mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-25 23:59:01 +01:00
424 lines
17 KiB
XML
424 lines
17 KiB
XML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
||
|
<article id="IPIP">
|
||
|
<articleinfo>
|
||
|
<title>Shorewall QuickStart Guides (HOWTOs)</title>
|
||
|
|
||
|
<authorgroup>
|
||
|
<author>
|
||
|
<firstname>Tom</firstname>
|
||
|
|
||
|
<surname>Eastep</surname>
|
||
|
</author>
|
||
|
</authorgroup>
|
||
|
|
||
|
<pubdate>2003-12-08</pubdate>
|
||
|
|
||
|
<copyright>
|
||
|
<year>2001</year>
|
||
|
|
||
|
<year>2002</year>
|
||
|
|
||
|
<year>2003</year>
|
||
|
|
||
|
<holder>Thomas M. Eastep</holder>
|
||
|
</copyright>
|
||
|
|
||
|
<legalnotice>
|
||
|
<para>Permission is granted to copy, distribute and/or modify this
|
||
|
document under the terms of the GNU Free Documentation License, Version
|
||
|
1.2 or any later version published by the Free Software Foundation; with
|
||
|
no Invariant Sections, with no Front-Cover, and with no Back-Cover
|
||
|
Texts. A copy of the license is included in the section entitled "<ulink
|
||
|
url="GnuCopyright.htm">GNU Free Documentation License</ulink>".</para>
|
||
|
</legalnotice>
|
||
|
</articleinfo>
|
||
|
|
||
|
<para>With thanks to Richard who reminded me once again that we must all
|
||
|
first walk before we can run.</para>
|
||
|
|
||
|
<para>The French Translations of the single-IP guides are courtesy of
|
||
|
Patrice Vetsel.</para>
|
||
|
|
||
|
<para>The French Translation of the Shorewall Setup Guide is courtesy of
|
||
|
Fabien Demassieux.</para>
|
||
|
|
||
|
<section id="Guides">
|
||
|
<title>The Guides</title>
|
||
|
|
||
|
<para>These guides provide step-by-step instructions for configuring
|
||
|
Shorewall in common firewall setups.</para>
|
||
|
|
||
|
<section>
|
||
|
<title>If you have a <emphasis role="bold">single public IP address</emphasis></title>
|
||
|
|
||
|
<para>These guides are designed to get your first firewall up and
|
||
|
running quickly in the three most common Shorewall configurations. If
|
||
|
you want to learn more about Shorewall than is explained in the above
|
||
|
simple guides,  the Shorewall Setup Guide (See Index Below) is
|
||
|
for you.<itemizedlist><listitem><para><ulink url="standalone.htm">Standalone</ulink>
|
||
|
Linux System (<ulink url="standalone_fr.html">Version Française</ulink>)</para></listitem><listitem><para><ulink
|
||
|
url="two-interface.htm">Two-interface</ulink> Linux System acting as a
|
||
|
firewall/router for a small local network (<ulink
|
||
|
url="two-interface_fr.html">Version Française</ulink>)</para></listitem><listitem><para><ulink
|
||
|
url="three-interface.htm">Three-interface</ulink> Linux System acting as
|
||
|
a firewall/router for a small local network and a DMZ. (<ulink
|
||
|
url="three-interface_fr.html">Version Française</ulink>)</para></listitem></itemizedlist></para>
|
||
|
</section>
|
||
|
|
||
|
<section>
|
||
|
<title>If you have more than one public IP address</title>
|
||
|
|
||
|
<para>The <ulink url="shorewall_setup_guide.htm">Shorewall Setup Guide</ulink>
|
||
|
(See Index Below) outlines the steps necessary to set up a firewall
|
||
|
where there are multiple public IP addresses involved or if you want to
|
||
|
learn more about Shorewall than is explained in the single-address
|
||
|
guides above (<ulink url="shorewall_setup_guide_fr.htm">Version
|
||
|
Française</ulink>).</para>
|
||
|
</section>
|
||
|
</section>
|
||
|
|
||
|
<section id="Documentation">
|
||
|
<title>Documentation Index</title>
|
||
|
|
||
|
<para>The following documentation covers a variety of topics and
|
||
|
supplements the <ulink url="#Guides">QuickStart Guides</ulink> described
|
||
|
above. Please review the appropriate guide before trying to use this
|
||
|
documentation directly.</para>
|
||
|
|
||
|
<para>If you use one of these guides and have a suggestion for improvement
|
||
|
<ulink url="mailto:webmaster@shorewall.net">please let me know</ulink>.</para>
|
||
|
|
||
|
<itemizedlist>
|
||
|
<listitem>
|
||
|
<para><ulink url="Accounting.html">Accounting</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="Shorewall_and_Aliased_Interfaces.html">Aliased
