2002-09-16 19:02:45 +02:00
|
|
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
2002-08-07 16:28:04 +02:00
|
|
|
|
<html>
|
|
|
|
|
<head>
|
2002-09-16 19:02:45 +02:00
|
|
|
|
<meta http-equiv="Content-Language" content="en-us">
|
|
|
|
|
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
|
|
|
|
|
<meta name="ProgId" content="FrontPage.Editor.Document">
|
|
|
|
|
<meta http-equiv="Content-Type"
|
|
|
|
|
content="text/html; charset=windows-1252">
|
|
|
|
|
<title>Shorewall QuickStart Guide</title>
|
|
|
|
|
<meta name="Microsoft Theme" content="none">
|
2002-08-07 16:28:04 +02:00
|
|
|
|
</head>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<body>
|
2002-09-16 19:02:45 +02:00
|
|
|
|
<table border="0" cellpadding="0" cellspacing="0"
|
|
|
|
|
style="border-collapse: collapse;" width="100%" id="AutoNumber1"
|
2003-07-22 00:06:18 +02:00
|
|
|
|
bgcolor="#3366ff" height="90">
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<tbody>
|
|
|
|
|
<tr>
|
|
|
|
|
<td width="100%">
|
|
|
|
|
<h1 align="center"><font color="#ffffff">Shorewall QuickStart
|
|
|
|
|
Guides (HOWTO's)<br>
|
|
|
|
|
</font></h1>
|
|
|
|
|
</td>
|
|
|
|
|
</tr>
|
|
|
|
|
</tbody>
|
2002-08-22 23:33:54 +02:00
|
|
|
|
</table>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<p align="center">With thanks to Richard who reminded me once again
|
2003-10-22 00:22:44 +02:00
|
|
|
|
that we must all first walk before we can run.<br>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
The French Translations of the single-IP guides are courtesy of Patrice
|
|
|
|
|
Vetsel<br>
|
|
|
|
|
The French Translation of the Shorewall Setup Guide is courtesy of
|
|
|
|
|
Fabien Demassieux.<br>
|
|
|
|
|
</p>
|
2002-08-22 23:33:54 +02:00
|
|
|
|
<h2>The Guides</h2>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<p>These guides provide step-by-step instructions for configuring
|
|
|
|
|
Shorewall in common firewall setups.</p>
|
|
|
|
|
<p>If you have a <font color="#ff0000"><big><big><b>single public IP
|
|
|
|
|
address</b></big></big></font>:</p>
|
|
|
|
|
<blockquote>
|
2003-07-22 00:06:18 +02:00
|
|
|
|
<ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><a href="standalone.htm">Standalone</a> Linux System (<a
|
|
|
|
|
href="standalone_fr.html">Version Fran<61>aise</a>)</li>
|
|
|
|
|
<li><a href="two-interface.htm">Two-interface</a> Linux System
|
|
|
|
|
acting as a firewall/router for a small local network (<a
|
|
|
|
|
href="two-interface_fr.html">Version Fran<61>aise</a>)</li>
|
|
|
|
|
<li><a href="three-interface.htm">Three-interface</a> Linux System
|
|
|
|
|
acting as a firewall/router for a small local network and a DMZ. (<a
|
|
|
|
|
href="three-interface_fr.html">Version Fran<61>aise</a>)</li>
|
2003-07-22 00:06:18 +02:00
|
|
|
|
</ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<p>The above guides are designed to get your first firewall up and
|
|
|
|
|
running quickly in the three most common Shorewall configurations. If
|
|
|
|
|
you want to learn more about Shorewall than is explained in the above
|
2003-10-22 00:22:44 +02:00
|
|
|
|
simple guides,<2C> the <a href="shorewall_setup_guide.htm">Shorewall Setup
|
|
|
|
|
Guide</a> (See Index Below) is for you.</p>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
</blockquote>
|
|
|
|
|
<p>If you have <font color="#ff0000"><big><big><b>more than one public
