Shorewall Documentation Tom Eastep 2004-09-23 2001-2004 Thomas M. Eastep 2.0.3 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled GNU Free Documentation License. The complete Shorewall Documentation is available for download in both Docbook XML and HTML formats. Are you running Shorewall on Mandrake Linux with a two-interface setup? If so and if you configured your system while running a Mandrake release earlier than 10.0 final then this documentation will not apply directly to your environment. If you want to use the documentation that you find here, you will want to consider uninstalling what you have and installing a configuration that matches this documentation. See the Two-interface QuickStart Guide for details. Introduction to Shorewall QuickStart Guides (HOWTOS) The remainder of the Documentation supplements the QuickStart Guides. Please review the appropriate guide before trying to use this documentation directly. 2.6 Kernel Accounting Aliased (virtual) Interfaces (e.g., eth0:0) Bandwidth Control Blacklisting Static Blacklisting using /etc/shorewall/blacklist Dynamic Blacklisting using /sbin/shorewall Bridge/Firewall Commands (Description of all /sbin/shorewall commands) Common configuration file features  Comments in configuration files Line Continuation INCLUDE Directive Port Numbers/Service Namesconfiguration_file_basics.htm#Ports Port Ranges Using Shell Variables Using DNS Names Complementing an IP address or Subnet Shorewall Configurations (making a test configuration) Using MAC Addresses in Shorewall Configuration File Reference Manual params zones interfaces hosts policy rules masq proxyarp nat tunnels tcrules shorewall.conf modules tos blacklist rfc1918 routestopped accounting usersets and users maclist actions and action.template bogons netmap Corporate Network Example (Contributed by a Graeme Boyle) DHCP ECN Disabling by host or subnet Errata Extension Scripts (How to extend Shorewall without modifying Shorewall code through the use of files in /etc/shorewall -- /etc/shorewall/start, /etc/shorewall/stopped, etc.) Fallback/Uninstall FAQs Features Forwarding Traffic on the Same Interface FTP and Shorewall Getting help or answers to questions Installation/Upgrade IPSEC Kazaa Filtering Kernel Configuration Logging MAC Verification Multiple Zones Through One Interface My Shorewall Configuration (How I personally use Shorewall) Netfilter Overview Network Mapping One-to-one NAT (Static NAT) OpenVPN Operating Shorewall Packet Processing in a Shorewall-based Firewall 'Ping' Management Port Information Which applications use which ports Ports used by Trojans PPTP Proxy ARP Release Model Requirements Routing on One Interface Samba Shorewall Setup Guide Introduction Shorewall Concepts Network Interfaces Addressing, Subnets and Routing IP Addresses Subnets Routing Address Resolution Protocol (ARP) RFC 1918 Setting up your Network Routed Non-routed SNAT DNAT Proxy ARP One-to-one NAT Rules Odds and Ends DNS Starting and Stopping the Firewall SMB Starting/stopping the Firewall Description of all /sbin/shorewall commands How to safely test a Shorewall configuration change Squid with Shorewall Static (one-to-one) NAT Traffic Accounting Traffic Shaping/QOS Troubleshooting (Things to try if it doesn't work) User-defined Actions UID/GID Based Rules Upgrade Issues VPN IPSEC GRE and IPIP OpenVPN PPTP 6to4 IPSEC/PPTP passthrough from a system behind your firewall to a remote network Other VPN types White List Creation