Linux operating system makes 486 an intranet Firewall

The Linux operating system makes 486 an intranet firewall-Linux Enterprise Application-Linux server application information. For more information, see the following. Application Principle

In Linux, if a machine on the network is connected to the Internet, you can configure other systems on the network to access the Internet through this connection. In this way, only one IP address can be used to connect several different systems to the Internet at the same time. This method is called IP camouflage.

In Linux, IP spoofing is implemented using the ipchains firewall tool. In fact, configuring the firewall is to configure IP spoofing. The current IP address disguise is the same as that of the ipchains firewall. It supports all common network services, such as Web browsing, telnet, ping, And gopher.

In Linux, the IP address is disguised. The machine with an Internet address is also used as a firewall and gateway on the LAN. The local machine uses the Internet address of the firewall to connect to the Internet. A firewall that implements IP camouflage is also called MASQ gates. The system (firewall) connected to the Internet can listen to Internet requests from hosts on the local network. After receiving the request, it replaces the IP address on the local host that sends the request with the IP address on the firewall Internet, and then sends these requests to the Internet, just like your own requests. Responses from the Internet are sent to the firewall system. The response received by the firewall is located through its own Internet address. The firewall then determines which request corresponding to the response on the local system, then it deletes the IP address of the response and sends it to the local host through the local network. For local machines, the connection is transparent, just like connecting directly to the Internet.

　　 Implementation of Firewall

1. hardware configuration

An old AST 486DX/66 computer with 8 M memory and M hard disk is installed with two NICs, which are connected to the internal LAN and the backbone network respectively, at the same time, the backbone network is connected to the China Earthquake Administration and the Internet through a router.

　　 2. install Linux

First install the Linux system (I use Redhat 6.0, and all instances are based on this version ). The fewer components are installed, the fewer system backdoors and security vulnerabilities are. Therefore, it is enough to install only one minimum system. Select a stable kernel. In this example, Linux 2.2.5-15 kernel is used.

The Linux kernel supports the firewall, and the tool used to implement the firewall is called ipchains. We can use this tool to implement IP Spoofing and proxy. Before using ipchains, You need to compile it into a part of the kernel. Redhat 6.0 has implemented this part.

　　 3. Configure two NICs

Because the AST 486DX/66 machines only have EISA and ISA expansion slots, we purchased two 3C509 (10 M) Ethernet cards from the market. Use the configuration software (3c5x90000.exe) of the network card to set the interrupt number and I/O address. Do not conflict with the occupied address in the machine.

　　 4. Configure the network address

We set the IP address of eth0 to 210.72.114.141 (valid IP address used to connect to the backbone network) and the IP address of eth1 to 10.3.15.2 (IP address used to connect to the Intranet). In order to configure the network at startup, I added the ifcfg-eth0 and ifcfg-eth1 files in the/etc/sysconfig/network-scripts directory (slightly ). These two files are read by the system at startup, and the network and route table are configured.