forked from extern/shorewall_code
48719a6621
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@182 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
165 lines
20 KiB
HTML
165 lines
20 KiB
HTML
<html>
|
||
|
||
<head>
|
||
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
|
||
<title>Shorewall Installation</title>
|
||
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
|
||
<meta name="ProgId" content="FrontPage.Editor.Document">
|
||
<meta name="Microsoft Theme" content="radial 011">
|
||
</head>
|
||
|
||
<body background="_themes/radial/radbkgnd.gif" bgcolor="#FFFFFF" text="#000000" link="#6666FF" vlink="#993333" alink="#66CCCC"><!--mstheme--><font face="arial, Arial, Helvetica"><h1 align="center"><!--mstheme--><font face="times new roman, Times New Roman, Times" color="#666666">Shorewall Installation<!--mstheme--></font></h1>
|
||
|
||
<p><font size="4"><b><a href="#Install_RPM">Install using RPM</a><br>
|
||
<a href="#Install_Tarball">Install
|
||
using tarball</a><br>
|
||
<a href="#Upgrade_RPM">Upgrade using RPM</a><br>
|
||
<a href="#Upgrade_Tarball">Upgrade
|
||
using tarball</a><br>
|
||
<a href="#Config_Files">Configuring Shorewall</a><br>
|
||
<a href="fallback.htm">Uninstall/Fallback</a></b></font></p>
|
||
<p><a name="Install_RPM"></a>To install Shorewall using the RPM:</p>
|
||
<p><b>If you have RedHat 7.2 and are running iptables version 1.2.3 (at a shell
|
||
prompt, type "/sbin/iptables --version"), you must upgrade to version 1.2.4
|
||
either from the
|
||
<a href="http://www.redhat.com/support/errata/RHSA-2001-144.html">RedHat update
|
||
site</a> or from the <a href="errata.htm">Shorewall Errata page</a> before
|
||
attempting to start Shorewall.</b></p>
|
||
<!--mstheme--></font><!--msthemelist--><table border="0" cellpadding="0" cellspacing="0" width="100%">
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">Install the RPM (rpm -ivh <shorewall rpm>).<br>
|
||
<br>
|
||
<b>Note: </b>Some SuSE users have encountered a problem whereby rpm reports a
|
||
conflict with kernel <= 2.2 even though a 2.4 kernel is installed. If this
|
||
happens, simply use the --nodeps option to rpm (rpm -ivh --nodeps <shorewall
|
||
rpm>).<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">Edit the <a href="#Config_Files"> configuration files</a> to match your configuration. <font color="#FF0000"><b>WARNING - YOU CAN <u>NOT</u> SIMPLY INSTALL THE RPM
|
||
AND ISSUE A "shorewall start" COMMAND. SOME CONFIGURATION IS REQUIRED BEFORE THE
|
||
FIREWALL WILL START. IF YOU ISSUE A "start" COMMAND AND THE FIREWALL FAILS TO
|
||
START, YOUR SYSTEM WILL NO LONGER ACCEPT ANY NETWORK TRAFFIC. IF THIS HAPPENS,
|
||
ISSUE A "shorewall clear" COMMAND TO RESTORE NETWORK CONNECTIVITY.</b></font><!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">Start the firewall by typing "shorewall start"<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--></table><!--mstheme--><font face="arial, Arial, Helvetica">
|
||
<p><a name="Install_Tarball"></a>To
|
||
install Shorewall using the tarball and install
|
||
script: </p>
|
||
<!--mstheme--></font><!--msthemelist--><table border="0" cellpadding="0" cellspacing="0" width="100%">
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">unpack the tarball<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">cd to the shorewall directory (the version is encoded in the
|
||
directory name as in "shorewall-1.1.10").<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">If you are using <a
|
||
href="http://www.caldera.com/openstore/openlinux/">Caldera</a>, <a href="http://www.redhat.com">RedHat</a>,
|
||
<a href="http://www.linux-mandrake.com">Mandrake</a>, <a href="http://www.corel.com">Corel</a>,
