Linux是一个结构清晰、稳定可靠、功能完善、源代码公开的操作系统。 Linux is a clear structure, stable and reliable, functional, open source operating system. Linux的网络功能非常强大,IP伪装(IP Masquerade)就是Linux近年来发展起来的一种网络功能。 Linux networking is very powerful, IP masquerading (IP Masquerade) is a Linux recently developed a network feature.
什么是IP伪装 What is IP Masquerading
IP伪装,是Linux系统的一种网络功能,如果一台Linux主机使用IP伪装功能连接到互联网上,那么其他计算机,不论是在同一个局域网上还是通过调制解调器连接,只要连接到这个Linux主机上,就可以与国际互联网相连,即使它们没有获得正式指定的IP地址。 IP spoofing, is a network function of the Linux system, if a Linux host using IP masquerading to connect to the Internet, other computers, whether in the same LAN or via modem connection, just connect to the Linux host, can be connected with the Internet, even if they do not get officially designated IP address. 这样就可以将一些计算机隐藏在网关后面连接互联网,而不被发现,看起来就像只有一台Linux系统主机与互联网相连。 This can be hidden in some computers behind the gateway connected to the Internet, without being discovered, it seems like only a Linux host connected to the Internet. 它允许用户扩展IP地址,允许没有注册IP地址的计算机经由Linux主机连接到互联网上。 It allows users to extend the IP address that allows unregistered IP address to connect to a Linux host computer via the Internet. 由于可以多人使用一条调制解调器(或网卡)连线来接入互联网,因此降低了上网费用,同时也增加了安全性。 Because people can use a modem (or LAN) connection to access the Internet, thus reducing the cost of Internet access, while also increasing security. 从某些方面来看,其功能像是一个防火墙,因为外界网络无法连接非正式分配的IP地址。 In some ways, it functions like a firewall, because the external network can not connect informally assigned IP address. 而其安全功能比数据包过滤式防火墙要强。 And its safety features than the stronger packet filtering firewall. 随着IP地址的减少,IP伪装在网络上的应用会越来越广泛。 With the reduction in the IP address, IP masquerading applications on the network will become increasingly widespread.
IP伪装仍处于实验阶段 IP spoofing is still in experimental stage
IP伪装仍然处于实验阶段。 IP spoofing is still in experimental stage. 但Linux的核心从1.3.x开始已经建立此功能支持。 However, the Linux kernel starting from 1.3.x to support this function has been established. 许多个人甚至公司正在使用它,并且获得了满意的效果。 Many individuals and even companies are using it, and obtained satisfactory results. 现在Linux的核心已经升级到2.2.x,这项技术已趋近完善,但仍在发展中。 Now the Linux kernel has been upgraded to 2.2.x, this technology has been closer to perfect, but still in development. 浏览网页及远端登录(telnet)已经可以在IP伪装上运行,文件传输(FTP)、网络交谈(IRC)及聆听Real Audio可以载入一些相应的模块配合,其它的网络资料控制流(streaming audio),如True Speech及Internet wave也能运行。 Web browsing and remote login (telnet) can already run in the IP masquerading, file transfer (FTP), Internet Chat (IRC) and listen to Real Audio can be loaded with some of the corresponding modules, and other network information control flow (streaming audio ), such as True Speech and the Internet wave can also be run. Ping配合最近可以获得的国际互联网络控制信息协议(ICMP)的升级文件后也能正常运行。 Ping with the latest available Internet Control Message Protocol (ICMP) after the upgrade file can be run.
IP伪装支持多种客户端平台 IP masquerading support multiple client platforms
IP 伪装在多种不同的操作系统及平台上与客户端机器配合良好,目前,已测试通过的利用IP伪装运行的客户端平台有:Linux,Solaris,Windows 95/98,Windows NT,Windows for Workgroup 3.11(含有TCP/IP包),Windows 3.1(含有Chameleon包),Novel 5.0 Server,OS/2(包括Warp v3),Macintosh OS(含有Mac TCP或Open Transport),DOS(包含NCSA Telnet包),SCO Openserver。 IP masquerading in a variety of different operating systems and platforms on the client machine with good, now, have been tested through the use of IP spoofing client platform running: Linux, Solaris, Windows 95/98, Windows NT, Windows for Workgroup 3.11 (with TCP / IP packets), Windows 3.1 (with Chameleon package), Novel 5.0 Server, OS / 2 (including Warp v3), Macintosh OS (with Mac TCP or Open Transport), DOS (including NCSA Telnet package), SCO Openserver. 从理论上讲,只要操作系统支持TCP/IP或WinSock标准协议,都可以与IP伪装配合使用。 In theory, as long as the operating system supports TCP / IP or WinSock standard protocol, can be used in conjunction with IP masquerading.
