sun's longitude:56 55 18 
¡¤ ÀÚÀ¯°Ô½ÃÆÇ ¡¤ ¹¯°í´äÇϱ⠡¤ ¾ËÆĹ®¼­ ¡¤ RPMS list
¡¤ »ç¿ëÀÚ¹®¼­ ¡¤ ÆÁ/FAQ¸ðÀ½ ¡¤ ¸®´ª½ºLinks ¡¤ ÀÚ·á½Ç
¡¤ ¼­¹öÁ¤º¸ ¡¤ ¿î¿µÀÚ ¡¤ Books/FAQ ¡¤ FreeBSD
 
/board/read.php:¼Ò½ºº¸±â   
 

Áú¹®°ú ´äº¯ °Ô½ÃÆÇÀÔ´Ï´Ù.

ÇöÀç ½Ç½Ã°£À¸·Î ÀÌ°÷ ¼­¹öÀÇ ¼³Á¤ÆÄÀÏ(¸î°³)¸¦ º¸¿©ÁÖ°í ÀÖ½À´Ï´Ù.
¼­¹öÀÇ ¼³Á¤³»¿ë¿¡ °üÇÑ Áú¹®Àº ¸ÕÀú ÀÌ°÷ ¼­¹öÀÇ ¼³Á¤³»¿ëÀ» Âü°íÇÏ½Ã±æ ¹Ù¶ø´Ï´Ù.
[*** ¾²±â ±ÝÁö´Ü¾î ÆÐÅÏ ***]
±Û º»¹® Áß°£¿¡ ¾÷·ÎµåÇÒ À̹ÌÁö¸¦ Ãß°¡ÇÏ´Â ¹æ¹ý : @@À̹ÌÁöÀ̸§@@
ex) @@foo.gif@@
2432 ¹ø ±Û: named °¡ ÀÌ»óÇؼ­ ¹®Àǵ帳´Ï´Ù.
±Û¾´ÀÌ: ½¸µ¹ ±Û¾´³¯: 2005³â 12¿ù 07ÀÏ 00:37:33 ¼ö(»õº®) Á¶È¸: 1646 
-----------------------------------------
´äº¯ÀÚ°¡ ±âº»ÀûÀ¸·Î Âü°íÇÒ ³»¿ëÀÔ´Ï´Ù.
- ¹èÆ÷ÆÇ(¿É¼Ç)    : Æäµµ¶óÄÚ¾î4
- Ä¿³Î¹öÀü(¿É¼Ç)  : 2.6.14-1.1644_FC4
- µ¥¸ó¹öÀü(¿¹:apache 1.3.27) : bind-9.3.1-14_FC4
- µ¥¸ó¼³Ä¡À¯Çü(RPM/ÄÄÆÄÀÏ/±âŸ)
 : RPM
-----------------------------------------

¾È³çÇϼ¼¿ä.

ÀϺ»¿¡ ¼ÂÆÃÇÑ ¼­¹ö°¡ ¹®Á¦°¡ »ý°Ü ¹®Àǵ帳´Ï´Ù.
ÀÏ´Ü Áõ»óÀ» ¸»¾¸ µå¸®ÀÚ¸é...

www.abc.com
www.abc.co.jp

ÀÌ·± µµ¸ÞÀÎÀÌ µÎ°³°¡ ÀÖ½À´Ï´Ù. bind ¼³Á¤À» ÇÏ°í..
nslookup ¶Ç´Â dig ¸¦ »ç¿ëÇؼ­ ÁúÀǸ¦ Çغ¸¸é..
(dig @168.126.63.1 www.abc.co.jp)

¿øÇÏ´Â ip¸¦ °¡Áö°í ¿É´Ï´Ù. 
·ÎÄÃ,¿ÜºÎ ¸ðµÎ Á¤»óÀûÀ¸·Î ip¸¦ °¡Áö°í ¿É´Ï´Ù.