|
|
|
|
|
IP address</b></big></big></font>:<br>
|
|
|
|
|
</p>
|
|
|
|
|
<blockquote>The <a href="shorewall_setup_guide.htm">Shorewall Setup
|
|
|
|
|
Guide</a> (See Index Below) outlines the steps necessary to set up a
|
2003-10-22 00:22:44 +02:00
|
|
|
|
firewall where there are multiple public IP addresses involved or if you
|
2003-10-07 00:38:40 +02:00
|
|
|
|
want to learn more about Shorewall than is explained in the
|
|
|
|
|
single-address guides above (<a href="shorewall_setup_guide_fr.htm">Version
|
|
|
|
|
Fran<EFBFBD>aise</a>).</blockquote>
|
2002-08-22 23:33:54 +02:00
|
|
|
|
<ul>
|
|
|
|
|
</ul>
|
2003-07-22 00:06:18 +02:00
|
|
|
|
<h2><b><a name="Documentation"></a></b>Documentation Index</h2>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<p>The following documentation covers a variety of topics and <b>supplements
|
|
|
|
|
the <a href="shorewall_quickstart_guide.htm">QuickStart Guides</a>
|
|
|
|
|
described above</b>. Please review the appropriate guide before trying
|
|
|
|
|
to use this documentation directly.</p>
|
2002-11-24 21:12:22 +01:00
|
|
|
|
<ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><a href="Accounting.html">Accounting</a><br>
|
|
|
|
|
</li>
|
|
|
|
|
<li><a href="Shorewall_and_Aliased_Interfaces.html">Aliased (virtual)
|
|
|
|
|
Interfaces (e.g., eth0:0)</a><br>
|
|
|
|
|
</li>
|
|
|
|
|
<li><a href="blacklisting_support.htm">Blacklisting</a>
|
2002-11-09 19:10:22 +01:00
|
|
|
|
<ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li>Static Blacklisting using /etc/shorewall/blacklist</li>
|
2003-10-22 00:22:44 +02:00
|
|
|
|
<li>Dynamic Blacklisting using /sbin/shorewall</li>
|
2002-11-09 19:10:22 +01:00
|
|
|
|
</ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
</li>
|
|
|
|
|
<li><a href="starting_and_stopping_shorewall.htm">Commands</a>
|
2003-10-22 00:22:44 +02:00
|
|
|
|
(Description of all /sbin/shorewall commands)</li>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><a href="configuration_file_basics.htm">Common configuration file
|
2003-10-22 00:22:44 +02:00
|
|
|
|
features</a><EFBFBD></li>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><a href="configuration_file_basics.htm#Comments">Comments in
|
|
|
|
|
configuration files</a></li>
|
|
|
|
|
<li><a href="configuration_file_basics.htm#Continuation">Line
|
|
|
|
|
Continuation</a></li>
|
|
|
|
|
<li><a href="configuration_file_basics.htm#INCLUDE">INCLUDE
|
|
|
|
|
Directive</a></li>
|
|
|
|
|
<li><a href="configuration_file_basics.htm#Ports">Port
|
|
|
|
|
Numbers/Service Names</a></li>
|
|
|
|
|
<li><a href="configuration_file_basics.htm#Ranges">Port Ranges</a></li>
|
|
|
|
|
<li><a href="configuration_file_basics.htm#Variables">Using Shell
|
2003-08-05 20:38:21 +02:00
|
|
|
|
Variables</a></li>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><a href="configuration_file_basics.htm#dnsnames">Using DNS Names</a></li>
|
|
|
|
|
<li><a href="configuration_file_basics.htm#Compliment">Complementing
|
|
|
|
|
an IP address or Subnet</a></li>
|
|
|
|
|
<li><a href="configuration_file_basics.htm#Configs">Shorewall
|
|
|
|
|
Configurations (making a test configuration)</a></li>
|
|
|
|
|
<li><a href="configuration_file_basics.htm#MAC">Using MAC Addresses
|
|
|
|
|
in Shorewall</a> </li>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
</ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><a href="Documentation.htm">Configuration File Reference Manual</a>
|
2002-09-16 19:02:45 +02:00
|
|
|
|
<ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li> <a href="Documentation.htm#Variables">params</a></li>
|
|
|
|
|
<li><font color="#000099"><a href="Documentation.htm#Zones">zones</a></font></li>
|
|
|
|
|
<li><font color="#000099"><a href="Documentation.htm#Interfaces">interfaces</a></font></li>
|
|
|
|
|
<li><font color="#000099"><a href="Documentation.htm#Hosts">hosts</a></font></li>
|
|
|
|
|
<li><font color="#000099"><a href="Documentation.htm#Policy">policy</a></font></li>
|
|
|
|
|
<li><font color="#000099"><a href="Documentation.htm#Rules">rules</a></font></li>
|
|
|
|
|
<li><a href="Documentation.htm#Common">common</a></li>
|
|
|
|
|
<li><font color="#000099"><a href="Documentation.htm#Masq">masq</a></font></li>
|
|
|
|
|
<li><font color="#000099"><a href="Documentation.htm#ProxyArp">proxyarp</a></font></li>
|
|
|
|
|
<li><font color="#000099"><a href="Documentation.htm#NAT">nat</a></font></li>
|
|
|
|
|
<li><font color="#000099"><a href="Documentation.htm#Tunnels">tunnels</a></font></li>
|
|
|
|
|
<li><a href="traffic_shaping.htm#tcrules">tcrules</a></li>
|
|
|
|
|
<li><font color="#000099"><a href="Documentation.htm#Conf">shorewall.conf</a></font></li>
|
|
|
|
|
<li><a href="Documentation.htm#modules">modules</a></li>
|
|
|
|
|
<li><a href="Documentation.htm#TOS">tos</a> </li>
|
|
|
|
|
<li><a href="Documentation.htm#Blacklist">blacklist</a></li>
|
|
|
|
|
<li><a href="Documentation.htm#rfc1918">rfc1918</a></li>
|
|
|
|
|
<li><a href="Documentation.htm#Routestopped">routestopped</a></li>
|
|
|
|
|
<li><a href="Accounting.html">accounting</a></li>
|
|
|
|
|
<li><a href="UserSets.html">usersets and users</a><br>
|
|
|
|
|
</li>
|
2002-09-16 19:02:45 +02:00
|
|
|
|
</ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
</li>
|
|
|
|
|
<li><a href="CorpNetwork.htm">Corporate Network Example</a>
|
|
|
|
|
(Contributed by a Graeme Boyle)<br>
|
|
|
|
|
</li>
|
|
|
|
|
<li><a href="dhcp.htm">DHCP</a></li>
|
|
|
|
|
<li><a href="ECN.html">ECN Disabling by host or subnet</a></li>
|
|
|
|
|
<li><a href="errata.htm">Errata</a><br>
|
|
|
|
|
</li>
|
|
|
|
|
<li><font color="#000099"><a href="shorewall_extension_scripts.htm">Extension
|
|
|
|
|
Scripts</a></font> (How to extend Shorewall without modifying Shorewall
|
2003-10-22 00:22:44 +02:00
|
|
|
|
code through the use of files in /etc/shorewall -- /etc/shorewall/start,
|
|
|
|
|
/etc/shorewall/stopped, etc.)</li>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><a href="fallback.htm">Fallback/Uninstall</a></li>
|
|
|
|
|
<li><a href="FAQ.htm">FAQs</a><br>
|
|
|
|
|
</li>
|
|
|
|
|
<li><a href="shorewall_features.htm">Features</a><br>
|
|
|
|
|
</li>
|
|
|
|
|
<li><a href="FTP.html">FTP and Shorewall</a><br>
|
|
|
|
|
</li>
|
|
|
|
|
<li><a href="support.htm">Getting help or answers to questions</a></li>
|
|
|
|
|
<li>Greater Seattle Linux Users Group Presentation</li>
|
2003-07-22 00:06:18 +02:00
|
|
|
|
<ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><a href="GSLUG.htm">HTML</a></li>
|
|
|
|
|
<li><a href="GSLUG.ppt">PowerPoint</a></li>
|
2003-07-22 00:06:18 +02:00
|
|
|
|
</ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><a href="Install.htm">Installation/Upgrade</a><br>
|
|
|
|
|
</li>
|
|
|
|
|
