Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 7th June 2007, 04:26
knowram knowram is offline
Member
 
Join Date: Feb 2007
Posts: 33
Thanks: 0
Thanked 1 Time in 1 Post
Default Set Up Ubuntu-Server 6.10 As A Firewall/Gateway

I am trying to follow this how to http://www.howtoforge.com/ubuntu6.10_firewall_gateway but I have only gotten to page 2 when you install webmin then I got this error

Code:
root@LBox:/home/jmunson# dpkg -i webmin_1.350_all.deb
(Reading database ... 29202 files and directories currently installed.)
Preparing to replace webmin 1.330 (using webmin_1.350_all.deb) ...
Unpacking replacement webmin ...
dpkg: dependency problems prevent configuration of webmin:
 webmin depends on libnet-ssleay-perl; however:
  Package libnet-ssleay-perl is not installed.
 webmin depends on openssl; however:
  Package openssl is not installed.
 webmin depends on libauthen-pam-perl; however:
  Package libauthen-pam-perl is not installed.
 webmin depends on libio-pty-perl; however:
  Package libio-pty-perl is not installed.
 webmin depends on libmd5-perl; however:
  Package libmd5-perl is not installed.
dpkg: error processing webmin (--install):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 webmin
I tried just installing the missing packages but that didn't seem to work. Any ideas??

Thanks for the help
Reply With Quote
Sponsored Links
  #2  
Old 7th June 2007, 04:42
knowram knowram is offline
Member
 
Join Date: Feb 2007
Posts: 33
Thanks: 0
Thanked 1 Time in 1 Post
Default

So I was going to fast and missed that the step before that gave me this error
Code:
root@LBox:/home/jmunson# apt-get install libmd5-perl libnet-ssleay-perl libauthen-pam-perl libio-pty-perl shorewall dnsmasq
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Package libmd5-perl is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package libmd5-perl has no installation candidate
Reply With Quote
  #3  
Old 7th June 2007, 17:43
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Can you run
Code:
apt-get update
and try again?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 8th June 2007, 06:19
knowram knowram is offline
Member
 
Join Date: Feb 2007
Posts: 33
Thanks: 0
Thanked 1 Time in 1 Post
Default

okay i got past that part. now I am trying to set up the firewall. at the moment on am only using one interface to connect the linux box to my LAN. I added that interface to the interfaces and gave it the appropriate zone. now when i try to start the fire wall i get this error

Code:
Starting "Shorewall firewall": not done (check /var/log/shorewall-init.log).
and the log file looks like this


