Shorewall QuickStart Guides (HOWTO's)

With thanks to Richard who reminded me once again that we must all first walk before we can run.
The French Translations of the single-IP guides are courtesy of Patrice Vetsel
The French Translation of the Shorewall Setup Guide is courtesy of Fabien Demassieux.

The Guides

These guides provide step-by-step instructions for configuring Shorewall in common firewall setups.

If you have a single public IP address:

• Standalone Linux System (Version Française)
• Two-interface Linux System acting as a firewall/router for a small local network (Version Française)
• Three-interface Linux System acting as a firewall/router for a small local network and a DMZ. (Version Française)

The above guides are designed to get your first firewall up and running quickly in the three most common Shorewall configurations. If you want to learn more about Shorewall than is explained in the above simple guides,  the Shorewall Setup Guide (See Index Below) is for you.

If you have more than one public IP address:

The Shorewall Setup Guide (See Index Below) outlines the steps necessary to set up a firewall where there are multiple public IP addresses involved or if you want to learn more about Shorewall than is explained in the single-address guides above (Version Française).

Documentation Index

The following documentation covers a variety of topics and supplements the QuickStart Guides described above. Please review the appropriate guide before trying to use this documentation directly.

• Accounting
  
• Aliased (virtual) Interfaces (e.g., eth0:0)
  
• Blacklisting
  • Static Blacklisting using /etc/shorewall/blacklist
  • Dynamic Blacklisting using /sbin/shorewall
• Commands (Description of all /sbin/shorewall commands)
• Common configuration file features 
• Comments in configuration files
• Line Continuation
• INCLUDE Directive
• Port Numbers/Service Names
• Port Ranges
• Using Shell Variables
• Using DNS Names
• Complementing an IP address or Subnet
• Shorewall Configurations (making a test configuration)
• Using MAC Addresses in Shorewall
• Configuration File Reference Manual
  • params
  • zones
  • interfaces
  • hosts
  • policy
  • rules
  • common
  • masq
  • proxyarp
  • nat
  • tunnels
  • tcrules
  • shorewall.conf
  • modules
  • tos
  • blacklist
  • rfc1918
  • routestopped
  • accounting
  • usersets and users
    
• Corporate Network Example (Contributed by a Graeme Boyle)
  
• DHCP
• ECN Disabling by host or subnet
• Errata
  
• Extension Scripts (How to extend Shorewall without modifying Shorewall code through the use of files in /etc/shorewall -- /etc/shorewall/start, /etc/shorewall/stopped, etc.)
• Fallback/Uninstall
• FAQs
  
• Features
  
• Firewall Structure
• FTP and Shorewall
  
• Getting help or answers to questions
• Greater Seattle Linux Users Group Presentation
• HTML
• PowerPoint
• Installation/Upgrade
  
• Kernel Configuration
• Logging
  
• MAC Verification
• Mailing Lists
  
• My Shorewall Configuration (How I personally use Shorewall)
• Operating Shorewall
  
• 'Ping' Management
  
• Port Information
  • Which applications use which ports
  • Ports used by Trojans
• Proxy ARP
• Requirements
  
• Samba
• Shorewall Setup Guide
  
• 1.0 Introduction
• 2.0 Shorewall Concepts
• 3.0 Network Interfaces
• 4.0 Addressing, Subnets and Routing
  • 4.1 IP Addresses
  • 4.2 Subnets
  • 4.3 Routing
  • 4.4 Address Resolution Protocol (ARP)
  • 4.5 RFC 1918
• 5.0 Setting up your Network
  • 5.1 Routed
  • 5.2 Non-routed
    • 5.2.1 SNAT
    • 5.2.2 DNAT
    • 5.2.3 Proxy ARP
    • 5.2.4 Static NAT
  • 5.3 Rules
  • 5.4 Odds and Ends
• 6.0 DNS
• 7.0 Starting and Stopping the Firewall
• Starting/stopping the Firewall
• Description of all /sbin/shorewall commands
• How to safely test a Shorewall configuration change
  
• Static NAT
• Squid as a Transparent Proxy with Shorewall
• Traffic Accounting
  
• Traffic Shaping/QOS
• Troubleshooting (Things to try if it doesn't work)
• UID/GID Based Rules
  
• Upgrade Issues
  
• VPN
  • IPSEC
  • GRE and IPIP
  • OpenVPN
    
  • PPTP
  • 6t04
    
  • IPSEC/PPTP from a system behind your firewall to a remote network.
  • Other VPN types.
    
• White List Creation

If you use one of these guides and have a suggestion for improvement please let me know.

Last modified 9/23/2003 - Tom Eastep

Copyright 2002, 2003 Thomas M. Eastep