Nethide Installation Guide

Software introduction
This software based on the software of voip data package encrypt and decipher on Linux platform that encrypt and decipher the

passing data, in order to conceal the voip data on the internet. it runs under Linux as a transparent bridge, also run under the

existing firewall based on linux。
1.   Software installation
1   One PC or specialized server ,two network card. Support the arrangement running with 2000 lines audio stream simultaneously.

Suggested configuration:
        CPU：P4 3.0 
       Memory：512M
       Netcard：two kilomega network card
       The operating system please chose RedHat 2.4 20-8.The successful running of Nethide can’t separate with the edition of

Linux, which means different Linux edition must comply with the corresponding Nethide edition, the edition for Redhat Linux 2.4.20

-8，  can be download from the company website, in case that you need other editions ,please contact our sales department, the

contacting TEL :+86-755-86152019.E-mail: supports_httel@vip.163.com　。
        Also can use the command  uname-r to examine the local linux edition
        Installing the Linux system,. choose the option: self-defined installation
         Cancel the unnecessary software, concerning the server: the easier the steadier.
2     Network structure and net bridge platform foundation
 
        Two network card eth0 and eth1,network card eth0 connecting the gateway of the machine room,  network card eth1 connecting

the platform
        Modifying the network card configuration document
         /etc/sysconfig/network-scripts/ifcfg-eth0
        / etc/sysconfig/network-scripts/ifcfg-eth1
        Set up the IP address, subnet mask ,to save  IP, please set the same IP for the two network card ；Which should be in the

same network segment
 
Assuming that the IP address of the gateway or router is 192.168.1.1.the subnet mask is 225.225.225.0, the broadcast address is

192.168.1.225, and the IP address for the two network card is 192.168.1.2, the configuration file as follow:
 
A SCHEME 1 (configure the linux to bridge mode)
 
Two network card, eth0 and eth 1, netword card eth 0
ifcfg-eth0：
DEVICE=eth0
BOOTPROTO=none
BROADCAST=192.168.1.255
IPADDR=192.168.1.2
NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=yes
USERCTL=no
PEERDNS=no
TYPE=Ethernet
GATEWAY=192.168.1.1
 
Ifcfg-eth1：
DEVICE=eth1
BOOTPROTO=none
BROADCAST=192.168.1.255
IPADDR=192.168.1.2
NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=yes
USERCTL=no
PEERDNS=no
TYPE=Ethernet
 
         Save up the file, run the command service network restart to effect the modification. Ping the IP of internet with the PC

on the basis of right physical connection  ,if it works ,it shows that the configuration of the network is correct, and can carry

on the next step
The running of the software, we need to configure the two network cards to transparent bridge. The setting of the transparent

bridge relies on the configuration of the route, because we’ve got two network card, we need to configure the specialized router ,

in order to decide the accurate path of data 
   Fist of all ,run the route command, you can see the similar route table as follow:
Destination     Gateway         Genmask        Flags Metric Ref    Use  Iface
192.168.1.0      *               255.255.255.0  UH     0      0        0 eth1
192.168.1.0     *               255.255.255.0    U     0      0        0 eth1
169.254.0.0     *               255.255.0.0        U     0      0        0 eth1
127.0.0.0         *                255.0.0.0           U     0      0        0 lo
default         192.168.1.1       0.0.0.0         UG    0      0        0 eth0
 
Assuming the IP of the platform is 192.168.1.3, since it’s connection with the eth1 of Nethide, the data package route rule should

be :objective IP=192.168.1.3 mapping to eth1 port
The objective IP mapping to eth0 port
According to the current route table, the route rule of data package should be modified as follow
     Delete two original objective IP=192.168.1.10(indicate 192.168.1 network segment) mapping to router of eth1 port
     Add objective IP=192.168.1.0 mapping to the router of eth0 port
     Add objective IP=192.168.1.3 mapping to the router of eth1 port
     Add objective IP=gateway IP 192.168.1.1 mapping to the router of eth0 port
    Run the command as below to configure
ip route del  192.168.1.0/24 dev eth1
ip route del  192.168.1.0/24 dev eth1
ip route add  192.168.1.0/24 dev eth0
ip route add  192.168.1.3 dev eth1
ip route add  192.168.1.1 dev eth0
Run the route command, can view the configuration result:
Destination     Gateway         Genmask        Flags Metric Ref    Use  Iface
192.168.1.3      *               255.255.255.255  UH     0      0        0 eth1
192.168.1.1      *               255.255.255.255  UH     0      0        0 eth0
192.168.1.0     *                255.255.255.0       U      0      0       0 eth0
169.254.0.0     *                255.255.0.0           U      0      0        0 eth1
127.0.0.0       *                  255.0.0.0                U      0      0        0 lo
Default         192.168.1.1       0.0.0.0             UG     0 

Route table shows that, the data package path of the objective IP address 192.168.1.3 is eth1,other data package route is eth0,it

demonstrate that the configuration is correct.
Next step. We start up the network transmit and proxy apathies which is the key part in configuring the transparent net bridge. Run

the command below:
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
echo 1 > /proc/sys/net/ipv4/ip_forward
Try to visit the platform from internet，in this period, we have to want for sometime for the upgrade of the buffer memory ,if the

gateway use the static MAC table, it is necessary to bond the platform IP address to the MAC of the eth0 of the encrypt server. If

it can be visited successfully, means the successful configuration. It can put the already ran configuration command into the batch

processing document: /etc/rc.d/rc.local, system will automatically patch process the documents when start up. It can be add as

follow:
ip route del  192.168.1.0/24 dev eth1
ip route del  192.168.1.0/24 dev eth1
ip route add  192.168.1.0/24 dev eth0
ip route add  192.168.1.3 dev eth1
ip route add  192.168.1.1 dev eth0
 
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
echo 1 > /proc/sys/net/ipv4/ip_forwar
Command instruction
1)  ip route del  192.168.1.0/24 dev eth1 ：in the command “192.168.1.0/24”,shows all the IP address in the 192.168.1.0 network

segment of subnet mask 255.255.255.0., “/24” means the number of  “1” is 24  in the subnet mask, that is the subnet mask is

255.255.255.0.the command is used to delete the router of eth1 which mapped by objective IP =192.168.1.0/24 .
2)  ip route  add  192.168.1.3 dev eth1 ：the command is used to make addition to the router of eth1 mapped by target

IP=192.168.1.3
3)  only need to make the corresponding IP addition in the route plan, when platform is multi-structure
4)  we have to be aware that in the command echo 1 > /proc/sys/net//ipv4/conf/eth0/proxy_arp，there are spaces on the both sides of

redirection symbol “>”.
 
B
 
2 Pieces of network card eth0 and eth1, etho connect with the gateway of equipment room.,eth1 connect with platform.
 
Download bridge software from website: http://linux-net.osdl.org/index.php/Bridge
 
       Extract the software package tar –xzvf bridge-utils-*.tar.gz.(* is the version)
       Execute “cd ./bridge-utils-*”
       Execute “./configure”
       Execute” make”
       Execute “make install”(bridge software installation finish)
       Execute command “brctl addbr br0” to found bridge br0，then execute “ifconfig –a” ,you will find that there is a

another br0 port.
       Execture command brctl addif br0 eth0
        brctl addif br0 eth1(make etho and eth1 be included in bt0 )
If we need to access the server remotely ,we need to assign IP for it, suppose the assigned IP is 192.168.1.10,subnet mask is

255.255.255.0,default gateway is 192.168.1.1 Execute the commad as follows:
route add default eth0
route add default gw 192.168.1.1
ifconfig br0 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255
ifconfig br0 up
 
Now the bridge setting has completely succeed.In order to make it run automaticly when the system startup, we need to enter these

command to the file /etc/rc.d/rc.local
 
/sbin/ifconfig eth0 0.0.0.0
/sbin/ifconfig eth1 0.0.0.0
/usr/local/sbin/brctl addbr br0
/usr/local/sbin/brctl addif br0 eth0
/usr/local/sbin/brctl addif br0 eth1
route add default eth0
route add default gw 192.168.1.1
ifconfig br0 192.168.1.10 netmask 255.255.255.0 broadcast 192.128.1.255
ifconfig br0 up
 
 
2.       Nethide Installation
We can start to install the software when we finish the settings mentioned above, Operate steps are as follows:
1.Execute “su”command to obtain the right of super user.
2 Extract software package
3.Enable “install_net” in the install package to obtain Executing right
4,Execute “install_net”
    5  Execute command “nethid start” to start up Nethide
       For example:
# tar zxvf nethide2.4.20-2.0.1.tar.gz   （Extract software package）
# chmod 755 install_net        （obtain Executing right property）
# ./ install _net                                  （Execute installation file）
 
6 Enter the command line “nethid start” into batch file “/etc/rc.d/rc.local”,so as to make it run automatically when system

start up.
3.       Nethide setting
After installation, we can setup the program.Enter the authentication code or The software only can be used for 30 days.
The COMMAND HELP will display when enter command “nethid-h” or coammand– “help” .And we can check the version when enter “–V

” or ”––version”
 
nethid regc ： output local register code
nethid start ： start up program
nethid stop ： terminate program
nethid show： display current encrypt key.And display straight throught table also when system is running.
nethid setkey <key> ：setup VOIP encrypt key
nethid auth <authentication>  ：enter authentication code
 
super setting：
      
    We can setup the straight through IP and port by modificate the files in the installation catalog ,after the settings, system

will transfer the corresponding data package without judgment. to save on system resource. We can reduce the system operation a lot

If we can set the communication between platform server and digital relay gateway to straight through.
 
 
Set format as follows:
       <xxx.xxx.xxx.xxx>  <s/d>  <min port>  <max port>  \
Enter the items into corresponding option of file hid set.sh, The options of HID_ETH0 figure the data package setting of network

card eth0. The options of HID_ETH1 figure the data package setting of network card eth1.20 options is the maximum of each net port.

Execute the file, don’t need reboot the program.
1)The first parameter item of setting option stand for the very IP Which is need to be straight get though.
2) The second parameter item stand for the direction of data, When the second parameter is “s”,it denote the source IP, While it

is “d”, it denote the destination IP

Nethide.