2002-08-13 22:45:21 +02:00
|
|
|
<html>
|
|
|
|
|
|
|
|
<head>
|
|
|
|
<meta http-equiv="Content-Language" content="en-us">
|
|
|
|
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
|
|
|
|
<meta name="ProgId" content="FrontPage.Editor.Document">
|
|
|
|
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
|
|
|
|
<title>Shorewall QuickStart Guide</title>
|
2002-08-22 23:21:41 +02:00
|
|
|
<meta name="Microsoft Theme" content="none">
|
2002-08-13 22:45:21 +02:00
|
|
|
</head>
|
|
|
|
|
|
|
|
<body>
|
|
|
|
|
2002-08-22 23:21:41 +02:00
|
|
|
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
|
|
|
|
<tr>
|
|
|
|
<td width="100%">
|
|
|
|
<h1 align="center"><font color="#FFFFFF">Shorewall QuickStart Guides<br>
|
|
|
|
Version 3.0</font></h1>
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
</table>
|
2002-08-13 22:45:21 +02:00
|
|
|
|
|
|
|
<p align="center">With thanks to Richard who reminded me once again that we must
|
|
|
|
all first walk before we can run.</p>
|
|
|
|
|
|
|
|
<h2>The Guides</h2>
|
|
|
|
<p>These guides provide step-by-step instructions for configuring Shorewall in
|
|
|
|
common firewall setups.</p>
|
|
|
|
<p>The following guides are for firewalls with a single external IP address:</p>
|
|
|
|
<ul>
|
|
|
|
<li><a href="standalone.htm">Standalone</a> Linux System</li>
|
|
|
|
<li><a href="two-interface.htm">Two-interface</a> Linux System acting as a
|
|
|
|
firewall/router for a small local network</li>
|
|
|
|
<li><a href="three-interface.htm">Three-interface</a> Linux System acting as a
|
|
|
|
firewall/router for a small local network and a DMZ.</li>
|
|
|
|
</ul>
|
|
|
|
<p>The above guides are designed to get your first firewall up and running
|
|
|
|
quickly in the three most common Shorewall configurations.</p>
|
|
|
|
<p>The <a href="shorewall_setup_guide.htm">Shorewall Setup Guide</a> outlines
|
|
|
|
the steps necessary to set up a firewall where there are multiple public IP
|
|
|
|
addresses involved or if you want to learn more about Shorewall than is
|
|
|
|
explained in the single-address guides above.</p>
|
|
|
|
<ul>
|
|
|
|
<li><a href="shorewall_setup_guide.htm#Introduction">1.0 Introduction</a></li>
|
|
|
|
<li><a href="shorewall_setup_guide.htm#Concepts">2.0 Shorewall Concepts</a></li>
|
|
|
|
<li><a href="shorewall_setup_guide.htm#Interfaces">3.0 Network Interfaces</a></li>
|
|
|
|
<li><a href="shorewall_setup_guide.htm#Addressing">4.0 Addressing, Subnets and Routing</a><ul>
|
|
|
|
<li><a href="shorewall_setup_guide.htm#Addresses">4.1 IP Addresses</a></li>
|
|
|
|
<li><a href="shorewall_setup_guide.htm#Subnets">4.2 Subnets</a></li>
|
|
|
|
<li><a href="shorewall_setup_guide.htm#Routing">4.3 Routing</a></li>
|
|
|
|
<li><a href="shorewall_setup_guide.htm#ARP">4.4 Address Resolution Protocol</a></li>
|
|
|
|
</ul>
|
|
|
|
<ul>
|
|
|
|
<li><a href="shorewall_setup_guide.htm#RFC1918">4.5 RFC 1918</a></li>
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
<li><a href="shorewall_setup_guide.htm#Options">5.0 Setting up your Network</a><ul>
|
|
|
|
<li><a href="shorewall_setup_guide.htm#Routed">5.1 Routed</a></li>
|
|
|
|
</ul>
|
|
|
|
<ul>
|
|
|
|
<li><a href="shorewall_setup_guide.htm#NonRouted">5.2 Non-routed</a><ul>
|
|
|
|
<li><a href="shorewall_setup_guide.htm#SNAT">5.2.1 SNAT</a></li>
|
|
|
|
<li><a href="shorewall_setup_guide.htm#DNAT">5.2.2 DNAT</a></li>
|
|
|
|
<li><a href="shorewall_setup_guide.htm#ProxyARP">5.2.3 Proxy ARP</a></li>
|
|
|
|
<li><a href="shorewall_setup_guide.htm#NAT">5.2.4 Static NAT</a></li>
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
<li><a href="shorewall_setup_guide.htm#Rules">5.3 Rules</a></li>
|
|
|
|
<li><a href="shorewall_setup_guide.htm#OddsAndEnds">5.4 Odds and Ends</a></li>
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
<li><a href="shorewall_setup_guide.htm#DNS">6.0 DNS</a></li>
|
|
|
|
<li><a href="shorewall_setup_guide.htm#StartingAndStopping">7.0 Starting and
|
|
|
|
Stopping the Firewall</a></li>
|
|
|
|
</ul>
|
|
|
|
<h2><a name="Documentation"></a>Additional Documentation</h2>
|
|
|
|
<p>The following documentation covers a variety of topics and supplements the
|
2002-08-22 23:21:41 +02:00
|
|
|
<a href="shorewall_quickstart_guide.htm">QuickStart Guides</a> described above.</p>
