Документация по фаерволам

Post Reply
User avatar
Raven
Бородатый сис
Бородатый сис
Posts: 2791
Joined: 03 Mar 2010, 15:12
ОС: RHEL 8
Location: Из серверной

Документация по фаерволам

Post by Raven » 05 Mar 2010, 09:37

INTERNET SECURITY
Mastering IPTables
Security chief David Coulson shows you how 2.4's new Iptables
features can be used to keep out unwanted crackers.

When Linux 2.4 was released, most people focused
on what it would do to help the average Linux user
and talked about the USB support, firewire,
PCMCIA and DRI. While these are great additions
to the kernel for the majority of people, often one of the major
improvements over 2.2 was overlooked, even though it applies
almost as much to Joe (and of course Jane) User as it does to a
hardened network engineer. This is, of course, the inclusion of the
'netfilter' system into the kernel, which provides packet filtering
Интересное руководство, в котором описываются ключевые моменты в настройке межсетевого экрана, и основы сетевой безопасности.
Минус - книга целиком написана на буржуйском...

Скачать с ftp.totel.kg
Last edited by Raven on 05 Mar 2010, 10:07, edited 1 time in total.
Я не злопамятный, я просто часто ковыряю логи
User avatar
Raven
Бородатый сис
Бородатый сис
Posts: 2791
Joined: 03 Mar 2010, 15:12
ОС: RHEL 8
Location: Из серверной

