¸ê°T¦w¥þ³Q¤@¯ë¤j²³»{©w¬O¤@ºØµ{§Ç¦Ó¤£¬O¤@ºØ²£«~¡AµM¦Ó¡A¼Ð·Çªº¦w¥þ©Ê¹ê§@³q±`§Q¥Î¬YºØ®æ¦¡ªº¬J©w¾÷¨î¨Ó ±±¨î¦s¨úªºÅv¥H¤Î¨îºô¸ô¸ê·½µ¹¸g¹L±ÂÅv¡B¥i³Q¿ëÃÑ¥B¥i°l¬d¬ö¿ýªº¨Ï¥ÎªÌ¡C Red Hat Enterprise Linux ¤¤§t¦³³\¦hºØ¥\¯à±j ¤jªº¤u¨ã¡A¥i¥Î¨ÓÀ°§U¨t²ÎºÞ²zû»P¦w¥þ©Ê¤uµ{®v¸Ñ¨Mºô¸ô¼h¯Åªº¦s¨ú±±¨î°ÝÃD¡C
°£¤F¨Ò¦p CIPE ©Î IPsec ¡]©ó ²Ä6³¹ ¤w°Q½×¡^µ¥ VPN ¸Ñ¨M¤è®×¥~¡A¨¾¤õÀð¬Oºô¸ô ¦w¥þ¹ê§@ªº®Ö¤ß¤¸¥ó¤§¤@¡C ³\¦hªº¼t°Ó¾Ö¦³¾A¥Î©ó©Ò¦³¥«³õ¼h¯Åªº¨¾¤õÀð¸Ñ¨M¤è®×¡Aªx±q«OÅ@¤@³¡ PC ªº ®a¥Î¨Ï¥ÎªÌ¡A¨ì«O½Ã«n¥ø·~¸ê°Tªº¼Æ¾Ú¤¤¤ß¸Ñ¨M¤è®×¡C ¨¾¤õÀð¥i¥H¬O³æ¾÷ªºµwÅé¸Ñ¨M¤è®×¡A¨Ò¦p¥Ñ Cisco, Nokia »P Sonicwall ´£¨Ñªº¨¾¤õÀð¸Ë¸m¡C ¨Ò¦p Checkpoint, McAfee »P Symantec µ¥¼t°Ó¡A¤]¦³¬°®a®x»P °Ó¥Î¥«³õ¶}µoªº±M§QÅv³nÅ騾¤õÀð¸Ñ¨M¤è®×¡C
°£¤FµwÅé»P³nÅ騾¤õÀ𪺤£¦P³B¤§¥~¡A¨¾¤õÀð§@¥Îªº¤è¦¡¤]¦³¤£¦P¡A¥H°Ï¤À¤£¦Pªº¸Ñ¨M¤è®×¡C ªí®æ 7-1 ¸Ô²Ó¦C¥X¤TºØ¤£¦PÃþ«¬ªº¨¾¤õÀð¥H¤Î¥¦Ìªº§@¥Î¤è¦¡¡G
¤èªk | »¡©ú | ÀuÂI | ¯ÊÂI | ||||||
---|---|---|---|---|---|---|---|---|---|
NAT | ºô¸ô¦ì§}ÂàĶ (NAT)±N¤º³¡ºô¸ôªº IP ¤lºô¸ô©ñ¸m¦b¤@өΤ@¸s¥~³¡ IP ¦ì§}¥H¤º¡A °°¸Ë©Ò¦³ªºn¨D³£¨Ó¦Û³æ¤@¨Ó·½¡A¦Ó«D¨Ó¦Û³\¦h¨Ó·½¡C |
|
| ||||||
«Ê¥]¹LÂo¾¹ | «Ê¥]¹LÂoªº¨¾¤õÀð·|Ū¨ú¨C¤@Ó¦b°Ïºô¤º¥~¶Ç¿éªº¼Æ¾Ú«Ê¥]¡A¥¦¥i¥H®Ú¾ÚªíÀY¸ê°T¨ÓŪ¨ú»P³B²z«Ê¥]¡A¨Ã¥B¨Ì¾Ú ¨¾¤õÀðºÞ²zû©Ò¹ê§@¥i³]pªº³W«h²Õ¨Ó¹LÂo«Ê¥]¡C Linux ®Ö¤ß¾Ö¦³´O¤J¦¡ªº«Ê¥]¹LÂo¥\¯à©Ê¡]³z¹L netfilter ®Ö¤ß¤l¨t²Î¡^¡C |
|
| ||||||
¥N²z¦øªA¾¹ | ¥N²z¨¾¤õÀð·|¹LÂo±q°Ïºô¥Î¤áºÝ¶Ç°e¨ì¤@³¡¥N²z¾÷¾¹¬YºØ³q°T¨ó©w©ÎÃþ«¬ªº©Ò¦³«Ê¥]¡A¥¦±N·|¥N²z¥»¦a¥Î¤áºÝ ¦Vºô»Úºô¸ôµo¥Xn¨D¡C ¤@³¡¥N²z¾÷¾¹±N§êºt´c·Nªº»·ºÝ¨Ï¥ÎªÌ»P¤º³¡ºô¸ô¥Î¤áºÝ¾÷¾¹¶¡ªº¤@Ó½w½Ä°Ï¡C |
|
|
ªí®æ 7-1. ¨¾¤õÀðÃþ«¬
Linux ®Ö¤ß§t¦³ºÙ¬° netfilter ªº¤@Ó¥\¯à±j¤jªººô¸ô³s½u¤l¨t²Î¡Anetfilter ¤l¨t²Î ´£¨Ñª¬ºA©ÎµLª¬ºAªº«Ê¥]¹LÂo¥H¤Î NAT »P IP °°¸ËªA°È¡C Netfilter ¤]¾Ö¦³¬°¶i¶¥¸ô¥Ñ¿ï¾Ü»P³s½uª¬ºAºÞ²z ²V²c IP ªíÀY¸ê°Tªº¯à¤O¡A±z¥i¥H³z¹L IPTables ¤u¨ãµ{¦¡¨Ó±±¨î Netfilter¡C
netfilter ªº±j¤j¥\¯à»PÆF¬¡«×¬O³z¹L IPTables ¤¶±¹ê§@ªº¡A³oÓ©R¥O¦C¤u¨ã»P¥¦ªº«e½ú IPChains ªº»yªk Ãþ¦ü¡AµM¦Ó IPTables ¨Ï¥Î netfilter ¤l¨t²Î¨Ó±j¤Æºô¸ôªº³s½u¡BÀËÅç»P³B²z¡A¦Ó IPChains ¨Ï¥Î½ÆÂøªº³W«h ²Õ¨Ó¹LÂo¨Ó·½»P¥Øªº¦aªº¸ô®|¡A¥H¤Î¨âªÌªº³s±µ°ð¡C IPTables ¾Ö¦³¶i¶¥¬ö¿ý¡B¨Æ¥ý»P¨Æ«á¸ô®|¿ï¾Üªº°Ê§@¡B ºô¸ô¦ì§}ÂàĶ¥H¤Î³s±µ°ðÂà±µ(port forwarding)µ¥¯S¦â¡A³£¥i¦b¤@Ó©R¥O¦Cªº¤¶±¨Ó§¹¦¨¡C
³oÓ³¡¥÷´£¨ÑÃö©ó IPTables ªº¤@Ó·§n¡A¦p»ÝÃö©ó IPTables ªº§ó¦h¸Ô²Ó¸ê°T¡A½Ð°Ñ¦Ò Red Hat Enterprise Linux °Ñ¦Ò¤â¥U¡C