mirror of
https://gitlab.com/shorewall/code.git
synced 2025-08-14 02:04:42 +02:00
Changes for 1.3.7
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@208 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
@ -10,14 +10,20 @@
|
||||
<meta name="ProgId" content="FrontPage.Editor.Document">
|
||||
|
||||
|
||||
<meta name="Microsoft Theme" content="radial 011">
|
||||
<meta name="Microsoft Theme" content="none">
|
||||
</head>
|
||||
<body background="_themes/radial/radbkgnd.gif" bgcolor="#FFFFFF" text="#000000" link="#6666FF" vlink="#993333" alink="#66CCCC"><!--mstheme--><font face="arial, Arial, Helvetica">
|
||||
<h1 align="center"><!--mstheme--><font face="times new roman, Times New Roman, Times" color="#666666">About My Network<!--mstheme--></font></h1>
|
||||
<body>
|
||||
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
|
||||
<tr>
|
||||
<td width="100%">
|
||||
<h1 align="center"><font color="#FFFFFF">About My Network</font></h1>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<blockquote> </blockquote>
|
||||
|
||||
<h1><!--mstheme--><font face="times new roman, Times New Roman, Times" color="#666666">My Current Network <!--mstheme--></font></h1>
|
||||
<h1>My Current Network </h1>
|
||||
|
||||
<blockquote>
|
||||
<p>
|
||||
@ -38,7 +44,8 @@ runs Samba and acts as the a WINS server. Wookie is in its own 'whitelist'
|
||||
called 'me'.</p>
|
||||
<p>
|
||||
My laptop (eastept1) is connected to eth3 using a cross-over cable. It runs its own <a href="http://www.sygate.com">
|
||||
Sygate</a> firewall software and is managed by Proxy ARP.</p>
|
||||
Sygate</a> firewall software and is managed by Proxy ARP. It connects to the
|
||||
local network through the PopTop server running on my firewall. </p>
|
||||
<p>
|
||||
The single system in the DMZ (address 206.124.146.177) runs postfix, Courier
|
||||
IMAP (imaps and pop3), DNS, a Web server (Apache) and an FTP server
|
||||
@ -52,7 +59,7 @@ All administration and publishing is done using ssh/scp.</p>
|
||||
I run an SNMP server on my firewall to serve <a href="http://www.ee.ethz.ch/%7Eoetiker/webtools/mrtg/">
|
||||
MRTG</a> running in the DMZ.</p>
|
||||
<p align="center">
|
||||
<img border="0" src="images/network.jpg" width="493" height="588"></p>
|
||||
<img border="0" src="images/network.png" width="764" height="846"></p>
|
||||
<p> </p>
|
||||
<p>The ethernet interface in the Server is configured
|
||||
with IP address 206.124.146.177, netmask
|
||||
@ -68,9 +75,9 @@ MRTG</a> running in the DMZ.</p>
|
||||
Note: My files use features not available before
|
||||
Shorewall version 1.3.4.</font></p>
|
||||
</blockquote>
|
||||
<h3><!--mstheme--><font face="times new roman, Times New Roman, Times" color="#666666">Shorewall.conf<!--mstheme--></font></h3>
|
||||
<h3>Shorewall.conf</h3>
|
||||
|
||||
<!--mstheme--></font><pre> SUBSYSLOCK=/var/lock/subsys/shorewall
|
||||
<pre> SUBSYSLOCK=/var/lock/subsys/shorewall
|
||||
STATEDIR=/var/state/shorewall
|
||||
|
||||
LOGRATE=
|
||||
@ -80,16 +87,16 @@ MRTG</a> running in the DMZ.</p>
|
||||
|
||||
CLAMPMSS=Yes
|
||||
|
||||
MULTIPORT=Yes</pre><!--mstheme--><font face="arial, Arial, Helvetica">
|
||||
<h3><!--mstheme--><font face="times new roman, Times New Roman, Times" color="#666666">Zones File:<!--mstheme--></font></h3>
|
||||
<!--mstheme--></font><pre><font face="Courier" size="2"> #ZONE DISPLAY COMMENTS
|
||||
MULTIPORT=Yes</pre>
|
||||
<h3>Zones File:</h3>
|
||||
<pre><font face="Courier" size="2"> #ZONE DISPLAY COMMENTS
|
||||
net Internet Internet
|
||||
me Eastep My Workstation
|
||||
loc Local Local networks
|
||||
dmz DMZ Demilitarized zone
|
||||
tx Texas Peer Network in Dallas Texas
|
||||
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE</font></pre><!--mstheme--><font face="arial, Arial, Helvetica">