Документация по фаерволам

Post by Raven » 05 Mar 2010, 09:58

Iptables Tutorial 1.1.11
by Oskar Andreasson
Copyright © 2001 by Oskar Andreasson
Довольно интересное руководство по iptables, охватывающее практически все аспекты настройки данного межсетевого экрана
[spoilerСодержание]1. Introduction ......................................................................................................................... ??
About the author ............................................................................................................... ??
Dedications...................................................................................................................... ??
Why this document was written ........................................................................................ ??
How it was written............................................................................................................. ??
How to read this document............................................................................................... ??
Terms used in this document............................................................................................ ??
2. Preparations ........................................................................................................................ ??
Where to get iptables........................................................................................................ ??
Kernel setup ..................................................................................................................... ??
Userland setup ................................................................................................................. ??
Compiling the userland applications ........................................................................ ??
Installation on Red Hat 7.1....................................................................................... ??
3. Traversing of tables and chains......................................................................................... ??
General............................................................................................................................ ??
Mangle table ..................................................................................................................... ??
Nat table ........................................................................................................................... ??
Filter table ......................................................................................................................... ??
4. The state machine............................................................................................................... ??
Introduction...................................................................................................................... ??
The conntrack entries ....................................................................................................... ??
Userland states................................................................................................................. ??
TCP connections .............................................................................................................. ??
UDP connections.............................................................................................................. ??
ICMP connections ............................................................................................................ ??
Default connections .......................................................................................................... ??
Complex protocols and connection tracking ..................................................................... ??
5. How a rule is built................................................................................................................ ??
Basics ............................................................................................................................... ??
Tables ............................................................................................................................... ??
Commands ....................................................................................................................... ??
Matches ............................................................................................................................ ??
Generic matches...................................................................................................... ??
Implicit matches ....................................................................................................... ??
TCP matches................................................................................................... ??
UDP matches .................................................................................................. ??
ICMP matches................................................................................................. ??
Explicit matches....................................................................................................... ??
MAC match...................................................................................................... ??
Limit match...................................................................................................... ??
Multiport match................................................................................................ ??
Mark match ..................................................................................................... ??
Owner match................................................................................................... ??
State match .......................................................................................................??
Unclean match ................................................................................................ ??
TOS match ...................................................................................................... ??
TTL match ....................................................................................................... ??
Targets/Jumps .................................................................................................................. ??
ACCEPT target ........................................................................................................ ??
DROP target ............................................................................................................ ??
QUEUE target .......................................................................................................... ??
RETURN target........................................................................................................ ??
LOG target ............................................................................................................... ??
MARK target ............................................................................................................ ??
REJECT target......................................................................................................... ??
TOS target................................................................................................................ ??
MIRROR target ........................................................................................................ ??
SNAT target.............................................................................................................. ??
DNAT target ............................................................................................................. ??
MASQUERADE target ............................................................................................. ??
REDIRECT target .................................................................................................... ??
TTL target ................................................................................................................ ??
ULOG target............................................................................................................. ??
6. rc.firewall file ....................................................................................................................... ??
example rc.firewall ............................................................................................................ ??
explanation of rc.firewall ................................................................................................... ??
Configuration options ............................................................................................... ??
Initial loading of extra modules................................................................................. ??
proc set up ............................................................................................................... ??
Displacement of rules to different chains ................................................................. ??
Setting up default policies ........................................................................................ ??
Setting up user specified chains in the filter table .................................................... ??
The bad_tcp_packets chain ............................................................................ ??
The allowed chain ........................................................................................... ??
The TCP chain ................................................................................................ ??
The UDP chain ................................................................................................ ??
The ICMP chain............................................................................................... ??
INPUT chain............................................................................................................. ??
FORWARD chain ..................................................................................................... ??
OUTPUT chain......................................................................................................... ??