±×·±µ¥ À§ µµ¸ÞÀÎÀ¸·Î À¥ÆäÀÌÁö Á¢¼Ó½Ã ¹®Á¦°¡ ¹ß»ýÇÕ´Ï´Ù.
PC¿¡ µû¶ó¼­ À¥ÆäÀÌÁö¸¦ Á¤»óÀûÀ¸·Î Ç¥½ÃÇÏ´Â PC°¡ Àִ¹ݸé...
ÆäÀÌÁö¸¦ ãÀ»¼ö ¾ø´Ù°í ³ª¿À´Â PC°¡ ÀÖ½À´Ï´Ù.

¹°·Ð ÆäÀÌÁö¸¦ ¸øã´Â PC¿¡¼­ nslookupµîÀ¸·Î µµ¸ÞÀÎÀ» °Ë»öÇغ¸¸é...
Á¤»óÀûÀ¸·Î IP¸¦ ¾ò¾î¿É´Ï´Ù.

¾à°£ ÀǽɵǴ ºÎºÐÀÌ Àִµ¥..
Apache´Â iptableÀ» »ç¿ëÇؼ­ Æ÷Æ®Æ÷¿öµùÀ¸·Î ³»ºÎ¿¡¼­ ¼­ºñ½º µÇ°í ÀÖ½À´Ï´Ù.
Æ÷Æ®Æ÷¿öµùÀÌ µÆ´Ù ¾ÈµÆ´Ù ÇÏ´Â ¹®Á¦ Àϼöµµ ÀÖ´Ù°í »ý°¢Àº µì´Ï´Ù.

iptable rule À» ¿Ã·Áº¾´Ï´Ù. ¾Æ·¡ ·êÀº Ä¿³Î 2.4¹öÀü¿¡¼­ ½ÇÁ¦·Î »ç¿ëÇÏ°í ¿î¿µÇÏ´ø
³»¿ëÀ» °¡Á®´Ù°¡ 2.6¹öÀü¿¡¼­ ±×³É »ç¿ëÇß½À´Ï´Ù.

³Ê¹« µÎ¼­¾øÀÌ Áú¹®À» µå¸°°Ç ¾Æ´ÑÁö ¸ð¸£°Ú³×¿ä.
Áú¹®¿¡ ºÎÁ·ÇÑ ³»¿ëÀÖÀ¸¸é ¾Ë·ÁÁÖ¼¼¿ä.

±×·³ ¼ö°íÇϼ¼¿ä :)


#!/bin/sh
FWVER=0.73s
echo -e "\nLoading STRONGER rc.firewall - version $FWVER..\n"
IPTABLES=/sbin/iptables
LSMOD=/sbin/lsmod
DEPMOD=/sbin/depmod
INSMOD=/sbin/insmod
GREP=/bin/grep
AWK=/bin/awk
SED=/bin/sed
IFCONFIG=/sbin/ifconfig

EXTIF0="ppp0"

INTIF0="eth1"
INTIF1="eth2"
INTIF2="eth0"
echo "  External Interface:  $EXTIF0"
echo "  External Interface:  $INTIF0"
echo "  Internal Interface:  $INTIF1"
echo "  DMZ      Interface:  $INTIF2"
echo "  ---"

EXTIP0="`$IFCONFIG $EXTIF0 | $GREP 'inet addr' | $AWK '{print $2}' | \
$SED -e 's/.*://'`"

echo "  External IP: $EXTIP0"
echo "  ---"

INTNET0="192.168.1.0/24"
INTIP0="192.168.1.1/24"
echo "  Internal Network: $INTNET0"
echo "  Internal IP:      $INTIP0"
echo "  ---"
INTNET1="192.168.2.0/24"
INTIP1="192.168.2.1/24"
echo "  Internal Network: $INTNET1"
echo "  Internal IP:      $INTIP1"
echo "  ---"
INTNET2="192.168.0.0/24"
INTIP2="192.168.0.1/24"
echo "  DMZ      Network: $INTNET2"
echo "  DMZ      IP:      $INTIP2"
echo "  ---"

