Shulou(Shulou.com)05/31 Report--

This article mainly introduces how Linux builds soft routing, which has certain reference value. Interested friends can refer to it. I hope you will gain a lot after reading this article. Let Xiaobian take you to understand it together.

IP address translation is also known as IP address disguise or IP address spoofing, that is, when an intranet machine logs on to a firewall, the firewall disguises the intranet IP(illegal extranet IP address) as a legal extranet IP address, and then communicates with the extranet. The command format for IP address masquerading is as follows:

ipfwadm-F-amasquerade-D0.0.0.0/0-Weth0

Where "-D0.0.0.0/0" means that all intranet IP addresses are allowed to be converted, and "-Weth0" means that intranet IP addresses are converted through NIC 1.

After the IP address disguise is set, you can ping the external network machine on the intranet machine. If forwarding on the firewall is not turned off, you can ping it. This means that everything is configured correctly.

2. Set permissions to access external networks

In order to strengthen the management of the network, it is sometimes necessary to impose certain restrictions on the intranet to access the external network, such restrictions include: (1) which machines are allowed to access the Internet; and (2) which sites are allowed to visit.

The following script can be used to restrict Internet access machines:

ipfwadm-F-pdeny#all deny intranet access

ipfwadm-F-am-S192.168.0.5/32

-d0.0.0.0/0#Allow 192.168.0.5 Machine pairs

Extranet access

Restrict access to the site, which can be set as follows:

ipfwadm-O-ireject-D0.0.0.0/0

#Add all sites to the external network

refused

ipfwadm-O-iaccept-D202.114.0.0/16

#Allow access to 202.114.0.0~

202.114.255.255 All sites within

In the above settings,"0.0.0.0/0" indicates all web addresses, and "202.114.0.0/16" indicates all sites from 202.114.0.0 to 202.114.255.255.

3. IP packet traffic statistics

IP packet traffic accounting settings are as follows:

ipfwadm-A-f /sbin/ipfwadm-A-f /sbin/ipfwadm-Aout-I-S192.168.0.0 /32-D0.0.0.0/0

#For all outgoing packets

statistics

/sbin/ipfwadm-Ain-I-S192.168.0.0 /32-D0.0.0.0/0

#For all incoming packages

statistics

The accounting statistics are stored in the/proc/net/ip_acct file, and all IP addresses are represented in hexadecimal.

All of the above scripts can be placed in the/etc/rc.d file, or can be set up separately shell scripts, executed with the command sh.

The above settings all run on RedHat 5.1 Pass.

This completes the Linux build soft route.

Thank you for reading this article carefully. I hope that the article "How to Build Soft Routing in Linux" shared by Xiaobian will be helpful to everyone. At the same time, I hope that everyone will support it a lot and pay attention to the industry information channel. More relevant knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.