shorewall_code/Shorewall-docs/shorewall_quickstart_guide.xml

424 lines
17 KiB
XML
Raw Normal View History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<article id="IPIP">
<articleinfo>
<title>Shorewall QuickStart Guides (HOWTOs)</title>
<authorgroup>
<author>
<firstname>Tom</firstname>
<surname>Eastep</surname>
</author>
</authorgroup>
<pubdate>2003-12-08</pubdate>
<copyright>
<year>2001</year>
<year>2002</year>
<year>2003</year>
<holder>Thomas M. Eastep</holder>
</copyright>
<legalnotice>
<para>Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled &#34;<ulink
url="GnuCopyright.htm">GNU Free Documentation License</ulink>&#34;.</para>
</legalnotice>
</articleinfo>
<para>With thanks to Richard who reminded me once again that we must all
first walk before we can run.</para>
<para>The French Translations of the single-IP guides are courtesy of
Patrice Vetsel.</para>
<para>The French Translation of the Shorewall Setup Guide is courtesy of
Fabien Demassieux.</para>
<section id="Guides">
<title>The Guides</title>
<para>These guides provide step-by-step instructions for configuring
Shorewall in common firewall setups.</para>
<section>
<title>If you have a <emphasis role="bold">single public IP address</emphasis></title>
<para>These guides are designed to get your first firewall up and
running quickly in the three most common Shorewall configurations. If
you want to learn more about Shorewall than is explained in the above
simple guides,&#x00A0; the Shorewall Setup Guide (See Index Below) is
for you.<itemizedlist><listitem><para><ulink url="standalone.htm">Standalone</ulink>
Linux System (<ulink url="standalone_fr.html">Version Française</ulink>)</para></listitem><listitem><para><ulink
url="two-interface.htm">Two-interface</ulink> Linux System acting as a
firewall/router for a small local network (<ulink
url="two-interface_fr.html">Version Française</ulink>)</para></listitem><listitem><para><ulink
url="three-interface.htm">Three-interface</ulink> Linux System acting as
a firewall/router for a small local network and a DMZ. (<ulink
url="three-interface_fr.html">Version Française</ulink>)</para></listitem></itemizedlist></para>
</section>
<section>
<title>If you have more than one public IP address</title>
<para>The <ulink url="shorewall_setup_guide.htm">Shorewall Setup Guide</ulink>
(See Index Below) outlines the steps necessary to set up a firewall
where there are multiple public IP addresses involved or if you want to
learn more about Shorewall than is explained in the single-address
guides above (<ulink url="shorewall_setup_guide_fr.htm">Version
Française</ulink>).</para>
</section>
</section>
<section id="Documentation">
<title>Documentation Index</title>
<para>The following documentation covers a variety of topics and
supplements the <ulink url="#Guides">QuickStart Guides</ulink> described
above. Please review the appropriate guide before trying to use this
documentation directly.</para>
<para>If you use one of these guides and have a suggestion for improvement
<ulink url="mailto:webmaster@shorewall.net">please let me know</ulink>.</para>
<itemizedlist>
<listitem>
<para><ulink url="Accounting.html">Accounting</ulink></para>
</listitem>
<listitem>
<para><ulink url="Shorewall_and_Aliased_Interfaces.html">Aliased
(virtual) Interfaces (e.g., eth0:0)</ulink></para>
</listitem>
<listitem>
<para><ulink url="blacklisting_support.htm">Blacklisting</ulink></para>
<itemizedlist>
<listitem>
<para>Static Blacklisting using /etc/shorewall/blacklist</para>
</listitem>
<listitem>
<para>Dynamic Blacklisting using /sbin/shorewall</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink url="starting_and_stopping_shorewall.htm">Commands</ulink>
