配置linux网关和安装ipchains-iptables防火墙（Configure the Linux gateway and install the ipchains-iptables firewall）.doc

配置linux网关和安装ipchains-iptables防火墙（Configure the Linux gateway and install the ipchains-iptables firewall） Configure the Linux gateway and install the ipchains/iptables firewall The firewall most commonly used on Linux is ipchains, and is usually used as gateways Attached. The rules of Ipchains are complex and flexible, and can be formulated in various ways Multifarious. All of these need to be integrated with your own reality. Here, we only introduce one Simple configuration based on gateway. You dont usually worry about installing IPCHAINS because almost all Linux distribution packages do the software Configuration must be saved for installation. Another reason is that ipchains has a lot to do with the kernel (kernel) Therefore, it is best to choose the relevant options (if any) when installing the system. We mentioned it in the title Iptables, this tool is equivalent to ipchains on the surface, but only for the 2.4 kernel (2.4 kernel) The code in this area is almost re written, and the functionality has improved considerably. About iptables tools Configuration, we will introduce later. You just need to remember the 2.2 kernel under use of ipchains, the 2.4 core for use Iptables ok. First of all, your server needs two network cards (or more). This machine is called a multi homed host, Used exclusively as a gateway or router. Here is a sentence: in general, as the master of the ordinary server Even if the load is heavy, a network card is enough, and only when a gateway or router is needed is multi homed Host。 This is not as common as people think, adding a network card can add a bandwidth, in fact, a piece The network card can provide enough bandwidth. And some people mistakenly connect two network cards to the same switch Assigning two addresses is even more wrong, as this generates additional loop routing that generates a large amount of The Department warns of errors and certain systems will alert the police. 1, make a dual interface (dual host) host. In general,