Omezeni TCP/IP uzivatelum Unixu?

Petr Snajdr snajdr at pvt.net
Thu Dec 19 15:48:27 CET 1996 

Pekny den,
 jen volby pri kompilaci ktere s tim maji alespon trochu co delat:


IP: firewall packet logging (CONFIG_IP_FIREWALL_VERBOSE) [N/y/?] ?

  This gives you information about what your firewall did with
  packets it received. The information is handled by the klogd demon
  which is responsible for kernel messages ("man klogd").

IP: accounting (CONFIG_IP_ACCT) [Y/n/?] ?

  This keeps track of your IP network traffic and produces some
  statistics. Usually, you only want to say Y here if your box will be
  a router or a firewall for some local network, in which case you
  naturally should have said Y to IP forwarding/gatewaying resp. IP
  firewalling. The data is accessible with "cat /proc/net/ip_acct", so
  you want to say Y to the /proc filesystem below, if you say Y
  here. To specify what exactly should be recorded, you need the tool
  ipfwadm (available from ftp.xos.nl if you don't have a copy already).

Network firewalls (CONFIG_FIREWALL) [Y/n/?] ?

  A firewall is a computer which protects a local network from the
  rest of the World: all traffic to and from computers on the local
  net is inspected by the firewall first. If you want to configure
  your Linux box as a firewall for a local network, say Y here. If
  your local network is TCP/IP based, you will have to say Y to "IP:
  firewalling", below.  You also need to say Y here and enable "IP
  firewalling" below in order to be able to use IP masquerading
  (i.e. local computers can chat with an outside host, but that
  outside host is made to think that it is talking to the firewall
  box. Makes the local network completely invisible and avoids the
  need to allocate valid IP host addresses for the machines on the
  local net) or to use the ip packet accounting to see what is using
  all your network bandwidth. Chances are that you should use this on
  any machine being run as a router and not on a host. If unsure, say
  N.

IP: forwarding/gatewaying (CONFIG_IP_FORWARD) [Y/n/?] ?

  People who want to use their Linux box as the router for a local
  network (i.e. the computer responsible for distributing Internet
  traffic to and from the machines in the local network and the
  subnetworks) should say Y here (thereby enlarging their kernel by
  about 5 kB). Note that in this case, you possibly have two ethernet
  devices in your computer: one for the "outside world" and one for
  your local net. The kernel is not able to recognize both at boot
  time without help; for details read the
  Multiple-Ethernet-mini-HOWTO, available via ftp (user: anonymous) in
  sunsite.unc.edu:/pub/Linux/docs/HOWTO/mini.  If your box is
  connected to two networks, it may still make sense to say N here,
  namely if you want to turn your box into a firewall protecting a
  local network from the internet. The Firewall-HOWTO tells you how to
  do this. If your setup is more complex, say you are connected to
  three networks and you want to act as a firewall between two of them
  and route traffic for the others, you need to say Y here and enable
  IP firewalling below. If you intend to use IP masquerading (i.e. IP
  traffic from one of the local computers and destined for an outside
  host is changed by your box so that it appears to come from you),
  you'll have to say Y here and also to IP firewalling and IP
  masquerading below. You should also say Y here if you want to
  configure your box as a SLIP (the protocol for sending internet
  traffic over telephone lines) or PPP (a better SLIP) server for
  other people to dial into and your box is connected to a local
  network at the same time. You would then most likely use proxy-ARP
  (Address Resolution Protocol), explained in the Proxy-Arp mini howto
  on sunsite in /pub/Linux/docs/HOWTO/mini. You also need to say Y
  here if you want to run mrouted in order to do multicast routing as
  used on the MBONE (a high bandwidth network on top of the internet
  which carries audio and video broadcasts) for example. In this case,
  say Y to "IP: multicasting" and "IP: multicast routing" as well. If
  unsure, say N.

IP: firewalling (CONFIG_IP_FIREWALL) [Y/n/?] ?

  If you want to configure your Linux box as a firewall for a local
  TCP/IP based network, say Y here. This will enlarge your kernel by
  about 2kB. You may need to read the FIREWALL-HOWTO, available via
  ftp (user: anonymous) in
  sunsite.unc.edu:/pub/Linux/docs/HOWTO. Also, you will need the
  ipfwadm tool (available via ftp (user: anonymous) from ftp.xos.nl)
  to allow selective blocking of internet traffic based
  on type, origin and destination.  You need to enable IP firewalling
  in order to be able to use IP masquerading (i.e. local computers can
  chat with an outside host, but that outside host is made to think
  that it is talking to the firewall box. Makes the local network
  completely invisible and avoids the need to allocate valid IP host
  addresses for the machines on the local net) or to use the IP packet
  accounting to see what is using all your network bandwidth.
  This option is also needed when you want to enable the transparent
  proxying support (makes the computers on the local network think
  they're talking to a remote computer, while in reality the traffic
  is redirected by your Linux firewall to a local proxy server).


--

_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

   S pozdravem
       Petr Snajdr

A)bortovat, Z)kusit znova, U)derit velkym kladivem?

_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

More information about the net mailing list