From a4b70a5bc2cf82e104cdabbdfd8a517449e73b16 Mon Sep 17 00:00:00 2001 From: teastep Date: Sat, 18 Dec 2004 17:08:10 +0000 Subject: [PATCH] Update Installation and FAQ re Debian git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1831 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs2/FAQ.xml | 54 +++++++++++----------- Shorewall-docs2/Install.xml | 90 ++++++++++++++++--------------------- 2 files changed, 66 insertions(+), 78 deletions(-) diff --git a/Shorewall-docs2/FAQ.xml b/Shorewall-docs2/FAQ.xml index dcce0b603..6cbdd66a4 100644 --- a/Shorewall-docs2/FAQ.xml +++ b/Shorewall-docs2/FAQ.xml @@ -17,7 +17,7 @@ - 2004-12-04 + 2004-12-12 2001-2004 @@ -51,6 +51,16 @@ (FAQ 37) I just installed Shorewall on Debian and the /etc/shorewall directory is empty!!! + + Once you have installed the .deb package and before you attempt + to configure Shorewall, please heed the advice of Lorenzo Martignoni, + the Shorewall Debian Maintainer: + + For more information about Shorewall usage on Debian + system please look at /usr/share/doc/shorewall/README.Debian provided + by [the] shorewall Debian package. + + If you install using the .deb, you will find that your /etc/shorewall directory is empty. This is intentional. The released configuration file skeletons may be found on @@ -371,14 +381,6 @@ DNAT loc loc:192.168.1.5 tcp www - $ETH0 traffic through your firewall then: - - Set the Z->Z policy to ACCEPT. - - - - Masquerade Z to itself. - - Set the routeback option on the interface to Z. @@ -386,12 +388,6 @@ DNAT loc loc:192.168.1.5 tcp www - $ETH0 Set the ALL INTERFACES column in the nat file to Yes. - - - In this configuration, all Z->Z traffic will look to - the server as if it came from the firewall rather than from the - original client! I DO NOT RECOMMEND THIS SETUP. - @@ -403,17 +399,7 @@ DNAT loc loc:192.168.1.5 tcp www - $ETH0 In /etc/shorewall/interfaces: #ZONE INTERFACE BROADCAST OPTIONS -loc eth2 192.168.2.255 routeback - - In /etc/shorewall/policy: - - #SOURCE DESTINATION POLICY LIMIT:BURST -dmz dmz ACCEPT - - In /etc/shorewall/masq: - - #INTERFACE SUBNET ADDRESS -eth2 192.168.2.0/24 +dmz eth2 192.168.2.255 routeback In /etc/shorewall/nat, be sure that you have Yes in the ALL INTERFACES column. @@ -651,6 +637,11 @@ SPT=33120 DPT=5000 LEN=22 # TYPE ZONE GATEWAY GATEWAY # ZONE generic:udp:5000 net 69.145.71.133 + + + You must be running Shorewall 1.4.6 or later to apply this + solution. + @@ -2022,6 +2013,17 @@ Verifying Configuration... Revision History + + 1.39 + + 2004-12-12 + + TE + + Updated Debian information. Revised the answer to FAQ + 2a. + + 1.38 diff --git a/Shorewall-docs2/Install.xml b/Shorewall-docs2/Install.xml index 969aca3d7..5dbc70f80 100644 --- a/Shorewall-docs2/Install.xml +++ b/Shorewall-docs2/Install.xml @@ -15,7 +15,7 @@ - 2004-10-31 + 2004-12-12 2001 @@ -40,34 +40,21 @@ - - Note to Debian Users + + Before attempting installation, I strongly urge you to read and + print a copy of the Shorewall + QuickStart Guide for the configuration that most closely matches + your own. + - If you install using the .deb, you will find that your /etc/shorewall directory is empty. This is - intentional. The released configuration file skeletons may be found on - your system in the directory /usr/share/doc/shorewall/default-config. - Simply copy the files you need from that directory to /etc/shorewall and modify the copies. - - Note that you must copy /usr/share/doc/shorewall/default-config/shorewall.conf - and /usr/share/doc/shorewall/default-config/modules to /etc/shorewall even if you do not modify - those files. - + + Before upgrading, be sure to review the Upgrade Issues. +
Install using RPM - - Before attempting installation, I strongly urge you to read and - print a copy of the Shorewall QuickStart Guide - for the configuration that most closely matches your own. - - To install Shorewall using the RPM: @@ -134,13 +121,6 @@
Install using tarball - - Before attempting installation, I strongly urge you to read and - print a copy of the Shorewall QuickStart Guide - for the configuration that most closely matches your own. - - To install Shorewall using the tarball and install script: @@ -226,13 +206,6 @@ INIT="rc.firewall"
Install the .lrp - - Before attempting installation, I strongly urge you to read and - print a copy of the Shorewall QuickStart Guide - for the configuration that most closely matches your own. - - To install my version of Shorewall on a fresh Bering disk, simply replace the shorwall.lrp file on the image with the file that you downloaded. See the two-interface @@ -240,14 +213,37 @@ INIT="rc.firewall" required.
-
- Upgrade using RPM +
+ Install the .deb - Before upgrading, be sure to review the Upgrade Issues. + Once you have installed the .deb package and before you attempt to + configure Shorewall, please heed the advice of Lorenzo Martignoni, the + Shorewall Debian Maintainer: + + For more information about Shorewall usage on Debian system + please look at /usr/share/doc/shorewall/README.Debian provided by [the] + shorewall Debian package. + The easiest way to install Shorewall on Debian, is to use + apt-get: + + apt-get install shorewall + + To ensure that you are installing the latest version of Shorewall, + please modify your /etc/apt/sources.list file as + described here. + + Once you have completed configuring Shorewall, you can enable + startup at boot time by setting startup=1 in + /etc/default/shorewall. +
+ +
+ Upgrade using RPM + If you already have the Shorewall RPM installed and are upgrading to a new version: @@ -310,11 +306,6 @@ INIT="rc.firewall"
Upgrade using tarball - - Before upgrading, be sure to review the Upgrade Issues. - - If you already have Shorewall installed and are upgrading to a new version using the tarball: @@ -393,11 +384,6 @@ INIT="rc.firewall"
Upgrade the .lrp - - Before upgrading, be sure to review the Upgrade Issues. - - The following was contributed by Charles Steinkuehler on the Leaf mailing list: