linuxnetworking.html

黑客培训教程

<br><b>&lt;a|pha[away]></b> i'll look it up in webopedia.com
<br><b>&lt;Ghost_Rider> Serial_Killer: i saied that on the 1st part of
the lecture but no prob</b>
<br><b>&lt;norton></b> .
<br><b>&lt;Ghost_Rider> Serial_Killer: is it pci?</b>
<br><b>&lt;mikestevens></b> ok on with the lecture
<br><b>&lt;Serial_Killer></b> hhee
<br><b>&lt;Ghost_Rider> mikestevens: Wait..serial has a question..</b>
<br><b>&lt;mikestevens></b> ok
<br><b>&lt;Ghost_Rider> Serial_Killer: is it pci?</b>
<br><b>&lt;Frydo></b> i've got rh5.2 and no /etc/networks - how so ?
<br><b>&lt;Serial_Killer></b> no yeah
<br><b>&lt;Serial_Killer></b> yeah*
<br><b>&lt;Serial_Killer></b> it is
<br><b>&lt;Ghost_Rider> Serial_Killer: so cat /proc/pci and look for it</b>
<br><b>&lt;TracerT></b> ive missed somethink?
<br><font color="#FF0000">*** ]|MooCow|[ is now known as Freezer</font>
<br><b>&lt;mikestevens></b> TracerT: no still Q&amp;A
<br><b>&lt;Ghost_Rider> Frydo: well rh sometimes just don't create files
that you don't really need.. /etc/networks is just a add on</b>
<br><b>&lt;Serial_Killer></b> ok...
<br><b>&lt;Ghost_Rider> Frydo: if you create it</b>
<br><b>&lt;Ghost_Rider> it will work</b>
<br><font color="#FF0000">*** Quits: Sub (Quit: good users don't use colored
quits)</font>
<br><b>&lt;Ghost_Rider> so any other questions?</b>
<br><font color="#FF0000">*** Joins: XMulder</font>
<br><b>&lt;Megram></b> one other quick point...
<br><b>&lt;XMulder></b> wpw
<br><b>&lt;Frydo></b> - it works without it ...
<br><b>&lt;XMulder></b> wow
<br><b>&lt;Serial_Killer></b> btw im using Fast ethernet Adapter 10/100
MBps PCi
<br><b>&lt;XMulder></b> so many ppl what is goin on?
<br><b>&lt;Megram></b> some of you may not know why the example ip GR used
was 192.168.x.x, we will explain that later if anyone needs to know
<br><font color="#FF0000">*** Quits: VoRtex (Quit: )</font>
<br><font color="#FF0000">*** Quits: a|pha[away] (Quit: well... an exit
is really the entrance into something else...)</font>
<br><b>&lt;gUeSt51></b> I have a question if I may... maybe not so related,
I went into /proc/ and looked at pci, I can pico it or cat it, but it shows
that the file is 0 bytes large.. why is this?
<br><b>&lt;Ghost_Rider> Megram: well I saied upthere that it was a private
ip for LAN purposes</b>
<br><font color="#FF0000">*** Joins: Devil_Panther</font>
<br><b>&lt;Matt></b> ./proc is a virtual filesystem
<br><b>&lt;Ghost_Rider> /proc maps ur memory</b>
<br><b>&lt;Devil_Panther></b> so....
