document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-02-25 00:50:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3 from LCTT/master

Browse Source 
Update My Repository
This commit is contained in:
joeren 2014-06-14 09:43:01 +08:00
commit 558a276327
3 changed files with 90 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
sources/news/20140612 Dpkg Vulnerabilities Closed in Ubuntu 14.04.md
View File

@ -1,27 +0,0 @@
alim0x translating
Dpkg Vulnerabilities Closed in Ubuntu 14.04
================================================================================
![](http://i1-news.softpedia-static.com/images/news2/Dpkg-Vulnerabilities-Closed-in-Ubuntu-14-04-446282-2.jpg)
**Canonical has announced that a dpkg vulnerability in its Ubuntu 14.04 LTS, Ubuntu 13.10, Ubuntu 12.10, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS operating systems has been corrected.**
The company has just released a new update for the dpkg package, fixing a problem with this very important software that is used in all Ubuntu versions.
“It was discovered that dpkg incorrectly handled certain patches when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system,” reads the security notice.
For a more detailed description of the problems, you can see Canonical's [security notification][1]. Users have been advised to upgrade their systems as soon as possible.
The flaws can be fixed if you upgrade your system(s) to the latest libdpkg-perl packages specific to each distribution. To apply the patch, run the Update Manager application.
In general, a standard system update will make all the necessary changes and users won't have to restart the PC or the laptop in order to apply the patch. This update can also be performed from the terminal, with the apt-get dist-upgrade command.
--------------------------------------------------------------------------------
via: http://news.softpedia.com/news/Dpkg-Vulnerabilities-Closed-in-Ubuntu-14-04-446282.shtml
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://www.ubuntu.com/usn/usn-2242-1/

80
sources/tech/20140610 How to set up Internet connection sharing with iptables on Linux.md → translated/20140610 How to set up Internet connection sharing with iptables on Linux.md
View File