PREROUTING chain of the nat table....................................................................... ??
Starting SNAT and the POSTROUTING chain ........................................................ ??
7. Example scripts................................................................................................................... ??
rc.firewall.txt script structure ............................................................................................. ??
The structure............................................................................................................ ??
rc.firewall.txt...................................................................................................................... ??
rc.DMZ.firewall.txt ............................................................................................................. ??
rc.DHCP.firewall.txt ........................................................................................................... ??
rc.UTIN.firewall.txt ............................................................................................................ ??
rc.test-iptables.txt.............................................................................................................. ??
rc.flush-iptables.txt............................................................................................................ ??
A. Detailed explanations of special commands ................................................................... ??
Listing your active ruleset ................................................................................................. ??
Updating and flushing your tables .................................................................................... ??
B. Common problems and questions.................................................................................... ??
Problems loading modules ............................................................................................... ??
Passive FTP but no DCC.................................................................................................. ??
State NEW packets but no SYN bit set............................................................................. ??
Internet Service Providers who use assigned IP addresses ............................................ ??
Letting DHCP requests through a iptables ....................................................................... ??
mIRC DCC problems........................................................................................................ ??
C. ICMP types .......................................................................................................................... ??
D. Other resources and links ................................................................................................. ??
E. Acknowledgements ............................................................................................................ ??
F. History................................................................................................................................. ??
G. GNU Free Documentation License ................................................................................... ??
0. PREAMBLE.................................................................................................................. ??
1. APPLICABILITY AND DEFINITIONS ........................................................................... ??
2. VERBATIM COPYING.................................................................................................. ??
3. COPYING IN QUANTITY ............................................................................................. ??
4. MODIFICATIONS ......................................................................................................... ??
5. COMBINING DOCUMENTS......................................................................................... ??
6. COLLECTIONS OF DOCUMENTS.............................................................................. ??
7. AGGREGATION WITH INDEPENDENT WORKS........................................................ ??
8. TRANSLATION............................................................................................................. ??
9. TERMINATION ............................................................................................................. ??
10. FUTURE REVISIONS OF THIS LICENSE................................................................. ??
How to use this License for your documents .................................................................... ??
H. GNU General Public License ............................................................................................. ??
0. Preamble ...................................................................................................................... ??
1. TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION ??
2. How to Apply These Terms to Your New Programs...................................................... ??
I. Example scripts codebase .................................................................................................. ??
Example rc.firewall script .................................................................................................. ??
Example rc.DMZ.firewall script ......................................................................................... ??
Example rc.UTIN.firewall script......................................................................................... ??
Example rc.DHCP.firewall script ....................................................................................... ??
Example rc.flush-iptables script........................................................................................ ??
Example rc.test-iptables script.......................................................................................... ??
List of Tables
3-1. Forwarded packets............................................................................................................. ??
3-2. Destination local host (our own machine) .......................................................................... ??
3-3. Source local host (our own machine)................................................................................. ??
4-1. Userland states .................................................................................................................. ??
4-2. Internal states .................................................................................................................... ??
5-1. Tables................................................................................................................................ ??
5-2. Commands........................................................................................................................ ??
5-3. Options.............................................................................................................................. ??
5-4. Generic matches................................................................................................................ ??
5-5. TCP matches ..................................................................................................................... ??
5-6. UDP matches..................................................................................................................... ??
5-7. ICMP matches ................................................................................................................... ??
5-8. MAC match options............................................................................................................ ??
5-9. Limit match options ............................................................................................................ ??
5-10. Multiport match options.................................................................................................... ??
5-11. Mark match options.......................................................................................................... ??
5-12. Owner match options ....................................................................................................... ??
5-13. State matches .................................................................................................................. ??
5-14. TOS matches ................................................................................................................... ??
5-15. TTL matches .................................................................................................................... ??
5-16. LOG target options........................................................................................................... ??
5-17. MARK target options........................................................................................................ ??
5-18. REJECT target................................................................................................................. ??
5-19. TOS target........................................................................................................................ ??
5-20. SNAT target...................................................................................................................... ??
5-21. DNAT target ..................................................................................................................... ??
5-22. MASQUERADE target ..................................................................................................... ??
5-23. REDIRECT target ............................................................................................................ ??
5-24. TTL target ........................................................................................................................ ??
5-25. ULOG target..................................................................................................................... ??
C-1. ICMP types........................................................................................................................ ??[/spoiler]