<li><font color="#000099"><a href="kernel.htm">Kernel Configuration</a></font></li>
|
|
|
|
|
<li><a href="shorewall_logging.html">Logging</a><br>
|
|
|
|
|
</li>
|
|
|
|
|
<li><a href="MAC_Validation.html">MAC Verification</a></li>
|
2003-10-22 00:22:44 +02:00
|
|
|
|
<li><a href="http://lists.shorewall.net">Mailing Lists</a></li>
|
|
|
|
|
<li><a href="NetfilterOverview.html">Netfilter Overview</a><br>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
</li>
|
|
|
|
|
<li><a href="myfiles.htm">My Shorewall Configuration (How I
|
|
|
|
|
personally use Shorewall)</a></li>
|
|
|
|
|
<li><a href="starting_and_stopping_shorewall.htm">Operating Shorewall</a><br>
|
|
|
|
|
</li>
|
|
|
|
|
<li><a href="ping.html">'Ping' Management</a><br>
|
|
|
|
|
</li>
|
|
|
|
|
<li><a href="ports.htm">Port Information</a>
|
2002-09-16 19:02:45 +02:00
|
|
|
|
<ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li>Which applications use which ports</li>
|
|
|
|
|
<li>Ports used by Trojans</li>
|
2002-09-16 19:02:45 +02:00
|
|
|
|
</ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
</li>
|
2003-10-22 00:22:44 +02:00
|
|
|
|
<li><a href="ProxyARP.htm">Proxy ARP</a></li>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><a href="shorewall_prerequisites.htm">Requirements</a><br>
|
|
|
|
|
</li>
|
|
|
|
|
<li><a href="samba.htm">Samba</a></li>
|
|
|
|
|
<li><a href="shorewall_setup_guide.htm">Shorewall Setup Guide</a><br>
|
|
|
|
|
</li>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><a href="shorewall_setup_guide.htm#Introduction">1.0
|
|
|
|
|
Introduction</a></li>
|
|
|
|
|
<li><a href="shorewall_setup_guide.htm#Concepts">2.0 Shorewall
|
|
|
|
|
Concepts</a></li>
|
|
|
|
|
<li><a href="shorewall_setup_guide.htm#Interfaces">3.0 Network
|
|
|
|
|
Interfaces</a></li>
|
|
|
|
|
<li><a href="shorewall_setup_guide.htm#Addressing">4.0 Addressing,
|
|
|
|
|
Subnets and Routing</a>
|
2003-08-05 20:38:21 +02:00
|
|
|
|
<ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><a href="shorewall_setup_guide.htm#Addresses">4.1 IP
|
|
|
|
|
Addresses</a></li>
|
2003-10-22 00:22:44 +02:00
|
|
|
|
<li><a href="shorewall_setup_guide.htm#Subnets">4.2 Subnets</a></li>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><a href="shorewall_setup_guide.htm#Routing">4.3 Routing</a></li>
|
|
|
|
|
<li><a href="shorewall_setup_guide.htm#ARP">4.4 Address
|
|
|
|
|
Resolution Protocol (ARP)</a></li>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
</ul>
|
|
|
|
|
<ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><a href="shorewall_setup_guide.htm#RFC1918">4.5 RFC 1918</a></li>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
</ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
</li>
|
|
|
|
|
<li><a href="shorewall_setup_guide.htm#Options">5.0 Setting up your
|
|
|
|
|
Network</a>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><a href="shorewall_setup_guide.htm#Routed">5.1 Routed</a></li>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
</ul>
|
|
|
|
|
<ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><a href="shorewall_setup_guide.htm#NonRouted">5.2 Non-routed</a>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
<ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><a href="shorewall_setup_guide.htm#SNAT">5.2.1 SNAT</a></li>
|
|
|
|
|
<li><a href="shorewall_setup_guide.htm#DNAT">5.2.2 DNAT</a></li>
|
|
|
|
|