|
||
|
(virtual) Interfaces (e.g., eth0:0)</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="blacklisting_support.htm">Blacklisting</ulink></para>
|
||
|
|
||
|
<itemizedlist>
|
||
|
<listitem>
|
||
|
<para>Static Blacklisting using /etc/shorewall/blacklist</para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para>Dynamic Blacklisting using /sbin/shorewall</para>
|
||
|
</listitem>
|
||
|
</itemizedlist>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="starting_and_stopping_shorewall.htm">Commands</ulink>
|
||
|
(Description of all /sbin/shorewall commands)</para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="configuration_file_basics.htm">Common configuration
|
||
|
file features </ulink><itemizedlist><listitem><para><ulink
|
||
|
url="configuration_file_basics.htm#Comments">Comments in configuration
|
||
|
files</ulink></para></listitem><listitem><para><ulink
|
||
|
url="configuration_file_basics.htm#Continuation">Line Continuation</ulink></para></listitem><listitem><para><ulink
|
||
|
url="configuration_file_basics.htm#INCLUDE">INCLUDE Directive</ulink></para></listitem><listitem><para><ulink
|
||
|
url="configuration_file_basics.htm#Ports">Port Numbers/Service Names</ulink>configuration_file_basics.htm#Ports</para></listitem><listitem><para><ulink
|
||
|
url="configuration_file_basics.htm#Ranges">Port Ranges</ulink></para></listitem><listitem><para><ulink
|
||
|
url="configuration_file_basics.htm#Variables">Using Shell Variables</ulink></para></listitem><listitem><para><ulink
|
||
|
url="configuration_file_basics.htm#dnsnames">Using DNS Names</ulink></para></listitem><listitem><para><ulink
|
||
|
url="configuration_file_basics.htm#Compliment">Complementing an IP
|
||
|
address or Subnet</ulink></para></listitem><listitem><para><ulink
|
||
|
url="configuration_file_basics.htm#Levels">Shorewall Configurations
|
||
|
(making a test configuration)</ulink></para></listitem><listitem><para><ulink
|
||
|
url="configuration_file_basics.htm#MAC">Using MAC Addresses in
|
||
|
Shorewall</ulink></para></listitem></itemizedlist></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="Documentation.htm">Configuration File Reference
|
||
|
Manual </ulink><itemizedlist><listitem><para><ulink
|
||
|
url="Documentation.htm#Variables">params</ulink></para></listitem><listitem><para><ulink
|
||
|
url="Documentation.htm#Zones">zones</ulink></para></listitem><listitem><para><ulink
|
||
|
url="Documentation.htm#Interfaces">interfaces</ulink></para></listitem><listitem><para><ulink
|
||
|
url="Documentation.htm#Hosts">hosts</ulink></para></listitem><listitem><para><ulink
|
||
|
url="Documentation.htm#Policy">policy</ulink></para></listitem><listitem><para><ulink
|
||
|
url="Documentation.htm#Rules">rules</ulink></para></listitem><listitem><para><ulink
|
||
|
url="Documentation.htm#Common">common</ulink></para></listitem><listitem><para><ulink
|
||
|
url="Documentation.htm#Masq">masq</ulink></para></listitem><listitem><para><ulink
|
||
|
url="Documentation.htm#ProxyArp">proxyarp</ulink></para></listitem><listitem><para><ulink
|
||
|
url="Documentation.htm#NAT">nat</ulink></para></listitem><listitem><para><ulink
|
||
|
url="Documentation.htm#Tunnels">tunnels</ulink></para></listitem><listitem><para><ulink
|
||
|
url="traffic_shaping.htm#tcrules">tcrules</ulink></para></listitem><listitem><para><ulink
|
||
|
url="Documentation.htm#Conf">shorewall.conf</ulink></para></listitem><listitem><para><ulink
|
||
|
url="Documentation.htm#modules">modules</ulink></para></listitem><listitem><para><ulink
|
||
|
url="Documentation.htm#TOS">tos</ulink></para></listitem><listitem><para><ulink
|
||
|
url="Documentation.htm#Blacklist">blacklist</ulink></para></listitem><listitem><para><ulink
|
||
|
url="Documentation.htm#rfc1918">rfc1918</ulink></para></listitem><listitem><para><ulink
|
||
|
url="Documentation.htm#Routestopped">routestopped</ulink></para></listitem><listitem><para><ulink
|
||
|
url="Accounting.html">accounting</ulink></para></listitem><listitem><para><ulink
|
||
|
url="UserSets.html">usersets and users</ulink></para></listitem><listitem><para><ulink
|
||
|
