[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[plamo:12730] ¼«Âð¤ÎPlamo-2.2.1 kernel¢ª2.4.17·×²è ¤½¤Î3(´°·ëÊÔRC)
-
From:KUSAKABE -bourbon!- Toshiaki
-
Date:Thu, 24 Jan 2002 13:43:28 +0900
- Subject: [plamo:12730] ¼«Âð¤ÎPlamo-2.2.1 kernel¢ª2.4.17·×²è ¤½¤Î3(´°·ëÊÔRC)
- From: KUSAKABE -bourbon!- Toshiaki <kusakabe@xxxxxxxxxx>
- Date: Thu, 24 Jan 2002 13:43:28 +0900
- Posted: Thu, 24 Jan 2002 13:43:25 +0900 (JST)
Æü²¼Éô@ÅìµþÅÔÎýÇ϶è%½Ð¼ÒÃæ ¤Ç¤¹¡£
¡ôSubject: ¤ÏÊѹ¹¤·¤Þ¤¹¤¬¡¢
¡ôReferences:, In-Reply-To: ¤Ï»Ä¤·¤Æ¤ª¤¤Þ¤¹¡£
¤É¤Ï¤Þ¤ê¤·¤¿ NIC ¤Î·ï¤Ç¤¹¤¬¡¢
/usr/src/linux/Documantaion/networking/de4x5.txt
¤òÆɤá¤Ð¤Ê¤ë¤Û¤É¤È¤¤¤¦´¶¤¸¤Ç¤·¤¿¡£tulip.txt ¤Ï¤Ê¤¯¤Ê¤Ã¤Æ¤Þ¤·¤¿¤Í¡£
tulip ¤Ï net-modules.txt ¤Ë¤Á¤ç¤í¤Ã¤È¤À¤±½ñ¤¤¤Æ¤¢¤ê¤Þ¤·¤¿¤±¤É¡Ä¡£
¤¢¤È¡¢NIC¤Î¥â¥¸¥å¡¼¥ë¤Ê¤ó¤Ç¤¹¤¬¡¢
> ¤Þ¤º¡¢/etc/modules.conf ¤Ë
> alias eth0 de4x5
> alias eth1 tulip
> ¤È½ñ¤¤¤Æ¤ß¤Þ¤·¤¿¡£
(¤½¤Î¸å¡¢depmod -ae -F /System.map 2.4.17 ¤ò¼Â¹Ô¤¹¤ë¤³¤È)
¤È¤·¤Æ¡¢/etc/rc.d/rc.modules ¤ò¥¤¥ó¥¹¥È¡¼¥ë¾õÂÖ¤ËÌᤷ¤Þ¤·¤¿¡£
¤³¤ì¤Ç¤â /etc/rc.d/rc.inet1 ¤Ë¤Æ ifconfig eth0 up ¤µ¤¨¤·¤Æ¤ª¤±¤ÐÂç¾æÉ×
¤Ç¤·¤¿¡£
> ¤½¤Î¸å¡¢ÉáÄ̤Πrp-pppoe ¤ËÀ®¸ù¤·¤¿¤Î¤Ç¡¢PPPoE ¥«¡¼¥Í¥ë¥â¡¼¥É¤ËÄ©À路¤Þ
> ¤·¤Æ¡¢¸«»öº£¡¢ps auxww ¤¹¤ë¤È
> /usr/sbin/pppd plugin /etc/ppp/plugins/rp-pppoe.so eth0 noipdefault noauth\
> default-asyncmap defaultroute hide-password nodetach mtu 1492 mru 1492\
> noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp user hoge@hoge.net\
> lcp-echo-interval 20 lcp-echo-failure 3
> ¤Î¤è¤¦¤Ë¸«¤¨¤ÆÀ®¸ù¤·¤Æ¤¤¤Þ¤¹¡£
¤³¤³¤Ç Îã¤Î MSS/MTU ¤Ë¤è¤ë¥Ö¥é¥Ã¥¯¥Û¡¼¥ë¥ë¡¼¥¿¡¼ÌäÂê ¤Ëµ¤¤Å¤¤Þ¤·¤¿¡£
¤È¤¤¤¦¤³¤È¤Ç modprobe ipchains.o ¤ÎÂбþ¤Ç¤Ï¤À¤á¤ÊÌÏÍͤǤ¹¡£
rp-pppoe-3.3 ¤Î /etc/ppp/pppoe.conf ¤Ë¤Ï clamp MSS 1414 ¤Ã¤Æ½ñ¤¤¤¿¤ó¤Ç
¤¹¤±¤É¤Í¤§¡Á ¸ú¤¤¤Æ¤Ê¤¤¤Î¤«¤Ê¤¡? (¥«¡¼¥Í¥ë¥â¡¼¥É¤À¤«¤é?)
