extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-08-10 08:04:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Shorewall-1.4.7a

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@774 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
2003-10-21 22:22:44 +00:00
parent f6c8974bda
commit 7bb80bf3fe
16 changed files with 1112 additions and 1003 deletions
Download Patch File Download Diff File Expand all files Collapse all files

185
STABLE/documentation/PPTP.htm
View File

@ -263,9 +263,15 @@ status)<br>
esac</font></p>
</blockquote>
<h3><a name="ConfigFw"></a>Configuring Shorewall</h3>
<p>I consider hosts connected to my PPTP server to be just like local
systems.
My key Shorewall entries are:</p>
<p>Often there will be situations where you want multiple connections
from remote networks with these networks having different firewalling
requirements.<br>
</p>
<div style="text-align: center;"><img src="images/MultiPPTP.png"
title="" alt="" style="width: 846px; height: 544px;"><br>
</div>
<p>Here's how you configure this in Shorewall:<br>
</p>
<h4>/etc/shorewall/zones:</h4>
<blockquote>
<table border="2" cellpadding="2" style="border-collapse: collapse;">
@ -283,7 +289,31 @@ My key Shorewall entries are:</p>
<tr>
<td>loc</td>
<td>Local</td>
<td>My Local Network including remote PPTP clients</td>
<td>Local Network <br>
</td>
</tr>
<tr>
<td style="vertical-align: top;">vpn1</td>
<td style="vertical-align: top;">Remote1<br>
</td>
<td style="vertical-align: top;">Remote Network 1<br>
</td>
</tr>
<tr>
<td style="vertical-align: top;">vpn2<br>
</td>
<td style="vertical-align: top;">Remote2<br>
</td>
<td style="vertical-align: top;">Remote Network 2<br>
</td>
</tr>
<tr>
<td style="vertical-align: top;">vpn3<br>
</td>
<td style="vertical-align: top;">Remote3<br>
</td>
<td style="vertical-align: top;">Remote Network 3<br>
</td>
</tr>
</tbody>
</table>
@ -307,13 +337,13 @@ My key Shorewall entries are:</p>
<tr>
<td>loc</td>
<td>eth2</td>
<td>192.168.1.255</td>
<td>192.168.10.255</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>-</td>
<td>ppp+</td>
<td>&nbsp;</td>
<td>&nbsp;-</td>
<td>&nbsp;</td>
</tr>
</tbody>
@ -335,145 +365,32 @@ My key Shorewall entries are:</p>
</td>
</tr>
<tr>
<td>loc</td>
<td>vpn1<br>
</td>
<td>ppp+:192.168.1.0/24</td>
<td>&nbsp;</td>
</tr>
</tbody>
</table>
</blockquote>
<h4>/etc/shorewall/policy:</h4>
<blockquote>
<table border="2" cellpadding="2" style="border-collapse: collapse;">
<tbody>
<tr>
<td><b>SOURCE</b></td>
<td><b>DEST</b></td>
<td><b>POLICY</b></td>
<td><b>LOG LEVEL</b></td>
</tr>
<tr>
<td>loc</td>
<td>loc</td>
<td>ACCEPT</td>
<td>&nbsp;</td>
</tr>
</tbody>
</table>
</blockquote>
<h4>/etc/shorewall/rules (For Shorewall versions up to and including
1.3.9b):</h4>
<blockquote> <font face="Century Gothic, Arial, Helvetica"> </font>
<table border="2" cellpadding="2" style="border-collapse: collapse;">
<tbody>
<tr>
<td><b>ACTION</b></td>
<td><b>SOURCE</b></td>
<td><b>DEST</b></td>
<td><b> PROTO</b></td>
<td><b>DEST<br>
PORT(S)</b></td>
<td><b>SOURCE<br>
PORT(S)</b></td>
<td><b>ORIGINAL<br>
DEST</b></td>
</tr>
<tr>
<td>ACCEPT</td>
<td>net</td>
<td>fw</td>
<td>tcp</td>
<td>1723</td>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>ACCEPT</td>
<td>net</td>
<td>fw</td>
<td>47</td>
<td>-</td>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>ACCEPT</td>
<td>fw</td>
<td>net</td>
<td>47</td>
<td>-</td>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
</tbody>
</table>
</blockquote>
<p align="left"><b>/etc/shoreawll/tunnels (For Shorewall versions
1.3.10 and
later)<br>
</b></p>
<blockquote>
<table cellpadding="2" border="2" style="border-collapse: collapse;">
<tbody>
<tr>
<td valign="top"><b>TYPE<br>
</b></td>
<td valign="top"><b>ZONE<br>
</b></td>
<td valign="top"><b>GATEWAY<br>
</b></td>
<td valign="top"><b>GATEWAY ZONE<br>
</b></td>
</tr>
<tr>
<td valign="top">pptpserver<br>
<td style="vertical-align: top;">vpn2<br>
</td>
<td valign="top">net<br>
<td style="vertical-align: top;">ppp+:192.168.2.0/24<br>
</td>
<td valign="top">0.0.0.0/0<br>
<td style="vertical-align: top;"><br>
</td>
<td valign="top"><br>
</tr>
<tr>
<td style="vertical-align: top;">vpn3<br>
</td>
<td style="vertical-align: top;">ppp+:192.168.3.0/24<br>
</td>
<td style="vertical-align: top;"><br>
</td>
</tr>
</tbody>
</table>
</blockquote>
<p align="left"><br>
Note: I have multiple ppp interfaces on my firewall. If you have a
single
ppp interface, you probably want:</p>
<h4>/etc/shorewall/interfaces:</h4>
<blockquote>
<table border="2" cellpadding="2" style="border-collapse: collapse;">
<tbody>
<tr>
<td><b>ZONE</b></td>
<td><b>INTERFACE</b></td>
<td><b>BROADCAST</b></td>
<td><b>OPTIONS</b></td>
</tr>
<tr>
<td>net</td>
<td>eth0</td>
<td>206.124.146.255</td>
<td>norfc1918</td>
</tr>
<tr>
<td>loc</td>
<td>eth2</td>
<td>192.168.1.255</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>loc</td>
<td>ppp0</td>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
</tbody>
</table>
</blockquote>
<p align="left">and <u><b>no</b></u> entries in /etc/shorewall/hosts.</p>
Your policies and rules can now be configured using separate zones
(vpn1, vpn2, and vpn3) for the three remote network.<br>
<h2 align="center"><a name="ServerBehind"></a>2. PPTP Server Running
Behind
your Firewall</h2>
@ -968,7 +885,7 @@ as described in the QuickStart Guide corresponding to your setup.<br>
That entry allows a PPTP tunnel to be established between your
Shorewall system and the PPTP server in the modem.<br>
</div>
<p><font size="2">Last modified 8/11/2003 - <a href="support.htm">Tom
<p><font size="2">Last modified 10/11/2003 - <a href="support.htm">Tom
Eastep</a></font></p>
<p><a href="copyright.htm"> <font size="2">Copyright</font> <20> <font
size="2">2001, 2002, 2003 Thomas M. Eastep.</font></a></p>