2002-10-09 17:47:48 +02:00
|
|
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
2002-08-07 16:28:04 +02:00
|
|
|
|
<html>
|
|
|
|
|
<head>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2002-10-09 17:47:48 +02:00
|
|
|
|
<meta http-equiv="Content-Type"
|
|
|
|
|
content="text/html; charset=windows-1252">
|
|
|
|
|
<title>Shorewall Installation</title>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2002-10-09 17:47:48 +02:00
|
|
|
|
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2002-10-09 17:47:48 +02:00
|
|
|
|
<meta name="ProgId" content="FrontPage.Editor.Document">
|
2002-08-07 16:28:04 +02:00
|
|
|
|
</head>
|
2002-10-09 17:47:48 +02:00
|
|
|
|
<body>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2002-10-09 17:47:48 +02:00
|
|
|
|
<table border="0" cellpadding="0" cellspacing="0"
|
|
|
|
|
style="border-collapse: collapse;" bordercolor="#111111" width="100%"
|
|
|
|
|
id="AutoNumber1" bgcolor="#400169" height="90">
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<tbody>
|
|
|
|
|
<tr>
|
|
|
|
|
<td width="100%">
|
2003-03-23 19:47:54 +01:00
|
|
|
|
<h1 align="center"><font color="#ffffff">Shorewall Installation and
|
2003-04-13 17:28:32 +02:00
|
|
|
|
Upgrade</font></h1>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
</td>
|
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
|
|
</tbody>
|
2002-08-22 23:33:54 +02:00
|
|
|
|
</table>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2002-10-09 17:47:48 +02:00
|
|
|
|
<p align="center"><b>Before upgrading, be sure to review the <a
|
2003-04-13 17:28:32 +02:00
|
|
|
|
href="upgrade_issues.htm">Upgrade Issues<br>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
</a></b></p>
|
|
|
|
|
|
|
|
|
|
<div align="left"><b>Before attempting installation, I strongly urge you
|
|
|
|
|
to read and print a copy of the <a
|
|
|
|
|
href="shorewall_quickstart_guide.htm">Shorewall QuickStart Guide</a>
|
|
|
|
|
for the configuration that most closely matches your own.</b><br>
|
|
|
|
|
</div>
|
|
|
|
|
|
2002-08-07 16:28:04 +02:00
|
|
|
|
<p><font size="4"><b><a href="#Install_RPM">Install using RPM</a><br>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<a href="#Install_Tarball">Install using tarball<br>
|
|
|
|
|
</a><a href="#LRP">Install the .lrp</a><br>
|
|
|
|
|
<a href="#Upgrade_RPM">Upgrade using RPM</a><br>
|
|
|
|
|
<a href="#Upgrade_Tarball">Upgrade using tarball<br>
|
|
|
|
|
</a><a href="#LRP_Upgrade">Upgrade the .lrp</a><br>
|
|
|
|
|
<a href="#Config_Files">Configuring Shorewall</a><br>
|
|
|
|
|
<a href="fallback.htm">Uninstall/Fallback</a></b></font></p>
|
|
|
|
|
|
2002-08-07 16:28:04 +02:00
|
|
|
|
<p><a name="Install_RPM"></a>To install Shorewall using the RPM:</p>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-03-23 19:47:54 +01:00
|
|
|
|
<p><b>If you have RedHat 7.2 and are running iptables version 1.2.3 (at a
|
2003-04-13 17:28:32 +02:00
|
|
|
|
shell prompt, type "/sbin/iptables --version"), you must upgrade to version
|
|
|
|
|
1.2.4 either from the <a
|
2003-03-23 19:47:54 +01:00
|
|
|
|
href="http://www.redhat.com/support/errata/RHSA-2001-144.html">RedHat update
|
2003-04-13 17:28:32 +02:00
|
|
|
|
site</a> or from the <a href="errata.htm">Shorewall Errata page</a> before
|
|
|
|
|
attempting to start Shorewall.</b></p>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2002-08-22 23:33:54 +02:00
|
|
|
|
<ul>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<li>Install the RPM (rpm -ivh <shorewall rpm>).<br>
|
|
|
|
|
<br>
|
|
|
|
|
<b>Note1: </b>Some SuSE users have encountered a problem whereby
|
|
|
|
|