Скачать с ftp.totel.kg
Русскоязычный перевод
Last edited by Raven on 05 Mar 2010, 10:38, edited 2 times in total.
Я не злопамятный, я просто часто ковыряю логи
User avatar
Raven
Бородатый сис
Бородатый сис
Posts: 2791
Joined: 03 Mar 2010, 15:12
ОС: RHEL 8
Location: Из серверной

Документация по фаерволам

Post by Raven » 05 Mar 2010, 10:06

Linux IP Masquerade HOWTO
David A. Ranch
dranch@trinnet.net
v2.00.041902, April 19, 2002
Интересное, кроссплатформенное руководство по сетевому маскарадингу
[spoilerСодержание]Chapter 1. Introduction.....................................................................................................................................1
1.1. Introduction to IP Masquerading or IP MASQ.................................................................................1
1.2. Foreword, Feedback & Credits.........................................................................................................1
1.3. Copyright & Disclaimer....................................................................................................................2
Chapter 2. Background Knowledge..................................................................................................................3
2.1. What is IP Masquerade?...................................................................................................................3
2.2. Current Status..................................................................................................................................3
2.3. Who Can Benefit From IP Masquerade?..........................................................................................4
2.4. Who Doesn't Need IP Masquerade?.................................................................................................4
2.5. How does IP Masquerade Work?.....................................................................................................4
2.6. Requirements for IP Masquerade on Linux 2.4.x.............................................................................7
2.7. Requirements for IP Masquerade on Linux 2.2.x.............................................................................9
2.8. Requirements for IP Masquerade on Linux 2.0.x...........................................................................11
Chapter 3. Setting Up IP Masquerade............................................................................................................13
3.1. Compiling a new kernel if needed..................................................................................................13
3.2. Checking your existing kernel for MASQ functionality.................................................................13
3.2.1. Compiling Linux 2.4.x Kernels......................................................................................15
3.2.2. Compiling Linux 2.2.x Kernels......................................................................................23
3.2.3. Linux 2.0.x Kernels........................................................................................................29
3.3. Assigning Private Network IP Addresses to the Internal LAN......................................................34
3.4. Configuring IP Forwarding Policies...............................................................................................34
3.4.1. Configuring IP Masquerade on Linux 2.4.x Kernels......................................................35
3.4.2. Configuring IP Masquerade on Linux 2.2.x Kernels......................................................43
3.4.3. Configuring IP Masquerade on Linux 2.0.x Kernels......................................................49
Chapter 4. Configuring the other internal to−be MASQed machines ........................................................56
4.1. Configuring Microsoft Windows 95 and OSR2.............................................................................56
4.2. Configuring Windows NT..............................................................................................................58
4.3. Configuring Windows for Workgroup 3.11....................................................................................58
4.4. Configuring UNIX Based Systems.................................................................................................59
4.5. Configuring DOS using NCSA Telnet package.............................................................................59
4.6. Configuring MacOS Based System Running MacTCP..................................................................60
4.7. Configuring MacOS Based System Running Open Transport.......................................................61
4.8. Configuring Novell network using DNS........................................................................................62
4.9. Configuring OS/2 Warp..................................................................................................................63
4.10. Configuring OS/400 on a IBM AS/400........................................................................................63
4.11. Configuring Other Systems..........................................................................................................63
Chapter 5. Testing IP Masquerade ................................................................................................................64
5.1. Loading up the rc.firewall ruleset...................................................................................................64
5.2. Testing internal MASQ client PC connectivity..............................................................................64
5.3. Testing internal MASQ client to MASQ server connectivity.........................................................65
5.4. Testing internal MASQ server connectivity...................................................................................65
5.5. Testing internal MASQ server to MASQ client connectivity.........................................................66
5.6. Testing External Internet connectivity............................................................................................66
5.7. Testing internal MASQ client to external MASQ server connectivity...........................................68
5.8. Testing external MASQ ICMP forwarding.....................................................................................69
5.9. Testing MASQ functionality without DNS....................................................................................70
5.10. Testing MASQ functionality with DNS resolution......................................................................70