组建网络的硬件/软件配置 Formation of the network hardware / software configuration
用Linux组建一个网络网关是最核心的部分,它是一台普通的计算机,装有Linux操作系统,配有两块网卡。 The formation of a network gateway with Linux is part of the core, it is a common computer, equipped with the Linux operating system, with two network cards. 一块网卡通过合法的IP地址与Internet连接,另一块网卡连接用于放大数字信号的集线器Hub,Hub可连接由若干台计算机所组成的网络。 A card through the legitimate IP address and Internet connection, another piece of card to connect the hub for digital signal amplification Hub, Hub can be connected by a number composed of computer networks. 网络中的计算机不使用合法的IP地址,而使用Internet标准文件RFC1597规定的、公开供用户使用的3个IP地址空间内的IP地址,它们分别是: The network computers do not use legitimate IP address, and use the Internet standard RFC1597 specified file, open for three users IP address space of IP addresses, they are:
A类地址10.0.0.0~10.255.255.255 Class A address 10.0.0.0 ~ 10.255.255.255
B类地址172.16.0.0~172.31.255.255 Class B address 172.16.0.0 ~ 172.31.255.255
C类地址192.168.0.0~192.168.255.255 Class C address 192.168.0.0 ~ 192.168.255.255
用户可根据自己网络中的机器数目选用合理的地址范围。 Users according to their number of machines that use the network address of a reasonable range.
网关除了开启Linux中的IP伪装来实现网络与Internet的互联外,还开启动态主机配置协议分配DHCPd的功能和WWW代理服务器功能。 In addition to opening the gateway's IP masquerading in Linux to achieve the interconnection network and the Internet, but also open the Dynamic Host Configuration Protocol distribution function for DHCPd and WWW proxies. DHCPd可以自动给网络中的计算机指定IP地址、子网掩码、网关等信息,克服了人工配置TCP/IP的限制,给网络的管理带来了极大的便利。 DHCPd automatically to the network computer to specify the IP address, subnet mask, gateway and other information, to overcome the manual configuration of TCP / IP restrictions, the management of the network has brought great convenience. 通常WWW代理服务器都设置一个较大的硬盘缓冲区,当有外界的信息通过时,同时也将其保存到缓冲区中,当其他用户再访问相同的信息时,则直接由缓冲区中取出信息传给用户,来提高访问速度。 WWW proxy servers are usually set up a larger hard drive buffer, when passed outside information, but also save it to the buffer, when other users access the same information again, then to extract information directly from the buffer to the user, to improve access. WWW代理服务器功能由Apache软件实现,Apache是Internet上很优秀的代理服务器软件,它有模块化的设计、工作性能稳定、运行速度快等优点。 WWW proxy server functionality from the Apache software, Apache is very good on the Internet proxy server software, it has a modular design, stable performance, running speed, etc..
网络实现的步骤 Network implementation steps
1)开启IP伪装功能; 1) Open the IP masquerade function;
2)调试网卡; 2) debug card;
3)开启DHCPd功能; 3) Open DHCPd function;
4)安装WWW代理服务器Apache软件; 4) Install Apache WWW proxy server software;
5)配置网络中的其它计算机,这些计算机可以使用不同的操作系统,如:Windows95/98、Windows NT、UNIX、Novell,根据所使用操作系统的不同进行不同的配置; 5) configure the network to other computers that can use different operating systems, such as: Windows95/98, Windows NT, UNIX, Novell, according to the different operating systems used for different configurations;
6)配置Linux网关的IP转送(Forwarding)方式; 6) Configure Linux gateway IP forwarding (Forwarding) mode;
7)测试IP伪装。 7) Testing IP masquerading.
如果测试成功,就代表网络已经建成了。 If the test is successful, on behalf of the network has been built.
Tidak ada komentar:
Posting Komentar