Use Linux system IP camouflage to defend against attack

Firewalls can be divided into several different levels of security. In Linux, because there are many different firewall software to choose from, security can be low and high, the most complex software can provide almost impermeable protection capabilities. However, the Linux core itself builds a simple mechanism called "camouflage", which can withstand most attacks except the most specialized hacker attacks.

When we dial a connection to the Internet, our computer is assigned an IP address that allows other people on the Web to return information to our computer. Hackers use your IP to access data on your computer. Linux uses the "IP Camouflage" method, is to hide your IP, do not let other people on the network to see. There are several sets of IP addresses that are specifically reserved for use by local networks and are not recognized by Internet backbone routers. The IP of the author computer is 192.168.1.127, but if you enter this address into your browser, you will not receive anything, because the Internet backbone does not recognize 192.168.x.x this set of IP. There are countless computers on other intranets that use the same IP, and because you can't access them at all, you certainly can't hack or crack them.

So, addressing security issues on the Internet seems like a simple thing to do, as long as you choose an IP address that no one else can access for your computer. Wrong! Because when you surf the Internet, you also need the server to send the data back to you, otherwise you can't see anything on the screen, and the server can only pass the data back to the legitimate IP address registered on the Internet backbone.

"IP Camouflage" is the technology used to solve this dilemma. When you have a computer that installs Linux, setting up to use "IP camouflage", it will connect the internal and external two network bridges, and automatically interpret the IP address from inside to outside or from the outside, usually this action is called Network address translation.

The actual "IP camouflage" is more complicated than the above. Basically, the "IP camouflage" server is built between two networks. If you use an analog dial-up modem to access data on the Internet, this is one of the networks; Your internal network usually corresponds to an Ethernet card, which is the second network. If you are using a DSL modem or cable modem (Cable modem), there will be a second Ethernet card in the system instead of an analog modem. Linux can manage every IP address for these networks, so if you have a computer with Windows (IP 192.168.1.25) located on a second network (Ethernet eth1), access is located on the Internet (Ethernet Eth0 cable Modem (207.176.253.15), Linux "IP camouflage" will intercept all TCP/IP packets from your browser, Extract the original local address (192.168.1.25) and replace it with the real address (207.176.253.15). Then, when the server returns data to 207.176.253.15, Linux automatically intercepts the return packet and fills in the correct local address (192.168.1.25).

Linux manages several local computers (such as 192.168.1.25 and 192.168.1.34 in the Linux "IP Camouflage" sketch map) and processes each packet without confusion. The author has an old 486 computer that installs Slackware Linux, which can handle packets sent by four computers to a cable modem without any reduction in speed.

Before the second edition of the core, "IP camouflage" is managed with the IP Send Management module (IPFWADM,IP FW adm). The second edition core, while providing a faster and more complex ipchains, still provides ipfwadm wrapper to remain backward-compatible, so in this article the author takes Ipfwadm as an example to explain how to set up IP camouflage (you can go to http:// The metalab.unc.edu/mdw/howto/ipchains-howto.html query uses the IPChains method, which has a more detailed description of "IP camouflage".

Also, some applications, such as RealAudio and Cu-seeme, require special modules, and you can also get relevant information from the above Web site.

The author's server has two Ethernet cards, which were set in eth0 and eth1 during the core activation process. Both cards are SN2000 jump, and the vast majority of Linux recognize these two cards. The author's etheric network initialization steps are set in Rc.inet1, and the instructions are as follows:

Ipaddr= "207.175.253.15"

# Replace the IP address of your cable modem.

netmask= "255.255.255.0"

# Switch to your network mask.

network= "207.175.253.0"

# Change to your network address.

Broadcast= "207.175.253.255"

# Change to your broadcast address.

Gateway= "207.175.253.254"

# Change to your gateway address.

# Use the macros above to set your cable modem Ethernet Card

/sbin/ifconfig eth0 ${IPADDR} broadcast $ {broadcast} netmask ${netmask}

# Set IP routing table

/sbin/route add-net ${network} netmask $ {netmask} eth0

# Set intranet Ethernet network card eth1, do not use macro directives

/sbin/ifconfig eth1 192.168.1.254 Broadcast 192.168.1.255 netmask

/sbin/route add-net 192.168.1.0 netmask 255.255.255.0 eth1

# Then Set IP FW ADM initialization

/sbin/ipfwadm-f-P deny # denies access from the following locations # Open transfer requirements from 192.168.1.X

/sbin/ipfwadm-f-a m-s 192.168.1.0/24-d 0.0.0.0/0

/sbin/ipfwadm-m-S 600 30 120

That's it! Your system's "IP camouflage" should now work properly. If you want more detailed information, you can refer to the HOWTO mentioned above, or to the http://albali.aquanet.com.br/howtos/Bridge+ firewall-4.html reference mini HOWTO. In addition to the more secure firewall technology, you can find data in ftp://SUNSITE.UNC.EDU/PUB/LINUX/DOCS/HOWTO/FIREWALL-HOWTO.