url="MAC_Validation.html">maclist</ulink></para></listitem><listitem><para><ulink
|
||
|
url="User_defined_Actions.html">actions and action.template</ulink></para></listitem></itemizedlist></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="CorpNetwork.htm">Corporate Network Example</ulink>
|
||
|
(Contributed by a Graeme Boyle)</para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="dhcp.htm">DHCP</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="ECN.html">ECN Disabling by host or subnet</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="errata.htm">Errata</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="shorewall_extension_scripts.htm">Extension Scripts</ulink>
|
||
|
(How to extend Shorewall without modifying Shorewall code through the
|
||
|
use of files in /etc/shorewall -- /etc/shorewall/start,
|
||
|
/etc/shorewall/stopped, etc.)</para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="fallback.htm">Fallback/Uninstall</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="FAQ.htm">FAQs</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="shorewall_features.htm">Features</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="Multiple_Zones.html">Forwarding Traffic on the Same
|
||
|
Interface</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="FTP.html">FTP and Shorewall</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="support.htm">Getting help or answers to questions</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para>Greater Seattle Linux Users Group Presentation</para>
|
||
|
|
||
|
<itemizedlist>
|
||
|
<listitem>
|
||
|
<para><ulink url="GSLUG.htm">HTML</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="GSLUG.ppt">PowerPoint</ulink></para>
|
||
|
</listitem>
|
||
|
</itemizedlist>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="Install.htm">Installation/Upgrade</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="IPSEC.htm">IPSEC</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="Shorewall_and_Kazaa.html">Kazaa Filtering</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="kernel.htm">Kernel Configuration</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="shorewall_logging.html">Logging</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="MAC_Validation.html">MAC Verification</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="http://lists.shorewall.net">Mailing Lists</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="Multiple_Zones.html">Multiple Zones Through One
|
||
|
Interface</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="myfiles.htm">My Shorewall Configuration</ulink> (How
|
||
|
I personally use Shorewall)</para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="NetfilterOverview.html">Netfilter Overview</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="NAT.htm">One-to-one NAT</ulink> (Formerly referred
|
||
|
to as Static NAT)</para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="OPENVPN.html">OpenVPN</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="starting_and_stopping_shorewall.htm">Operating
|
||
|
Shorewall</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="ping.html">'Ping' Management</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="ports.htm">Port Information</ulink></para>
|
||
|
|
||
|
<itemizedlist>
|
||
|
<listitem>
|
||
|
<para>Which applications use which ports</para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para>Ports used by Trojans</para>
|
||
|
</listitem>
|
||
|
</itemizedlist>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="PPTP.htm">PPTP</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="ProxyARP.htm">Proxy ARP</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="shorewall_prerequisites.htm">Requirements</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="samba.htm">Samba</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="shorewall_setup_guide.htm">Shorewall Setup Guide</ulink><itemizedlist><listitem><para><ulink
|
||
|
url="shorewall_setup_guide.htm#Introduction">Introduction</ulink></para></listitem><listitem><para><ulink
|
||
|
url="shorewall_setup_guide.htm#Concepts">Shorewall Concepts</ulink></para></listitem><listitem><para><ulink