UNIVERSE="0.0.0.0/0"

echo "  - Verifying that all kernel modules are ok"
$DEPMOD -a

echo -en "    Loading kernel modules: "

echo -en "ip_tables, "
if [ -z "` $LSMOD | $GREP ip_tables | $AWK {'print $1'} `" ]; then
   $INSMOD ip_tables
fi

echo -en "ip_conntrack, "
if [ -z "` $LSMOD | $GREP ip_conntrack | $AWK {'print $1'} `" ]; then
   $INSMOD ip_conntrack
fi

echo -e "ip_conntrack_ftp, "
if [ -z "` $LSMOD | $GREP ip_conntrack_ftp | $AWK {'print $1'} `" ]; then
   $INSMOD ip_conntrack_ftp
fi

echo -en "                             ip_conntrack_irc, "
if [ -z "` $LSMOD | $GREP ip_conntrack_irc | $AWK {'print $1'} `" ]; then
   $INSMOD ip_conntrack_irc
fi

echo -en "iptable_nat, "
if [ -z "` $LSMOD | $GREP iptable_nat | $AWK {'print $1'} `" ]; then
   $INSMOD iptable_nat
fi

echo -e "ip_nat_ftp"
if [ -z "` $LSMOD | $GREP ip_nat_ftp | $AWK {'print $1'} `" ]; then
   $INSMOD ip_nat_ftp
fi

echo "  ---"

echo "  Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward

echo "  Enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

echo "  ---"

echo "  Clearing any existing rules and setting default policy to DROP.."
$IPTABLES -P INPUT DROP
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT DROP
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -F -t nat

if [ -n "`$IPTABLES -L | $GREP drop-and-log-it`" ]; then
   $IPTABLES -F drop-and-log-it
fi
$IPTABLES -X
$IPTABLES -Z

echo "  Creating a DROP chain.."
$IPTABLES -N drop-and-log-it
$IPTABLES -A drop-and-log-it -j LOG
$IPTABLES -A drop-and-log-it -j DROP

echo -e "\n   - Loading INPUT rulesets"

$IPTABLES -A INPUT -i lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT

$IPTABLES -A INPUT -i $INTIF0 -s $INTNET0 -d $UNIVERSE -j ACCEPT
$IPTABLES -A INPUT -i $INTIF1 -s $INTNET1 -d $UNIVERSE -j ACCEPT
$IPTABLES -A INPUT -i $INTIF2 -s $INTNET2 -d $UNIVERSE -j ACCEPT

$IPTABLES -A INPUT -i $EXTIF0 -s $UNIVERSE -d $EXTIP0 -m state --state
ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A INPUT -i $EXTIF0 -s $INTNET0 -d $UNIVERSE -j drop-and-log-it
$IPTABLES -A INPUT -i $EXTIF0 -s $INTNET1 -d $UNIVERSE -j drop-and-log-it
$IPTABLES -A INPUT -i $EXTIF0 -s $INTNET2 -d $UNIVERSE -j drop-and-log-it

# NameServer
#
echo -e "      - Allowing EXTERNAL access to the Name server"
$IPTABLES -A INPUT -i $EXTIF0 -m state --state NEW,ESTABLISHED,RELATED -p tcp -s
$UNIVERSE -d $EXTIP0 --dport 42 -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF0 -m state --state NEW,ESTABLISHED,RELATED -p udp -s
$UNIVERSE -d $EXTIP0 --dport 42 -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF0 -m state --state NEW,ESTABLISHED,RELATED -p tcp -s
$UNIVERSE -d $EXTIP0 --dport 53 -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF0 -m state --state NEW,ESTABLISHED,RELATED -p udp -s
$UNIVERSE -d $EXTIP0 --dport 53 -j ACCEPT
$IPTABLES -A INPUT -s $UNIVERSE -d $UNIVERSE -j drop-and-log-it

echo -e "   - Loading OUTPUT rulesets"

$IPTABLES -A OUTPUT -o lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT

$IPTABLES -A OUTPUT -o $INTIF0 -s $EXTIP0 -d $INTNET0 -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF0 -s $EXTIP0 -d $INTNET1 -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF0 -s $EXTIP0 -d $INTNET2 -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF1 -s $EXTIP0 -d $INTNET0 -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF1 -s $EXTIP0 -d $INTNET1 -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF1 -s $EXTIP0 -d $INTNET2 -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF2 -s $EXTIP0 -d $INTNET0 -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF2 -s $EXTIP0 -d $INTNET1 -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF2 -s $EXTIP0 -d $INTNET2 -j ACCEPT

