· KLDP.org · KLDP.net · KLDP Wiki · KLDP BBS ·
µ¥ºñ¾È¿¡¼­ SNAT ±¸ÇöÇϱâ


Àú ÀÚ: ÀÌÁ¾Çõ(Internet Management Technology Lab, Sungkyunkwan University. webmaster at hurryon.org)

¸ñ Â÷

1. ¼­ ·Ð

¸®´ª½ºÀÇ Ä¿³ÎÀÌ ¹öÀü 2.4´ë·Î ¿Ã¶ó¿À¸é¼­ ±âÁ¸¿¡ »ç¿ëµÇ´ø ipchainsÀº iptables·Î ´ëüµÇ¾ú´Ù. iptables´Â Å©°Ô 3°¡ÁöÀÇ ±â´ÉÀ» Á¦°øÇÑ´Ù. ±× ù¹ø°´Â IP MASQUERADE(SNAT)ÀÌ´Ù. IP MASQUERADE(SNAT)À» ÀÌ¿ëÇϸé ÇϳªÀÇ ¾ÆÀÌÇÇÀ» ÀÌ¿ëÇÏ¿© ¿©·¯´ëÀÇ ÄÄÇ»ÅÍ°¡ ³×Æ®¿öÅ©¿¡ Á¢¼ÓÇÒ¼ö ÀÖ´Ù. µÎ¹ø° ±â´ÉÀº ¼­¹ö ºÎÇÏÀ» ºÐ»êÇϱâ À§ÇÑ PORT FORWARDING±â´ÉÀ̸ç Åõ¸í ÇÁ¶ô½Ã ±â´ÉÀÎ REDIRECTIONÀÌ ÀÖ´Ù.

º»ÀÎÀÌ »ç¿ëÇÏ°íÀÚÇÒ iptablesÀÇ ±â´ÉÀº ù¹ø° ±â´ÉÀÎ IP MASQUERADE(SNAT)ÀÌ´Ù. ¸®´ª½º(µ¥ºñ¾È ¿ìµð)¿¡ ·£Ä«µåÀ» 2°³À» ¼³Ä¡ÇÏ°í ³ëÆ®ºÏ(À©µµ±×XP)¿¡ ¿¬°áÇÏ¿© ÇϳªÀÇ ¾ÆÀÌÇÇÀ» °¡Áö°í ¸®´ª½º¿Í ³ëÆ®ºÏ ¸ðµÎ ³×Æ®¿öÅ©¿¡ Á¢¼ÓÇϱâ À§Çؼ­ÀÌ´Ù. º»ÀÎÀº ÀÌ·¯ÇÑ ¿­¾ÇÇÑ È¯°æÀ» ¹«Áö ½È¾îÇÏÁö¸¸ ¾î¿¼ö¾ø´Ù. T.T

iptablesÀ» ÀÌ¿ëÇϱâ À§Çؼ­´Â Ä¿³Î ÄÄÆÄÀÏÀ» ÅëÇÑ ¼ÂÆÃÀÌ ÇÊ¿äÇÏ´Ù.

2. Áغñ »çÇ×

3. NAT ±¸Çö

3.1. NATÀ» À§ÇÑ Ä¿³Î ÄÄÆÄÀÏ

menuconfigÀÇ Networking options¿¡¼­ ´ÙÀ½ÀÇ Ç׸ñÀº ÇÊÈ÷ üũÇÏ°í ÄÄÆÄÀÏÇϵµ·Ï ÇÑ´Ù. ±âŸ ÇÊ¿äÇÑ ÄÄÆÄÀÏÀº ¾Ë¾Æ¼­ Çϵµ·Ï. ¤Ñ¤Ñ;
[*]Network packet filtering
[*]Socket Filtering
[*]Unix domain sockets
[*]Unix domain sockets
[*]TCP/IP networking

IP: Netfilter Configuration  --->

<*> Connection tracking (required for masq/NAT)
<*> FTP protocol support
<*> IP tables support (required for filtering/masq/NAT)
Âü°í·Î Fast switching (read help!) À» üũÇϸé NAT±â´ÉÀ» ÀÌ¿ëÇÒ¼ö ¾ø´Ù.

3.2. SNATÀ» À§ÇÑ ¼­¹ö(¸®´ª½º)Ãø ÀÛ¾÷

¸®´ª½º(µ¥ºñ¾È)°¡ ºÎÆõɶ§ ÀÚµ¿À¸·Î iptables°¡ ÀÛµ¿µÇµµ·Ï /etc/rc.boot ¿¡ °£´ÜÇÑ ½ºÅ©¸³Æ®À» ¸¸µé¾î¼­ ³Ö¾î µÐ´Ù.
#!/bin/bash

echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j SNAT --to 10.51.12.176
³ëÆ®ºÏ°ú ¿¬°áµÉ ·£Ä«µå(ÀÌ´õ³Ý Ä«µå)ÀÇ ip¼³Á¤ ÀÛ¾÷À» ÇÑ´Ù.
 [root@zecca network]# cat interfaces
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)

# The loopback interface
auto lo
iface lo inet loopback

# The first network card - this entry was created during the Debian installation
# (network, broadcast and gateway are optional)
auto eth0 eth1 
iface eth0 inet static
        address 192.168.1.1
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
iface eth1 inet static
        address 10.51.12.176
        netmask 255.255.255.0
        network 10.51.12.0
        broadcast 10.51.12.255
        gateway 10.51.12.1
[root@zecca network]# cat options   
ip_forward=yes
spoofprotect=yes
syncookies=no
[root@zecca network]# 

Âü°í·Î º»ÀÎÀÇ eth1 ¿¡ °íÁ¤ ¾ÆÀÌÇÇ°¡ µé¾î¿À¸ç ³ëÆ®ºÏ°ú ¿¬°áµÉ ·£Ä«µå´Â eth0 ÀÌ´Ù. À¸Èì. eth1 ÀÌ 100MBÂ¥¸® ·£Ä«µå¶ó¼­ ÀÌ·± ºÒ»ó»ç°¡ »ý°å´Ù. ¾îÄÉ ¹Ù²Ü¼ö ÀÖ´Â ¹æ¹ýÀÌ Á¸ÀçÇÒ°Å °°±âµµ Çѵ¥...ã±â°¡ ±ÍÂú´Ù.

3.3. SNATÀ» À§ÇÑ Å¬¶óÀ̾ðÆ®(À©µµ±×)Ãø ÀÛ¾÷

³ëÆ®ºÏ(À©µµ±×XP)¿¡¼­ ÀÛ¾÷ÇÒ ³»¿ëÀº °£´ÜÇÏ´Ù. ³×Æ®¿öÅ© ¼³Á¤ ºÎºÐ¿¡ °¡¼­ ´ÙÀ½°ú °°ÀÌ ±âÀçÇϵµ·Ï ÇÑ´Ù.
IP ÁÖ¼Ò: 192.168.1.2
¼­ºê³Ý ¸¶½ºÅ©: 255.255.255.0
±âº» °ÔÀÌÆ®¿þÀÌ: 192.168.1.1

±âº» DNS ¼­¹ö: 203.252.57.2

3.4. ÃÖÁ¾ Å×½ºÆ®

Å×½ºÆ®°í ³ª¹ßÀÌ°í ¾ø´Ù. ³ëÆ®ºÏ(À©µµ±×XP)¿¡¼­ ¸Þ½ÅÁ®°¡ µÇ´ÂÁö È®ÀÎÇØ º»´Ù. ÀÎÅͳÝÀÌ µÇ´ÂÁö È®ÀÎÇØ º»´Ù. ¾Æ¸¶µµ...µÉ°ÍÀÌ´Ù. :-)

5. ±â Ÿ

5.1. Ãß°¡ÇØ¾ß ÇÒ »çÇ×

  • MSN¿¡¼­ÀÇ ÆÄÀÏ Àü¼ÛÀ̳ª ³Ý¹ÌÆðú °°Àº ±â´ÉÀ» À§ÇÑ ¸ðµâÀ» ÀÌ¿ëÇÑ ¹æ¹ýÀº ±âÁ¦ÇÏÁö ¾Ê¾Ò´Ù. Á¶¸¸ÇÑ ±âÁ¦ÇØ¾ß °Ú´Ù. ³Ñ ÀÛ¾÷°Å¸®°¡ ¸¹´Ù. T.T

5.2. Àâ ´ã

  • SNATÀ» ±¸ÇöÇؼ­ ½á¾ß¸¸ ÇÏ´Â ÀÌÁ¾ÇõÀÇ Ã³Áö°¡ ºÒ½ÖÇÏ´Ù. ÇÏÁö¸¸ ´öºÐ¿¡ µ¥ºñ¾È¿¡¼­ SNATÀ» ±¸ÇöÇÏ°í ÀÌ·¯ÇÑ ¹®¼­À» ¸¸µé°Ô µÇ¾úÀ¸´Ï ÀÌ°É·Î À§¾ÈÀÌ¶óµµ »ï¾Æ¾ß °Ú´Ù.
  • SNATÀ» ±¸ÇöÇϱâ À§ÇØ ÇÊ¿äÇÑ Å©·Î½º ÄÉÀ̺íÀ» ¸¸µé¾î ÁֽŠ±èÇÐÁÖ ¼±¹è´Ô²² °¨»çÀÇ ¸»À» ÀüÇÑ´Ù. ¤Ñ¤Ñ;

5.3. ¿øº» ¹®¼­

  • ¿øº» ¹®¼­´Â º»ÀÎÀÇ À§Å°¿¡¼­ ±¸ÇÒ¼ö ÀÖÀ»°ÍÀÌ´Ù. ³È³È...ÁÖ·Î º»ÀÎÀÇ À§Å°¿¡¼­ ÀÛ¾÷À» ÇÏ´ÂÁö¶ó ÀÌ°÷ÀÇ ¹®¼­°¡ Á¶±Ý ´Ê°Ô ¾÷µ¥ÀÌÆ® µÇ°Å³ª ¾÷µ¥ÀÌÆ® µÇÁö ¾ÊÀ»¼öµµ ÀÖ´Ù.
  • http://hurryon.org/wiki/index.php/snat ±¸ÇöÇϱâ



ID
Password
Join
There will be big changes for you but you will be happy.


sponsored by andamiro
sponsored by cdnetworks
sponsored by HP

Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2005-03-02 11:52:38
Processing time 0.0062 sec