Tom Eastep 2003/12/24 2003 Thomas M. Eastep Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled GNU Free Documentation License.

Setting up a Linux system as a firewall for a small network is a fairly straight-forward task if you understand the basics and follow the documentation. This guide doesn't attempt to acquaint you with all of the features of Shorewall. It rather focuses on what is required to configure Shorewall in its most common configuration: Linux system used as a firewall/router for a small local network. Single public IP address. If you have more than one public IP address, this is not the guide you want -- see the Shorewall Setup Guide instead. Internet connection through cable modem, DSL, ISDN, Frame Relay, dial-up ... Here is a schematic of a typical installation:

If you are running Shorewall under Mandrake 9.0 or later, you can easily configure the above setup using the Mandrake Internet Connection Sharing applet. From the Mandrake Control Center, select Network & Internet then Connection Sharing. Note however, that the Shorewall configuration produced by Mandrake Internet Connection Sharing is strange and is apt to confuse you if you use the rest of this documentation (it has two local zones; loc and masq where loc is empty; this conflicts with this documentation which assumes a single local zone loc). We therefore recommend that once you have set up this sharing that you uninstall the Mandrake Shorewall RPM and install the one from the download page then follow the instructions in this Guide. Shorewall requires that you have the iproute/iproute2 package installed (on RedHat, the package is called iproute). You can tell if this package is installed by the presence of an ip program on your firewall system. As root, you can use the which command to check for this program: [root@gateway root]# which ip /sbin/ip [root@gateway root]# I recommend that you first read through the guide to familiarize yourself with what's involved then go back through it again making your configuration changes. If you edit your configuration files on a Windows system, you must save them as Unix files if your editor supports that option or you must run them through dos2unix before trying to use them. Similarly, if you copy a configuration file from your Windows hard drive to a floppy disk, you must run dos2unix against the copy before using it with Shorewall. Windows Version of dos2unix Linux Version of dos2unix

If you have an ADSL Modem and you use PPTP to communicate with a server in that modem, you must make the changes recommended here in addition to those detailed below. ADSL with PPTP is most commonly found in Europe, notably in Austria.