| 基于Netfilter框架的VPN网关的一体化设计 |
| |
| 引用本文: | 曹利峰,陈性元,杜学绘.基于Netfilter框架的VPN网关的一体化设计[J].计算机工程与应用,2006,42(2):128-130,137. |
| |
| 作者姓名: | 曹利峰 陈性元 杜学绘 |
| |
| 作者单位: | 解放军信息工程大学电子技术学院,郑州,450004 |
| |
| 摘 要: | 随着Linux版本的升级,Linux下的防火墙技术也在不断地成熟。当前,基于netfilter框架的iptables防火墙,具有轨迹跟踪的功能,实现了基于状态检测的包过虑处理,成为近年来比较盛行的防火墙。该文就netfilter框架和轨迹跟踪技术进行了分析,同时,研究了网桥和防火墙的结合方式,提出了基于轨迹跟踪的VPN处理模式,最后,对支持路由和网桥两种模式的VPN处理且集成状态检测防火墙的安全网关进行了研究和一体化的设计。
|
| 关 键 词: | IP安全协议 虚拟专用网 IPtables Netfilter |
| 文章编号: | 1002-8331-(2006)02-0128-03 |
Integration Design of VPN Gateways Based on Netfilter |
| |
| Cao Lifeng,Chen Xingyuan,Du Xuehui.Integration Design of VPN Gateways Based on Netfilter[J].Computer Engineering and Applications,2006,42(2):128-130,137. |
| |
| Authors: | Cao Lifeng Chen Xingyuan Du Xuehui |
| |
| Affiliation: | Institute of Eelectronic Technology,the PLA Information Engineering University,Zhengzhou 450004 |
| |
| Abstract: | With upgrade of Linux,firewall technology in Linux becomes aging continuously.Currently,iptables firewall based on the frame of netfilter can accomplish-packet filter based of stateful inspect,which has the function of connection tracking to be prevalence.In the paper,the frame of neffilter and connection tracking are analyzed,at the same time,Combination between Firewall and network bridge in Linux 2.6 is also studied,and the mode of VPN process based on connection tracking is put forward.Finally,Secure Firewall-VPN Gateway based on the viewpoint of integration in Route and Bridge mode is analyzed and designed. |
| |
| Keywords: | Iptables Netfilter |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
