Practical Skills: Build a soft route in Linux

Users who are studying Linux have learned many skills in Engineering. For example, do you know how to build a soft route in Linux? It doesn't matter if you don't understand it. This article teaches you how to build a soft route in Linux. I hope to increase your knowledge about Linux.

IP address translation is also known as IP address disguise or IP address spoofing. That is, when an intranet machine logs on to the firewall, the firewall forwards the Intranet IP address (an invalid external IP address) disguise as a valid external network IP address and communicate with the external network. The command format for IP address camouflage is as follows:

Ipfwadm-F-amasquerade-D0.0.0.0/0-Weth0

"-D0.0.0.0/0" indicates that all Intranet IP addresses can be converted, and "-Weth0" indicates that intranet IP addresses are converted through Nic 1.

After completing the IP address disguise settings, You can ping the external network machine on the Intranet machine. If forwarding on the firewall is not disabled, You can ping the machine, indicating that the configuration is correct.

2. Set the permission to access the external network

In order to enhance network management, some restrictions are sometimes imposed on Intranet access to external networks. These restrictions include: (1) which machines are allowed to access the Internet; (2) which sites are allowed to access.

To restrict Internet access to a machine, refer to the following script:

Ipfwadm-F-pdeny # deny Intranet Machine Access

Ipfwadm-F-am-S192.168.0.5/32

-D0.0.0.0/0 # Allow 192.168.0.5

External Network Access

Restrict access to the site. You can set it as follows:

Ipfwadm-O-ireject-D0.0.0.0/0

# Add all sites on the external network

Reject

Ipfwadm-O-iaccept-D202.114.0.0/16

# Allow access to 202.114.0.0 ~

All sites within 202.114.255.255

In the preceding settings, "0.0.0.0/0" indicates all URLs, and "202.114.0.0/16" indicates all websites from 202.114.0.0 to 202.114.255.255.

3. Collect IP packet traffic

The traffic accounting settings for IP packets are as follows:

 
 

  
  
ipfwadm－A－f   
  
  
/sbin/ipfwadm－A－f   
  
  
/sbin/ipfwadm－Aout－I－S192.168.0.0   
  
  
/32－D0.0.0.0/0  
 
 

# For all outgoing packets

Statistics

 
 

  
  
/sbin/ipfwadm－Ain－I－S192.168.0.0   
  
  
/32－D0.0.0.0/0  
 
 

# For all inbound packages

Statistics

The accounting statistics are stored in the/proc/net/ip_acct file, and all the IP addresses are in hexadecimal notation.

All the above scripts can be placed in the/etc/rc. d file, or a shell script can be set up separately and executed using the command sh.

The above settings are all run on RedHat5.1.

In this way, you can build a soft route in Linux.

1. Use logs to make Linux management easier
2. Operation notes: Linux Framebuffer Programming
3. Detailed introduction to Linux File Types
4. Command Daquan: Linux advanced command line skills
5. Introduction Linux screenshot tool: import