rpm reports a conflict with kernel <= 2.2 even though a 2.4 kernel
|
|
|
|
|
is installed. If this happens, simply use the --nodeps option to rpm
|
2003-03-23 19:47:54 +01:00
|
|
|
|
(rpm -ivh --nodeps <shorewall rpm>).<br>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<br>
|
|
|
|
|
<b>Note2: </b>Beginning with Shorewall 1.4.0, Shorewall is dependent
|
|
|
|
|
on the iproute package. Unfortunately, some distributions call this package
|
|
|
|
|
iproute2 which will cause the installation of Shorewall to fail with the
|
2003-03-23 19:47:54 +01:00
|
|
|
|
diagnostic:<br>
|
2003-04-13 17:28:32 +02:00
|
|
|
|
<br>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<20> <20> <20>error: failed dependencies:iproute is needed by shorewall-1.4.0-1
|
|
|
|
|
<br>
|
|
|
|
|
<br>
|
|
|
|
|
This may be worked around by using the --nodeps option of rpm (rpm -ivh
|
|
|
|
|
--nodeps <shorewall rpm>).<br>
|
|
|
|
|
<br>
|
|
|
|
|
</li>
|
|
|
|
|
<li>Edit the <a href="#Config_Files"> configuration files</a>
|
|
|
|
|
to match your configuration. <font color="#ff0000"><b>WARNING - YOU CAN
|
|
|
|
|
<u>NOT</u> SIMPLY INSTALL THE RPM AND ISSUE A "shorewall start" COMMAND.
|
|
|
|
|
SOME CONFIGURATION IS REQUIRED BEFORE THE FIREWALL WILL START. IF YOU
|
|
|
|
|
ISSUE A "start" COMMAND AND THE FIREWALL FAILS TO START, YOUR SYSTEM
|
|
|
|
|
WILL NO LONGER ACCEPT ANY NETWORK TRAFFIC. IF THIS HAPPENS, ISSUE A "shorewall
|
|
|
|
|
clear" COMMAND TO RESTORE NETWORK CONNECTIVITY.</b></font></li>
|
|
|
|
|
<li>Start the firewall by typing "shorewall start"</li>
|
|
|
|
|
|
2003-04-13 17:28:32 +02:00
|
|
|
|
</ul>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-03-23 19:47:54 +01:00
|
|
|
|
<p><a name="Install_Tarball"></a>To install Shorewall using the tarball
|
2003-04-13 17:28:32 +02:00
|
|
|
|
and install script: </p>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2002-08-22 23:33:54 +02:00
|
|
|
|
<ul>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<li>unpack the tarball (tar -zxf shorewall-x.y.z.tgz).</li>
|
|
|
|
|
<li>cd to the shorewall directory (the version is encoded in the
|
2003-04-13 17:28:32 +02:00
|
|
|
|
directory name as in "shorewall-1.1.10").</li>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<li>If you are using <a
|
2002-10-09 17:47:48 +02:00
|
|
|
|
href="http://www.caldera.com/openstore/openlinux/">Caldera</a>, <a
|
|
|
|
|
href="http://www.redhat.com">RedHat</a>, <a
|
|
|
|
|
href="http://www.linux-mandrake.com">Mandrake</a>, <a
|
|
|
|
|
href="http://www.corel.com">Corel</a>, <a
|
|
|
|
|
href="http://www.slackware.com/">Slackware</a> or <a
|
|
|
|
|
href="http://www.debian.org">Debian</a> then type "./install.sh"</li>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<li>If you are using <a href="http://www.suse.com">SuSe</a> then
|
2003-04-13 17:28:32 +02:00
|
|
|
|
type "./install.sh /etc/init.d"</li>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<li>If your distribution has directory /etc/rc.d/init.d
|
2003-04-13 17:28:32 +02:00
|
|
|
|
or /etc/init.d then type "./install.sh"</li>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<li>For other distributions, determine where your
|
|
|
|
|
distribution installs init scripts and type "./install.sh
|
|
|
|
|
<init script directory></li>
|
|
|
|
|
<li>Edit the <a href="#Config_Files"> configuration files</a>
|
|
|
|
|
to match your configuration.</li>
|
|
|
|
|
<li>Start the firewall by typing "shorewall start"</li>
|
|
|
|
|
<li>If the install script was unable to configure Shorewall to
|
2003-04-13 17:28:32 +02:00
|
|
|
|
be started automatically at boot, see <a
|
2002-10-09 17:47:48 +02:00
|
|
|