|
||||
<h3><!--mstheme--><font face="times new roman, Times New Roman, Times" color="#666666">Interfaces File: <!--mstheme--></font></h3>
|
||||
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE</font></pre>
|
||||
<h3>Interfaces File: </h3>
|
||||
|
||||
<blockquote>
|
||||
<p>
|
||||
@ -98,38 +105,35 @@ interfaces. </p>
|
||||
|
||||
</blockquote>
|
||||
|
||||
<!--mstheme--></font><pre><font face="Courier" size="2"> #ZONE INTERFACE BROADCAST OPTIONS
|
||||
<pre><font face="Courier" size="2"> #ZONE INTERFACE BROADCAST OPTIONS
|
||||
net eth0 206.124.146.255 routefilter,norfc1918,blacklist,filterping
|
||||
- eth2 192.168.1.255 dhcp
|
||||
loc eth2 192.168.1.255 dhcp
|
||||
dmz eth1 206.124.146.255 -
|
||||
loc eth3 206.124.146.255 -
|
||||
tx texas -
|
||||
net eth3 206.124.146.255 norfc1918
|
||||
- texas -
|
||||
loc ppp+
|
||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</font></pre><!--mstheme--><font face="arial, Arial, Helvetica">
|
||||
<h3><!--mstheme--><font face="times new roman, Times New Roman, Times" color="#666666">Hosts File: <!--mstheme--></font></h3>
|
||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</font></pre>
|
||||
<h3>Hosts File: </h3>
|
||||
|
||||
<!--mstheme--></font><pre><font face="Courier" size="2"> #ZONE HOST(S) OPTIONS
|
||||
<pre><font face="Courier" size="2"> #ZONE HOST(S) OPTIONS
|
||||
me eth2:192.168.1.3
|
||||
loc eth2:0.0.0.0/0
|
||||
loc ppp+:192.168.1.0/24
|
||||
loc eth3:206.124.146.180
|
||||
tx texas:192.168.9.0/24
|
||||
#LAST LINE -- ADD YOUR ENTRIES ABOVE -- DO NOT REMOVE</font></pre><!--mstheme--><font face="arial, Arial, Helvetica">
|
||||
#LAST LINE -- ADD YOUR ENTRIES ABOVE -- DO NOT REMOVE</font></pre>
|
||||
|
||||
<h3><!--mstheme--><font face="times new roman, Times New Roman, Times" color="#666666">Routestopped File:<!--mstheme--></font></h3>
|
||||
<h3>Routestopped File:</h3>
|
||||
|
||||
<!--mstheme--></font><pre> #INTERFACE HOST(S)
|
||||
<pre><font face="Courier" size="2"> #INTERFACE HOST(S)
|
||||
eth1 206.124.146.177
|
||||
eth2 -
|
||||
eth3 206.124.146.180</pre><!--mstheme--><font face="arial, Arial, Helvetica">
|
||||
<h3><!--mstheme--><font face="times new roman, Times New Roman, Times" color="#666666">Common File: <!--mstheme--></font></h3>
|
||||
<!--mstheme--></font><pre><font size="2" face="Courier"> . /etc/shorewall/common.def
|
||||
eth3 206.124.146.180</font></pre>
|
||||
<h3>Common File: </h3>
|
||||
<pre><font size="2" face="Courier"> . /etc/shorewall/common.def
|
||||
run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROP
|
||||
run_iptables -A common -p tcp --dport 113 -j REJECT</font></pre><!--mstheme--><font face="arial, Arial, Helvetica">
|
||||
run_iptables -A common -p tcp --dport 113 -j REJECT</font></pre>
|
||||
|
||||
<h3><!--mstheme--><font face="times new roman, Times New Roman, Times" color="#666666">Policy File:<!--mstheme--></font></h3>
|
||||
<h3>Policy File:</h3>
|
||||
|
||||
<!--mstheme--></font><pre><font size="2" face="Courier">
|
||||
<pre><font size="2" face="Courier">
|
||||
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
|
||||
me all ACCEPT
|
||||
tx me ACCEPT #Give Texas access to my personal system
|
||||
@ -141,10 +145,11 @@ interfaces. </p>
|
||||
$FW tx ACCEPT
|
||||
loc tx ACCEPT
|
||||
loc fw REJECT
|
||||
net net ACCEPT
|
||||
net all DROP info 10/sec:40
|
||||
all all REJECT info
|
||||
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOTE</font></pre><!--mstheme--><font face="arial, Arial, Helvetica">
|
||||
<h3><!--mstheme--><font face="times new roman, Times New Roman, Times" color="#666666">Masq File: <!--mstheme--></font></h3>
|
||||
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOTE</font></pre>