<br><b>&lt;freeque></b> Ghost_Rider - but u didnt really explain why u
used class C and not A or B :-P
<br><b>&lt;Matt></b> its not acutally a device like /dev devices are
<br><b>&lt;Megram></b> yep, but i can give a bit of history on why that
ip is used if needed
<br><b>&lt;TracerT></b> freeque: cos it stands like this
<br><b>&lt;Matt></b> the closest relation would be a pointer in C, and
/dev as a reference
<br><b>&lt;freeque></b> Megram - that would be nice
<br><b>&lt;Ghost_Rider> freeque: well since I was giving an example</b>
<br><font color="#FF0000">*** Parts: Balle</font>
<br><b>&lt;Ghost_Rider> but there's nothing that says you can't use class
A or B</b>
<br><b>&lt;Ghost_Rider> ok..moving on</b>
<br><font color="#FF0000">*** Ghost_Rider sets mode: +m</font>
<br><font color="#FF0000">*** Quits: Grim_Reaper (Quit: Leaving)</font>
<br><b>&lt;Ghost_Rider> I think now this is the most important part of
the lecture</b>
<br><b>&lt;Ghost_Rider> it's ip masquerade part</b>
<br><font color="#FF0000">*** Joins: Andrei_</font>
<br><b>&lt;Ghost_Rider> ip masquerade is a system a NAT (network address
translation) system</b>
<br><b>&lt;Ghost_Rider> now what is this you ask...</b>
<br><b>&lt;Ghost_Rider> well like I saied before we were using private
ips</b>
<br><b>&lt;Ghost_Rider> the routers on the internet don't know how to route
data for those ips</b>
<br><font color="#FF0000">*** Joins: mayfaer</font>
<br><b>&lt;Ghost_Rider> so this means that a computer using 192.168.0.2
ip can't connect to the internet</b>
<br><font color="#FF0000">*** Quits: Devil_Panther (Quit: The Devil Panther
will rise again.)</font>
<br><b>&lt;Ghost_Rider> and also because we want that all our network have
internet access</b>
<br><b>&lt;Ghost_Rider> but just using like a dial-up</b>
<br><b>&lt;Ghost_Rider> so in other words what I'm trying to say is that
with just one computer of the network that is connected to the internet
all your network can have access to the internet using the ip masquerade
capacities</b>
<br><font color="#FF0000">*** Quits: nocent (Ping timeout)</font>
<br><font color="#FF0000">*** Quits: jaxler (Ping timeout)</font>
<br><b>&lt;mikestevens></b> it is a free version of those expensive "personal
routers"
<br><b>&lt;Ghost_Rider> and it's not hard to make it work...</b>
<br><b>&lt;Ghost_Rider> you re-compile the kernel of the box that has the
ppp connection adding the IP Masquerade support</b>
<br><b>&lt;Ghost_Rider> besides of that</b>
<br><b>&lt;Ghost_Rider> you'll need ipchains</b>
<br><font color="#FF0000">*** gUeSt51 is now known as Obsidian</font>
<br><font color="#FF0000">*** Quits: Kintege (Quit: )</font>
<br><b>&lt;Ghost_Rider> now with kerne 2.4.x</b>
<br><b>&lt;Ghost_Rider> iptables is starting to take over ipchains</b>
<br><b>&lt;Ghost_Rider> but since I'm still with kernel 2.2.x i'll talk
what I know in other words ipchains</b>
<br><font color="#FF0000">*** Quits: Obzerver (Quit: i ll check the logs)</font>
<br><b>&lt;Ghost_Rider> a single ipchains rule will do the owrk</b>
<br><font color="#FF0000">*** Joins: Crash_Gnome</font>
<br><b>&lt;Ghost_Rider> /sbin/ipchains -A forward -s 192.168.0.0/24 -d
| 192.168.0.0/24 -j MASQ</b>
<br><b>&lt;Ghost_Rider> /sbin/ipchains -A forward -s 192.168.0.0/24 -d
! 192.168.0.0/24 -j MASQ</b>
<br><b>&lt;Ghost_Rider> so any package that comes from 192.168.0.0 network
and don't goes to that network will be masqued</b>
<br><b>&lt;Ghost_Rider> in other words will be set to the internet.</b>
<br><b>&lt;Ghost_Rider> and your LAN will start being able to access internet</b>
<br><b>&lt;Ghost_Rider> (I'll just talk what really masq does)</b>
<br><b>&lt;Ghost_Rider> but you also have to do a little configuration
on your clients</b>
<br><b>&lt;Ghost_Rider> you have to add a default route and set the box
with ppp connection as gateway</b>
<br><font color="#FF0000">*** Quits: nin (Ping timeout)</font>
<br><font color="#FF0000">*** Quits: Nightshade (Ping timeout)</font>
<br><b>&lt;Ghost_Rider> so thinking that our router is 192.168.0.0</b>
<br><font color="#FF0000">*** Quits: Freezer (Quit: The source of our oppression
is the reason for my anarchy)</font>
<br><b>&lt;Ghost_Rider> we do /sbin/route -add 0.0.0.0 gateway 192.168.0.1</b>
<br><font color="#FF0000">*** Joins: Ralph</font>
<br><font color="#FF0000">*** ChanServ sets mode: +o Ralph</font>
<br><b>&lt;Ghost_Rider> now to the important part..what really happens
