Imiqulu Yenkomba Yeseva
Inhloso ye-IP Masquerading ukuvumela imishini ngamakheli angasese, angaqondakali IP kwi-inethiwekhi yakho ukufinyelela i-intanethi ngomshini owenza ukuxubha. I-Traffic kusuka kunethiwekhi yakho yangasese ehloselwe i-intanethi kufanele ilandelwe ukuze izimpendulo zibuyele emuva kumshini owenza isicelo. Ukuze wenze lokhu, i-kernel kumele iguqule ikheli le-IP yomthombo wepakethe ngayinye ukuze izimpendulo zibuyele emuva kuyo, kunokuba ikheli le-IP yangasese elenze isicelo, esingenakwenzeka nge-intanethi. I-Linux isebenzisa i- Connection Tracking (conntrack) ukugcina ithrekhi yokuthi yikuphi ukuxhumeka okungokwamanye imishini futhi ibuyele kabusha iphakethe ngalinye lokubuya ngokufanele. I-Traffic ishiya inethiwekhi yakho yangasese ngaleyo ndlela "i-masqueraded" njengoba ivela kumshini wakho we-Ubuntu wesango. Le nqubo ibhekiselwa kumadokhumenti e-Microsoft njengokwabelana nge-Inthanethi ye-Inthanethi.
Imiyalo ye-IP Ukuqeda
Lokhu kungenziwa nge-single iptables rule, engase ihluke kancane ngokusekelwe kokucushwa kwenethiwekhi yakho:
i-sult iptables -n nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADEUmyalo ongenhla uthatha ukuthi isikhala sakho sekheli le-yangasese siyi-192.168.0.0/16 nokuthi idivayisi yakho ebheke i-intanethi i-ppp0. I-syntax idilizwe kanje:
- -u-u-umthetho ufanele ungene etafuleni le-nat
- -I-POSTROUTING - umthetho kufanele uhanjiswe (-A) kumgudu we-POSTROUTING
- -i-192.168.0.0/16 - lo mthetho usebenza emgwaqeni ovela endaweni echazwe ngayo ikheli
- -o ppp0 - lo mthetho usebenza emgwaqweni ohleliwe ukuba uhanjiswe kudivayisi ekhonjisiwe yenethiwekhi
- -j MASQUERADE - ithrafikhi efana nale mithetho iwukuba "gxuma" (-j) kumgomo we-MASQUERADE ukuze usebenze njengoba kuchaziwe ngenhla
Inkinobho ngayinye etafuleni lokuhlunga (ithebula elizenzakalelayo, futhi lapho kuningi ukuhlunga iphakethe khona) kunenqubomgomo ezenzakalelayo ye -ACCEPT, kodwa uma udala i-firewall ngaphezu kwedivayisi yesango, kungenzeka ukuthi usethe izinqubomgomo ku-DROP noma HLEKA, lapho kwenzeka ukuthi ithrafikhi yakho ene-masqueraded idinga ukuvunyelwa ngokusebenzisa uchungechunge lwe-FORWARD ngenqubo engenhla yokusebenza:
I-sudo iptables -I-FORWARD -ngama-192.168.0.0/16 -o ppp0 -j YAMUKELA amakhophi we-sudo -I-state-e-192.168.0.0/16 -m yesifundazwe eqinisekisiwe, eqinisiwe -i-ppp0 -j yamukelaImiyalo engenhla izovumela wonke uxhumano kusuka kunethiwekhi yakho yendawo kuya ku-Intanethi nakuwo wonke amathrekhi ahlobene nalawo maxhumo ukuze abuyele emshinini owawuqala.
* Ilayisense