|
href="starting_and_stopping_shorewall.htm">these instructions</a>.</li>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2002-08-22 23:33:54 +02:00
|
|
|
|
</ul>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-03-23 19:47:54 +01:00
|
|
|
|
<p><a name="LRP"></a>To install my version of Shorewall on a fresh Bering
|
2003-05-18 20:38:34 +02:00
|
|
|
|
disk, simply replace the "shorwall.lrp" file on the image with the file
|
|
|
|
|
that you downloaded. See the <a href="two-interface.htm">two-interface
|
|
|
|
|
QuickStart Guide</a> for information about further steps required.</p>
|
|
|
|
|
|
2003-03-23 19:47:54 +01:00
|
|
|
|
<p><a name="Upgrade_RPM"></a>If you already have the Shorewall RPM installed
|
2003-04-13 17:28:32 +02:00
|
|
|
|
and are upgrading to a new version:</p>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
|
|
|
|
<p>If you are upgrading from a 1.2 version of Shorewall to a 1.4 version or
|
|
|
|
|
and you have entries in the /etc/shorewall/hosts file then please check
|
|
|
|
|
your /etc/shorewall/interfaces file to be sure that it contains an entry
|
2003-04-13 17:28:32 +02:00
|
|
|
|
for each interface mentioned in the hosts file. Also, there are certain
|
2003-05-18 20:38:34 +02:00
|
|
|
|
1.2 rule forms that are no longer supported under 1.4 (you must use the
|
|
|
|
|
new 1.4 syntax). See <a href="errata.htm#Upgrade">the upgrade issues </a>for
|
|
|
|
|
details.</p>
|
|
|
|
|
|
2002-08-22 23:33:54 +02:00
|
|
|
|
<ul>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<li>Upgrade the RPM (rpm -Uvh <shorewall rpm file>) <b>Note:
|
|
|
|
|
</b>If you are installing version 1.2.0 and have one of the 1.2.0
|
|
|
|
|
Beta RPMs installed, you must use the "--oldpackage" option to rpm (e.g.,
|
|
|
|
|
"rpm -Uvh --oldpackage shorewall-1.2-0.noarch.rpm").
|
|
|
|
|
|
2003-03-23 19:47:54 +01:00
|
|
|
|
<p> <b>Note1: </b>Some SuSE users have encountered a problem whereby
|
2003-04-13 17:28:32 +02:00
|
|
|
|
rpm reports a conflict with kernel <= 2.2 even though a 2.4 kernel
|
2003-05-18 20:38:34 +02:00
|
|
|
|
is installed. If this happens, simply use the --nodeps option to rpm
|
|
|
|
|
(rpm -Uvh --nodeps <shorewall rpm>).<br>
|
|
|
|
|
<br>
|
|
|
|
|
<b>Note2: </b>Beginning with Shorewall 1.4.0, Shorewall is dependent
|
|
|
|
|
on the iproute package. Unfortunately, some distributions call this package
|
|
|
|
|
iproute2 which will cause the upgrade of Shorewall to fail with the diagnostic:<br>
|
2003-04-13 17:28:32 +02:00
|
|
|
|
<br>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<20> <20> <20>error: failed dependencies:iproute is needed by shorewall-1.4.0-1
|
2003-04-13 17:28:32 +02:00
|
|
|
|
<br>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<br>
|
|
|
|
|
This may be worked around by using the --nodeps option of rpm (rpm -Uvh
|
2003-04-13 17:28:32 +02:00
|
|
|
|
--nodeps <shorewall rpm>).<2E></p>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
</li>
|
|
|
|
|
<li>See if there are any incompatibilities between your configuration
|
|
|
|
|
and the new Shorewall version (type "shorewall check") and correct as
|
2003-04-13 17:28:32 +02:00
|
|
|
|
necessary.</li>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<li>Restart the firewall (shorewall restart).</li>
|
|
|
|
|
|
2002-08-22 23:33:54 +02:00
|
|
|
|
</ul>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
|
|
|
|
<p><a name="Upgrade_Tarball"></a>If you already have Shorewall installed
|
|
|
|
|
and are upgrading to a new version using the tarball:</p>
|
|
|
|
|
|
|
|
|
|
<p>If you are upgrading from a 1.2 version of Shorewall to a 1.4 version
|
|
|
|
