Linux2011. 12. 4. 21:43
iptables에서 ip masquerade(마스커레이드/가장,위장)를 통해
IP 공유기 처럼 만드는 걸 해보려니 은근 알아야 할게 많은듯 -_-

일단 커널에서 ipt_MASQUERADE를 지원해야 하고
지원할경우에는 단순히 modprobe를 통해 해당 모듈을 사용함으로서 사용이 가능해진다(고 한다)

$ sudo modprobe ipt_MASQUERADE

$ lsmod | grep -i ipt
ipt_MASQUERADE          1407  0 
nf_nat                 15560  1 ipt_MASQUERADE
x_tables               14175  1 ipt_MASQUERADE
nf_conntrack           60943  3 ipt_MASQUERADE,nf_nat,nf_conntrack_ipv4

$ sudo iptables -L -t filter
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination  
 
$ sudo iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination    

$ sudo iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination     

$ sudo iptables -L -t raw
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination    

The tables are as follows:

filter:
This is the default table (if no -t option is passed). It contains the built-in chains INPUT (for packets destined to local sockets), FORWARD (for packets being routed through the box), and OUTPUT (for locally-generated packets).

nat:
This table is consulted when a packet that creates a new connection is encountered. It consists of three built-ins: PREROUTING (for altering packets as soon as they come in), OUTPUT (for altering locally-generated packets before routing), and POSTROUTING (for altering packets as they are about to go out).

mangle:
This table is used for specialized packet alteration. Until kernel 2.4.17 it had two built-in chains: PREROUTING (for altering incoming packets before routing) and OUTPUT (for altering locally-generated packets before routing). Since kernel 2.4.18, three other built-in chains are also supported: INPUT (for packets coming into the box itself), FORWARD (for altering packets being routed through the box), and POSTROUTING (for altering packets as they are about to go out).

raw:
This table is used mainly for configuring exemptions from connection tracking in combination with the NOTRACK target. It registers at the netfilter hooks with higher priority and is thus called before ip_conntrack, or any other IP tables. It provides the following built-in chains: PREROUTING (for packets arriving via any network interface) OUTPUT (for packets generated by local processes)
 
[링크 : http://linux.die.net/man/8/iptables

생각해보니 공유기를 다음의 패키지가 필요할듯
dhcp3-server (NAT 내부에서 쓸 용도)
dhcp3-client (외부에서 공인 아이피 받기 위한 용도)

추가적으로
bind9 (DNS 서버)

그리고 기능으로는
포트 포워딩
dhcp 대역 설정

 

'Linux' 카테고리의 다른 글

sudo와 selinux  (0) 2011.12.25
조이스틱 / 조이패드 on ubuntu  (2) 2011.12.23
리눅스를 라우터로 만들기  (0) 2011.12.02
SATA 와 IDE 하드 순서 인식 뒤바뀌는 문제  (0) 2011.11.23
vlan과 ip alias  (0) 2011.11.05
Posted by 구차니