(Description of all /sbin/shorewall commands)</para>
</listitem>
<listitem>
<para><ulink url="configuration_file_basics.htm">Common configuration
file features&#x00A0;</ulink><itemizedlist><listitem><para><ulink
url="configuration_file_basics.htm#Comments">Comments in configuration
files</ulink></para></listitem><listitem><para><ulink
url="configuration_file_basics.htm#Continuation">Line Continuation</ulink></para></listitem><listitem><para><ulink
url="configuration_file_basics.htm#INCLUDE">INCLUDE Directive</ulink></para></listitem><listitem><para><ulink
url="configuration_file_basics.htm#Ports">Port Numbers/Service Names</ulink>configuration_file_basics.htm#Ports</para></listitem><listitem><para><ulink
url="configuration_file_basics.htm#Ranges">Port Ranges</ulink></para></listitem><listitem><para><ulink
url="configuration_file_basics.htm#Variables">Using Shell Variables</ulink></para></listitem><listitem><para><ulink
url="configuration_file_basics.htm#dnsnames">Using DNS Names</ulink></para></listitem><listitem><para><ulink
url="configuration_file_basics.htm#Compliment">Complementing an IP
address or Subnet</ulink></para></listitem><listitem><para><ulink
url="configuration_file_basics.htm#Levels">Shorewall Configurations
(making a test configuration)</ulink></para></listitem><listitem><para><ulink
url="configuration_file_basics.htm#MAC">Using MAC Addresses in
Shorewall</ulink></para></listitem></itemizedlist></para>
</listitem>
<listitem>
<para><ulink url="Documentation.htm">Configuration File Reference
Manual </ulink><itemizedlist><listitem><para><ulink
url="Documentation.htm#Variables">params</ulink></para></listitem><listitem><para><ulink
url="Documentation.htm#Zones">zones</ulink></para></listitem><listitem><para><ulink
url="Documentation.htm#Interfaces">interfaces</ulink></para></listitem><listitem><para><ulink
url="Documentation.htm#Hosts">hosts</ulink></para></listitem><listitem><para><ulink
url="Documentation.htm#Policy">policy</ulink></para></listitem><listitem><para><ulink
url="Documentation.htm#Rules">rules</ulink></para></listitem><listitem><para><ulink
url="Documentation.htm#Common">common</ulink></para></listitem><listitem><para><ulink
url="Documentation.htm#Masq">masq</ulink></para></listitem><listitem><para><ulink
url="Documentation.htm#ProxyArp">proxyarp</ulink></para></listitem><listitem><para><ulink
url="Documentation.htm#NAT">nat</ulink></para></listitem><listitem><para><ulink
url="Documentation.htm#Tunnels">tunnels</ulink></para></listitem><listitem><para><ulink
url="traffic_shaping.htm#tcrules">tcrules</ulink></para></listitem><listitem><para><ulink
url="Documentation.htm#Conf">shorewall.conf</ulink></para></listitem><listitem><para><ulink
url="Documentation.htm#modules">modules</ulink></para></listitem><listitem><para><ulink
url="Documentation.htm#TOS">tos</ulink></para></listitem><listitem><para><ulink
url="Documentation.htm#Blacklist">blacklist</ulink></para></listitem><listitem><para><ulink
url="Documentation.htm#rfc1918">rfc1918</ulink></para></listitem><listitem><para><ulink
url="Documentation.htm#Routestopped">routestopped</ulink></para></listitem><listitem><para><ulink
url="Accounting.html">accounting</ulink></para></listitem><listitem><para><ulink
url="UserSets.html">usersets and users</ulink></para></listitem><listitem><para><ulink
url="MAC_Validation.html">maclist</ulink></para></listitem><listitem><para><ulink
url="User_defined_Actions.html">actions and action.template</ulink></para></listitem></itemizedlist></para>
</listitem>
<listitem>
<para><ulink url="CorpNetwork.htm">Corporate Network Example</ulink>
(Contributed by a Graeme Boyle)</para>
