diff --git a/Shorewall-docs/Install.xml b/Shorewall-docs/Install.xml new file mode 100644 index 000000000..418db52a8 --- /dev/null +++ b/Shorewall-docs/Install.xml @@ -0,0 +1,369 @@ + + +
+ + Shorewall Installation and Upgrade + + + + Tom + + Eastep + + + + 2003-04-08 + + + 2001 + + 2002 + + 2003 + + Thomas M. Eastep + + + + Permission is granted to copy, distribute and/or modify this + document under the terms of the GNU Free Documentation License, Version + 1.2 or any later version published by the Free Software Foundation; with + no Invariant Sections, with no Front-Cover, and with no Back-Cover + Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". + + + + + Before upgrading, be sure to review the Upgrade Issues. + + + + Before attempting installation, I strongly urge you to read and + print a copy of the Shorewall + QuickStart Guide for the configuration that most closely matches + your own. + + +
+ Install using RPM + + To install Shorewall using the RPM: + + + If you have RedHat 7.2 and are running iptables version 1.2.3 (at + a shell prompt, type "/sbin/iptables --version"), you must + upgrade to version 1.2.4 either from the RedHat + update site or from the Shorewall Errata + page before attempting to start Shorewall. + + + + + Install the RPM + + rpm -ivh <shorewall rpm> + + + Some SuSE users have encountered a problem whereby rpm reports + a conflict with kernel <= 2.2 even though a 2.4 kernel is + installed. If this happens, simply use the --nodeps option to rpm. + + rpm -ivh --nodeps <shorewall rpm> + + + + Beginning with Shorewall 1.4.0, Shorewall is dependent on the + iproute package. Unfortunately, some distributions call this package + iproute2 which will cause the installation of Shorewall to fail with + the diagnostic: + + error: failed dependencies:iproute is needed by shorewall-1.4.x-1 + + This may be worked around by using the --nodeps option of rpm. + + rpm -ivh --nodeps <shorewall rpm> + + + + + Edit the configuration files + to match your configuration. + + + YOU CAN NOT SIMPLY INSTALL + THE RPM AND ISSUE A "shorewall start" COMMAND. SOME + CONFIGURATION IS REQUIRED BEFORE THE FIREWALL WILL START. IF YOU + ISSUE A "start" COMMAND AND THE FIREWALL FAILS TO START, + YOUR SYSTEM WILL NO LONGER ACCEPT ANY NETWORK TRAFFIC. IF THIS + HAPPENS, ISSUE A "shorewall clear" COMMAND TO RESTORE + NETWORK CONNECTIVITY. + + + + + Start the firewall by typing + + shorewall start + + +
+ +
+ Install using tarball + + To install Shorewall using the tarball and install script: + + + + unpack the tarball (tar -zxf shorewall-x.y.z.tgz). + + + + cd to the shorewall directory (the version is encoded in the + directory name as in "shorewall-1.1.10"). + + + + If you are using Caldera, + RedHat, Mandrake, Corel, Slackware or Debian then type + + ./install.sh + + + + If you are using SuSe + then type + + ./install.sh /etc/init.d + + + + If your distribution has directory /etc/rc.d/init.d or + /etc/init.d then type + + ./install.sh + + + + For other distributions, determine where your distribution + installs init scripts and type + + ./install.sh <init script directory> + + + + + + Edit the configuration files + to match your configuration. + + + + Start the firewall by typing + + shorewall start + + + + If the install script was unable to configure Shorewall to be + started automatically at boot, see these instructions. + + +
+ +
+ Install the .lrp + + To install my version of Shorewall on a fresh Bering disk, simply + replace the "shorwall.lrp" file on the image with the file that + you downloaded. See the two-interface + QuickStart Guide for information about further steps required. +
+ +
+ Upgrade using RPM + + If you already have the Shorewall RPM installed and are upgrading to + a new version: + + + If you are upgrading from a 1.2 version of Shorewall to a 1.4 + version or and you have entries in the /etc/shorewall/hosts file then + please check your /etc/shorewall/interfaces file to be sure that it + contains an entry for each interface mentioned in the hosts file. Also, + there are certain 1.2 rule forms that are no longer supported under 1.4 + (you must use the new 1.4 syntax). See the + upgrade issues for details. + + + + + Upgrade the RPM + + rpm -Uvh <shorewall rpm file> + + + If you are installing version 1.2.0 and have one of the 1.2.0 + Beta RPMs installed, you must use the "--oldpackage" option + to rpm. + + + rpm -Uvh --oldpackage shorewall-1.2-0.noarch.rpm + + + + + Some SuSE users have encountered a problem whereby rpm reports + a conflict with kernel <= 2.2 even though a 2.4 kernel is + installed. If this happens, simply use the --nodeps option to rpm. + + rpm -Uvh --nodeps <shorewall rpm> + + + + Beginning with Shorewall 1.4.0, Shorewall is dependent on the + iproute package. Unfortunately, some distributions call this package + iproute2 which will cause the upgrade of Shorewall to fail with the + diagnostic: + + error: failed dependencies:iproute is needed by shorewall-1.4.0-1 + + This may be worked around by using the --nodeps option of rpm. + + rpm -Uvh --nodeps <shorewall rpm> + + + + + See if there are any incompatibilities between your + configuration and the new Shorewall version and correct as necessary. + + shorewall check + + + + Restart the firewall. + + shorewall restart + + +
+ +
+ Upgrade using tarball + + If you already have Shorewall installed and are upgrading to a new + version using the tarball: + + + If you are upgrading from a 1.2 version of Shorewall to a 1.4 + version and you have entries in the /etc/shorewall/hosts file then + please check your /etc/shorewall/interfaces file to be sure that it + contains an entry for each interface mentioned in the hosts file. Also, + there are certain 1.2 rule forms that are no longer supported under 1.4 + (you must use the new 1.4 syntax). See the + upgrade issues for details. + + + + + unpack the tarball. + + tar -zxf shorewall-x.y.z.tgz + + + + cd to the shorewall directory (the version is encoded in the + directory name as in "shorewall-3.0.1"). + + + + If you are using Caldera, + RedHat, Mandrake, Corel, Slackware or Debian then type + + ./install.sh + + + + If you are using SuSe + then type + + ./install.sh /etc/init.d + + + + If your distribution has directory /etc/rc.d/init.d or + /etc/init.d then type + + ./install.sh + + + + For other distributions, determine where your distribution + installs init scripts and type + + ./install.sh <init script directory> + + + + + + See if there are any incompatibilities between your + configuration and the new Shorewall version and correct as necessary. + + shorewall check + + + + Start the firewall by typing + + shorewall start + + + + If the install script was unable to configure Shorewall to be + started automatically at boot, see these instructions. + + +
+ +
+ Upgrade the .lrp + + If you already have a running Bering installation and wish to + upgrade to a later version of Shorewall: + + UNDER CONSTRUCTION... +
+ +
+ Configuring Shorewall + + You will need to edit some or all of the configuration files to + match your setup. In most cases, the Shorewall QuickStart Guides + contain all of the information you need. +
+ +
+ Uninstall/Fallback + + See "Fallback and Uninstall". +
+
\ No newline at end of file