|
||
|
url="shorewall_setup_guide.htm#Interfaces">Network Interfaces</ulink></para></listitem><listitem><para><ulink
|
||
|
url="shorewall_setup_guide.htm#Addressing">Addressing, Subnets and
|
||
|
Routing</ulink></para><itemizedlist><listitem><para><ulink
|
||
|
url="shorewall_setup_guide.htm#Addresses">IP Addresses</ulink></para></listitem><listitem><para><ulink
|
||
|
url="shorewall_setup_guide.htm#Subnets">Subnets</ulink></para></listitem><listitem><para><ulink
|
||
|
url="shorewall_setup_guide.htm#Routing">Routing</ulink></para></listitem><listitem><para><ulink
|
||
|
url="shorewall_setup_guide.htm#ARP">Address Resolution Protocol (ARP)</ulink></para></listitem><listitem><para><ulink
|
||
|
url="shorewall_setup_guide.htm#RFC1918">RFC 1918</ulink></para></listitem></itemizedlist></listitem><listitem><para><ulink
|
||
|
url="shorewall_setup_guide.htm#Options">Setting up your Network</ulink></para><itemizedlist><listitem><para><ulink
|
||
|
url="shorewall_setup_guide.htm#Routed">Routed</ulink></para></listitem><listitem><para><ulink
|
||
|
url="shorewall_setup_guide.htm#NonRouted">Non-routed</ulink></para><itemizedlist><listitem><para><ulink
|
||
|
url="shorewall_setup_guide.htm#SNAT">SNAT</ulink></para></listitem><listitem><para><ulink
|
||
|
url="shorewall_setup_guide.htm#DNAT">DNAT</ulink></para></listitem><listitem><para><ulink
|
||
|
url="shorewall_setup_guide.htm#ProxyARP">Proxy ARP</ulink></para></listitem><listitem><para><ulink
|
||
|
url="shorewall_setup_guide.htm#NAT">One-to-one NAT</ulink></para></listitem></itemizedlist></listitem><listitem><para><ulink
|
||
|
url="shorewall_setup_guide.htm#Rules">Rules</ulink></para></listitem><listitem><para><ulink
|
||
|
url="shorewall_setup_guide.htm#OddsAndEnds">Odds and Ends</ulink></para></listitem></itemizedlist></listitem><listitem><para><ulink
|
||
|
url="shorewall_setup_guide.htm#DNS">DNS</ulink></para></listitem><listitem><para><ulink
|
||
|
url="starting_and_stopping_shorewall.htm">Starting and Stopping the
|
||
|
Firewall</ulink></para></listitem></itemizedlist></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="starting_and_stopping_shorewall.htm">Starting/stopping
|
||
|
the Firewall</ulink><itemizedlist><listitem><para>Description of all
|
||
|
/sbin/shorewall commands</para></listitem><listitem><para>How to
|
||
|
safely test a Shorewall configuration change</para></listitem></itemizedlist></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="Shorewall_Squid_Usage.html">Squid with Shorewall</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="Accounting.html">Traffic Accounting</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="traffic_shaping.htm">Traffic Shaping/QOS</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="troubleshoot.htm">Troubleshooting</ulink> (Things to
|
||
|
try if it doesn't work)</para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="User_defined_Actions.html">User-defined Actions</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="UserSets.html">UID/GID Based Rules</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="upgrade_issues.htm">Upgrade Issues</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para>VPN</para>
|
||
|
|
||
|
<itemizedlist>
|
||
|
<listitem>
|
||
|
<para><ulink url="IPSEC.htm">IPSEC</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="IPIP.htm">GRE and IPIP</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="OPENVPN.html">OpenVPN</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="PPTP.htm">PPTP</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="6to4.htm">6to4</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="VPN.htm">IPSEC/PPTP passthrough from a system
|
||
|
behind your firewall to a remote network</ulink></para>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="GenericTunnels.html">Other VPN types</ulink></para>
|
||
|
</listitem>
|
||
|
</itemizedlist>
|
||
|
</listitem>
|
||
|
|
||
|
<listitem>
|
||
|
<para><ulink url="whitelisting_under_shorewall.htm">White List
|
||
|
Creation</ulink></para>
|
||
|
</listitem>
|
||
|
</itemizedlist>
|
||
|
</section>
|
||
|
</article>
|