CIPE ¼¹ö¸¦ ¼º°øÀûÀ¸·Î ¼³Á¤ÇϽŠÈÄ ±â´É °Ë»ç¸¦ ¸¶Ä¡¼ÌÀ¸¸é Ŭ¶óÀÌ¾ðÆ® ½Ã½ºÅÛ »ó¿¡¼ ¿¬°áÇÏ½Ç ¼ö ÀÖ½À´Ï´Ù.
CIPE Ŭ¶óÀÌ¾ðÆ®´Â ÀÚµ¿ÈµÈ ¹æ½ÄÀ¸·Î CIPE Á¢¼ÓÀ» ¿¬°áÇÏ°í ¿¬°á ÇØÁ¦ÇÒ ¼ö ÀÖ½À´Ï´Ù. µû¶ó¼ CIPE´Â °³º° »ç¿ëÀÚÀÇ Çʿ信 µû¶ó »ç¿ëÀÚ Á¤ÀÇÇÒ ¼ö ÀÖ´Â ±â´ÉÀÌ ³»ÀåµÇ¾î ÀÖ½À´Ï´Ù. ¿¹¸¦ µé¸é ¿ø°ÝÀûÀ¸·Î ±Ù¹«ÇÏ´Â Á÷¿øÀº ´ÙÀ½ ¸í·ÉÀ» ÀÔ·ÂÇÏ¿© LAN »ó CIPE ÀåÄ¡¿¡ ¿¬°áÇÒ ¼ö ÀÖ½À´Ï´Ù:
/sbin/ifup cipcb0 |
ÀåÄ¡°¡ ÀÚµ¿ÀûÀ¸·Î ³ªÅ¸³¯ °ÍÀÔ´Ï´Ù; ¹æÈº® ±ÔÄ¢°ú ¶ó¿ìÆÃ Á¤º¸µµ Á¢¼ÓµÇ¸é ÀÚµ¿À¸·Î ¼³Á¤µË´Ï´Ù. ¿ø°Ý ±Ù¹«ÇÏ´Â Á÷¿øÀÌ Á¢¼ÓÀ» ²÷À¸·Á¸é ´ÙÀ½ ¸í·ÉÀ» ½ÇÇàÇÏ¸é µË´Ï´Ù:
/sbin/ifdown cipcb0 |
Ŭ¶óÀÌ¾ðÆ®¸¦ ¼³Á¤Çϱâ À§Çؼ´Â ÀåÄ¡°¡ ·ÎµùµÈ ÈÄ ½ÇÇàµÉ Áö¿ª ½ºÅ©¸³Æ®¸¦ ¸¸µå¼Å¾ß ÇÕ´Ï´Ù. ÀåÄ¡ ¼³Á¤Àº »ç¿ëÀÚ°¡ Á÷Á¢ /etc/sysconfig/network-scripts/ifcfg-cipcb0 ÆÄÀÏÀ» »ç¿ëÇÏ¿© ¼³Á¤ÇÒ ¼ö ÀÖ½À´Ï´Ù. ÀÌ ÆÄÀÏÀº ºÎÆÃ½Ã CIPE°¡ ¿¬°áµÉ °ÍÀÎÁö, CIPE ÀåÄ¡ÀÇ À̸§ÀÌ ¹«¾ùÀÎÁö µîÀ» ÁöÁ¤ÇÏ´Â ¸Å°³ º¯¼öµéÀ» Æ÷ÇÔÇÕ´Ï´Ù. ´ÙÀ½Àº CIPE ¼¹ö¿¡ Á¢¼ÓÇÏ´Â ¿ø°Ý Ŭ¶óÀ̾ðÆ®ÀÇ ifcfg-cipcb0 ÆÄÀÏÀÔ´Ï´Ù:
DEVICE=cipcb0 ONBOOT=yes BOOTPROTO=none USERCTL=no # This is the device for which we add a host route to our CIPE peer through. # You may hard code this, but if left blank, we will try to guess from # the routing table in the /etc/cipe/ip-up.local file. PEERROUTEDEV= # We need to use internal DNS when connected via cipe. DNS=192.168.1.254 |
CIPE ÀåÄ¡ÀÇ À̸§Àº cipcb0 ÀÔ´Ï´Ù.CIPE ÀåÄ¡´Â ºÎÆÃ½Ã Ȱ¼ºÈµÇ°í (ONBOOT º¯¼ö¸¦ ÅëÇØ ¼³Á¤µÊ) ÀåÄ¡ÀÇ IP ÁÖ¼Ò¸¦ °Ë»öÇϱâ À§ÇØ ºÎÆ® ÇÁ·ÎÅäÄÝ (¿¹, DHCP)À» »ç¿ëÇÏÁö ¾Ê½À´Ï´Ù. PEERROUTEDEV ¶õÀº Ŭ¶óÀÌ¾ðÆ®¿¡ ¿¬°áÇÏ´Â CIPE ¼¹ö ÀåÄ¡¸íÀ» ÁöÁ¤ÇÕ´Ï´Ù. ¸¸ÀÏ ÀÌ ÀԷ¶õ¿¡ ¾Æ¹«·± ÀåÄ¡µµ ÁöÁ¤µÇÁö ¾Ê´Â´Ù¸é ÀåÄ¡°¡ ·ÎµùµÈ ÈÄ °áÁ¤µË´Ï´Ù.