$IPTABLES -A OUTPUT -o $INTIF0 -s $INTIP1 -d $INTNET0 -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF0 -s $INTIP1 -d $INTNET1 -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF0 -s $INTIP1 -d $INTNET2 -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF1 -s $INTIP1 -d $INTNET0 -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF1 -s $INTIP1 -d $INTNET1 -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF1 -s $INTIP1 -d $INTNET2 -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF2 -s $INTIP2 -d $INTNET0 -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF2 -s $INTIP2 -d $INTNET1 -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF2 -s $INTIP2 -d $INTNET2 -j ACCEPT

$IPTABLES -A OUTPUT -o $EXTIF0 -s $UNIVERSE -d $INTNET0 -j drop-and-log-it
$IPTABLES -A OUTPUT -o $EXTIF0 -s $UNIVERSE -d $INTNET1 -j drop-and-log-it
$IPTABLES -A OUTPUT -o $EXTIF0 -s $UNIVERSE -d $INTNET2 -j drop-and-log-it

$IPTABLES -A OUTPUT -o $EXTIF0 -s $EXTIP0 -d $UNIVERSE -j ACCEPT

$IPTABLES -A OUTPUT -s $UNIVERSE -d $UNIVERSE -j drop-and-log-it

echo -e "   - Loading FORWARD rulesets"

echo "     - FWD: Allow all connections OUT and only existing/related IN"
#PORTFWIPHTTP="192.168.0.11:80-192.168.0.12:80"
#PORTFWIPFTP="192.168.0.11:21-192.168.0.12:21"
PORTFWIPHTTP="192.168.0.11:80"
PORTFWIPFTP="192.168.0.11:21"
$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP0 --dport 80 -j DNAT --to
$PORTFWIPHTTP
$IPTABLES -A FORWARD -i $EXTIF0 -o $INTIF2 -p tcp --dport 80 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP0 --dport 21 -j DNAT --to
$PORTFWIPFTP
$IPTABLES -A FORWARD -i $EXTIF0 -o $INTIF2 -p tcp --dport 21 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A FORWARD -i $EXTIF0 -o $INTIF0 -m state --state ESTABLISHED,RELATED -j
ACCEPT
$IPTABLES -A FORWARD -i $EXTIF0 -o $INTIF1 -m state --state ESTABLISHED,RELATED -j
ACCEPT
$IPTABLES -A FORWARD -i $EXTIF0 -o $INTIF2 -m state --state ESTABLISHED,RELATED -j
ACCEPT

$IPTABLES -A FORWARD -i $INTIF1 -o $EXTIF0 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF2 -o $EXTIF0 -j ACCEPT

$IPTABLES -A FORWARD -i $INTIF1 -o $INTIF0 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF2 -o $INTIF0 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF0 -o $INTIF1 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF2 -o $INTIF1 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF0 -o $INTIF2 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF1 -o $INTIF2 -j ACCEPT

$IPTABLES -A FORWARD -j drop-and-log-it

echo -e "\nDone.\n"

 
ÀÌÀü±Û : Re: ÇÑ ¾ÆÀÌÇÇ¿¡¼­ ¾ÆÆÄÄ¡·Î ³Ê¹« ¸¹Àº Á¢±ÙÀÌ Àִµ¥..¿øÀÎÀ» ¾Ë°í ½Í½À´Ï´Ù.
´ÙÀ½±Û : Re: named °¡ ÀÌ»óÇؼ­ ¹®Àǵ帳´Ï´Ù.  		  from 61.36.184.165
JS(Redhands)Board 0.4 +@
Re: ÇÑ ¾ÆÀÌÇÇ¿¡¼­ ¾ÆÆÄÄ¡·Î ³Ê¹« ¸¹Àº Á¢±ÙÀÌ Àִµ¥..¿øÀÎÀ» ¾Ë°í ½Í½À´Ï´Ù. Re: named °¡ ÀÌ»óÇؼ­ ¹®Àǵ帳´Ï´Ù.
Àμâ¿ë 

apache lighttpd linuxchannel.net 
Copyright 1997-2024. linuxchannel.net. All rights reserved.

Page loading: 0.03(server) + (network) + (browser) seconds