Tom Eastep 2004-03-28 2001-2004 Thomas M. Eastep 2.0.1 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled GNU Free Documentation License. Are you running Shorewall on Mandrake Linux with a two-interface setup? If so and if you configured your system while running a Mandrake release earlier than 10.0 final then this documentation will not apply directly to your environment. If you want to use the documentation that you find here, you will want to consider uninstalling what you have and installing a configuration that matches this documentation. See the Two-interface QuickStart Guide for details. Introduction to Shorewall QuickStart Guides (HOWTOS) The remainder of the Documentation supplements the QuickStart Guides. Please review the appropriate guide before trying to use this documentation directly. Accounting My Shorewall Configuration (How I personally use Shorewall) Aliased (virtual) Interfaces (e.g., eth0:0) Netfilter Overview Bandwidth Control Network Mapping BlacklistingStatic Blacklisting using /etc/shorewall/blacklistDynamic Blacklisting using /sbin/shorewall One-to-one NAT (Formerly referred to as Static NAT) Bridge/Firewall OpenVPN Commands (Description of all /sbin/shorewall commands) Operating Shorewall Common configuration file features Comments in configuration filesLine ContinuationINCLUDE DirectivePort Numbers/Service Namesconfiguration_file_basics.htm#PortsPort RangesUsing Shell VariablesUsing DNS NamesComplementing an IP address or SubnetShorewall Configurations (making a test configuration)Using MAC Addresses in Shorewall 'Ping' Management Configuration File Reference Manualparamszonesinterfaceshostspolicyrulescommonmasqproxyarpnattunnelstcrulesshorewall.confmodulestosblacklistrfc1918routestoppedaccountingusersets and usersmaclistactions and action.templatebogonsnetmap Port InformationWhich applications use which portsPorts used by Trojans Corporate Network Example (Contributed by a Graeme Boyle) PPTP DHCP Proxy ARP Errata Requirements Extension Scripts (How to extend Shorewall without modifying Shorewall code through the use of files in /etc/shorewall -- /etc/shorewall/start, /etc/shorewall/stopped, etc.) Routing on One Interface Fallback/Uninstall Samba FAQs Shorewall Setup GuideIntroductionShorewall ConceptsNetwork InterfacesAddressing, Subnets and RoutingIP AddressesSubnetsRoutingAddress Resolution Protocol (ARP)RFC 1918Setting up your NetworkRoutedNon-routedSNATDNATProxy ARPOne-to-one NATRulesOdds and EndsDNSStarting and Stopping the Firewall Features Starting/stopping the FirewallDescription of all /sbin/shorewall commandsHow to safely test a Shorewall configuration change Forwarding Traffic on the Same Interface Squid with Shorewall FTP and Shorewall Traffic Accounting Getting help or answers to questions Traffic Shaping/QOS Installation/Upgrade Troubleshooting (Things to try if it doesn't work) IPSEC User-defined Actions Kazaa Filtering UID/GID Based Rules Kernel Configuration Upgrade Issues Logging VPNIPSECGRE and IPIPOpenVPNPPTP6to4IPSEC/PPTP passthrough from a system behind your firewall to a remote networkOther VPN types MAC Verification White List Creation Multiple Zones Through One Interface