¤À¤È¤¹¤ë¤È ip_tcpmss.o ¤¬¤Ê¤¤¤È¤À¤á¤Ê¤Î¤«¤âÃΤì¤Ê¤¤¡Ä¤¸¤ã¤¢¤ä¤Ã¤Ñ¤ê¡¢
¤È¤Ã¤È¤Èiptables ¤Ë¤¹¤ë¤«¡¢¤È»×¤¤¡¢/etc/rc.d/firewall-iptables ¤ò½ñ¤¤
¤Æ¤ß¤Þ¤·¤¿¡£
Ê¿¸µ¤µ¤ó¤Î¥Ú¡¼¥¸: http://www.flatray.com/~hiramoto/linux/adsl/
¤Ï¤È¤Æ¤â»²¹Í¤Ë¤Ê¤ê¤Þ¤¹¡£
¤â¤Á¤í¤ó¡¢Linux 2.4 Packet Filtering HOWTO, NAT HOWTO ¤âɬÆɤǤ¹¤¬¡¢¤³
¤Î¥Ú¡¼¥¸¤ò¼ç¤Ë¸«¤¿Êý¤¬¤¤¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£
¤³¤Î script ¤ò rc.local ¤Î adsl-start ¤ÎľÁ°¤Ë¤¤¤ì¤Æ¤ª¤±¤Ð¡¢´°À®¤Ç¤¹¡£
#! /bin/sh
PATH=/usr/local/sbin:/sbin:/usr/sbin:/bin:/usr/bin
#E=echo
###############################################################################
Accept () {
srcs=$1
type=$2
protocols=$3
for src in `echo $srcs | sed 's/,/ /g'`
do
for port in `echo $protocols | sed 's/,/ /g'`
do
if [ x"$src" = x"0.0.0.0" ]
then
$E iptables -A INPUT -p $type --destination-port $port -j ACCEPT
else
$E iptables -A INPUT -s $src -p $type --destination-port $port -j ACCEPT
fi
done
done
}
###############################################################################
### $E modprobe -r ipchains
$E iptables -X
$E iptables -F
for i in `yes y | head -20`
do
iptables -D block 1
iptables -D INPUT 1
iptables -D OUTPUT 1
iptables -D FORWARD 1
iptables -t nat -D POSTROUTING 1
iptables -t nat -D PREROUTING 1
done > /dev/null 2>&1
## ¥³¥Í¥¯¥·¥ç¥óÄÉÀץ⥸¥å¡¼¥ë¤ÎÁÞÆþ(¥«¡¼¥Í¥ëľÁȤ߹þ¤ß¤Î¾ì¹ç¤ÏÉÔÍ×)
$E modprobe ip_conntrack
$E modprobe ip_conntrack_ftp
$E modprobe ip_conntrack_irc
# USERSPACE QUEUEING via NETLINK
$E modprobe ip_queue
# Load the NAT module (this pulls in all the others).
$E modprobe iptable_nat
## ÆâÉô¤«¤é¤Î¤â¤Î°Ê³°¤Î¿·¤·¤¤¥³¥Í¥¯¥·¥ç¥ó¤ò¥Ö¥í¥Ã¥¯¤¹¤ë¥Á¥§¥¤¥ó¤ÎºîÀ®
$E iptables -N block
$E iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
$E iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT
# ¤¢¤ó¤Þ¤ê´ò¤·¤¯¤Ê¤¤¤â¤Î¤Ï¥í¥°¤Ë»Ä¤¹
$E iptables -A block -p tcp -j LOG --log-level info --log-prefix 'iptables: '
$E iptables -A block -p udp -j LOG --log-level info --log-prefix 'iptables: '
#$E iptables -A block -p icmp -j LOG --log-level info --log-prefix 'iptables: '