@ -1,46 +1,96 @@
Translating by yujianxuechuan,占坑
How to set up Internet connection sharing with iptables on Linux
怎样使用linux的iptables工具进行网络共享
================================================================================
In this tutorial, I'll explain how to share a single Internet connection among multiple devices on Linux. While consumer-grade WiFi routers have become mainstream nowadays, making this problem a non-issue, suppose you don't have one at home. However, say you have a Linux box already assembled with a modem and a LAN card. The modem is connected to the Internet with a dynamic public IP address, and the LAN card connected to your switch/hub. Other devices (Linux/Windows PC, laptop) are connected to the switch without having any Internet connection. To share the Internet connection of the Linux box, you have to turn the box into a gateway, so that it can relay traffic to and from other devices.
在本教程中我将解释多个设备怎样在linux下共享一个网络连接。目前无线路由器已经成为主流的消费品从而解决了本文这一问题假设你家中并没有一台无线路由器。然而你却有一台已经有"猫"和局lan网卡的的linux主机。"猫"是以动态公有IP地址的模式连接的互联网主机的lan网卡连接到你的交换机或者集线器。其他设备如linux或者windows的PC或者笔记本以网桥的形式连接并无互联网连接。为了共享linux主机的互联网你必须把主机摄制成网关于是它才能实现从其他设备中传送和接受信息。
### Glossary of Terms ###
术语字汇
- **Private IP address** (non-routeable address) is an IP address used for a Local Area Network (not visible through Internet).
- **Public IP address** (routeable address) is an IP address that is visible through Internet.
- **IP masquerading** is a function that allows set of machines to reach the Internet via a MASQ gateway. Those machines behind the MASQ gateway is never visible to the Internet. Any outgoing and incoming traffic from and to the machines behind the MASQ gateway must pass through the MASQ gateway.
- **Network Address Translation** (NAT) is a function that can make a private IP address reaches the Internet with the help of IP masquerading.
-私有IP地址不可到达地址是一个被用于本地局域网的IP地址在互联网中不可见
-公用IP地址可到达地址是一个在互联网中可见的IP地址。
IP伪装是一项允许一系列机器通过MASQ网关连接互联网的功能。这些MASQ网关之外的机器在互联网中是不可见的。MASQ之后的机器中任何流入或流出的数据必须经过MASQ网关。
-网络地址转换NAT是一项通过IP伪装技术可以使私有IP地址访问互联网的功能。
### Hardware Requirements ###
硬件要求
- One Linux box with two interfaces (one public IP address and the other private IP address), which will be used as a gateway.
- One or more Linux/Windows PC or laptop with private IP addresses.
- Switch/HUB (optional).
-一台有两个接口一个公有IP地址和其他的私有IP地址的linux主机这个主机将被用作网关。
-一台或者多台拥有私有IP地址的linux/windows系统的PC或者笔记本。
-交换机/集线器(可选)。
### Step-by-Step Guide ###
教程步骤
The following procedure is required on the Linux box (the connection sharing gateway).
接下来的过程需要在linux主机用于共享的网关上完成。
#### 1. Activate IP forwarding ####
1、激活IP转发
In order to set up Internet connection sharing, you need to enable IP forwarding on the Linux box with a kernel parameter. Startup kernel parameters stored in /etc/sysctl.conf.
为了设置网络共享你需要在linux主机上更改一个内核参数来使能IP转发功能。内核启动参数设定在/etc/sysctl.conf文件中。
Open the file, and locate line with the following parameter "# net.ipv4.ip_forward = 0". Remove hash mark (i.e., uncomment it), and set the value to 1. It should look like the following:
打开这个文件,定位到含有"# net.ipv4.ip_forward = 0"的这一行,移除#号即取消注释然后将其值设置为1改好之后应该和下面的一致。
net.ipv4.ip_forward = 1
You may also activate IP forwaring at run time by the following command:
你还要使激活IP转发功能生效通过执行下面的命令
$ sudo sysctl -w net.ipv4.ip_forward=1
$ sudo sysctl -p
#### 2. NAT configuration ####
2、NAT配置
Another important part of Internet connection sharing is NAT configuration which can be done using iptables command. iptables maintains four firewall tables:
另一个网络共享的重要部分是NAT配置这可以通过使用iptables的命令iptables包含四个防火墙的表格
- FILTER (the default table)
- NAT
- MANGLE
- RAW
- FILTER (默认表格)
- NAT
- MANGLE
- RAW
In this tutorial we will use only two tables: FILTER and NAT tables.
这个教程中我们将仅使用两个表格FILTER和NAT表格。
First, flush all active firewall rules.
首先,刷新所有活跃的防火墙的规则。
$ sudo iptables -X
$ sudo iptables -F
$ sudo iptables -t nat -X
$ sudo iptables -t nat -F
On the INPUT table, you have to set chain FORWARD to ACCEPT target, so all packets passed through the box will be processed correctly.
在输入表格中,你需要设置转发链成可接受的目的地,因此艘游通过主机的数据包将会被正确的处理。
$ sudo iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$ sudo iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
On the NAT table, you have to enable IP masquerading for your WAN interface. We assume that the WAN interface is ppp0. To enable IP masquerading on ppp0 interface, you can use the following command:
在NAT表中你必须为你的WAN口使能IP伪装我们假设WAN口协议是ppp0。为了在ppp0接口上使能IP伪造技术我们使用以下的命令
$ sudo iptables -t nat -I POSTROUTING -o ppp0 -j MASQUERADE
#### 3. Configuring a private IP address ####
3、配置私有IP地址
After all configuration is completed on the Linux box, you have to configure the DNS server and default gateway of other devices (Linux/Windows PC, laptop), so that they point to the Linux box. Note that you don't need to set up a DNS server on the Linux box. Every DNS request from other devices are automatically forwarded by the Linux box to your upstream ISP.
在linux主机上的所有配置完成后你需要配置其他设备linux/windows的PC或笔记本的DNS服务器以及默认网关因此他们的数据流可以指向linux主机。注意你不需要在linux主机上设置一个DNS服务器从其他设备发出的每一个DNS请求都会通过上游的ISP自动转发到linux主机上。
If you are using Linux on the other devices, you can use the following command to change their default gateway and DNS servers. I assume that you are using 192.168.1.0/24 private IP address segment, and that 192.168.1.1 is the IP address assigned to the Linux box.
如果你的其他设备上用的系统是linux你可以通过以下命令来更改他们的默认网关和DNS服务器。假设你的网段是192.168.1.0/24的私有IP地址网段linux主机上绑定的IP地址是192.168.1.1。
$ sudo ip route del default
$ sudo ip route add default via 192.168.1.1
$ sudo sh -c "echo 'nameserver 192.168.1.1' > /etc/resolv.conf"
If you have other Linux devices, you can repeat the command above on other devices.
如果还有其他的linux设备那么你可以重复以上命令。
If you have a Windows device, you can change the default gateway and the DNS server via network connection properties on the control panel.
如果你有windows设备你可以通过控制面板的网络连接属性来更改默认网关和DNS服务器。
#### 4. The complete script ####
4、完整的脚本
Here is the complete script which sets up Internet connection sharing on the Linux box. The WAN interface (ppp0) needs to be replaced according to your environment.
这是一个在linux主机上设置网络连接共享的一个完整的脚本。WAN口ppp0协议需要根据你具体的网络接口协议来替换。
$ sudo vi /usr/local/bin/ishare
----------
In this tutorial we will use only two tables: FILTER and NAT tables.
@ -97,11 +147,11 @@ Here is the complete script which sets up Internet connection sharing on the Lin
iptables -t nat -I POSTROUTING -o ppp0 -j MASQUERADE
Save the above script to /usr/local/bin/ishare, and then change the executable bit by the following command.
保存以上的脚本到/usr/local/bin/ishare然后添加可执行权限通过执行下面的命令。
$ sudo chmox +x /usr/local/bin/ishare
If you want the script executed every startup, you can register the script to /etc/rc.local. Open /etc/rc.local, before statement "exit 0", add the following line:
如果你需要这个脚本开机启动,你需要在/etc/rc.local文件中注册这个脚本在文件中的"exit 0"之前添加下面一行。
/usr/local/bin/ishare
--------------------------------------------------------------------------------