<li><a href="shorewall_setup_guide.htm#ProxyARP">5.2.3
|
|
|
|
|
Proxy ARP</a></li>
|
|
|
|
|
<li><a href="shorewall_setup_guide.htm#NAT">5.2.4 Static NAT</a></li>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
</ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
</li>
|
|
|
|
|
<li><a href="shorewall_setup_guide.htm#Rules">5.3 Rules</a></li>
|
|
|
|
|
<li><a href="shorewall_setup_guide.htm#OddsAndEnds">5.4 Odds
|
|
|
|
|
and Ends</a></li>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
</ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
</li>
|
|
|
|
|
<li><a href="shorewall_setup_guide.htm#DNS">6.0 DNS</a></li>
|
|
|
|
|
<li><a href="shorewall_setup_guide.htm#StartingAndStopping">7.0
|
|
|
|
|
Starting and Stopping the Firewall</a></li>
|
2003-05-18 20:38:34 +02:00
|
|
|
|
</ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><font color="#000099"><a
|
|
|
|
|
href="starting_and_stopping_shorewall.htm">Starting/stopping the
|
|
|
|
|
Firewall</a></font></li>
|
2002-11-24 21:12:22 +01:00
|
|
|
|
<ul>
|
2003-10-22 00:22:44 +02:00
|
|
|
|
<li>Description of all /sbin/shorewall commands</li>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li>How to safely test a Shorewall configuration change<br>
|
|
|
|
|
</li>
|
2002-11-24 21:12:22 +01:00
|
|
|
|
</ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><font color="#000099"><a href="NAT.htm">Static NAT</a></font></li>
|
|
|
|
|
<li><a href="Shorewall_Squid_Usage.html">Squid as a Transparent Proxy
|
|
|
|
|
with Shorewall</a></li>
|
|
|
|
|
<li><a href="Accounting.html">Traffic Accounting</a><br>
|
|
|
|
|
</li>
|
|
|
|
|
<li><a href="traffic_shaping.htm">Traffic Shaping/QOS</a></li>
|
|
|
|
|
<li><a href="troubleshoot.htm">Troubleshooting (Things to try if it
|
|
|
|
|
doesn't work)</a></li>
|
|
|
|
|
<li><a href="UserSets.html">UID/GID Based Rules</a><br>
|
|
|
|
|
</li>
|
|
|
|
|
<li><a href="upgrade_issues.htm">Upgrade Issues</a><br>
|
|
|
|
|
</li>
|
|
|
|
|
<li>VPN
|
2003-07-22 00:06:18 +02:00
|
|
|
|
<ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><a href="IPSEC.htm">IPSEC</a></li>
|
2003-10-22 00:22:44 +02:00
|
|
|
|
<li><a href="IPIP.htm">GRE and IPIP</a></li>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
<li><a href="OPENVPN.html">OpenVPN</a><br>
|
|
|
|
|
</li>
|
|
|
|
|
<li><a href="PPTP.htm">PPTP</a></li>
|
|
|
|
|
<li><a href="6to4.htm">6t04</a><br>
|
|
|
|
|
</li>
|
|
|
|
|
<li><a href="VPN.htm">IPSEC/PPTP</a> from a system behind your
|
|
|
|
|
firewall to a remote network.</li>
|
|
|
|
|
<li><a href="GenericTunnels.html">Other VPN types</a>.<br>
|
|
|
|
|
</li>
|
2002-09-16 19:02:45 +02:00
|
|
|
|
</ul>
|
2003-10-07 00:38:40 +02:00
|
|
|
|
</li>
|
|
|
|
|
<li><a href="whitelisting_under_shorewall.htm">White List Creation</a></li>
|
2002-08-22 23:33:54 +02:00
|
|
|
|
</ul>
|
2003-10-22 00:22:44 +02:00
|
|
|
|
<p>If you use one of these guides and have a suggestion for improvement <a
|
|
|
|
|
href="mailto:webmaster@shorewall.net">please let me know</a>.</p>
|
|
|
|
|
<p><font size="2">Last modified 10/11/2003 - <a href="support.htm">Tom
|
2003-10-07 00:38:40 +02:00
|
|
|
|
Eastep</a></font></p>
|
|
|
|
|
<p><a href="copyright.htm"><font size="2">Copyright 2002, 2003 Thomas
|
|
|
|
|
M. Eastep</font></a><br>
|
|
|
|
|
</p>
|
|
|
|
|
<br>
|
2002-08-22 23:33:54 +02:00
|
|
|
|
</body>
|
2002-09-16 19:02:45 +02:00
|
|
|
|
</html>
|