5.11. Testing more MASQ functionality with DNS..............................................................................71
5.12. Any remaining functional, performance, etc. issues.....................................................................71
Chapter 6. Other IP Masquerade Issues and Software Support .................................................................72
6.1. Problems with IP Masquerade........................................................................................................72
6.2. Incoming services..........................................................................................................................72
6.3. Supported Client Software and Other Setup Notes.........................................................................72
6.3.1. Network Clients that −Work− with IP Masquerade.......................................................72
6.3.2. Clients that do not have full support in IP MASQ:.........................................................76
6.4. Stronger firewall rulesets to run after initial testing.......................................................................76
6.4.1. Stronger IP Firewall (IPTABLES) rulesets....................................................................76
6.4.2. Stronger IP Firewall (IPCHAINS) rulesets....................................................................85
6.4.3. Stronger IP Firewall (IPFWADM) Rulesets...................................................................91
6.5. IP Masquerading multiple internal networks..................................................................................97
6.6. IP Masquerade and Dial−on−Demand Connections.......................................................................98
6.7. IPPORTFW, IPMASQADM, IPAUTOFW, REDIR, UDPRED, and other Port Forwarding
tools......................................................................................................................................................98
6.7.1. 2.4.x PORTFWD'ing: Using IPTABLE's PREROUTING option for 2.4.x kernels......99
6.7.2. 2.2.x PORTFWD'ing: Using IPMASQADM with 2.2.x kernels..................................101
6.7.3. 2.0.x PORTFWD'ing: Using IPPORTFW on 2.0.x kernels.........................................103
6.8. CU−SeeMe and Linux IP−Masquerade........................................................................................105
6.9. Mirabilis ICQ...............................................................................................................................105
6.10. Gamers: The LooseUDP patch..................................................................................................108
Chapter 7. Frequently Asked Questions.......................................................................................................110
7.1. ( Distro ) − What Linux Distributions support IP Masquerading?...............................................110
7.2. ( Requirements ) − What are the minimum hardware requirements and any limitations for
IP Masquerade? How well does it perform?.......................................................................................111
7.3. ( Errors ) − When I run the rc.firewall command, I get "command not found" errors. Why?.....111
7.4. ( Still wont work ) − I've checked all my configurations, I still can't get IP Masquerade to
work. What should I do?....................................................................................................................112
7.5. ( Email list ) − How do I join or view the IP Masquerade and/or IP Masqurade Developers
mailing lists and archives?..................................................................................................................112
7.6. ( NAT vs. Proxy ) − How does IP Masquerade differ from Proxy or NAT services?..................113
7.7. ( GUI ) − Are there any GUI firewall creation/management tools?.............................................115
7.8. ( MASQ and Dynamic IPs ) − Does IP Masquerade work with dynamically assigned IP
addresses?...........................................................................................................................................115
7.9. ( MASQ and various networks ) − Can I use a cable modem (both bi−directional and with
modem returns), DSL, satellite link, etc. to connect to the Internet and use IP Masquerade?...........115
7.10. ( Dial on Demand ) − Can I use Diald or the Dial−on−Demand feature of PPPd with IP
MASQ?...............................................................................................................................................115
7.11. ( Apps ) − What applications are supported with IP Masquerade?............................................115
7.12. ( Distro Setup ) − How can I get IP Masquerade running on Redhat, Debian, Slackware,
etc.?.....................................................................................................................................................116
7.13. ( Timeouts ) − Connections seem to break if I don't use them often. Why is that?...................116
7.14. ( Odd Behavior ) − When my Internet connection first comes up, nothing works. If I try
again, everything then works fine. Why is this?.................................................................................117
7.15. ( MTU ) − IP MASQ seems to be working fine but some sites don't work. This usually
happens with WWW and FTP.............................................................................................................117
7.15.1. Changing the MTU of a PPP link:..............................................................................118
7.15.2. Old UNIX Serial interfaces:.......................................................................................118
7.15.3. PPPoE Users:..............................................................................................................118
7.15.4. Linux:.........................................................................................................................119
7.15.5. MS Windows 95:........................................................................................................119
7.15.6. MS Windows 98:........................................................................................................120
7.15.7. MS Windows NT 4.x..................................................................................................121
7.15.8. MS Windows 2000.....................................................................................................121
