|
Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
|
|
|
|
ÀÌÀü ÁÖÁ¦ º¸±â :: ´ÙÀ½ ÁÖÁ¦ º¸±â |
±Û¾´ÀÌ |
¸Þ½ÃÁö |
hyji ¼Õ´Ô
|
¿Ã·ÁÁü: 2005.11.16 ¼ö, 3:38 pm ÁÖÁ¦: iptables - Æ÷Æ®Æ÷¿öµù + ¹æȺ® |
|
|
¸®´ª½º¿¡¼ ÀÎÅÍ³Ý °øÀ¯±âó·³ ¾²°í ÀÖ½À´Ï´Ù. Æ÷Æ®Æ÷¿öµù°ú ¹æȺ®À» »ç¿ëÇÏ·Á°í ÇÕ´Ï´Ù.
¾Æ·¡ ±×¸²°ú °°ÀÌ ¼¼ÆÃÇß½À´Ï´Ù. 1.1.1.1ÀÌ ¸®´ª½º±¸¿ä, 2.2.2.2´Â Á¢±ÙÀ» ¸·À¸·Á´Â PCÀÇ IPÀÔ´Ï´Ù. 192.168.0.100Àº ¸®´ª½º ¹Ø¿¡ ºÙÀº ³»ºÎ ¾ÆÀÌÇǸ¦ °®´Â PCÀÔ´Ï´Ù. Æ÷Æ®Æ÷¿öµùÀÌ À̸®·Î µÇ¾î ÀÖÁÒ.
¾Æ·¡¿Í °°ÀÌ 4°¡Áö Æ÷Æ®Æ÷¿öµùÀ» ÇÏ°í ÀÖ±¸¿ä.. ¸ð.. ´õ µÉ¼öµµ ÀÖ½À´Ï´Ù.
¹®Á¦´Â ¹æȺ®À» °Å´Âµ¥¿ä... ¾Æ·¡¿Í °°ÀÌ 80, 21, 2121 Æ÷Æ®¸¦ ¸·¾Ò½À´Ï´Ù. Çؼ ¸®´ª½ºÀÇ 21 Æ÷Æ®ÀÎ FTP¿Í 80ÀÎ WEBÀº Àß ¸·È÷´õ±º¿ä... Çåµ¥ 2121Àº ¸·¾Æµµ Æ÷Æ®Æ÷¿öµùÀÌ °É¸° 192.168.0.100ÀÇ 21ÀÌ ¿¸³´Ï´Ù.
ÀÌ°É ¾î¶»°Ô ¸·¾Æ¾ß ÇÒ±î¿ä... ¾Æ·¡¿Í °°ÀÌ firewall üÀÎÀ» FORWARD¿¡ ³Ö¾îÁ־ ¾ÈµÇ³×¿ä... Æ÷Æ®Æ÷¿öµùÀÌ Ã³À½ Á¢Çϴ üÀÎÀÌ ¹Ù·Î NATÀÇ PREROUTINGÀΰ¡¿ä? FORWARD¸¦ °ÅÃļ °¡´Â °Ô ¾Æ´Ñ°¡¿ä? ±× °æ·Îµµ ±Ã±ÝÇÕ´Ï´Ù...
Chain INPUT (policy ACCEPT 1121 packets, 119K bytes)
pkts bytes target prot opt in out source destination
8 329 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
1493 160K firewall all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 4 packets, 216 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
1493 160K firewall all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 810 packets, 100K bytes)
pkts bytes target prot opt in out source destination
Chain firewall (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 2.2.2.2 1.1.1.1 tcp dpt:80
0 0 DROP tcp -- * * 2.2.2.2 1.1.1.1 tcp dpt:21
0 0 DROP tcp -- * * 2.2.2.2 1.1.1.1 tcp dpt:2121
===================================================================
Chain PREROUTING (policy ACCEPT 854 packets, 59705 bytes)
pkts bytes target prot opt in out source destination
1 48 DNAT tcp -- * * 0.0.0.0/0 1.1.1.1 tcp dpt:2121 to:192.168.0.100:21
1 48 DNAT tcp -- * * 0.0.0.0/0 1.1.1.1 tcp dpt:8080 to:192.168.0.100:80
1 48 DNAT tcp -- * * 0.0.0.0/0 1.1.1.1 tcp dpt:3000 to:192.168.0.100:3089
1 48 DNAT tcp -- * * 0.0.0.0/0 1.1.1.1 tcp dpt:4000 to:192.168.0.100:3090
Chain POSTROUTING (policy ACCEPT 1 packets, 48 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * eth0 192.168.0.0/24 0.0.0.0/0
4 240 SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 to:1.1.1.1
Chain OUTPUT (policy ACCEPT 4 packets, 240 bytes)
pkts bytes target prot opt in out source destination |
|
À§·Î |
|
|
|
|
»õ·Î¿î ÁÖÁ¦¸¦ ¿Ã¸± ¼ö ¾ø½À´Ï´Ù ´ä±ÛÀ» ¿Ã¸± ¼ö ¾ø½À´Ï´Ù ÁÖÁ¦¸¦ ¼öÁ¤ÇÒ ¼ö ¾ø½À´Ï´Ù ¿Ã¸° ±ÛÀ» »èÁ¦ÇÒ ¼ö ¾ø½À´Ï´Ù ÅõÇ¥¸¦ ÇÒ ¼ö ¾ø½À´Ï´Ù
|
Powered by phpBB © 2001, 2005 phpBB Group
|