¸¸ÀÏ ³»ºÎ ³×Æ®¿öÅ©°¡ ¹æÈº® µÚ¿¡ À§Ä¡ÇÑ´Ù¸é Ŭ¶óÀÌ¾ðÆ® ½Ã½ºÅÛ »ó CIPE ÀÎÅÍÆäÀ̽º¿¡¼ UDP ÆÐŶÀ» º¸³»°í ¹ÞÀ» ¼ö ÀÖµµ·Ï ±ÔÄ¢À» ¼³Á¤ÇϽʽÿÀ. ¹æÈº® ¼³Á¤¿¡ ´ëÇÑ Á¤º¸´Â 7 ÀåÀ» ÂüÁ¶ÇϽñ⠹ٶø´Ï´Ù. ÀÌ ¼³Á¤ ¿¹½Ã¿¡¼´Â iptables ±ÔÄ¢À» »ç¿ëÇÕ´Ï´Ù.
![]() | ¾Ë¸² |
---|---|
¸ðµç Áö¿ª ¸Å°³ º¯¼ö°¡ »ç¿ëÀÚ°¡ »ý¼ºÇÑ /etc/cipe/ip-up.local ÆÄÀÏ¿¡ À§Ä¡Çϵµ·Ï Ŭ¶óÀÌ¾ðÆ®¸¦ ¼³Á¤ÇÏ¼Å¾ß ÇÕ´Ï´Ù. CIPE ¼¼¼ÇÀÌ Á¾·áµÇ¸é /etc/cipe/ip-down.localÀ» »ç¿ëÇÏ¿© Áö¿ª ¸Å°³ º¯¼ö °ªÀÌ º¹±¸µÇ¾î¾ß ÇÕ´Ï´Ù. |
Ŭ¶óÀÌ¾ðÆ® ½Ã½ºÅÛ¿¡´Â CIPE UDP ĸ½¶ÈµÈ ÆÐŶÀ» ¼ö¿ëÇϵµ·Ï ¹æÈº®À» ¼³Á¤ÇØ¾ß ÇÕ´Ï´Ù. ¹æÈº® ±ÔÄ¢Àº Å©°Ô ´Ù¸¦ ¼ö ÀÖÀ¸³ª CIPE ¿¬°áÀ» À§Çؼ´Â ±âº»ÀûÀ¸·Î UDP ÆÐŶÀ» ¼ö¿ëÇÏ´Â °ÍÀÌ Áß¿äÇÕ´Ï´Ù. ´ÙÀ½ iptables ±ÔÄ¢Àº LAN¿¡ ¿¬°áÇÏ´Â ¿ø°Ý Ŭ¶óÀÌ¾ðÆ® ½Ã½ºÅÛÀ¸·Î UDP CIPE Àü¼ÛÀ» Çã¿ëÇØÁÝ´Ï´Ù; ¸¶Áö¸· ±ÔÄ¢Àº ¿ø°Ý Ŭ¶óÀÌ¾ðÆ®°¡ LAN°ú ÀÎÅͳÝÀ» ÅëÇØ ¼ÒÅëÇÒ ¼ö ÀÖµµ·Ï IP ¸¶½ºÄ¿·¹À̵ù ±â´ÉÀ» Ãß°¡ÇÕ´Ï´Ù:
/sbin/modprobe iptables /sbin/service iptables stop /sbin/iptables -P INPUT DROP /sbin/iptables -F INPUT /sbin/iptables -A INPUT -j ACCEPT -p udp -s 10.0.1.1 /sbin/iptables -A INPUT -j ACCEPT -i cipcb0 /sbin/iptables -A INPUT -j ACCEPT -i lo /sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE |
Ŭ¶óÀÌ¾ðÆ® ½Ã½ºÅÛÀÌ CIPE·Î ¿¬°áµÇ´Â ½Ã½ºÅÛÀ» ¸¶Ä¡ Áö¿ª ³×Æ®¿öÅ©ÀÎ °Íó·³ ¾×¼¼½ºÇÒ ¼ö ÀÖµµ·Ï ¶ó¿ìÆÃ ±ÔÄ¢À» Ãß°¡ÇϽʽÿÀ. route ¸í·ÉÀ» »ç¿ëÇÏ¿© ±ÔÄ¢À» Ãß°¡ÇÏ½Ç ¼ö ÀÖ½À´Ï´Ù. ÀÌ ¿¹½Ã¿¡¼´Â Ŭ¶óÀÌ¾ðÆ® ¿öÅ©½ºÅ×À̼ǿ¡ ´ÙÀ½°ú °°Àº ³×Æ®¿öÅ© ¶ó¿ìÆ®¸¦ ¼³Á¤ÇÏ¼Å¾ß ÇÕ´Ï´Ù:
route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.0.1.2 |
´ÙÀ½Àº Ŭ¶óÀÌ¾ðÆ® ¿öÅ©½ºÅ×À̼ÇÀÇ ¸¶Áö¸· /etc/cipe/ip-up.local ½ºÅ©¸³Æ®¸¦ º¸¿©ÁÝ´Ï´Ù:
#!/bin/bash -v if [ -f /etc/sysconfig/network-scripts/ifcfg-$1 ] ; then . /etc/sysconfig/network-scripts/ifcfg-$1 else cat <<EOT | logger Cannot find config file ifcfg-$1. Exiting. EOF exit 1 fi if [ -n ${PEERROUTEDEV} ]; then cat <<EOT | logger Cannot find a default route to send cipe packets through! Punting and hoping for the best. EOT # Use routing table to determine peer gateway export PEERROUTEDEV=`/sbin/route -n | grep ^0.0.0.0 | head -n 1 \ | awk '{ print $NF }'` fi #################################################### # Add The routes for the remote local area network # #################################################### route add -host 10.0.1.2 dev $PEERROUTEDEV route add -net 192.168.1.0 netmask 255.255.255.0 dev $1 #################################################### # IP TABLES Rules to restrict traffic # #################################################### /sbin/modprobe iptables /sbin/service iptables stop /sbin/iptables -P INPUT DROP /sbin/iptables -F INPUT /sbin/iptables -A INPUT -j ACCEPT -p udp -s 10.0.1.2 /sbin/iptables -A INPUT -j ACCEPT -i $1 /sbin/iptables -A INPUT -j ACCEPT -i lo /sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE |