| |
Firewall can be divided into several different levels of security. In Linux, because there are many different firewall software available, security can be high or low and most complex software can provide the protection is almost impossible to penetrate. However, Linux kernel itself, built a simple mechanism called "camouflage", in addition to the most dedicated hacker attacks, can withstand most attacks.
When we dial a series on the Internet, our computer will be assigned an IP address, you can let other people online back pass data to our computer. Hackers is to use IP to access your data on your computer. Linux used "IP masquerading" method, is to hide your IP, not to others on the network to see. There are several groups IP addresses are reserved for special use of the local network, Internet backbone router does not recognize. As the author of the computer IP is 192.168.1.127, but if you enter this address into your browser, I believe that nothing can not receive, because Internet is the backbone of this group do not recognize 192.168.X.X the IP. There are countless other computer Intranet, also with the same IP, because you can not access, of course, can not be penetrated or cracked.
So, to solve security problems on the Internet, it seems to be a simple matter, as long as the IP address of a selected others can not access your computer, anything resolved. wrong! Because when you browse the Internet, the server will also need the information back to you, otherwise you could not see anything on the screen, while the server only the data back to the legitimate IP address registered on the Internet backbone.
"IP masquerading" is used to solve this dilemma of technology. When you have a computer to install Linux, set to use "IP masquerading", it will be internal and external bridging the two networks, and automatic interpretation from the inside out or from the outside in the IP address, usually the action called network address translation.
In fact the "IP masquerading" more complex than some of the above. Basically, "IP masquerading" server set up between the two networks. If you use analog dial-up modem to access information on the Internet, and this is one of the network; your internal network typically corresponds to an Ethernet card, this is the second network. If you are using a DSL modem or cable modem (CableModem), then the system will be the second Ethernet card, instead of the analog modem. And Linux can manage IP addresses for each of these networks, so if you have a computer to install windows (IP is 192.168.1.25), located on the second network (Etherneteth1), then, to access in the Internet (Etherneteth0) cable modem (207.176.253.15) when, Linux's "IP masquerading" will block all TCP from your browser issued / IP packet, out of the original local address (192.168.1.25), and then to real address ( 207.176.253.15) substituted. Then, when the server returns data to 207.176.253.15 time, Linux will automatically return to intercept packets and fill back to the correct local address (192.168.1.25).
Linux can manage several local computer (such as "IP masquerading" schematic Linux in the 192.168.1.25 and 192.168.1.34), and deal with each packet, and without confusion. The author has an old 486 computer installation SlackWareLinux can be simultaneously processed by a computer to a cable modem four packets, and the speed is not reduced.
In the second version of the core before, "IP masquerading" is sending IP management module (IPFWADM, IPfwadm) to manage. The second version of the core, while providing faster, more complex IPCHAINS, but still provides IPFWADMwrapper to maintain backward compatibility, therefore, the author of this article will be IPFWADM example, to explain how to set up "IP masquerading" ( You can use the IPCHAINS to http://metalab.unc.edu/mdw/HOWTO/IPCHAINS-HOWTO.html query method, the page and a "IP masquerading" more detailed explanation).
In addition, certain applications such as RealAudio and CU-SeeME used non-standard packets, you need a special module, you can also get information from the website.
That's it! Your system "IP masquerading" should now be able to work properly. Six months, 56K analog data card prices suddenly fell down a lot. However, most of the new data card is removed the control board is actually on the microprocessor, so the system will create additional load on the main CPU, while Linux does not support these "WinModem" card. Although the Linux kernel gurus, or have the ability to write drivers for the WinModem card, but they also understand that in order to save 10 yuan and dollar impact on system performance, is not wise.
Make sure you are using the Modem card, there is hopping can be used to set the COM1, COM2, COM3 and COM4, this way, the data card is available in Linux work properly.
When the author at the time of writing this article, I spent time testing a variety of different data cards. Linux support plug and play device, so I bought a piece of non-hopping by the Amjet production data card, it also found another disturbing problem.
On the test PC is a old 486, using the 1994 version of AMIBIOS. After inserting this plug and play data card, the computer will not boot up, appears on the screen is the "main hard disk failure" (Primaryharddiskfailure). The inspection found that the original plug and play BIOS actually should be reserved for hard disk controller 15 interrupts, rations of the data card. Finally, the author abandoned the use of plug and play product on the old computer, because they do not deserve these things take time. So, please note before purchasing a data card, first look at whether to adjust the hopping COM1 to COM4.
In the author's bulletin board (http://trevormarshall.com/BYTE/) on, I saw several friends ask if you can use multiple dial-up lines to improve the Internet connection speed. The best example here is 128KISDN, it is also using two 56K channels to achieve the speed of 128K. When the ISP to provide such services, in fact, will configure two separate lines connected to the same IP.
You can see that, although there EQL such modules on Linux, that allows you to simultaneously use two data card on a computer, but unless the ISP dial-up connection on the two groups provide the same IP, otherwise the two data card only on send information to help it.
If you dial the general ISPPPP line, you'll get an IP address from the server can find you return packets in millions of computers; and every time you dial ISP, will get a different IP address.
Your browser sent packets, but also contains the local IP address of the server for data backhaul. EQL can be those rumored packet, distributed to a different ISP lines, but when the return data, but only received by one IP address, which is the address that the browser is being used. If using ISDN, then the ISP will address this issue; Some ISP will provide the corresponding IP address for dial-up access multiple sets of lines, but the price is very expensive.
In the pursuit of speed, do not neglect the efficiency of Linux firewall. On the office has six users through "IP masquerading" firewall, to access a 56K analog modem, work very well, it was only when downloading large files will slow down the speed. Before you decide to install a number of ISP dial-up lines, you can set up an "IP masquerading" server to try. windows of dealing with multiple IP is not very efficient manner, while the Windows network and modem spaced, enhance efficiency will allow you surprised.
In short, Linux used "IP masquerading" method, is to others on the hide your IP, not to see the network. |
|
|
|