|
and you have entries in the /etc/shorewall/hosts file then please check
|
|
|
|
|
your /etc/shorewall/interfaces file to be sure that it contains an entry
|
|
|
|
|
for each interface mentioned in the hosts file.<2E> Also, there are certain
|
|
|
|
|
1.2 rule forms that are no longer supported under 1.4 (you must use the
|
|
|
|
|
new 1.4 syntax). See <a href="errata.htm#Upgrade">the upgrade issues</a>
|
|
|
|
|
for details. </p>
|
|
|
|
|
|
2002-08-22 23:33:54 +02:00
|
|
|
|
<ul>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<li>unpack the tarball (tar -zxf shorewall-x.y.z.tgz).</li>
|
|
|
|
|
<li>cd to the shorewall directory (the version is encoded in the
|
2003-04-13 17:28:32 +02:00
|
|
|
|
directory name as in "shorewall-3.0.1").</li>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<li>If you are using <a
|
2002-10-09 17:47:48 +02:00
|
|
|
|
href="http://www.caldera.com/openstore/openlinux/">Caldera</a>, <a
|
|
|
|
|
href="http://www.redhat.com">RedHat</a>, <a
|
|
|
|
|
href="http://www.linux-mandrake.com">Mandrake</a>, <a
|
|
|
|
|
href="http://www.corel.com">Corel</a>, <a
|
|
|
|
|
href="http://www.slackware.com/">Slackware</a> or <a
|
|
|
|
|
href="http://www.debian.org">Debian</a> then type "./install.sh"</li>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<li>If you are using<a href="http://www.suse.com"> SuSe</a> then
|
2003-04-13 17:28:32 +02:00
|
|
|
|
type "./install.sh /etc/init.d"</li>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<li>If your distribution has directory /etc/rc.d/init.d
|
2003-04-13 17:28:32 +02:00
|
|
|
|
or /etc/init.d then type "./install.sh"</li>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<li>For other distributions, determine where your
|
|
|
|
|
distribution installs init scripts and type "./install.sh
|
|
|
|
|
<init script directory></li>
|
|
|
|
|
<li>See if there are any incompatibilities between your configuration
|
|
|
|
|
and the new Shorewall version (type "shorewall check") and correct as
|
2003-04-13 17:28:32 +02:00
|
|
|
|
necessary.</li>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<li>Restart the firewall by typing "shorewall restart"</li>
|
|
|
|
|
|
2002-08-22 23:33:54 +02:00
|
|
|
|
</ul>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<a name="LRP_Upgrade"></a>If you already have a running Bering
|
2003-04-13 17:28:32 +02:00
|
|
|
|
installation and wish to upgrade to a later version of Shorewall:<br>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<br>
|
|
|
|
|
<20><><EFBFBD> <b>UNDER CONSTRUCTION...</b><br>
|
|
|
|
|
|
2002-10-09 17:47:48 +02:00
|
|
|
|
<h3><a name="Config_Files"></a>Configuring Shorewall</h3>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
|
|
|
|
<p>You will need to edit some or all of the configuration files to match your
|
|
|
|
|
setup. In most cases, the <a href="shorewall_quickstart_guide.htm">Shorewall
|
|
|
|
|
QuickStart Guides</a> contain all of the information you need.</p>
|
|
|
|
|
|
2002-08-22 23:33:54 +02:00
|
|
|
|
<ul>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2002-08-22 23:33:54 +02:00
|
|
|
|
</ul>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-04-13 17:28:32 +02:00
|
|
|
|
<p><font size="2">Updated 4/8/2003 - <a href="support.htm">Tom Eastep</a>
|
|
|
|
|
</font></p>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
|
2003-02-08 21:48:47 +01:00
|
|
|
|
<p><a href="copyright.htm"><font size="2">Copyright</font> <20> <font
|
2003-05-18 20:38:34 +02:00
|
|
|
|
size="2">2001, 2002, 2003 Thomas M. Eastep.</font></a><br>
|
|
|
|
|
</p>
|
2002-10-09 17:47:48 +02:00
|
|
|
|
</body>
|
|
|
|
|
</html>
|