</listitem>
<listitem>
<para><ulink url="dhcp.htm">DHCP</ulink></para>
</listitem>
<listitem>
<para><ulink url="ECN.html">ECN Disabling by host or subnet</ulink></para>
</listitem>
<listitem>
<para><ulink url="errata.htm">Errata</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_extension_scripts.htm">Extension Scripts</ulink>
(How to extend Shorewall without modifying Shorewall code through the
use of files in /etc/shorewall -- /etc/shorewall/start,
/etc/shorewall/stopped, etc.)</para>
</listitem>
<listitem>
<para><ulink url="fallback.htm">Fallback/Uninstall</ulink></para>
</listitem>
<listitem>
<para><ulink url="FAQ.htm">FAQs</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_features.htm">Features</ulink></para>
</listitem>
<listitem>
<para><ulink url="Multiple_Zones.html">Forwarding Traffic on the Same
Interface</ulink></para>
</listitem>
<listitem>
<para><ulink url="FTP.html">FTP and Shorewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="support.htm">Getting help or answers to questions</ulink></para>
</listitem>
<listitem>
<para>Greater Seattle Linux Users Group Presentation</para>
<itemizedlist>
<listitem>
<para><ulink url="GSLUG.htm">HTML</ulink></para>
</listitem>
<listitem>
<para><ulink url="GSLUG.ppt">PowerPoint</ulink></para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink url="Install.htm">Installation/Upgrade</ulink></para>
</listitem>
<listitem>
<para><ulink url="IPSEC.htm">IPSEC</ulink></para>
</listitem>
<listitem>
<para><ulink url="Shorewall_and_Kazaa.html">Kazaa Filtering</ulink></para>
</listitem>
<listitem>
<para><ulink url="kernel.htm">Kernel Configuration</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_logging.html">Logging</ulink></para>
</listitem>
<listitem>
<para><ulink url="MAC_Validation.html">MAC Verification</ulink></para>
</listitem>
<listitem>
<para><ulink url="http://lists.shorewall.net">Mailing Lists</ulink></para>
</listitem>
<listitem>
<para><ulink url="Multiple_Zones.html">Multiple Zones Through One
Interface</ulink></para>
</listitem>
<listitem>
<para><ulink url="myfiles.htm">My Shorewall Configuration</ulink> (How
I personally use Shorewall)</para>
</listitem>
<listitem>
<para><ulink url="NetfilterOverview.html">Netfilter Overview</ulink></para>
</listitem>
<listitem>
<para><ulink url="NAT.htm">One-to-one NAT</ulink> (Formerly referred
to as Static NAT)</para>
</listitem>
<listitem>
<para><ulink url="OPENVPN.html">OpenVPN</ulink></para>
</listitem>
<listitem>
<para><ulink url="starting_and_stopping_shorewall.htm">Operating
Shorewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="ping.html">&#39;Ping&#39; Management</ulink></para>
</listitem>
<listitem>
<para><ulink url="ports.htm">Port Information</ulink></para>
<itemizedlist>
<listitem>
<para>Which applications use which ports</para>
</listitem>
<listitem>
<para>Ports used by Trojans</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink url="PPTP.htm">PPTP</ulink></para>
</listitem>
<listitem>
<para><ulink url="ProxyARP.htm">Proxy ARP</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_prerequisites.htm">Requirements</ulink></para>
</listitem>
<listitem>
<para><ulink url="samba.htm">Samba</ulink></para>
</listitem>
<listitem>
<para><ulink url="shorewall_setup_guide.htm">Shorewall Setup Guide</ulink><itemizedlist><listitem><para><ulink
url="shorewall_setup_guide.htm#Introduction">Introduction</ulink></para></listitem><listitem><para><ulink
url="shorewall_setup_guide.htm#Concepts">Shorewall Concepts</ulink></para></listitem><listitem><para><ulink
url="shorewall_setup_guide.htm#Interfaces">Network Interfaces</ulink></para></listitem><listitem><para><ulink
