25, Netrom, Rose Ŭ AX25-HOWTO ٷ . Ŷ Ƹ߾ ۷Ϳ ȴ. implementation κ ۾ Jonathon Naylor, jsn@cs.no t.ac.uk ̷. 6.5. DECNet. DECNet 絵 ۾̴. 2.1.* Ŀο ڴ. 6.6. EQL - multiple line traffic equaliser EQL ̽ ̸ 'eql'̴. ǥ Ŀμҽδ ӽŴ ϳ EQL ̽ ´. EQL tcp/ip ϴ ̱ ũμ PPP, sli p, plip point to point Ȱ Ѵ. Ѱ °ͺ δ. Kernel Compile Options: Networking options ---> [*] Amateur Radio AX.25 Level 2 ī ϱ ؼ ٸ ִ ӽŵ EQL Ѵ. Linux, Livingstone, Portmaster ׸ ο ̾ ȣȯ ɷ Ѵ. EQL ϱ ؼ Ҽ ִ eql ־ Ѵ. sunsite.unc.edu ϴ. eql ̽ ϸ鼭 Ѵ. eql ٸ Ʈũ ̽ ϴ. ifconfig ƿƼ ̿Ͽ IP 巹 myu Ѵ. ifconfig eql 192.168.10.1 mtu 1006 route add default eql ʱȭ ʿ䰡 ִ. ̰ point to point ̽ Ÿ. Ŀؼ  ʱȭҰΰ ϴ° ޶, ڼ κ ϱ . EQL ̽ ø ũ ʿ䰡 , ̰ 'ensl aving'̶ Ҹ ̴ ٿ eql_enslave ̷. eql_enslave eql sl0 28800 eql_enslave eql ppp0 14400 eql_enslave ϴ 'estimated speed' Ķʹ δ ƹ͵ ̴. ̰ EQL ̹ ̽ ŭ ͱ׷ ΰ ϱ ȴ. ׷Ƿ ν Ҽ ִ. EQL ̽ ؼ eql_emancipate Ѵ. eql_emancipate eql sl0 Ʈ ø ̽ ſ eql ̽ ϴ ٸ point to point ũ ߰Ҽ ִ. Ͽϰ: route add default eql0 EQL ̹ Simon Janes simon@ncm.com ߵǾ. 6.7. ̴. ̴ ̽ ̸ 'eth0', 'eth1' ,'eth2' ̴. Ŀο ù° ߰ߵǴ ī 'eth0' ҴǸ ߰ߵǴ ߰ߵǴ Ҵȴ. 󿡼 ̴ ī ۹ ˰ʹٸ Ethernet-HOWTO ϶. ̴ ī带 ϵ Ŀ Ҵٸ ̴. ü Ÿ̴. # ifconfig eth0 192.168.0.1 netmask 255.255.255.0 up # route add 192.168.0.0 netmask 255.255.255.0 eth0 κ ̴ ̹ Donald Becker, becker@CESDIS.gsfc.nasa.gov ߵǾ. 6.8. FDDI FDDI ̽ 'fddi0', 'fddi1', 'fddi2' ̴. Ŀο ó ߰ߵǴ ̽ 'fddi0' Ҵǰ, ߰ߵǴ ȴ. Lawrence V. Stefani, stefani@lkg.dec.com Digital Equipment Corporation FDDI EISA ׸ PCI ī带 ߴ. Kernel Compile Options: Network device support ---> [*] FDDI driver support [*] Digital DEFEA and DEFPA adapter support FDDI ̹ ϴ Ŀ ġߴٸ, FDDI ̽ ̴ ̽ ϴ. FDDI ̽ ̸ ifconfig route ɿ ؾ Ѵ. 6.8. Frame Relay DLCI ĸ̼ ̽ ̽ ̸ 'dlci00' , 'dlci01' ̸, FRAD 'sdla0', 'sdla1'̴. ̴ Ǵ Ŀ Ŀ´̼ Ʈȿ ο Ʈŷ ̴. Frame Relay Access Device(FRAD) Ʈũ Ҽ ִ. ̴ RFC- 1490 ȴ 󿡼 IP Ѵ. Kernel Compile Options: Network device support ---> <*> Frame relay DLCI support (EXPERIMENTAL) (24) Max open DLCI (8) Max DLCI per device <*> SDLA (Sangoma S502/S508) support Mike McLagan, mike.mclagan@linux.org ߴ. Ǵ ̴ Sangoam Technology S502A, S502E, S5 08̴. Ŀ 缳ġĿ FRAD DLCI ϱ ؼ ftp.invlogic.com ִ ʿϴ. . ϰ ġ ſ ϳ, top Makefile Ƿ ־ Ѵ. # cd /usr/src # tar xvfz .../frad-0.15.tgz # cd frad-0.15 # for i in common dlci frad; do cd $i; make clean; make; cd ..;done # mkdir /etc/frad # install -m 644 -o root -g bin/*.sfm /etc/frad # install -m 700 -o root -g root frad/fradcfg /sbin # install -m 700 -o root -g root dlci/dlcicfg /sbin ġѵڿ /etc/frad/router.conf ʿ䰡 ִ. ø ̿Ҽ , ̰ ̴. # /etc/frad/router.conf # This is a template configuration for frame relay. # All tags are included. The default values are based on the code # supplied with the DOS drivers for the Sangoma S502A card. # # A '#' anywhere in a line constitutes a comment # Blanks are ignored (you can indent with tabs too) # Unknown [] entries and unknown keys are ignored # [Devices] Count=1 # number of devices to configure Dev_1=sdla0 # the name of a device #Dev_2=sdla1 # the name of a device # Specified here, these are applied to all devices, and can be overriden for # each individual board. # Access=CPE Clock=Internal KBaud=64 Flags=TX # # MTU=1500 # Maximum transmit IFrame length, default is 4096 # T391=10 # T391 value 5 - 30, default is 10 # T392=15 # T392 value 5 - 30, default is 15 # N391=6 # N391 value 1 - 255, default is 6 # N392=3 # N392 value 1 - 10, default is 3 # N393=4 # N393 value 1 - 10, default is 4 # Specified here, these set the defaults for all boards # CIRfwd=16 # CIR forward 1 - 64 # Bc_fwd=16 # Bc forward 1 - 512 # Be_fwd=0 # Be forward 0 - 511 # CIRbak=16 # CIR backward 1 - 64 # Bc_bak=16 # Bc backward 1 - 512 # Be_bak=0 # Be backward 0 - 511 # # # Device specific configuration # # # # The first device is a Sangoma S502E # [sdla0] Type=Sangoma # Type of the device to configure, currently only # SANGOMA is recognised # # These keys are specific to the 'Sangoma' type # # The type of Sangoma board - S502A, S502E, S508 Board=S502E # # The name of the test firmware for the Sangoma board # Testware=/usr/src/frad-0.10/bin/sdla_tst.502 # # The name of the FR firmware # Firmware=/usr/src/frad-0.10/bin/frm_rel.502 # Port=360 # Port for this particular card Mem=C8 # Address of memory window, A0-EE, depending on c ard IRQ=5 # IRQ number, do not supply for S502A DLCIs=1 # Number of DLCI's attached to this device DLCI_1=16 # DLCI #1's number, 16 - 991 # DLCI_2=17 # DLCI_3=18 # DLCI_4=19 # DLCI_5=20 # # Specified here, these apply to this device only, # and override defaults from above # # Access=CPE # CPE or NODE, default is CPE # Flags=TXIgnore,RXIgnore,BufferFrames,DropAborted,Stats,MCI,AutoDLCI # Clock=Internal # External or Internal, default is Internal # Baud=128 # Specified baud rate of attached CSU/DSU # MTU=2048 # Maximum transmit IFrame length, default is 4096 # T391=10 # T391 value 5 - 30, default is 10 # T392=15 # T392 value 5 - 30, default is 15 # N391=6 # N391 value 1 - 255, default is 6 # N392=3 # N392 value 1 - 10, default is 3 # N393=4 # N393 value 1 - 10, default is 4 # # The second device is some other card # # [sdla1] # Type=FancyCard # Type of the device to configure. # Board= # Type of Sangoma board # Key=Value # values specific to this type of device # # DLCI Default configuration parameters # These may be overridden in the DLCI specific configurations # CIRfwd=64 # CIR forward 1 - 64 # Bc_fwd=16 # Bc forward 1 - 512 # Be_fwd=0 # Be forward 0 - 511 # CIRbak=16 # CIR backward 1 - 64 # Bc_bak=16 # Bc backward 1 - 512 # Be_bak=0 # Be backward 0 - 511 # # DLCI Configuration # These are all optional. The naming convention is # [DLCI_D_] # [DLCI_D1_16] # IP= # Net= # Mask= # Flags defined by Sangoma: TXIgnore,RXIgnore,BufferFrames # DLCIFlags=TXIgnore,RXIgnore,BufferFrames # CIRfwd=64 # Bc_fwd=512 # Be_fwd=0 # CIRbak=64 # Bc_bak=512 # Be_bak=0 [DLCI_D2_16] # IP= # Net= # Mask= # Flags defined by Sangoma: TXIgnore,RXIgnore,BufferFrames # DLCIFlags=TXIgnore,RXIgnore,BufferFrames # CIRfwd=16 # Bc_fwd=16 # Be_fwd=0 # CIRbak=16 # Bc_bak=16 # Be_bak=0 /etc/frad/router.conf , ̽ ϴ ϸ Ҵ. ̰ Ʈũ ̽ ϸ, DLCI ĸ ̼ ̽ FRAD ̽ ; ؾ Ѵ. # Configure the frad hardware and the DLCI parameter /sbin/fradcfg /etc/frad/router.conf || exit 1 /sbin/dlcicfg file /etc/frad/router.conf # Bring up the FRAD device ifconfig sdla0 up # # Configure the DLCI encapsulation interface and routing ifconfig dlci00 192.168.10.1 pointopoint 192.168.10.2 up route add 192.168.10.0 netmask 255.255.255.0 dlci00 # ifconfig dlci01 192.168.11.1 pointopoint 192.168.11.2 up route add 192.168.11.0 netmask 255.255.255.0 dlci00 # route add default dev dlci00 # 6.10. IP ī. Ŀ IP ī feature Ʈũ ͸ ϰ мҼ ְ ش. ʹ װ µ Ŀ  Ŷ  Ʈ ̷. ڽ ° figure зϴ پ Ҽ ִ. Kernel Compile Options: Networking options ---> [*] IP: accounting Ŀ ϰ ġѵڿ IP ī ϱ ؼ ipfwadm ʿ䰡 ִ. Ҽ ִ IP ī з ִ. ϱ ϳ , ڼ ϸ ipfwadm о ٶ. ó: PPP ͳݿ ̴ Ʈũ ִ. ̴ 󿡴 y 񽺸 ϴ ӽ ְ, telnet, rogin, ftp, www  ߻ Ʈ ˰; Ѵ. Ƹ ̴ ɾ Ұ̴. # # Flush the accounting rules