Design And Research Of Firewall For Campus Network

The information revolution on the world has a big impact. the network's development has greatly changed the way the survival of human life. the network effect on people is in everywhere. the network security issue has been the focus of attention of mankind. Campus network, the security and management has been to ensure the normal operation of campus-based, most networks in schools are basically completed, and campus network security is the primary means to prevent the campus network within the network and to build a firewall between the public network, Use a firewall physically block or limit the illegal information flow. At present, the internal firewall system technology gap is not small in comparison with foreign countries, many firewall products on the market flooded with these products are not only expensive to buy and maintain, and cost performance is low, so alot of low-end customers would very much like according to their own the actual needs of the general theory of firewall design and methods of the system with their own specific circumstances combined to design a number of small but excellent firewall system.This paper describes the development of linux firewall technology, analysis of the Netfilter framework in Linux kernel, the main functions and data structures, Netfilter framework of the working principle and workflow of the Netfilter packet filtering technology, NAT, connection tracking technology conducted in-depth study. Detailed description of the Netfilter configuration tool for iptables filter rules the basic concept and its implementation of the basic realization of the packet control commands, by analyzing iptables packet processing to achieve the core module, to study the iptables how to close integration with the Netfilter framework for a common data packet filtering. On this basis, this article discusses the campus network firewall system development platform, the overall ideology and mai n module functions and algorithms, which include network topology map, data storage shows that the core design idea to initialize the module, the core is initialized module technology, while chapter also elaborated on the security of Internet users, prevention and management, including access management, retirement network, network billing, Internet sites limited, flow rate limits and other technology.With the rapid develppment of information technology based on Internet; theapplication of information network techniques is extended more and more. Following popularization of Internet, the data security problems transmitting inInternet bring a hot challenge in the research field. The firewall is inserted between the premises network and the Internet toestablish a controlled link and to erect an outer security wall or perimeter. The aimof this perimeter is to protect the premises network from Internet based attacks andto provide a single choke point where security and audit can be imposed.This thesis discusses the netfilter mechanism of Linux 2.4 kernel, and analyzes how to design and realize the firewall based on netfilter technology, and also describes network address translation in Linux. Developed by GNU, a netfilter based firewall is realized and tested.