Shorewall Documentation Tom Eastep 2004-07-20 2001-2004 Thomas M. Eastep 2.0.3 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled GNU Free Documentation License. Are you running Shorewall on Mandrake Linux with a two-interface setup? If so and if you configured your system while running a Mandrake release earlier than 10.0 final then this documentation will not apply directly to your environment. If you want to use the documentation that you find here, you will want to consider uninstalling what you have and installing a configuration that matches this documentation. See the Two-interface QuickStart Guide for details. Introduction to Shorewall QuickStart Guides (HOWTOS) The remainder of the Documentation supplements the QuickStart Guides. Please review the appropriate guide before trying to use this documentation directly. 2.6 Kernel Accounting Aliased (virtual) Interfaces (e.g., eth0:0) Bandwidth Control Blacklisting Static Blacklisting using /etc/shorewall/blacklist Dynamic Blacklisting using /sbin/shorewall Bridge/Firewall Commands (Description of all /sbin/shorewall commands) Common configuration file features Comments in configuration filesLine ContinuationINCLUDE DirectivePort Numbers/Service Namesconfiguration_file_basics.htm#PortsPort RangesUsing Shell VariablesUsing DNS NamesComplementing an IP address or SubnetShorewall Configurations (making a test configuration)Using MAC Addresses in Shorewall Configuration File Reference Manual paramszonesinterfaceshostspolicyrulesmasqproxyarpnattunnelstcrulesshorewall.confmodulestosblacklistrfc1918routestoppedaccountingusersets and usersmaclistactions and action.templatebogonsnetmap Corporate Network Example (Contributed by a Graeme Boyle) DHCP ECN Disabling by host or subnet Errata Extension Scripts (How to extend Shorewall without modifying Shorewall code through the use of files in /etc/shorewall -- /etc/shorewall/start, /etc/shorewall/stopped, etc.) Fallback/Uninstall FAQs Features Forwarding Traffic on the Same Interface FTP and Shorewall Getting help or answers to questions Installation/Upgrade IPSEC Kazaa Filtering Kernel Configuration Logging MAC Verification Multiple Zones Through One Interface My Shorewall Configuration (How I personally use Shorewall) Netfilter Overview Network Mapping One-to-one NAT (Static NAT) OpenVPN Operating Shorewall Packet Processing in a Shorewall-based Firewall 'Ping' Management Port Information Which applications use which ports Ports used by Trojans PPTP Proxy ARP Release Model Requirements Routing on One Interface Samba Shorewall Setup GuideIntroductionShorewall ConceptsNetwork InterfacesAddressing, Subnets and RoutingIP AddressesSubnetsRoutingAddress Resolution Protocol (ARP)RFC 1918Setting up your NetworkRoutedNon-routedSNATDNATProxy ARPOne-to-one NATRulesOdds and EndsDNSStarting and Stopping the Firewall SMB Starting/stopping the FirewallDescription of all /sbin/shorewall commandsHow to safely test a Shorewall configuration change Squid with Shorewall Static (one-to-one) NAT Traffic Accounting Traffic Shaping/QOS Troubleshooting (Things to try if it doesn't work) User-defined Actions UID/GID Based Rules Upgrade Issues VPN IPSEC GRE and IPIP OpenVPN PPTP 6to4 IPSEC/PPTP passthrough from a system behind your firewall to a remote network Other VPN types White List Creation