# ¼Î¤Æ¤ë
$E iptables -A block -j DROP
# In the NAT table (-t nat), Append a rule (-A) after routing
# (POSTROUTING) for all packets going out ppp0 (-o ppp0) which says to
# MASQUERADE the connection (-j MASQUERADE).
$E iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
# Workaround: Îã¤Î¥Ö¥é¥Ã¥¯¥Û¡¼¥ëÌäÂê¤ÎÂкö(ip_tcpmss.o¤¬É¬Í×)
$E iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
## ¤É¤³¤«¤é¤Ç¤âÀܳ¤ò¼õ¤±ÉÕ¤±¤ë (³°Éô¸þ¤±¥µ¡¼¥Ó¥¹¤Ê¤É)
# ftp-data,ftp,ssh,smtp,domain,www,auth(ident),ntp
Accept 0.0.0.0 tcp 20,21,22,25,53,80,113
Accept 0.0.0.0 udp 20,21,22,53,80,123
$E iptables -A INPUT -p icmp -j ACCEPT
## ÆÃÄê¤Î½ê¤«¤é¤Î¤ßÀܳ¤ò¼õ¤±ÉÕ¤±¤ë
# NNTP feed, telnet
Accept aaa.bbb.ccc.ddd tcp 119
Accept zzz.yyy.xxx.www tcp 23
## 6001:65535 ¤Ï³«¤±¤Æ¤ª¤¯(7000¤ÏÊĤ¸¤ë)
Accept 0.0.0.0 tcp 6001:6999,7001:65535
Accept 0.0.0.0 udp 6001:6999,7001:65535
## Send incoming port-80 web traffic to our squid (transparent) proxy
#$E iptables -t nat -A PREROUTING -i eth1 -p tcp --destination-port 80 -j REDIRECT --to-port 8080
## IRC dcc send
#$E iptables -t nat -A PREROUTING -i ppp0 -p tcp --destination-port 6666 -j DNAT --to-destination 172.21.65.1:6666
#$E iptables -A FORWARD -p tcp --destination 172.21.65.1 --destination-port 6666 -j ACCEPT
## INPUT ¤ª¤è¤Ó FORWARD ¥Á¥§¥¤¥ó¤«¤é¾åµ¤Î¥Á¥§¥¤¥ó¤Ø¥¸¥ã¥ó¥×¤¹¤ë
$E iptables -A INPUT -j block
$E iptables -A FORWARD -j block
if [ ! $E ] ; then
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/ppp0/rp_filter
else
$E 'echo 1 > /proc/sys/net/ipv4/ip_forward'
$E 'echo 1 > /proc/sys/net/ipv4/conf/ppp0/rp_filter'
fi
### EOF
°Ê¾å¤Ç´°àú¤Ë°Ü¹Ô¤Ç¤¤Þ¤·¤¿(2.2.20¤Ç¤ä¤Ã¤Æ¤¤¤¿¤³¤È¤ÏÁ´¤Æ¤Ç¤¤ë¤è¤¦¤Ë¤Ê
¤ê¤Þ¤·¤¿)¡£
Æȱé²ñ¤ß¤¿¤¤¤Ë¤Ê¤Ã¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¤¬¡¢¤â¤·¥«¡¼¥Í¥ë¤ò¾å¤²¤ëÊý¤¬¤¤¤é¤Ã¤·¤ã¤Ã
¤¿¤é¡¢¸æ»²¹Í¤Ë¤Ê¤µ¤Ã¤Æ²¼¤µ¤¤¡£
¤Ç¤Ï¡£
---
// ÅìµþÅÔÎýÇÏ¶è ¤Ö¤ë¤Ü¤ó´ë²è //
// Æü²¼Éô ½Ó¾¼ <kusakabe@reccoa.net> //
- Follow-Ups
-
- [plamo:12732] Re: ¼«Âð¤ÎPlamo-2.2.1kernel ¢ª2.4.17·×²è ¤½¤Î3(´°·ëÊÔRC), KOJIMA Mitsuhiro
- References
-
- [plamo:12695] ¼«Âð¤ÎPlamo-2.2.1 kernel¢ª2.4.17·×²è ¤½¤Î1, KUSAKABE -bourbon!- Toshiaki
- [plamo:12708] ¼«Âð¤ÎPlamo-2.2.1 kernel¢ª2.4.17·×²è ¤½¤Î2, KUSAKABE -bourbon!- Toshiaki
[¸¡º÷¥Ú¡¼¥¸]
[¥á¡¼¥ë°ìÍ÷]
Plamo ML ¸ø³«¥·¥¹¥Æ¥à