|
||
<a href="http://www.slackware.com/">Slackware</a> or
|
||
<a href="http://www.debian.org">Debian</a>
|
||
then type "./install.sh"<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">If you are using <a href="http://www.suse.com">SuSe</a> then type
|
||
"./install.sh /etc/init.d"<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">If your distribution has directory
|
||
/etc/rc.d/init.d or /etc/init.d then type
|
||
"./install.sh"<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">For other distributions, determine where your
|
||
distribution installs init scripts and type
|
||
"./install.sh <init script directory><!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">Edit the <a href="#Config_Files"> configuration files</a> to match your configuration.<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">Start the firewall by typing "shorewall
|
||
start"<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">If the install script was unable to configure Shorewall to be started automatically at boot,
|
||
see <a href="Documentation.htm#Starting">these
|
||
instructions</a>.<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--></table><!--mstheme--><font face="arial, Arial, Helvetica">
|
||
<p><a name="Upgrade_RPM"></a>If you already have the Shorewall RPM installed and are upgrading to a new
|
||
version:</p>
|
||
<p>If you are upgrading from a 1.2 version of Shorewall to a 1.3 version and you
|
||
have entries in the /etc/shorewall/hosts file then please check your
|
||
/etc/shorewall/interfaces file to be sure that it contains an entry for each
|
||
interface mentioned in the hosts file. Also, there are certain 1.2 rule forms
|
||
that are no longer supported under 1.3 (you must use the new 1.3 syntax). See
|
||
<a href="errata.htm">the errata </a>for details. You can check your rules and
|
||
host file for 1.3 compatibility using the "shorewall check" command after
|
||
installing the latest version of 1.3.</p>
|
||
<!--mstheme--></font><!--msthemelist--><table border="0" cellpadding="0" cellspacing="0" width="100%">
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">Upgrade the RPM (rpm -Uvh <shorewall rpm file>) <b>Note: </b>If you
|
||
are installing version 1.2.0 and have one of the 1.2.0 Beta RPMs installed,
|
||
you must use the "--oldpackage" option to rpm (e.g., "rpm
|
||
-Uvh --oldpackage shorewall-1.2-0.noarch.rpm").
|
||
<p>
|
||
<b>Note: </b>Some SuSE users have encountered a problem whereby rpm reports a
|
||
conflict with kernel <= 2.2 even though a 2.4 kernel is installed. If this
|
||
happens, simply use the --nodeps option to rpm (rpm -Uvh --nodeps <shorewall
|
||
rpm>).<br>
|
||
<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">See if there are any incompatibilities between your configuration and the
|
||
new Shorewall version (type "shorewall check") and correct as necessary.<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">Restart the firewall (shorewall restart).<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--></table><!--mstheme--><font face="arial, Arial, Helvetica">
|
||
<p><a name="Upgrade_Tarball"></a>If you already have Shorewall installed and are upgrading to a new version
|
||
using the tarball:</p>
|
||
<p>If you are upgrading from a 1.2 version of Shorewall to a 1.3 version and you
|
||
have entries in the /etc/shorewall/hosts file then please check your
|
||
/etc/shorewall/interfaces file to be sure that it contains an entry for each
|
||
interface mentioned in the hosts file. Also, there are certain 1.2 rule
|
||
forms that are no longer supported under 1.3 (you must use the new 1.3 syntax).
