Shorewall QuickStart Guides
Version 3.0

With thanks to Richard who reminded me once again that we must all first walk before we can run.

The Guides

These guides provide step-by-step instructions for configuring Shorewall in common firewall setups.

The following guides are for firewalls with a single external IP address:

bulletStandalone Linux System
bulletTwo-interface Linux System acting as a firewall/router for a small local network
bulletThree-interface Linux System acting as a firewall/router for a small local network and a DMZ.

The above guides are designed to get your first firewall up and running quickly in the three most common Shorewall configurations.

The Shorewall Setup Guide outlines the steps necessary to set up a firewall where there are multiple public IP addresses involved or if you want to learn more about Shorewall than is explained in the single-address guides above.

bullet1.0 Introduction
bullet2.0 Shorewall Concepts
bullet3.0 Network Interfaces
bullet4.0 Addressing, Subnets and Routing
bullet4.1 IP Addresses
bullet4.2 Subnets
bullet4.3 Routing
bullet4.4 Address Resolution Protocol
bullet4.5 RFC 1918
bullet5.0 Setting up your Network
bullet5.1 Routed
bullet5.2 Non-routed
bullet5.2.1 SNAT
bullet5.2.2 DNAT
bullet5.2.3 Proxy ARP
bullet5.2.4 Static NAT
bullet5.3 Rules
bullet5.4 Odds and Ends
bullet6.0 DNS
bullet7.0 Starting and Stopping the Firewall

Additional Documentation

The following documentation covers a variety of topics and supplements the QuickStart Guides described above.

bulletBlacklisting
bulletStatic Blacklisting using /etc/shorewall/blacklist
bulletDynamic Blacklisting using /sbin/shorewall
bulletCommon configuration file features
bulletComments in configuration files
bulletLine Continuation
bulletPort Numbers/Service Names
bulletPort Ranges
bulletUsing Shell Variables
bulletComplementing an IP address or Subnet
bulletShorewall Configurations (making a test configuration)
bulletUsing MAC Addresses in Shorewall
bulletConfiguration File Reference Manual
bullet params
bulletzones
bulletinterfaces
bullethosts
bulletpolicy
bulletrules
bulletcommon
bulletmasq
bulletproxyarp
bulletnat
bullettunnels
bullettcrules
bulletshorewall.conf
bulletmodules
bullettos
bulletblacklist
bulletrfc1918
bulletroutestopped
bulletDHCP
bulletExtension Scripts (How to extend Shorewall without modifying Shorewall code)
bulletFallback/Uninstall
bulletFirewall Structure
bulletKernel Configuration
bulletMy Configuration Files (How I personally use Shorewall)
bulletPort Information
bulletWhich applications use which ports
bulletPorts used by Trojans
bulletProxy ARP
bulletSamba
bulletStarting/stopping the Firewall
bulletStatic NAT
bulletTunnels
bulletIPSEC
bulletGRE and IPIP
bulletPPTP
bulletWhite List Creation

If you use one of these guides and have a suggestion for improvement please let me know.

Copyright 2002 Thomas M. Eastep