|
||||
<h3>Masq File: </h3>
|
||||
|
||||
<blockquote>
|
||||
<p>
|
||||
@ -152,25 +157,25 @@ Although most of our internal systems use static NAT, my wife's system
|
||||
(192.168.1.4) uses IP Masquerading (actually SNAT) as do visitors with laptops.</p>
|
||||
</blockquote>
|
||||
|
||||
<!--mstheme--></font><pre><font size="2" face="Courier"> #INTERFACE SUBNET ADDRESS
|
||||
<pre><font size="2" face="Courier"> #INTERFACE SUBNET ADDRESS
|
||||
eth0 192.168.1.0/24 206.124.146.176
|
||||
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</font></pre><!--mstheme--><font face="arial, Arial, Helvetica">
|
||||
<h3><!--mstheme--><font face="times new roman, Times New Roman, Times" color="#666666">NAT File: <!--mstheme--></font></h3>
|
||||
<!--mstheme--></font><pre><font size="2" face="Courier"> #EXTERNAL INTERFACE INTERNAL ALL LOCAL
|
||||
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</font></pre>
|
||||
<h3>NAT File: </h3>
|
||||
<pre><font size="2" face="Courier"> #EXTERNAL INTERFACE INTERNAL ALL LOCAL
|
||||
206.124.146.178 eth0 192.168.1.5 No No
|
||||
206.124.146.179 eth0 192.168.1.3 No No
|
||||
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</font></pre><!--mstheme--><font face="arial, Arial, Helvetica">
|
||||
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</font></pre>
|
||||
|
||||
<h3><!--mstheme--><font face="times new roman, Times New Roman, Times" color="#666666">Proxy ARP File:<!--mstheme--></font></h3>
|
||||
<!--mstheme--></font><pre><font face="Courier" size="2"> #ADDRESS INTERFACE EXTERNAL HAVEROUTE
|
||||
<h3>Proxy ARP File:</h3>
|
||||
<pre><font face="Courier" size="2"> #ADDRESS INTERFACE EXTERNAL HAVEROUTE
|
||||
206.124.146.177 eth1 eth0 No
|
||||
206.124.146.180 eth3 eth0 No
|
||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</font></pre><!--mstheme--><font face="arial, Arial, Helvetica">
|
||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</font></pre>
|
||||
|
||||
<h3><!--mstheme--><font face="times new roman, Times New Roman, Times" color="#666666">Rules File (The shell variables
|
||||
are set in /etc/shorewall/params):<!--mstheme--></font></h3>
|
||||
<h3>Rules File (The shell variables
|
||||
are set in /etc/shorewall/params):</h3>
|
||||
|
||||
<!--mstheme--></font><pre><font face="Courier" size="2"> #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
|
||||
<pre><font face="Courier" size="2"> #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
|
||||
# PORT(S) PORT(S) PORT(S) DEST
|
||||
#
|
||||
# Local Network to Internet - Reject attempts by Trojans to call home
|
||||
@ -218,7 +223,6 @@ Although most of our internal systems use static NAT, my wife's system
|
||||
#
|
||||
# Net to Local
|
||||
#
|
||||
ACCEPT net loc:206.124.146.180 #Runs its own firewall software
|
||||
ACCEPT net loc tcp auth
|
||||
REJECT net loc tcp www
|
||||
#
|
||||
@ -282,12 +286,12 @@ Although most of our internal systems use static NAT, my wife's system
|
||||
ACCEPT tx fw icmp echo-request
|
||||
ACCEPT tx loc icmp echo-request
|
||||
|
||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</font></pre><!--mstheme--><font face="arial, Arial, Helvetica">
|
||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</font></pre>
|
||||
|
||||
<p><font size="2">
|
||||
Last updated 8/4/2002
|
||||
Last updated 8/9/2002
|
||||
- </font><font size="2">
|
||||
<a href="support.htm">Tom Eastep</a></font>
|
||||
</p>
|
||||
<font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font>
|
||||
<20> <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font><!--mstheme--></font></body></html>
|
||||
<20> <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></body></html>
|
||||
Reference in New Issue
Block a user