on our masquerading host</b>
<br><b>&lt;Ghost_Rider> like I told you ip masquerading is a NAT System</b>
<br><b>&lt;Mikkkeee></b> rider will u explain load balancing translation,
where a single ip addy and port is translated to a pool of identical servers
so taht a single pulblic addy can be served by&nbsp; a number of boxes
<br><b>&lt;Ralph></b> whao, lotsa people
<br><b>&lt;Ghost_Rider> explaining this in a very simple way..</b>
<br><font color="#FF0000">*** Quits: Caboom (Quit: YAQM - yet another quit
message)</font>
<br><b>&lt;Ghost_Rider> when you send a request from an inside host to
an external ip</b>
<br><b>&lt;Ghost_Rider> it will be used ur router as gateway..to make than
connection port X will be used</b>
<br><b>&lt;Ghost_Rider> now the masquerading host will get the package</b>
<br><b>&lt;Ghost_Rider> check the TO IP: and replace the FROM IP: with
it's own ppp ip and make the connection on port Z</b>
<br><b>&lt;Ghost_Rider> now doing all this it will store in a table internal
machine port X port Z</b>
<br><font color="#FF0000">*** Joins: Nightshade</font>
<br><b>&lt;Ghost_Rider> now when the masquerading host receives data from
port Z</b>
<br><b>&lt;Ghost_Rider> it check the table</b>
<br><font color="#FF0000">*** Parts: codz</font>
<br><b>&lt;Ghost_Rider> see it's for machine and on port X so repalces
again TO IP: and puts the internal ip and FROM IP: puts the external ip
we are reaching and sents it to port X</b>
<br><b>&lt;Ghost_Rider> sorry about just ignoring you mikkkeee what were
you saying?</b>
<br><font color="#FF0000">*** H2-0 is now known as H2-0[Away]</font>
<br><b>&lt;Ghost_Rider> btw I assumed that you already knew it but mikestevens
told me to remind you anyway</b>
<br><b>&lt;Ghost_Rider> ip forwarding is disabled by default</b>
<br><b>&lt;Ghost_Rider> so you have to enable it</b>
<br><b>&lt;Mikkkeee></b> ahh i said someting about load balancing translation
<br><b>&lt;Mikkkeee></b> if u were going to explain it deepre
<br><b>&lt;Mikkkeee></b> er
<br><b>&lt;Ghost_Rider> echo "1" > /proc/sys/net/ipv4/ip_forward</b>
<br><font color="#FF0000">*** Ghost_Rider sets mode: -m</font>
<br><font color="#FF0000">*** Quits: norton (Quit: )</font>
<br><b>&lt;Ghost_Rider> questions about masquerading?</b>
<br><b>&lt;TracerT></b> somewhere in the datagram
<br><b>&lt;TracerT></b> is there writen that out Gateaway is a gateaway
<br><b>&lt;Mikkkeee></b> rider are u going to explain some problems with
NAT?
<br><b>&lt;TracerT></b> and how he knows, wich packets for where they belong
inside the lan
<br><b>&lt;TracerT></b> ?
<br><b>&lt;Ghost_Rider> mikestevens: talking about port probs and unreachilbity?
I'll go there in a minute</b>
<br><b>&lt;TracerT></b> out+our
<br><b>&lt;TracerT></b> out=our
<br><b>&lt;Nightshade></b> I CAN SPEEEK
<br><b>&lt;HardW1r3></b> be back in just a second
<br><b>&lt;Andrei_></b> s
<br><b>&lt;Mikkkeee></b> like the software that encrypts tcp headers info
will not work correctly with NAT cause of tcp info must be accessible to
the ifrewall, stuff like that
<br><b>&lt;Nightshade></b> Yoooo Woooo
<br><b>&lt;mikestevens></b> oh if you have 2.4.x and want to do IPMASQ
<br><font color="#FF0000">*** Quits: HardW1r3 (Quit: )</font>
<br><b>&lt;mikestevens></b> I have a lil script right here
<br><b>&lt;TracerT></b> ghost_rider
<br><font color="#FF0000">*** Quits: Ralph (Ping timeout)</font>
<br><b>&lt;Nightshade></b> sorry....
<br><b>&lt;mikestevens></b> echo 1 > /proc/sys/net/ipv4/ip_forward
<br><b>&lt;mikestevens></b> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
<br><font color="#FF0000">* Nightshade shuts right up</font>
<br><b>&lt;Ghost_Rider> traceT: like i told the gateway sets a table which
is called the masquerade table</b>
<br><b>&lt;CodE4></b> why they at some places that one should set this
fragmentation option too in addition to forward
<br><b>&lt;Ghost_Rider> on that table will be setted the internal host
that sent the request</b>
<br><b>&lt;Ghost_Rider> the port that comunicates to the gateway</b>
<br><b>&lt;Ghost_Rider> and the port which the gateway is comunitating
to the remote host</b>
<br><font color="#FF0000">*** Quits: Cyberwolf (Ping timeout)</font>
<br><b>&lt;Ghost_Rider> that allows the gateway to know when he receives
a package from where to route it</b>
<br><b>&lt;TracerT></b> so from outside, if you read the datagram, youl
know that there are some PC in lan, after the gateaway?
