Linux Network Administratoramp;#039;s Guide (3rd Edition) [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Linux Network Administratoramp;#039;s Guide (3rd Edition) [Electronic resources] - نسخه متنی

Tony Bautts, Terry Dawson, Gregor N. Purdy

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Section 9.5. More About Network Address Translation

Chapter 10. Important Network Features

Section 10.1. The inetd Super Server

Section 10.2. The tcpd Access Control Facility

Section 10.3. The xinetd Alternative

Section 10.4. The Services and Protocols Files

Section 10.5. Remote Procedure Call

Section 10.6. Configuring Remote Login and Execution

Chapter 11. Administration Issues with Electronic Mail

Section 11.1. What Is a Mail Message?

Section 11.2. How Is Mail Delivered?

Section 11.3. Email Addresses

Section 11.4. How Does Mail Routing Work?

Section 11.5. Mail Routing on the Internet

Chapter 12. sendmail

Section 12.1. Installing the sendmail Distribution

Section 12.2. sendmail Configuration Files

Section 12.3. sendmail.cf Configuration Language

Section 12.4. Creating a sendmail Configuration

Section 12.5. sendmail Databases

Section 12.6. Testing Your Configuration

Section 12.7. Running sendmail

Section 12.8. Tips and Tricks

Section 12.9. More Information

Chapter 13. Configuring IPv6 Networks

Section 13.1. The IPv4 Problem and Patchwork Solutions

Section 13.2. IPv6 as a Solution

Chapter 14. Configuring the Apache Web Server

Section 14.1. Apache HTTPD ServerAn Introduction

Section 14.2. Configuring and Building Apache

Section 14.3. Configuration File Options

Section 14.4. VirtualHost Configuration Options

Section 14.5. Apache and OpenSSL

Section 14.6. Troubleshooting

Chapter 15. IMAP

Section 15.1. IMAPAn Introduction

Section 15.2. Cyrus IMAP

Chapter 16. Samba

Section 16.1. SambaAn Introduction

Chapter 17. OpenLDAP

Section 17.1. Understanding LDAP

Section 17.2. Obtaining OpenLDAP

Chapter 18. Wireless Networking

Section 18.1. History

Section 18.2. The Standards

Section 18.3. 802.11b Security Concerns

Appendix A. Example Network: The Virtual Brewery

Section A.1. Connecting the Virtual Subsidiary Network

Colophon

Index

SYMBOL

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

X

Y

Z
توضیحات
افزودن یادداشت جدید







7.3. What Is IP Filtering?


IP filtering is
simply a mechanism that decides which types of IP packets will be
processed normally and which will be dropped or rejected. By
dropped we mean that the packet is deleted and
completely ignored, as if it had never been received. By
rejected we mean that the firewall sends an ICMP
response to the sender indicating a reason why the packet was
rejected. You can apply many different sorts of criteria to determine
which packets you wish to filter. Some examples of these are:

  • Protocol type:
    TCP, UDP, ICMP, etc.

  • Port number (for TCP/UPD)

  • Packet type: SYN/ACK, data, ICMP Echo
    Request, etc.

  • Packet source address: where it came from

  • Packet destination address: where it is going to




It is important to
understand at this point that IP filtering is a network layer
facility. This means that it doesn't understand
anything about the application using the network connections, only
about the connections themselves. For example, you may deny users
access to your internal network on the default Telnet port, but if
you rely on IP filtering alone, you can't stop them
from using the Telnet program with a port that you do allow to pass
through your firewall. You can prevent this sort of problem by using
proxy servers for each service that you allow across your firewall.
The proxy servers understand the application that they were designed
to proxy and can therefore prevent abuses, such as using the Telnet
program to get past a firewall by using the World Wide Web port. If
your firewall supports a World Wide Web proxy, outbound Telnet
connections on the HTTP port will always be answered by the proxy and
will allow only HTTP requests to pass. A large number of proxy-server
programs exist. Some are free software and many others are commercial
products. The Firewall and Proxy Server HOWTO
(available online at http://www.tldp.org/HOWTO/Firewall-HOWTOl)
discusses one popular set of these, but they are beyond the scope of
this book.

The IP filtering rule set is made up of many combinations of the
criteria listed previously. For example, let's
imagine that you wanted to allow World Wide Web users within the
Virtual Brewery network to have no access to the Internet except to
use other sites' web servers. You would configure
your firewall to allow forwarding of the following:

  • Packets with a source address on Virtual Brewery network, a
    destination address of anywhere, and with a destination port of 80
    (WWW)

  • Packets with a destination address of Virtual Brewery network and a
    source port of 80 (WWW) from a source address of anywhere


Note that we've used two rules here. We have to
allow our data to go out, but also the corresponding reply data to
come back in. In practice, as we'll see in the
chapter on IP masquerade and Network Address Translation (Chapter 9), iptables
simplifies this and allows us to specify this in one
command.


/ 121