7.16. ( FTP ) − MASQed FTP clients don't work................................................................................122
7.17. ( Performance ) − IP Masquerading seems slow........................................................................122
7.18. ( PORTFW ) − IP Masquerading with PORTFWing seems to break when my line is idle
for long periods...................................................................................................................................124
7.19. ( Logs ) − Now that I have IP Masquerading up, I'm getting all sorts of weird notices and
errors in the SYSLOG log files. How do I read the IPFWADM/IPCHAINS firewall errors?..........124
7.20. ( MASQ Security ) − Can I configure IP MASQ to allow Internet users to directly contact
internal MASQed servers?..................................................................................................................126
7.21. ( Free Ports ) − I'm getting "kernel: ip_masq_new(proto=UDP): no free ports." in my
SYSLOG files. Whats up?.................................................................................................................126
7.22. ( SETSOCKOPT ) − I'm getting "ipfwadm: setsockopt failed: Protocol not available"
when I try to use IPPORTFW!............................................................................................................126
7.23. ( SAMBA ) − Microsoft File and Print Sharing and Microsoft Domain clients don't work
through IP Masq! To properly support Microsoft's SMB protocol, an IP Masq module would
need to be written but there are three viable work−arounds. For more details, please see this
Microsoft KnowledgeBase article........................................................................................................127
7.24. ( IDENT ) − IRC won't work properly for MASQed IRC users. Why?....................................127
7.25. ( IRC DCC ) − mIRC doesn't work with DCC Sends.................................................................128
7.26. ( IP Aliasing ) − Can IP Masquerade work with only ONE Ethernet network card?.................128
7.27. ( Multiple−LANs ) − I have two MASQed LANs but they cannot communicate with each
other!...................................................................................................................................................129
7.28. ( SHAPING ) − I want to be able to limit the speed of specific types of traffic.........................129
7.29. ( ACCOUNTING ) − I need to do accounting on who is using the network............................129
7.30. ( MULTIPLE IPs ) − I have several EXTERNAL IP addresses that I want to PORTFW to
several internal machines. How do I do this?.....................................................................................130
7.31. ( Netstat ) − I'm trying to use the NETSTAT command to show my Masqueraded
connections but its not working..........................................................................................................130
7.32. ( VPNs ) − I would like to get Microsoft PPTP (GRE tunnels) and/or IPSEC (Linux
SWAN) tunnels running through IP MASQ........................................................................................130
7.33. ( Games ) − I want to get the XYZ network game to work through IP MASQ but it won't
work. Help!.......................................................................................................................................131
7.34. ( Stops working ) − IP MASQ works fine for a while but then it stops working. A reboot
seems to fix this. Why?......................................................................................................................131
7.35. ( SMTP Relay ) − Internal MASQed computers cannot send SMTP or POP−3 mail!...............131
7.36. ( IPROUTE2 ) − I need different internal MASQed networks to exit on different external
IP addresses.........................................................................................................................................132
7.37. ( IPCHAINS vs. IPFWADM ) − Why do the new 2.1.x and 2.2.x kernels use IPCHAINS
instead of IPFWADM?.......................................................................................................................133
7.38. ( Upgrades ) − I've just upgraded to the 2.2.x kernels, why isn't IP Masquerade working?......133
7.39. ( Upgrades cont.) − I've just upgraded to a 2.0.38+ kernels later, why isn't IP Masquerade
working?.............................................................................................................................................134
7.40. ( EQL ) − I need help with EQL connections and IP Masq........................................................134
7.41. ( Wussing out ) − I can't get IP Masquerade to work! What options do I have for
Windows Platforms?...........................................................................................................................134
7.42. ( Developers ) − I want to help with IP Masquerade development. What can I do?................135
7.43. ( More INFO ) − Where can I find more information on IP Masquerade?.................................135
7.44. ( Translators ) − I want to translate this HOWTO to another language, what should I do?......136
7.45. ( Updates ) − This HOWTO seems out of date, are you still maintaining it? Can you
include more information on ...? Are there any plans for making this better?..................................136
7.46. ( Thanks ) − I got IP Masquerade working, it's great! I want to thank you guys, what can
I do?....................................................................................................................................................136
Chapter 8. Miscellaneous..............................................................................................................................137
8.1. Useful Resources.........................................................................................................................137
8.2. Linux IP Masquerade Resource....................................................................................................137
8.3. Thanks to the following supporters..............................................................................................138
8.4. Reference.....................................................................................................................................139
8.5. Changes........................................................................................................................................139[/spoiler]