|
||
See <a href="errata.htm">the errata </a>for details. You can check your rules
|
||
and host file for 1.3 compatibility using the "shorewall check" command after
|
||
installing the latest version of 1.3.</p>
|
||
<!--mstheme--></font><!--msthemelist--><table border="0" cellpadding="0" cellspacing="0" width="100%">
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">unpack the tarball<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">cd to the shorewall directory (the version is encoded in the
|
||
directory name as in "shorewall-3.0.1").<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">If you are using <a
|
||
href="http://www.caldera.com/openstore/openlinux/">Caldera</a>, <a href="http://www.redhat.com">RedHat</a>,
|
||
<a href="http://www.linux-mandrake.com">Mandrake</a>, <a href="http://www.corel.com">Corel</a>,
|
||
<a href="http://www.slackware.com/">Slackware</a> or
|
||
<a href="http://www.debian.org">Debian</a>
|
||
then type "./install.sh"<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">If you are using<a href="http://www.suse.com"> SuSe</a> then type
|
||
"./install.sh /etc/init.d"<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">If your distribution has directory
|
||
/etc/rc.d/init.d or /etc/init.d then type
|
||
"./install.sh"<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">For other distributions, determine where your
|
||
distribution installs init scripts and type
|
||
"./install.sh <init script directory><!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">See if there are any incompatibilities between your configuration and the
|
||
new Shorewall version (type "shorewall check") and correct as necessary.<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">Restart the firewall by typing "shorewall restart"<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--></table><!--mstheme--><font face="arial, Arial, Helvetica">
|
||
<h3><!--mstheme--><font face="times new roman, Times New Roman, Times" color="#666666"><a name="Config_Files"></a>Configuring Shorewall<!--mstheme--></font></h3>
|
||
<p>You will need to edit some or all of these configuration files to match your
|
||
setup. In most cases, the <a href="shorewall_quickstart_guide.htm">Shorewall
|
||
QuickStart Guides</a> contain all of the information you need.</p>
|
||
<!--mstheme--></font><!--msthemelist--><table border="0" cellpadding="0" cellspacing="0" width="100%">
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">/etc/shorewall/shorewall.conf - used to set several firewall
|
||
parameters.<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">/etc/shorewall/params - use this file to set shell variables that you will
|
||
expand in other files.<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">/etc/shorewall/zones - partition the firewall's view of the world
|
||
into <i>zones.</i><!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">/etc/shorewall/policy - establishes firewall high-level policy.<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">/etc/shorewall/interfaces - describes the interfaces on the
|
||
firewall system.<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">/etc/shorewall/hosts - allows defining zones in terms of individual
|
||
hosts and subnetworks.<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">/etc/shorewall/masq - directs the firewall where to use many-to-one
|
||
(dynamic) NAT a.k.a. Masquerading.<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">/etc/shorewall/modules - directs the firewall to load kernel modules.<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">/etc/shorewall/rules - defines rules that are exceptions to the
|
||
overall policies established in /etc/shorewall/policy.<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">/etc/shorewall/nat - defines static NAT rules.<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">/etc/shorewall/proxyarp - defines use of Proxy ARP.<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">/etc/shorewall/routestopped (Shorewall 1.3.4 and later) - defines hosts
|
||
accessible when Shorewall is stopped.<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">/etc/shorewall/tcrules - defines marking of packets for later use by
|
||
traffic control/shaping.<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">/etc/shorewall/tos - defines rules for setting the TOS field in packet
|
||
headers.<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">/etc/shorewall/tunnels - defines IPSEC tunnels with end-points on
|
||
the firewall system.<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--><tr><td valign="baseline" width="42"><img src="_themes/radial/aradbul1.gif" width="15" height="15" hspace="13" alt="bullet"></td><td valign="top" width="100%"><!--mstheme--><font face="arial, Arial, Helvetica">/etc/shorewall/blacklist - lists blacklisted IP/subnet/MAC addresses.<!--mstheme--></font><!--msthemelist--></td></tr>
|
||
<!--msthemelist--></table><!--mstheme--><font face="arial, Arial, Helvetica">
|
||
<p><font size="2">Updated 7/31/2002 - <a href="support.htm">Tom
|
||
Eastep</a> </font></p>
|
||
<p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font>
|
||
<EFBFBD> <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></p>
|
||
|
||
<!--mstheme--></font></body></html> |