ipfwadm -A -f # # Add rules for local ethernet segment ipfwadm -A in -a -P tcp -D 44.136.8.96/29 20 ipfwadm -A out -a -P tcp -S 44.136.8.96/29 20 ipfwadm -A in -a -P tcp -D 44.136.8.96/29 23 ipfwadm -A out -a -P tcp -S 44.136.8.96/29 23 ipfwadm -A in -a -P tcp -D 44.136.8.96/29 80 ipfwadm -A out -a -P tcp -S 44.136.8.96/29 80 ipfwadm -A in -a -P tcp -D 44.136.8.96/29 513 ipfwadm -A out -a -P tcp -S 44.136.8.96/29 513 ipfwadm -A in -a -P tcp -D 44.136.8.96/29 ipfwadm -A out -a -P tcp -D 44.136.8.96/29 ipfwadm -A in -a -P udp -D 44.136.8.96/29 ipfwadm -A out -a -P udp -D 44.136.8.96/29 ipfwadm -A in -a -P icmp -D 44.136.8.96/29 ipfwadm -A out -a -P icmp -D 44.136.8.96/29 # # Rules for default ipfwadm -A in -a -P tcp -D 0/0 20 ipfwadm -A out -a -P tcp -S 0/0 20 ipfwadm -A in -a -P tcp -D 0/0 23 ipfwadm -A out -a -P tcp -S 0/0 23 ipfwadm -A in -a -P tcp -D 0/0 80 ipfwadm -A out -a -P tcp -S 0/0 80 ipfwadm -A in -a -P tcp -D 0/0 513 ipfwadm -A out -a -P tcp -S 0/0 513 ipfwadm -A in -a -P tcp -D 0/0 ipfwadm -A out -a -P tcp -D 0/0 ipfwadm -A in -a -P udp -D 0/0 ipfwadm -A out -a -P udp -D 0/0 ipfwadm -A in -a -P icmp -D 0/0 ipfwadm -A out -a -P icmp -D 0/0 # # List the rules ipfwadm -A -l -n # ī ϰ ش. IP ī мҶ ؾ ߿ ġϴ 꿡 Ż ɰ̶ ε, ׷Ƿ ٸ figure ؼ ó ؾ ʿ䰡 ִ.  󸶳 Ͱ ftp, teln et, rlogin, www Ͱ ƴ ˰ ʹٸ, Ʈ ġǴ 꿡 (ftp, telnet, rlogin, www) Ż ڴ. # ipfwadm -A -l -n IP accounting rules pkts bytes dir prot source destination ports 0 0 in tcp 0.0.0.0/0 44.136.8.96/29 * -> 20 0 0 out tcp 44.136.8.96/29 0.0.0.0/0 20 -> * 0 0 in tcp 0.0.0.0/0 44.136.8.96/29 * -> 23 0 0 out tcp 44.136.8.96/29 0.0.0.0/0 23 -> * 10 1166 in tcp 0.0.0.0/0 44.136.8.96/29 * -> 80 10 572 out tcp 44.136.8.96/29 0.0.0.0/0 80 -> * 242 9777 in tcp 0.0.0.0/0 44.136.8.96/29 * -> 513 220 18198 out tcp 44.136.8.96/29 0.0.0.0/0 513 -> * 252 10943 in tcp 0.0.0.0/0 44.136.8.96/29 * -> * 231 18831 out tcp 0.0.0.0/0 44.136.8.96/29 * -> * 0 0 in udp 0.0.0.0/0 44.136.8.96/29 * -> * 0 0 out udp 0.0.0.0/0 44.136.8.96/29 * -> * 0 0 in icmp 0.0.0.0/0 44.136.8.96/29 * 0 0 out icmp 0.0.0.0/0 44.136.8.96/29 * 0 0 in tcp 0.0.0.0/0 0.0.0.0/0 * -> 20 0 0 out tcp 0.0.0.0/0 0.0.0.0/0 20 -> * 0 0 in tcp 0.0.0.0/0 0.0.0.0/0 * -> 23 0 0 out tcp 0.0.0.0/0 0.0.0.0/0 23 -> * 10 1166 in tcp 0.0.0.0/0 0.0.0.0/0 * -> 80 10 572 out tcp 