forked from extern/shorewall_code
Update Installation and FAQ re Debian
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1831 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
02e89fa699
commit
a4b70a5bc2
@ -17,7 +17,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2004-12-04</pubdate>
|
||||
<pubdate>2004-12-12</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001-2004</year>
|
||||
@ -51,6 +51,16 @@
|
||||
<title>(FAQ 37) I just installed Shorewall on Debian and the
|
||||
/etc/shorewall directory is empty!!!</title>
|
||||
|
||||
<important>
|
||||
<para>Once you have installed the .deb package and before you attempt
|
||||
to configure Shorewall, please heed the advice of Lorenzo Martignoni,
|
||||
the Shorewall Debian Maintainer:</para>
|
||||
|
||||
<para><quote>For more information about Shorewall usage on Debian
|
||||
system please look at /usr/share/doc/shorewall/README.Debian provided
|
||||
by [the] shorewall Debian package.</quote></para>
|
||||
</important>
|
||||
|
||||
<para>If you install using the .deb, you will find that your <filename
|
||||
class="directory">/etc/shorewall</filename> directory is empty. This is
|
||||
intentional. The released configuration file skeletons may be found on
|
||||
@ -371,14 +381,6 @@ DNAT loc loc:192.168.1.5 tcp www - $ETH0
|
||||
traffic through your firewall then:</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>Set the Z->Z policy to ACCEPT.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Masquerade Z to itself.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Set the routeback option on the interface to Z.</para>
|
||||
</listitem>
|
||||
@ -386,12 +388,6 @@ DNAT loc loc:192.168.1.5 tcp www - $ETH0
|
||||
<listitem>
|
||||
<para>Set the ALL INTERFACES column in the nat file to
|
||||
<quote>Yes</quote>.</para>
|
||||
|
||||
<warning>
|
||||
<para>In this configuration, all Z->Z traffic will look to
|
||||
the server as if it came from the firewall rather than from the
|
||||
original client! I DO NOT RECOMMEND THIS SETUP.</para>
|
||||
</warning>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
@ -403,17 +399,7 @@ DNAT loc loc:192.168.1.5 tcp www - $ETH0
|
||||
<para>In <filename>/etc/shorewall/interfaces</filename>:</para>
|
||||
|
||||
<programlisting>#ZONE INTERFACE BROADCAST OPTIONS
|
||||
loc eth2 192.168.2.255 <emphasis role="bold">routeback</emphasis></programlisting>
|
||||
|
||||
<para>In <filename>/etc/shorewall/policy</filename>:</para>
|
||||
|
||||
<programlisting>#SOURCE DESTINATION POLICY LIMIT:BURST
|
||||
dmz dmz ACCEPT</programlisting>
|
||||
|
||||
<para>In <filename>/etc/shorewall/masq</filename>:</para>
|
||||
|
||||
<programlisting>#INTERFACE SUBNET ADDRESS
|
||||
eth2 192.168.2.0/24</programlisting>
|
||||
dmz eth2 192.168.2.255 <emphasis role="bold">routeback</emphasis></programlisting>
|
||||
|
||||
<para>In <filename>/etc/shorewall/na</filename>t, be sure that you
|
||||
have <quote>Yes</quote> in the ALL INTERFACES column.</para>
|
||||
@ -651,6 +637,11 @@ SPT=33120 DPT=5000 LEN=22</programlisting>
|
||||
<programlisting># TYPE ZONE GATEWAY GATEWAY
|
||||
# ZONE
|
||||
generic:udp:5000 net 69.145.71.133</programlisting>
|
||||
|
||||
<caution>
|
||||
<para>You must be running Shorewall 1.4.6 or later to apply this
|
||||
solution.</para>
|
||||
</caution>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
@ -2022,6 +2013,17 @@ Verifying Configuration...
|
||||
<title>Revision History</title>
|
||||
|
||||
<para><revhistory>
|
||||
<revision>
|
||||
<revnumber>1.39</revnumber>
|
||||
|
||||
<date>2004-12-12</date>
|
||||
|
||||
<authorinitials>TE</authorinitials>
|
||||
|
||||
<revremark>Updated Debian information. Revised the answer to FAQ
|
||||
2a.</revremark>
|
||||
</revision>
|
||||
|
||||
<revision>
|
||||
<revnumber>1.38</revnumber>
|
||||
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2004-10-31</pubdate>
|
||||
<pubdate>2004-12-12</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001</year>
|
||||
@ -40,34 +40,21 @@
|
||||
</legalnotice>
|
||||
</articleinfo>
|
||||
|
||||
<warning>
|
||||
<para><emphasis role="bold">Note to Debian Users</emphasis></para>
|
||||
<important>
|
||||
<para>Before attempting installation, I strongly urge you to read and
|
||||
print a copy of the <ulink url="shorewall_quickstart_guide.htm">Shorewall
|
||||
QuickStart</ulink> Guide for the configuration that most closely matches
|
||||
your own.</para>
|
||||
</important>
|
||||
|
||||
<para>If you install using the .deb, you will find that your <filename
|
||||
class="directory">/etc/shorewall</filename> directory is empty. This is
|
||||
intentional. The released configuration file skeletons may be found on
|
||||
your system in the directory <filename
|
||||
class="directory">/usr/share/doc/shorewall/default-config</filename>.
