Re: [Vietlug] Die^`u chi?nh packet trong Lan

Tue, 16 Nov 2004 22:06:15 -0800 

On Tue, 16 Nov 2004 23:55:06 +0200 (EET), Le Thanh Phong
<[EMAIL PROTECTED]> wrote:
> 
> The^m 1 die^`u la. trong LAN nu+~a, tre^n ly' thuye^'t em du+o+.c ho.c
> thi` ca'c router cu~ng nhu+ ca'c PC mie^~n la` co' card ma.ng. Khi 1
> packet to+'i mi`nh, eth card se~ kie^?m tra di.a chi? di'ch de^'n cu?a
> packet thi` se~ forward no' du+.a theo routing table. Gia? su+? ca'c ma'y
> trong LAN de^`u co' 1 rule la` packet co' di.a chi? di'ch la 0.0.0.0 thi`
> se~ forward qua 10.2.0.1 ... Trong tru+o+`ng ho+.p cu?a em thi` em da~
> co^' ti`nh thay vi` forward qua 10.2.0.1 thi` em forward qua 1 ma'y ba^'t
> ki` na`o do' tre^n LAN vo+'i gateway la` 0.0.0.0 ... The^' nhu+ng die^`u
> la. la` ca'c packet de^`u bi. discard o+? da^u do' ... chu+' no' kho^ng
> forward giu`m mi`nh sang 10.2.0.1 ... Mong ca'c ba'c gia?i thi'ch the^m
> cho 'con tre?' die^`u ngo^. na`y !!! (Ca'i chuye^.n forward package la`
> no' na(`m o+? lo+'p thu+' 3 cu?a OSI ... hoa(.c la` layer thu+' 2 cu?a
> TCP/IP the^' thi` no' da^u di'nh gi` de^' App Layer tre^n ca'c ma'y PC
> da^u tu+'c la` ne^'u ai do' xa`i ZoneAlarm hay set firewall thi` da^u
> a?nh hu+o+?ng gi`)

Ve^` chuye^.n trong LAN chi? co' ma'y cu?a ba'c kho^ng qua ddu+o+.c
proxy, ba'c ne^n ho?i la.i admin dde^? bie^'t ca'ch ca^'u hi`nh default gw
cho ddu'ng. Ba'c ho?i luo^n admin co' cho IP cu?a ba'c va`o black list
hay kho^ng?

Ve^` ca^u ho?i chuye^?n packet dde^'n ma'y kha'c trong LAN, ba'c dda~
ho.c ly' thuye^'t ne^n cha('c dda~ bie^'t "source routing" va` "host, gateway
requirements".
Source routing cho phe'p ngu+o+`i gu+?i (source, sender) chi? ddi.nh
ddu+o+`ng ddi cu?a go'i tin, kha'c vo+'i kie^?u routing hop-by-hop pho^? bie^'n.
Ma'y cu?a ba.n ba'c (forward giu'p ba'c) cu~ng pha?i ca^'u hi`nh nhu+ mo^.t
gateway, dde^? co' the^? chuye^?n packet giu'p ba'c. Muo^'n bie^'t ro~ ve^`
ly' thuye^'t thi` ddo.c RFC 791 (source routing option) va` RFC 1122, 1812
(host va` gateway requirements).
Chu' y' la` ha^`u he^'t ca'c OS nga`y nay theo ma(.c ddi.nh dde^`u ta('t ca'c
chu+'c na(ng source routing va` packet forwarding. Xem file /etc/sysctl.conf
se~ tha^'y
net.ipv4.ip_forward = 0
net.ipv4.conf.default.accept_source_route = 0


-- 
James Nguyen, Phedora
http://vnoss.org


-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
VietLUG-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/vietlug-users

Trả lời cho