Скачать
Я не злопамятный, я просто часто ковыряю логи
User avatar
Raven
Бородатый сис
Бородатый сис
Posts: 2791
Joined: 03 Mar 2010, 15:12
ОС: RHEL 8
Location: Из серверной

Re: Документация по фаерволам

Post by Raven » 05 Mar 2010, 10:22

Firewall and Proxy Server HOWTO
Mark Grennan
mark@grennan.com
[spoilerСодержание]1. Introduction.........................................................................................................................................1
2. Understanding Firewalls......................................................................................................................1
3. Firewall Architecture ..........................................................................................................................1
4. Setting up the Linux Filtering Firewall ...............................................................................................1
5. Software requirements........................................................................................................................1
6. Preparing the Linux system.................................................................................................................1
7. IP filtering setup (IPFWADM)............................................................................................................2
8. IP filtering setup (IPCHAINS).............................................................................................................2
9. Installing a Transparent SQUID proxy................................................................................................2
10. Installing the TIS Proxy server..........................................................................................................2
11. The SOCKS Proxy Server.................................................................................................................2
12. Advanced Configurations.................................................................................................................2
13. Making Management Easy................................................................................................................2
14. Defeating a Proxy Firewall................................................................................................................2
15. APPENDEX A − Example Scripts....................................................................................................2
16. APPENDEX B − An VPN RC Script for RedHat.............................................................................2
1. Introduction.........................................................................................................................................3
1.1 Feedback...........................................................................................................................................3
1.2 Disclaimer ........................................................................................................................................3
1.3 Copyright..........................................................................................................................................3
1.4 My Reasons for Writing this..............................................................................................................4
1.5 Further Readings...............................................................................................................................4
2. Understanding Firewalls......................................................................................................................4
2.1 Firewall Politics................................................................................................................................5
How it create a security policy...................................................................................................5
2.2 Types of Firewalls.............................................................................................................................5
Packet Filtering Firewalls...........................................................................................................6
Proxy Servers.............................................................................................................................6
Application Proxy.......................................................................................................................6
SOCKS Proxy............................................................................................................................7
3. Firewall Architecture ..........................................................................................................................7
3.1 Dial−up Architecture........................................................................................................................7
3.2 Single Router Architecture................................................................................................................7
3.3 Firewall with Proxy Server................................................................................................................7
3.4 Redundent Internet Configuration.....................................................................................................8
4. Setting up the Linux Filtering Firewall ...............................................................................................8
4.1 Hardware requirements.....................................................................................................................9
5. Software requirements........................................................................................................................9
5.1 Selecting a Kernel.............................................................................................................................9
5.2 Selecting a proxy server.....................................................................................................................9
6. Preparing the Linux system...............................................................................................................10
6.1 Compiling the Kernel.......................................................................................................................10
6.2 Configuring two network cards.......................................................................................................11
6.3 Configuring the Network Addresses................................................................................................11
6.4 Testing your network.......................................................................................................................13
6.5 Securing the Firewall.......................................................................................................................14
7. IP filtering setup (IPFWADM)..........................................................................................................15
8. IP filtering setup (IPCHAINS)...........................................................................................................17
9. Installing a Transparent SQUID proxy..............................................................................................19
10. Installing the TIS Proxy server........................................................................................................19
10.1 Getting the software.......................................................................................................................19
10.2 Compiling the TIS FWTK.............................................................................................................19
10.3 Installing the TIS FWTK ..............................................................................................................19
10.4 Configuring the TIS FWTK...........................................................................................................19
The netperm−table file..............................................................................................................20
The /etc/services file.................................................................................................................23
11. The SOCKS Proxy Server...............................................................................................................23
11.1 Setting up the Proxy Server...........................................................................................................23
11.2 Configuring the Proxy Server........................................................................................................23
The Access File.........................................................................................................................23
The Routing File.......................................................................................................................24
11.3 Working With a Proxy Server........................................................................................................25
Unix.........................................................................................................................................25
MS Windows with Trumpet Winsock......................................................................................25
Getting the Proxy Server to work with UDP Packets...............................................................26
11.4 Drawbacks with Proxy Servers......................................................................................................26
12. Advanced Configurations................................................................................................................26
12.1 A large network with emphasis on security...................................................................................27
The Network Setup...................................................................................................................27
The Proxy Setup........................................................................................................................28
13. Making Management Easy..............................................................................................................29
13.1 Firewall tools................................................................................................................................29
13.2 General ........G...e..n..e..r.a..l. .t.o..o..l.s..................................................................................................................................3209
15. APPENDEX A − Example Scripts..................................................................................................30
15.1 RC Script useing GFCC.................................................................................................................30
15.2 GFCC script..................................................................................................................................31
15.3 RC Script without GFCC This is the firewall rules set built my hand. It does not use GFCC......32
16. APPENDEX B − An VPN RC Script for RedHat...........................................................................36[/spoiler]
Подробное руководство, по поднятию прокси-серверов и шлюзов.
Скачать
Я не злопамятный, я просто часто ковыряю логи
User avatar
Raven
Бородатый сис
Бородатый сис
Posts: 2791
Joined: 03 Mar 2010, 15:12
ОС: RHEL 8
Location: Из серверной

