|
|
181.
|
|
|
Daemons
|
|
|
|
|
守护程序
|
|
Translated and reviewed by
姚渺波
|
|
|
|
Located in
serverguide/C/network-config.xml:812(title)
|
|
|
182.
|
|
|
Daemons are special system applications which typically execute continuously in the background and await requests for the functions they provide from other applications. Many daemons are network-centric; that is, a large number of daemons executing in the background on an Ubuntu system may provide network-related functionality. Some examples of such network daemons include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> (httpd), which provides web server functionality; the <emphasis>Secure SHell Daemon</emphasis> (sshd), which provides secure remote login shell and file transfer capabilities; and the <emphasis>Internet Message Access Protocol Daemon</emphasis> (imapd), which provides E-Mail services.
|
|
|
|
|
守护程序是特殊的系统应用程序,一般常驻在后台并等待来自其他应用程序请求其所提供的功能。许多守护程序都是网络中心;在 Ubuntu 系统后台执行的许多守护程序都可以提供网络的相关功能。这些网络守护程序包括 <emphasis>超文本传输协议守护程序</emphasis> (httpd),用于提供网站服务器功能;<emphasis>Secure SHell 守护程序</emphasis> (sshd),用于提供安全远程登录 shell 和文件传输功能;<emphasis>Internet Message Access Protocol 守护程序</emphasis> (imapd),用于提供 E-Mail 服务。
|
|
Translated and reviewed by
姚渺波
|
| In upstream: |
|
守护程序是特殊的系统应用程序,一般常驻在后台并等待来自其他应用程序请求其所提供的功能。许多守护程序都是面向网络的;也就是说,在 Ubuntu 系统后台执行的许多守护程序都可以提供网络的相关功能。这些网络守护程序包括 <emphasis>超文本传输协议守护程序</emphasis> (httpd),用于提供web服务器功能;<emphasis>Secure SHell 守护程序</emphasis> (sshd),用于提供安全远程登录 shell 和文件传输功能;<emphasis>Internet Message Access Protocol 守护程序</emphasis> (imapd),用于提供 E-Mail 服务。
|
|
|
Suggested by
Ihnus Qcshz
|
|
|
|
Located in
serverguide/C/network-config.xml:813(para)
|
|
|
183.
|
|
|
Firewall Configuration
|
|
|
|
|
防火墙配置
|
|
Translated and reviewed by
姚渺波
|
|
|
|
Located in
C/network-applications.xml:374(title)
|
|
|
184.
|
|
|
The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, which is used to manipulate or decide the fate of network traffic headed into or through your server. All modern Linux firewall solutions use this system for packet filtering.
|
|
|
|
|
Linux 内核包括 <emphasis>Netfilter</emphasis> 子系统,用来处理或决定网络传输头部进入或穿过你的服务器,目前所有的 Linux 防火墙都用该系统来做包过滤。
|
|
Translated and reviewed by
姚渺波
|
|
|
|
Located in
serverguide/C/security.xml:355(para)
|
|
|
185.
|
|
|
Firewall Introduction
|
|
|
|
|
防火墙介绍
|
|
Translated and reviewed by
姚渺波
|
|
|
|
Located in
C/network-applications.xml:381(title)
|
|
|
186.
|
|
|
The kernel's packet filtering system would be of little use to administrators without a userspace interface to manage it. This is the purpose of iptables. When a packet reaches your server, it will be handed off to the Netfilter subsystem for acceptance, manipulation, or rejection based on the rules supplied to it from userspace via iptables. Thus, iptables is all you need to manage your firewall if you're familiar with it, but many frontends are available to simplify the task.
|
|
|
|
|
内核的包过滤系统如果没有一个用户态 (userspace) 界面来管理它的话对管理员来说几乎没有用。这正是 iptables 的目的。当一个包到达您的服务器,它从用户态 (userspace) 通过 iptables 传给 Netfilter 子系统,然后基于提供的规则去接受、操作或拒绝。因此,如果你能熟悉它的话,那么 iptables 就是您管理您防火墙所需的全部。
|
|
Translated and reviewed by
姚渺波
|
|
|
|
Located in
serverguide/C/security.xml:360(para)
|
|
|
187.
|
|
|
IP Masquerading
|
|
|
|
|
IP 伪装
|
|
Translated and reviewed by
姚渺波
|
|
|
|
Located in
serverguide/C/security.xml:596(title)
|
|
|
188.
|
|
|
The purpose of IP Masquerading is to allow machines with private, non-routable IP addresses on your network to access the Internet through the machine doing the masquerading. Traffic from your private network destined for the Internet must be manipulated for replies to be routable back to the machine that made the request. To do this, the kernel must modify the <emphasis>source</emphasis> IP address of each packet so that replies will be routed back to it, rather than to the private IP address that made the request, which is impossible over the Internet. Linux uses <emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which connections belong to which machines and reroute each return packet accordingly. Traffic leaving your private network is thus "masqueraded" as having originated from your Ubuntu gateway machine. This process is referred to in Microsoft documentation as Internet Connection Sharing.
|
|
|
|
|
IP 伪装的目的是为了允许您网络上那些有着私有的、不可路由的 IP 地址的机器可以通过做伪装的机器访问 Internet。来自您私有网络并要访问 Internet 的传输必须是可以操作的,也就是说回复要可以被路由回来以送到发出请求的机器上。要做到这一点,内核必须修改每个包 <emphasis>源</emphasis> IP 地址以便回复能被路由回它这里,而不是发出请求的私有 IP 地址,因为它们对于 Internet 来说是不存在的。Linux 使用 <emphasis>Connection Tracking</emphasis> (conntrack) 来保持那个连接是属于哪个机器的,并相应地对每个返回包重新做路由。发自您私有网络的流量就这样被伪装成源于您的网关机器。这一过程在 Microsoft 文档中被称为 Internet 连接共享。
|
|
Translated and reviewed by
姚渺波
|
|
|
|
Located in
serverguide/C/security.xml:597(para)
|
|
|
189.
|
|
|
-t nat -- the rule is to go into the nat table
|
|
|
|
|
-t nat -- 该规则将进入 nat 表
|
|
Translated and reviewed by
姚渺波
|
|
|
|
Located in
serverguide/C/security.xml:744(para)
|
|
|
190.
|
|
|
-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain
|
|
|
|
|
-A POSTROUTING -- 该规则将被追加 (-A) 到 POSTROUTING 链
|
|
Translated and reviewed by
姚渺波
|
|
|
|
Located in
serverguide/C/security.xml:745(para)
|