url="shorewall_setup_guide.htm#Addressing">Addressing, Subnets and
Routing</ulink></para><itemizedlist><listitem><para><ulink
url="shorewall_setup_guide.htm#Addresses">IP Addresses</ulink></para></listitem><listitem><para><ulink
url="shorewall_setup_guide.htm#Subnets">Subnets</ulink></para></listitem><listitem><para><ulink
url="shorewall_setup_guide.htm#Routing">Routing</ulink></para></listitem><listitem><para><ulink
url="shorewall_setup_guide.htm#ARP">Address Resolution Protocol (ARP)</ulink></para></listitem><listitem><para><ulink
url="shorewall_setup_guide.htm#RFC1918">RFC 1918</ulink></para></listitem></itemizedlist></listitem><listitem><para><ulink
url="shorewall_setup_guide.htm#Options">Setting up your Network</ulink></para><itemizedlist><listitem><para><ulink
url="shorewall_setup_guide.htm#Routed">Routed</ulink></para></listitem><listitem><para><ulink
url="shorewall_setup_guide.htm#NonRouted">Non-routed</ulink></para><itemizedlist><listitem><para><ulink
url="shorewall_setup_guide.htm#SNAT">SNAT</ulink></para></listitem><listitem><para><ulink
url="shorewall_setup_guide.htm#DNAT">DNAT</ulink></para></listitem><listitem><para><ulink
url="shorewall_setup_guide.htm#ProxyARP">Proxy ARP</ulink></para></listitem><listitem><para><ulink
url="shorewall_setup_guide.htm#NAT">One-to-one NAT</ulink></para></listitem></itemizedlist></listitem><listitem><para><ulink
url="shorewall_setup_guide.htm#Rules">Rules</ulink></para></listitem><listitem><para><ulink
url="shorewall_setup_guide.htm#OddsAndEnds">Odds and Ends</ulink></para></listitem></itemizedlist></listitem><listitem><para><ulink
url="shorewall_setup_guide.htm#DNS">DNS</ulink></para></listitem><listitem><para><ulink
url="starting_and_stopping_shorewall.htm">Starting and Stopping the
Firewall</ulink></para></listitem></itemizedlist></para>
</listitem>
<listitem>
<para><ulink url="starting_and_stopping_shorewall.htm">Starting/stopping
the Firewall</ulink><itemizedlist><listitem><para>Description of all
/sbin/shorewall commands</para></listitem><listitem><para>How to
safely test a Shorewall configuration change</para></listitem></itemizedlist></para>
</listitem>
<listitem>
<para><ulink url="Shorewall_Squid_Usage.html">Squid with Shorewall</ulink></para>
</listitem>
<listitem>
<para><ulink url="Accounting.html">Traffic Accounting</ulink></para>
</listitem>
<listitem>
<para><ulink url="traffic_shaping.htm">Traffic Shaping/QOS</ulink></para>
</listitem>
<listitem>
<para><ulink url="troubleshoot.htm">Troubleshooting</ulink> (Things to
try if it doesn&#39;t work)</para>
</listitem>
<listitem>
<para><ulink url="User_defined_Actions.html">User-defined Actions</ulink></para>
</listitem>
<listitem>
<para><ulink url="UserSets.html">UID/GID Based Rules</ulink></para>
</listitem>
<listitem>
<para><ulink url="upgrade_issues.htm">Upgrade Issues</ulink></para>
</listitem>
<listitem>
<para>VPN</para>
<itemizedlist>
<listitem>
<para><ulink url="IPSEC.htm">IPSEC</ulink></para>
</listitem>
<listitem>
<para><ulink url="IPIP.htm">GRE and IPIP</ulink></para>
</listitem>
<listitem>
<para><ulink url="OPENVPN.html">OpenVPN</ulink></para>
</listitem>
<listitem>
<para><ulink url="PPTP.htm">PPTP</ulink></para>
</listitem>
<listitem>
<para><ulink url="6to4.htm">6to4</ulink></para>
</listitem>
<listitem>
<para><ulink url="VPN.htm">IPSEC/PPTP passthrough from a system
behind your firewall to a remote network</ulink></para>
</listitem>
<listitem>
<para><ulink url="GenericTunnels.html">Other VPN types</ulink></para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para><ulink url="whitelisting_under_shorewall.htm">White List
Creation</ulink></para>
</listitem>
</itemizedlist>
</section>
</article>