Shorewall - setup RH8 - GW - webmin
Ohmster
better firewall. I installed the rpm file and have a module for it in
webmin. I am at a loss as to how to set this up and make it work for my
system. The setup docs are pretty vague and I don't want to mess this up.
I have:
Red Hat Linux 8.0
eth0 - ADSL modem, DCHP configured
eth1 - to hub for small LAN (two XP computers, 192.168.0.2 & 192.168.0.3),
IP address 192.168.0.1
apache server running (php & mysql), default port 80.
vsftpd running, default port.
using UPnPd to allow the xp computers to message voice and video with
Windows Messanger.
ssh server.
connect to RH machine with x-win32 via xdm.
This machine is a gatway/server. Shorewall is pretty hard to setup. Can
someone give me a basic how-to for this particular setup? I can use webmin
if I had a clue. I am afraid to start up shorewall because my stuff might
not work anymore. Tips/help please!
--
~Ohmster
Peteris Krumins
news:Xns93AF9362F5622...@65.82.44.187:
> I decided to remove firestarter and install shorewall because it is a
> better firewall.
Actually it is not a firewall, it's just a collection of scripts, afaik,
which use genious iptables netfilter.
> I installed the rpm file and have a module for it in
> webmin. I am at a loss as to how to set this up and make it work for
> my system. The setup docs are pretty vague and I don't want to mess
> this up.
Uh, if you do not want to mess with firewalling, what's the point of help
then? Someone can tell you how to do it, but you wont be able to react
quickly if something happens. Then you will probaby ask again.
> I have:
> Red Hat Linux 8.0
> eth0 - ADSL modem, DCHP configured
> eth1 - to hub for small LAN (two XP computers, 192.168.0.2 &
> 192.168.0.3), IP address 192.168.0.1
>
> apache server running (php & mysql), default port 80.
> vsftpd running, default port.
> using UPnPd to allow the xp computers to message voice and video with
> Windows Messanger.
> ssh server.
> connect to RH machine with x-win32 via xdm.
>
> This machine is a gatway/server. Shorewall is pretty hard to setup.
> Can someone give me a basic how-to for this particular setup?
The only way to learn is to read documentation, and if something is not
clear, google for unclear and read that, as you see another unknown thing
to you follow that up and read read read.
I do the above method once a week and end up with almost 50 open browser
windows.
It's like a circle, if you have heared, smarter you get - more unknown
lies ahead, as circle gets wider in diameter, the length of the circle
also increases and that is the unknown.
P.Krumins
Ohmster
news:Xns93B020BF0D657...@130.133.1.4:
> Uh, if you do not want to mess with firewalling, what's the point of
> help then? Someone can tell you how to do it, but you wont be able to
> react quickly if something happens. Then you will probaby ask again.
Hmmmm, yes, I will do all of that when time permits. As it is, I have an
open system with no firewall and that is the reason for the urgency to get
a firewall running. I was hoping that someone with a similar setup could
pass on the configs in order to get it running. Then I could tweak and tune
it as I understand it better. Webmin seems like a good front end to do this
with.
Ask again? If I don't understand something and need some assistance I sure
will ask more questions. My payback is to help others with situations that
I have already dealt with and I do that all the time. iptables is not
something that one gets a handle on right away, or at least that is the way
it seems to me.
Your advice and analogies are good though. :P
--
~Ohmster
Alan Erola
1.Read Shorewall's website (Quickstart Guides) and download the
configuration scripts that fits you e.g.
2.Edit the configuration scripts, especially the "zones," "policy" and
"rules" scripts.
3.Make sure you have physical access to the firewall box (in case your
configuration locks you out of a network connection).
4.Run "shorewall start" from root and read the messages.
5.Go back and read the forum at Shorewall for specific questions.
Also:
1. Keep a hardcopy of your network configuration
2. Check you hardware, cables, etc.
It works great for me.
Dan Bar
Ohmster napsal(a):
> I decided to remove firestarter and install shorewall because it is a
> better firewall. I installed the rpm file and have a module for it in
> webmin. I am at a loss as to how to set this up and make it work for my
> system.
>
Well - in case you know how iptables work, then it would not be problem
to setup shorewall. If not, then start here.
> The setup docs are pretty vague and I don't want to mess this up.
from all firewall scripts I saw Shorewall have the best docs of all of
them ;)
> I have:
> Red Hat Linux 8.0
> eth0 - ADSL modem, DCHP configured
> eth1 - to hub for small LAN (two XP computers, 192.168.0.2 &
192.168.0.3),
> IP address 192.168.0.1
>
> apache server running (php & mysql), default port 80.
> vsftpd running, default port.
> using UPnPd to allow the xp computers to message voice and video with
> Windows Messanger.
> ssh server.
> connect to RH machine with x-win32 via xdm.
>
> This machine is a gatway/server. Shorewall is pretty hard to setup. Can
> someone give me a basic how-to for this particular setup? I can use
webmin
> if I had a clue. I am afraid to start up shorewall because my stuff
might
> not work anymore. Tips/help please!
>
In Shorewall package are example configurations for boxes with 2 or 3
interfaces. You might want to look there.
At http://shorewall.net/ is lot of other info and also a mailing list.
Tom Eastep - author of Shorewall - is very active in answering all kinds
of questions. So in case of problems just post a message there.
Dan
Ohmster
news:be86re$rl4$4...@localhost.localdomain:
>
> In Shorewall package are example configurations for boxes with 2 or 3
> interfaces. You might want to look there.
>
> At http://shorewall.net/ is lot of other info and also a mailing list.
> Tom Eastep - author of Shorewall - is very active in answering all kinds
> of questions. So in case of problems just post a message there.
>
Thank you Dan, I will try looking there.
--
~Ohmster
Michael W. Cocke
wrote:
I agree completely - Shorewall is probably the easiest FLEXIBLE
firewall option out there. I looked at 6 or 7 of them before I chose
Shorewall.
Mike-
If you're not confused, you're not trying hard enough.
----------------------------------------------------
Please note - Due to the intense volume of spam, we have
installed site-wide spam filters at catherders.com. If
email from you bounces, try non-HTML, non-encoded,
non-attachments.
----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---