<br><b>&lt;Ghost_Rider> TracerT: if you are trying to make the connection
from the outside to get inside you can't..I'll get there in a sec</b>
<br><b>&lt;TracerT></b> no!
<br><font color="#FF0000">*** Joins: bracaman</font>
<br><b>&lt;TracerT></b> if you READ the datagram from outside, can you
know the internel IPs
<br><b>&lt;Megram></b> no
<br><b>&lt;Ghost_Rider> nope</b>
<br><font color="#FF0000">*** Mikkkeee sets mode: +v bracaman</font>
<br><b>&lt;Ghost_Rider> TracerT: from the outside</b>
<br><b>&lt;Ghost_Rider> you think you are being contact</b>
<br><b>&lt;Ghost_Rider> from the masquerading host</b>
<br><b>&lt;TracerT></b> after that GateAway of ours. Its like a wingate.
right?
<br><b>&lt;Ghost_Rider> because like I told the ips we were using are UNroutable</b>
<br><b>&lt;freeque></b> you might have answered this, and it's not even
a very good question, but just out of interest, is there a limit to the
number of computers whose ips you can masquerade?
<br><b>&lt;Megram></b> yes, 65k
<br><b>&lt;TracerT></b> OK, so how the gateaway knows wich packet, to where
he belongs, after the packet is recieved from outside?
<br><b>&lt;bracaman></b> i think Ghost_Rider is lying...
<br><b>&lt;bracaman></b> :)
<br><b>&lt;Megram></b> TracerT, ill explain the details to you in pvt...
<br><font color="#FF0000">*** Joins: Ralph</font>
<br><font color="#FF0000">*** ChanServ sets mode: +o Ralph</font>
<br><b>&lt;Mikkkeee></b> not really nat allows an entire class B sized
network to hide behind a single ip addy
<br><b>&lt;TracerT></b> 10X
<br><b>&lt;Mikkkeee></b> not really NAT allows an entire class B sized
network to hide behind a single ip addy
<br><b>&lt;Frydo></b> any chance I can do this trick with windows ? not
as a proxy I mean.
<br><b>&lt;freeque></b> so 65,000 or unlimited?
<br><font color="#FF0000">*** Quits: Andrei_ (Quit: BitchX-1.0c18 -- just
do it.)</font>
<br><b>&lt;mikestevens></b> Actually you can use 10.0.0.0/16
<br><b>&lt;TracerT></b> frydo: wingate
<br><b>&lt;mikestevens></b> errr
<br><b>&lt;TracerT></b> form win98 you can do it!
<br><b>&lt;mikestevens></b> 10.0.0.0/8
<br><font color="#FF0000">* freeque confuzzled</font>
<br><font color="#FF0000">*** Joins: binz</font>
<br><b>&lt;Frydo></b> not the same, it's a proxy.
<br><b>&lt;Infini7y></b> : )
<br><b>&lt;binz></b> is the lecture over?
<br><b>&lt;freeque></b> mikestevens - class b is /16 is it not?
<br><b>&lt;Ghost_Rider> binz: nope</b>
<br><b>&lt;Mikkkeee></b> well for nt which doens't provide this fuction,
u must use a third party firewall if u want to use NAT. thats for the window
questions
<br><b>&lt;Ghost_Rider> freeque: yeah..class B is /16</b>
<br><b>&lt;shady_harrasment_panda></b> btw good lecturer i was enjoying
it but i have to go i fell to sick to stay up
<br><b>&lt;shady_harrasment_panda></b> bye ppl
<br><b>&lt;Ghost_Rider> because 2 octects are fixed</b>
<br><b>&lt;mikestevens></b> I corrected myself
<br><b>&lt;mikestevens></b> above
<br><b>&lt;mikestevens></b> &lt;mikestevens> 10.0.0.0/8
<br><b>&lt;Mikkkeee></b> nah there is a third part and an suprise lecture
<br><font color="#FF0000">*** Parts: shady_harrasment_panda</font>
<br><b>&lt;Ghost_Rider> so shall we continue?</b>
<br><b>&lt;Mikkkeee></b> its all yours
<br><b>&lt;Ellis_D></b> yes
<br><font color="#FF0000">*** Ghost_Rider sets mode: +m</font>
<br><b>&lt;bracaman></b> can opers speak when the chan is moderated?