Did not even think about the top posting on Debian lists. To many lists, to many rules. ;-)
Anyway, don't forget to also secure your firewall the best way you can. Good read: http://www.debian.org/doc/user-manuals#securing Mark Clifford W. Hansen wrote: > Greetz, > > Firstly I'm only top posting to keep with the flow... > > secondly, I agree with Mark, I've used shorewall and found it really > easy to use especially when you are lazy++ like me... > > After installing shorewall "apt-get install shorewall shorewall-docs" > you will need to set: > > Firewall:~# vi /etc/default/shorewall > Now simply change > startup = 0 > to > startup = 1 > save, and exit. > > >> Shorewall configuration files are stored in two separate places: >> /etc/shorewall stores all the program configuration files. >> /usr/share/shorewall stores supporting files and action files. >> >> On the Debian package version of shorewall, /etc/shorewall is >> rather empty. Luckily, we're provided with default configuration files >> in /usr/share/doc/shorewall/default-config >> >> Since we will need to use these config files to actually make >> Shorewall work, the first thing to do is to copy them over to >> /etc/shorewall: >> >> Firewall:~# cp /usr/share/doc/shorewall/default-config/* /etc/shorewall/ >> >> Now our /etc/shorewall directory should have default copies of all >> the config files. Next we modify a few of them to get our firewall in >> basic working order. I'm only going to cover the basic configurations >> necessary to get the firewall working. Please read the documentation >> in each config file you edit so you can fully understand what each >> step is really doing! > > Taken from: http://www.cyberdogtech.com/firewalls/firewall/ > > Take a look at that website it has a couple of nice tips... also read > the conf files, that should help alot aswell :) > > Good luck.... > > M. Maas wrote: >> Hi, >> >> Listen I don't want to be an ass... No really.. I don't! >> >> But would the use shorewall not make it easier? Or even the IPcop >> distribution? >> >> Seriously, I'd like to know the reasoning behind choosing the manual >> route instead of a easier automated one. >> >> Thanks, >> Mark >> >> Bradley Alexander wrote: >>> I am trying to configure a firewall, but nailing down the configuration >>> is eluding me. The box is running Debian stable. I have tried with >>> iproute2 (I'm including a description below), but not gotten the >>> intended effect. I have tried the lartc list, to no avail. A friend of >>> mine suggested setting up a virtual server for one set of interfaces and >>> running the other set on the native machine. Which is the best approach >>> to this? Muddling through the iproute2 configuration, or the virtual >>> server route? If virtual server, which would be the best one? Qemu? Xen? >>> VMware player or server (Free as in beer, but not is in speech)? >>> Basically, I have a rackmount server with six network interfaces (2 >>> onboard and a quad card). eth0 is the internal network, eth1 is a kiosk >>> network, eth2 is a DMZ/wireless network. On the outbound side, eth3 is a >>> DSL connection and eth4 is a cablemodem connection. >>> >>> What I am trying to do is route all internal traffic out the DSL >>> connection (eth0 to eth3), and the two dmzs, kiosk and wireless out the >>> cable connection (eth1 and eth2 to eth4). Thus far as I have been unable >>> to get this to work. >>> >>> For the sake of the discussion, the internal network is 10.1.1.0/24, the >>> kiosk is 172.16.1.0/24 and the dmz/wireless is 192.168.1.0/24. The dsl >>> line is 1.2.3.4 and the cable line is 9.8.7.6. >>> >>> I added the following to rt_tables: >>> >>> 1 internal >>> 2 kiosk >>> 3 dmz >>> >>> then created a script >>> >>> ip rule add from 10.1.1.0/24 table internal >>> ip route add default via 1.2.3.4 dev eth3 table internal >>> >>> ip rule add from 172.16.1.0/24 table kiosk >>> ip route add default via 9.8.7.6 dev eth4 table kiosk >>> >>> ip rule add from 192.168.1.0/24 table dmz >>> ip route add default via 9.8.7.6 dev eth4 table dmz >>> >>> When I run this script, it does not do what I expect, especially after >>> running the firewall rules atop it. I thought I had it nailed, but it >>> wasn't working as expected, and I really couldn't test very well. >>> >>> I'm hoping some kind soul on this list might have a few minutes for an >>> email exchange to help me get this sorted out. If so, please email me >>> off-list. I'm sure its probably something that I overlooked, but I'm at >>> a loss as to what. >>> >>> Regards, >>> --b >>> >>> >>> >> > -- www: http://menem.mine.nu/blog/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
