Use Linux firewall camouflage to offset hacker attacks

Firewalls can be divided into several different levels of security. In Linux, because there are many different firewall software to choose from, security can be low and high, the most complex software can provide almost impermeable protection capabilities. However, the Linux core itself builds a simple mechanism called "camouflage", which can withstand most attacks except the most specialized hacker attacks.

When we dial a connection to the Internet, our computer is assigned an IP address that allows other people on the Web to return information to our computer. Hackers use your IP to access data on your computer. Linux uses the "IP Camouflage" method, is to hide your IP, do not let other people on the network to see. There are several sets of IP addresses that are specifically reserved for use by local networks and are not recognized by Internet backbone routers. The IP of the author computer is 192.168.1.127, but if you enter this address into your browser, you will not receive anything, because the Internet backbone does not recognize 192.168.x.x this set of IP. There are countless computers on other intranets that use the same IP, and because you can't access them at all, you certainly can't hack or crack them.

So, addressing security issues on the Internet seems like a simple thing to do, as long as you choose an IP address that no one else can access for your computer. Wrong! Because when you surf the Internet, you also need the server to send the data back to you, otherwise you can't see anything on the screen, and the server can only pass the data back to the legitimate IP address registered on the Internet backbone.

"IP Camouflage" is the technology used to solve this dilemma. When you have a computer that installs Linux, setting up to use "IP camouflage", it will connect the internal and external two network bridges, and automatically interpret the IP address from inside to outside or from the outside, usually this action is called Network address translation.

The actual "IP camouflage" is more complicated than the above. Basically, the "IP camouflage" server is built between two networks. If you use an analog dial-up modem to access data on the Internet, this is one of the networks; Your internal network usually corresponds to an Ethernet card, which is the second network. If you are using a DSL modem or cable modem (Cable modem), there will be a second Ethernet card in the system instead of an analog modem. Linux can manage every IP address for these networks, so if you have a computer with Windows (IP 192.168.1.25) located on a second network (Ethernet eth1), access is located on the Internet (Ethernet Eth0 cable Modem (207.176.253.15), Linux "IP camouflage" will intercept all TCP/IP packets from your browser, Extract the original local address (192.168.1.25) and replace it with the real address (207.176.253.15). Then, when the server returns data to 207.176.253.15, Linux automatically intercepts the return packet and fills in the correct local address (192.168.1.25).

Linux manages several local computers and processes each packet without confusion. The author has an old 486 computer that installs Slackware Linux, which can handle packets sent by four computers to a cable modem without any reduction in speed.

Before the second edition of the core, "IP camouflage" is managed with the IP Send Management module (IPFWADM,IP FW adm). The second edition core provides a faster and more complex ipchains, but still provides ipfwadm wrapper to maintain backward compatibility.