|
2002-08-13 22:45:21 +02:00
|
|
|
<ul>
|
|
|
|
<li><a href="blacklisting_support.htm">Blacklisting</a><ul>
|
|
|
|
<li>Static Blacklisting using /etc/shorewall/blacklist</li>
|
|
|
|
<li>Dynamic Blacklisting using /sbin/shorewall</li>
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
<li><a href="configuration_file_basics.htm">Common configuration file features</a><ul>
|
|
|
|
<li>Comments in configuration files</li>
|
|
|
|
<li>Line Continuation</li>
|
|
|
|
<li>Port Numbers/Service Names</li>
|
|
|
|
<li>Port Ranges</li>
|
|
|
|
<li>Using Shell Variables</li>
|
|
|
|
<li>Complementing an IP address or Subnet</li>
|
|
|
|
<li>Shorewall Configurations (making a test configuration)</li>
|
|
|
|
<li>Using MAC Addresses in Shorewall</li>
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
<li><a href="Documentation.htm">Configuration File Reference Manual</a><ul>
|
|
|
|
<li>
|
|
|
|
<a href="Documentation.htm#Variables">params</a></li>
|
|
|
|
<li><font color="#000099"><a href="Documentation.htm#Zones">zones</a></font></li>
|
|
|
|
<li><font color="#000099"><a href="Documentation.htm#Interfaces">interfaces</a></font></li>
|
|
|
|
<li><font color="#000099"><a href="Documentation.htm#Hosts">hosts</a></font></li>
|
|
|
|
<li><font color="#000099"><a href="Documentation.htm#Policy">policy</a></font></li>
|
|
|
|
<li><font color="#000099"><a href="Documentation.htm#Rules">rules</a></font></li>
|
|
|
|
<li><a href="Documentation.htm#Common">common</a></li>
|
|
|
|
<li><font color="#000099"><a href="Documentation.htm#Masq">masq</a></font></li>
|
|
|
|
<li><font color="#000099"><a href="Documentation.htm#ProxyArp">proxyarp</a></font></li>
|
|
|
|
<li><font color="#000099"><a href="Documentation.htm#NAT">nat</a></font></li>
|
|
|
|
<li><font color="#000099"><a href="Documentation.htm#Tunnels">tunnels</a></font></li>
|
|
|
|
<li><a href="traffic_shaping.htm#tcrules">tcrules</a></li>
|
|
|
|
<li><font color="#000099"><a href="Documentation.htm#Conf">shorewall.conf</a></font></li>
|
|
|
|
<li><a href="Documentation.htm#modules">modules</a></li>
|
|
|
|
<li><a href="Documentation.htm#TOS">tos</a> </li>
|
|
|
|
<li><a href="Documentation.htm#Blacklist">blacklist</a></li>
|
|
|
|
<li><a href="Documentation.htm#rfc1918">rfc1918</a></li>
|
|
|
|
<li><a href="Documentation.htm#Routestopped">routestopped</a></li>
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
<li><a href="dhcp.htm">DHCP</a></li>
|
|
|
|
<li><font color="#000099"><a href="shorewall_extension_scripts.htm">Extension Scripts</a></font>
|
|
|
|
(How to extend Shorewall without modifying Shorewall code)</li>
|
|
|
|
<li><a href="fallback.htm">Fallback/Uninstall</a></li>
|
|
|
|
<li><a href="shorewall_firewall_structure.htm">Firewall Structure</a></li>
|
|
|
|
<li><font color="#000099"><a href="kernel.htm">Kernel Configuration</a></font></li>
|
|
|
|
<li><a href="myfiles.htm">My
|
|
|
|
Configuration Files</a> (How I personally use Shorewall)</li>
|
|
|
|
<li><a href="ports.htm">Port Information</a><ul>
|
|
|
|
<li>Which applications use which ports</li>
|
|
|
|
<li>Ports used by Trojans</li>
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
<li><a href="ProxyARP.htm">Proxy ARP</a></li>
|
|
|
|
<li><a href="samba.htm">Samba</a></li>
|
|
|
|
<li><font color="#000099"><a href="starting_and_stopping_shorewall.htm">Starting/stopping the Firewall</a></font></li>
|
|
|
|
<li><font color="#000099"><a href="NAT.htm">Static NAT</a></font></li>
|
2002-08-22 23:21:41 +02:00
|
|
|
<li><a href="traffic_shaping.htm">Traffic Shaping/Control</a></li>
|
2002-08-13 22:45:21 +02:00
|
|
|
<li>Tunnels<ul>
|
|
|
|
<li><a href="IPSEC.htm">IPSEC</a></li>
|
|
|
|
<li><a href="IPIP.htm">GRE and IPIP</a></li>
|
|
|
|
<li><a href="PPTP.htm">PPTP</a></li>
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
|
|
<li><a href="whitelisting_under_shorewall.htm">White List Creation</a></li>
|
|
|
|
</ul>
|
|
|
|
<p>If you use one of these guides and have a suggestion for improvement
|
|
|
|
<a href="mailto:webmaster@shorewall.net">please let me know</a>.</p>
|
|
|
|
<p><a href="copyright.htm"><font size="2">Copyright 2002 Thomas M. Eastep</font></a></p>
|
|
|
|
|
|
|
|
</body>
|
|
|
|
|
|
|
|
</html>
|