|
||||
Simply copy the files you need from that directory to <filename
|
||||
class="directory">/etc/shorewall</filename> and modify the copies.</para>
|
||||
|
||||
<para>Note that you must copy <filename
|
||||
class="directory">/usr/share/doc/shorewall/default-config/shorewall.conf</filename>
|
||||
and /usr/share/doc/shorewall/default-config/modules to <filename
|
||||
class="directory">/etc/shorewall</filename> even if you do not modify
|
||||
those files.</para>
|
||||
</warning>
|
||||
<important>
|
||||
<para>Before upgrading, be sure to review the <ulink
|
||||
url="upgrade_issues.htm">Upgrade Issues</ulink>.</para>
|
||||
</important>
|
||||
|
||||
<section id="Install_RPM">
|
||||
<title>Install using RPM</title>
|
||||
|
||||
<important>
|
||||
<para>Before attempting installation, I strongly urge you to read and
|
||||
print a copy of the <ulink
|
||||
url="shorewall_quickstart_guide.htm">Shorewall QuickStart</ulink> Guide
|
||||
for the configuration that most closely matches your own.</para>
|
||||
</important>
|
||||
|
||||
<para>To install Shorewall using the RPM:</para>
|
||||
|
||||
<orderedlist>
|
||||
@ -134,13 +121,6 @@
|
||||
<section id="Install_Tarball">
|
||||
<title>Install using tarball</title>
|
||||
|
||||
<important>
|
||||
<para>Before attempting installation, I strongly urge you to read and
|
||||
print a copy of the <ulink
|
||||
url="shorewall_quickstart_guide.htm">Shorewall QuickStart</ulink> Guide
|
||||
for the configuration that most closely matches your own.</para>
|
||||
</important>
|
||||
|
||||
<para>To install Shorewall using the tarball and install script:</para>
|
||||
|
||||
<orderedlist>
|
||||
@ -226,13 +206,6 @@ INIT="rc.firewall"</programlisting>
|
||||
<section id="LRP">
|
||||
<title>Install the .lrp</title>
|
||||
|
||||
<important>
|
||||
<para>Before attempting installation, I strongly urge you to read and
|
||||
print a copy of the <ulink
|
||||
url="shorewall_quickstart_guide.htm">Shorewall QuickStart</ulink> Guide
|
||||
for the configuration that most closely matches your own.</para>
|
||||
</important>
|
||||
|
||||
<para>To install my version of Shorewall on a fresh Bering disk, simply
|
||||
replace the <quote>shorwall.lrp</quote> file on the image with the file
|
||||
that you downloaded. See the <ulink url="two-interface.htm">two-interface
|
||||
@ -240,14 +213,37 @@ INIT="rc.firewall"</programlisting>
|
||||
required.</para>
|
||||
</section>
|
||||
|
||||
<section id="Upgrade_RPM">
|
||||
<title>Upgrade using RPM</title>
|
||||
<section>
|
||||
<title>Install the .deb</title>
|
||||
|
||||
<important>
|
||||
<para>Before upgrading, be sure to review the <ulink
|
||||
url="upgrade_issues.htm">Upgrade Issues</ulink>.</para>
|
||||
<para>Once you have installed the .deb package and before you attempt to
|
||||
configure Shorewall, please heed the advice of Lorenzo Martignoni, the
|
||||
Shorewall Debian Maintainer:</para>
|
||||
|
||||
<para><quote>For more information about Shorewall usage on Debian system
|
||||
please look at /usr/share/doc/shorewall/README.Debian provided by [the]
|
||||
shorewall Debian package.</quote></para>
|
||||
</important>
|
||||
|
||||
<para>The easiest way to install Shorewall on Debian, is to use
|
||||
apt-get:</para>
|
||||
|
||||
<para><command>apt-get install shorewall</command></para>
|
||||
|
||||
<para>To ensure that you are installing the latest version of Shorewall,
|
||||
please modify your <filename>/etc/apt/sources.list</filename> file as
|
||||
described <ulink
|
||||
url="http://idea.sec.dico.unimi.it/%7Elorenzo/index.html#Debian">here</ulink>.</para>
|
||||
|
||||
<para>Once you have completed configuring Shorewall, you can enable
|
||||
startup at boot time by setting startup=1 in
|
||||
<filename>/etc/default/shorewall</filename>.</para>
|
||||
</section>
|
||||
|
||||
<section id="Upgrade_RPM">
|
||||
<title>Upgrade using RPM</title>
|
||||
|
||||
<para>If you already have the Shorewall RPM installed and are upgrading to
|
||||
a new version:</para>
|
||||
|
||||
@ -310,11 +306,6 @@ INIT="rc.firewall"</programlisting>
|
||||
<section id="Upgrade_Tarball">
|
||||
<title>Upgrade using tarball</title>
|
||||
|
||||
<important>
|
||||
<para>Before upgrading, be sure to review the <ulink
|
||||
url="upgrade_issues.htm">Upgrade Issues</ulink>.</para>
|
||||
</important>
|
||||
|
||||
<para>If you already have Shorewall installed and are upgrading to a new
|
||||
version using the tarball:</para>
|
||||
|
||||
@ -393,11 +384,6 @@ INIT="rc.firewall"</programlisting>
|
||||
<section id="LRP_Upgrade">
|
||||
<title>Upgrade the .lrp</title>
|
||||
|
||||
<important>
|
||||
<para>Before upgrading, be sure to review the <ulink
|
||||
url="upgrade_issues.htm">Upgrade Issues</ulink>.</para>
|
||||
</important>
|
||||
|
||||
<para>The following was contributed by Charles Steinkuehler on the Leaf
|
||||
mailing list:</para>
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user