25
translated/news/20140612 Dpkg Vulnerabilities Closed in Ubuntu 14.04.md Normal file
View File

@ -0,0 +1,25 @@
Ubuntu 14.04中Dpkg的漏洞已被修复
================================================================================
![](http://i1-news.softpedia-static.com/images/news2/Dpkg-Vulnerabilities-Closed-in-Ubuntu-14-04-446282-2.jpg)
**Canonical宣布存在于Ubuntu 14.04 LTSUbuntu 13.10Ubuntu 12.10Ubuntu 12.04 LTS以及Ubuntu 10.04 LTS操作系统中的dpkg漏洞已经被修复。**
Canonical公司刚刚放出dpkg包的一个更新修复了这个用于所有Ubuntu版本的重要软件中的一个问题。
“这个问题是在dpkg在解压源码包的时候发现的它会使dpkg不能正确地处理某些补丁。如果一位用户或一个自动化系统被欺骗而解压了特别修改过的源码包远程攻击者就能修改目标解压路径之外的文件导致拒绝服务攻击或潜在的获取系统权限的风险。”安全通知中这样写道。
想了解这个问题的更多细节描述你可以查看Canonical的[安全通知][1]。Canonical建议用户尽快升级自己的系统。
如果你将各个发行版系统的libdpkg-perl包升级到最新版本即可修复这个漏洞。要安装这个更新你只需运行更新管理器/软件更新器即可。
一般来说一个普通的系统更新就可以完成所有必需的改动用户不必重启PC或笔记本来应用这个补丁。这个更新同样可以在终端中实现只需使用 apt-get dist-upgrade 命令。
--------------------------------------------------------------------------------
via: http://news.softpedia.com/news/Dpkg-Vulnerabilities-Closed-in-Ubuntu-14-04-446282.shtml
译者:[alim0x](https://github.com/alim0x) 校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://www.ubuntu.com/usn/usn-2242-1/