0.0.0.0/0 0.0.0.0/0 80 -> * 243 9817 in tcp 0.0.0.0/0 0.0.0.0/0 * -> 513 221 18259 out tcp 0.0.0.0/0 0.0.0.0/0 513 -> * 253 10983 in tcp 0.0.0.0/0 0.0.0.0/0 * -> * 231 18831 out tcp 0.0.0.0/0 0.0.0.0/0 * -> * 0 0 in udp 0.0.0.0/0 0.0.0.0/0 * -> * 0 0 out udp 0.0.0.0/0 0.0.0.0/0 * -> * 0 0 in icmp 0.0.0.0/0 0.0.0.0/0 * 0 0 out icmp 0.0.0.0/0 0.0.0.0/0 * # 6.11. IP ˸ƽ. ϳ Ʈũ IP 巹 ִ  α ִµ ̰ ϴ. ͳ ڴ ϴ w ww̳ ftp 'customized' Ѵ. Kernel Compile Options: Networking options ---> .... [*] Network aliasing .... <*> IP: aliasing support IP ˸ƽ Ͽ Ŀ ϰ ġ ſ ϴ. ˸ƽ Ʈũ ̽ Ʈũ ̽ ߰ȴ. ̸ Ծ ̽ : , eth0:0, ppp0:10 · ȴ. ν, ΰ δٸ IP ÿ ϴ ̴ Ʈũ ִٰ ϰ ΰ η ̷Ʈ \ Ҽִٸ Ҽ ִ. # # ifconfig eth0:0 192.168.1.1 netmask 255.255.255.0 up # route add -net 192.168.1.0 netmask 255.255.255.0 eth0:0 # # ifconfig eth0:1 192.168.10.1 netmask 255.255.255.0 up # route add -net 192.168.10.0 netmask 255.255.255.0 # ˸ƽ װ ̸ڿ '-' ߰ϸ ȴ. # ifconfig eth0:0- 0 ˸ƽ õ Ʈ ڵ ̴. 6.12. IP ̾ IP ̾ ̾ ̽ firewall-howto ٷ. IP ̾ ͸ IPκ ͱ׷ ϴ 㰡 Ʈũ \κ ӽ ȣش. Ŭ ִµ, incoming filtering, outgoing filtering, forwarding filtering ̴. Incoming Ʈũ ̽κ ޾Ƶ̴ ͱ׷ ȴ. Outgoing Ʈũ ̽ ۵Ǵ ͱ׷ . Filterling õ ͱ׷ ӽ ޾Ƶ̴ ͱ׷ ȴ. Kernel Compile Options: Networking options ---> [*] Network firewalls .... [*] IP: forwarding/gatewaying .... [*] IP: firewalling [ ] IP: firewall packet logging IP ̾ ipfwadm ؼ ̷. ̹ ߴٽ , о߰ ƴϸ Ҽ ִ ϴ, ڽſ ߿ϴٸ ΰ ϰ ؾ Ѵ. IP ̾ ϴ 㰡 Ʈũ ܺηκ \ Ͽ ӽ ͳ ̾ Ʈ̷ ̿ ̴. Arnt Gulbrandsen, ٰ ̴. Ʒ ̾׷ ׷Ͱ ̾/ ӽ ̾ ϰ ִ. - - \ | 172.16.37.0 \ | /255.255.255.0 \ --------- | | 172.16.174.30 | Linux | | NET =================| f/w |------| ..37.19 | PPP | router| | -------- / --------- |--| Mail | / | | /DNS | / | -------- - - rc Ͽ ־ ý õɶ ڵ ɰ̴. ִ ؼ ̰ Ʈũ ڿ ׷ Ʈũ غDZ , (̾ ϴ ȿ ° ؼ), Ǿ Ѵ. #!/bin/sh # Flush the 'Forwarding' rules table # Change the default policy to 'accept' # /sbin/ipfwadm -F -f /sbin/ipfwadm -F -p accept # #.. and for 'Incoming' # /sbin/ipfwadm -I -f /sbin/ipfwadm -I -p accept # First off, seal off the PPP interface # I'd love to use '-a deny' instead of '-a reject -y' but then it # would be impossible to originate connections on that interface too. # The -o causes all rejected datagrams to be logged. This trades # disk space against knowledge of an attack of configuration error. # /sbin/ipfwadm -I -a reject -y -o -P tcp -S 0/0 -D 172.16.174.30 # Throw away certain kinds of obviously forged packet packets right away. # Nothing should come from multicast/anycast/broadcast addresses. # /sbin/ipfwadm -F -a deny -o -S 224.0/3 -D 172.16.37.0/24 # # and nothing coming from the loopback network should ever be # seen on a wire /sbin/ipfwadm -F -a deny -o -S 127.0/8 -D 172.16.37.0/24 # accept incoming SMTP and DNS connections, but only # to the Mail/Name Server # /sbin/ipfwadm -F -a accept -P tcp -S 0/0 -D 172.16.37.19 25 53 # # DNS uses UDP as well as TCP, so allow that too # for question to our name server # /sbin/ipfwadm -F -a accept -P udp -S 0/0 -D 172.16.37.19 53 # # but not "answers" coming to dangerous ports like NFS and # Larry McVoy's NFS extension. If you run squid, add its port here. # /sbin/ipfwadm -F -a deny -o -P udp -S 0/0 53 \ -D 172.16.37.0/24 2049 2050 # answers to other user port are okay # /sbin/ipfwadm-F -a accept -P udp -S 0/0 53 \ -D 172.16.37.0/24 53 1024:65535 # Reject incoming connections to identd # We use 'reject' here so that the connecting host is told # straight away not to bother continuing, otherwise we'd experience # delays while ident timed out. # /sbin/ipfwadm -F -a reject -o -P tcp -S 0/0 -D 172.16.37.0/24 113 # Accept some common service connections from the 192.168.64 and # 192.168.65 networks, they are friends that we trust. # /sbin/ipfwadm -F -a accept -P tcp -S 192.168.64.0/23 \ -D 172.16.37.0/24 20:23 # accept and pass thruough anything originating inside # /sbin/ipfwadm -F -a accept -P tcp -S 172.16.37.0/24 -D 0/0 # deny most other incoming TCP connections, and log them # (append 1:1023 if you have problems with ftp not working) # /sbin/ipfwadm -F -a deny -o -y - tcp -S 0/0 -D 172.16.37.0/24 # ... for UDP too # /sbin/ipfwadm -F -a deny -o -P udp -S 0/0 -D 172.16.37.0/24 Ǹ ̾ ϴ ϴ. п ո ɰ̴. ipfwadm ϴ ־ ̴ٰ. ̾ ϰ Ѵٸ, ϴٰ ϴ ҽ ̽ Ʈũ ܺο ׽ũ غ ٶ. 6.13. IPX (AF_IPX) IPX 밳 뺧 Ʈ Ʈũ ȯ濡 Ȱ . ϰ , IPX Ʈũ Ʈ(endpoint) Ǵ ͷ ɰ̴. Kernel Compile Options: Networking options ---> [*] The IPX protocol [ ] Full internal IPX network IPX ݰ NCPFS IPX-HOWTO ٷ. 6.14. IPv6 IP Ʈũ ϱ ߴٰ Ҷ ȴ! IPv6 ͳ 6 ̴. IPv6 ͳ ȸ Ҵ 巹 ϴٴ غϱ ؼ ߵǾ. IPv6 32byte(128bit) ̴. IPv6 ٸ ϰ ִµ 밳 ȭ Ѱ̰ ̰ IPv4 IPv6 ٷ . 2.1.* Ŀο IPv6 ϰ Ѱ ƴϴ. ż ͳ ϰ ʹٸ, Ǵ ̰ ʿϴٸ, www.terra. net Ҽִ IPv6-FAQ о ٶ. . 7 23 øϴ. Ʈ sudoer@nownuri.net ֽñ ٶϴ. .