Документация по фаерволам

Post by Raven » 05 Mar 2010, 10:35

IPTABLES-управление пакетными фильтрами IP
Русский перевод документации iptables

Скачать
Я не злопамятный, я просто часто ковыряю логи
User avatar
Raven
Бородатый сис
Бородатый сис
Posts: 2791
Joined: 03 Mar 2010, 15:12
ОС: RHEL 8
Location: Из серверной

Документация по фаерволам

Post by Raven » 05 Mar 2010, 10:43

UserGate Proxy&Firewall v. 5.x
Руководство администратора

Русскоязычное руководство по настройке и обслуживанию прокси-сервера UserGate
[spoilerСодержание]Введение 4
Опрограмме 4
Системные требования 4
Установка сервера UserGate 5
Регистрация UserGate 5
Обновление и удаление UserGate 5
Политика лицензирования UserGate 5
Консоль администрирования UserGate 5
Настройка соединений 6
Установка пароля на подключение 6
Установка пароля на доступ к базе статистики UserGate 6
Общие настройки NAT (Network Aaddress Ttranslation) 6
Настройка интерфейсов 7
Подсчет трафика в UserGate 7
Поддержка резервного канала 8
Пользователи и группы 9
Персональная станица статистики пользователя 9
Методыы авторизации пользователей й 10
Поддержка терминальных пользователей 10
HTTP-авторизация при работе через прозрачный прокси 11
Использование клиента авторизации 11
Настройка сервисов в UserGate 12
Настройка DHCP 12
Настройка сервисов прокси в UserGate 13
Поддержка протоколов IP-телефонии (SIP, H323) 14
Поддержка режима SIP Rregistrar 15
Поддержка протокола H323 15
Почтовые прокси в UserGate 15
Использование прозрачного режима 16
Каскадные прокси 16
Назначение портов 16
Настройка кэша 17
Антивирусная проверка 17
Планировщик в UserGate 18
Настройка DNS 18
Настройка оповещений й 19
Межсетевой экран в UserGate 20
Принцип работы межсетевого экрана 20
Правила трансляции сетевого адреса (NAT) 20
Работа с несколькими провайдерами 21
Автоматический выбор исходящего интерфейса 22
Публикация сетевых ресурсов 22
Настройка правил фильтрации 23
Поддержка маршрутизации 24
Ограничение скорости в UserGatee 24
Управление шириной канала (Traffic Manager) ) 25
Контроль приложений 26
Обозреватель КЭШ в UserGate 27
Управление трафиком UserGate 28
Система правил управления трафиком 28
Ограничение доступа к Иинтернет-ресурсам 28
URL-фильтрация BrightCloud 29
Установка лимита потребления трафика 30
Ограничение размера файла 30
Фильтрация по Content-type 30
Биллинговая система 31
Тарификация доступа в Иинтернет 31
Контроль состояния счета пользователей 31
Динамическое переключение тарифов 32
Удаленное администрирование UserGate 32
Настройка удаленного подключения 32
Удаленный перезапуск сервера UserGate 32
Проверка доступности новой версии 32
Утилита статистики UserGate 32
Веб-статистика UserGate 33
Настройка веб-статистики 34
Оценка эффективности работы правил управления трафиком 34
Оценка эффективности работы антивируса 35
Статистика использования SIP 35[/spoiler]

Скачать
Я не злопамятный, я просто часто ковыряю логи
User avatar
Gen1us2k
Модератор
Модератор
Posts: 771
Joined: 02 Mar 2010, 16:13

Re: Документация по фаерволам

Post by Gen1us2k » 05 Mar 2010, 11:18

подробный ман по iptables с opennet.ru
ftp://ftp.totel.kg/incoming/personal/A- ... rus.tar.gz
Image
Home: Windows Heaven
Home: Debian 6
For Servers: Debian || RHEL Based || Gentoo || FreeBSD
Post Reply

Return to “Сетевые технологии”