Code:
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Clearing Shorewall...Disabling IPV6...
IP Forwarding Enabled
done.
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Starting Shorewall...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
   NAT: Available
   Packet Mangling: Available
   Multi-port Match: Available
   Extended Multi-port Match: Available
   Connection Tracking Match: Available
   Packet Type Match: Available
   Policy Match: Available
   Physdev Match: Available
   IP range Match: Available
   Recent Match: Available
   Owner Match: Available
   Ipset Match: Not available
   CONNMARK Target: Not available
   Connmark Match: Available
   Raw Table: Available
   CLASSIFY Target: Available
   FORWARD Mangle Chain: Not available
Determining Zones...
   IPv4 Zones: net loc
   Firewall Zone: fw
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
   net Zone: eth4:0.0.0.0/0 eth0:0.0.0.0/0
   WARNING: Zone loc is empty
Pre-processing Actions...
   Pre-processing /usr/share/shorewall/action.Drop...
   ..Expanding Macro /usr/share/shorewall/macro.Auth...
   ..End Macro
   ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
   ..End Macro
   ..Expanding Macro /usr/share/shorewall/macro.SMB...
   ..End Macro
   ..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
   ..End Macro
   ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
   ..End Macro
   Pre-processing /usr/share/shorewall/action.Reject...
   Pre-processing /usr/share/shorewall/action.Limit...
Deleting user chains...
Processing /etc/shorewall/routestopped ...
Creating Interface Chains...
Configuring Proxy ARP
Setting up NAT...
Setting up NETMAP...
Adding Common Rules
Adding Anti-smurf Rules
Adding rules for DHCP
Enabling RFC1918 Filtering
Setting up TCP Flags checking...
Setting up Kernel Route Filtering...
   WARNING: Cannot set route filtering on eth0
Setting up Martian Logging...
   WARNING: Cannot set Martian logging on eth0
IP Forwarding Enabled
Setting up IPSEC...
Processing /etc/shorewall/rules...
   Warning -- Rule "ACCEPT net fw all     " is a POLICY
               -- and should be moved to the policy file
   Rule "ACCEPT net fw all     " added.
..Expanding Macro /usr/share/shorewall/macro.DNS...
   Rule "ACCEPT fw net udp 53 - - - -" added.
   Rule "ACCEPT fw net tcp 53 - - - -" added.
..End Macro
..Expanding Macro /usr/share/shorewall/macro.SSH...
   Rule "ACCEPT loc fw tcp 22 - - - -" added.
..End Macro
..Expanding Macro /usr/share/shorewall/macro.Ping...
   Rule "ACCEPT loc fw icmp 8 - - - -" added.
..End Macro
..Expanding Macro /usr/share/shorewall/macro.Ping...
   Rule "REJECT net fw icmp 8 - - - -" added.
..End Macro
   Rule "ACCEPT fw loc icmp     " added.
   Rule "ACCEPT fw net icmp     " added.
Processing Actions...
   Generating Transitive Closure of Used-action List...
Processing /usr/share/shorewall/action.Drop for Chain Drop...
..Expanding Macro /usr/share/shorewall/macro.Auth...
   Rule "REJECT - - tcp 113 -  -" added.
..End Macro
   Rule "dropBcast       " added.
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
   Rule "ACCEPT - - icmp fragmentation-needed -  -" added.
   Rule "ACCEPT - - icmp time-exceeded -  -" added.
..End Macro
   Rule "dropInvalid       " added.
..Expanding Macro /usr/share/shorewall/macro.SMB...
   Rule "DROP - - udp 135,445 -  -" added.
   Rule "DROP - - udp 137:139 -  -" added.
   Rule "DROP - - udp 1024: 137  -" added.
   Rule "DROP - - tcp 135,139,445 -  -" added.
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
   Rule "DROP - - udp 1900 -  -" added.
..End Macro
   Rule "dropNotSyn - - tcp    " added.
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
   Rule "DROP - - udp - 53  -" added.
..End Macro
Processing /usr/share/shorewall/action.Reject for Chain Reject...
..Expanding Macro /usr/share/shorewall/macro.Auth...
   Rule "REJECT - - tcp 113 -  -" added.
..End Macro
   Rule "dropBcast       " added.
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
   Rule "ACCEPT - - icmp fragmentation-needed -  -" added.
   Rule "ACCEPT - - icmp time-exceeded -  -" added.
..End Macro
   Rule "dropInvalid       " added.
..Expanding Macro /usr/share/shorewall/macro.SMB...
   Rule "REJECT - - udp 135,445 -  -" added.
   Rule "REJECT - - udp 137:139 -  -" added.
   Rule "REJECT - - udp 1024: 137  -" added.
   Rule "REJECT - - tcp 135,139,445 -  -" added.
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
   Rule "DROP - - udp 1900 -  -" added.
..End Macro
   Rule "dropNotSyn - - tcp    " added.
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
   Rule "DROP - - udp - 53  -" added.
..End Macro
Processing /etc/shorewall/policy...
   Policy ACCEPT for fw to net using chain fw2net
   Policy ACCEPT for fw to loc using chain fw2loc
   Policy DROP for net to fw using chain net2fw
   Policy DROP for net to loc using chain net2loc
   Policy ACCEPT for loc to fw using chain loc2fw
   Policy ACCEPT for loc to net using chain loc2net
Masqueraded Networks and Hosts:
   ERROR: Unable to determine the routes through interface "eth1"
Disabling IPV6...
IP Forwarding Enabled
Terminated
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Clearing Shorewall...Disabling IPV6...
IP Forwarding Enabled
done.
If I try to access webmin after doing that i can't i have to stop the firewall
Not sure what i am looking for. Or what to do next.

Thanks for the help
Reply With Quote
  #5  
Old 9th June 2007, 12:08
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Have you stopped all other firewalls before starting this one? If so, what's the output of
Code:
iptables -L
now?

For webmin, you must open port 10000 in the firewall.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 11th June 2007, 00:52
knowram knowram is offline
Member
 
Join Date: Feb 2007
Posts: 33
Thanks: 0
Thanked 1 Time in 1 Post
Default

I don't have any other firewalls on my system that i know of unless there is a default that comes with ubuntu server.

The output of iptables -L is

Code:
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             anywhere            udp dpts:bootps:bootpc 
ACCEPT     udp  --  anywhere             anywhere            udp dpts:bootps:bootpc 

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             anywhere            udp dpts:bootps:bootpc 
ACCEPT     udp  --  anywhere             anywhere            udp dpts:bootps:bootpc 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere
The other thing i don't understand is what's the difference between /etc/shorewall/policy and the firewall section in webmin?

Thanks for the help
Reply With Quote
  #7  
Old 11th June 2007, 15:42
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Can you switch off Shorewall and reboot the system? What's the output of
Code:
iptables -L
then?

I'm not sure, but I think that webmin lets you configure Shorewall.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 12th June 2007, 02:06
knowram knowram is offline
Member
 
Join Date: Feb 2007
Posts: 33
Thanks: 0
Thanked 1 Time in 1 Post
Default

ok here is what it looks like with it off

Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Reply With Quote
  #9  
Old 12th June 2007, 15:04
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Ok, then there's no other firewall...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 12th June 2007, 15:13
knowram knowram is offline
Member
 
Join Date: Feb 2007
Posts: 33
Thanks: 0
Thanked 1 Time in 1 Post
 
Default

right i am only using the shorewall firewall. the question is how do i configure it so that it works properly? it looks to me like the shorewall/policy and what you do in webmin are two separated things. do you need both? is the /policy where you tell it witch interfaces to use the firewall on and then webmin is where you set up the firewall its self allowing certain ports to certain destinations etc..?

Any ideas?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Set Up Ubuntu-Server 6.10 As A Firewall/Gateway For Your Small Business Environment gg234 HOWTO-Related Questions 2 9th January 2007 13:15
MySql on Ubuntu 6.06 LTS Server Bubo Server Operation 7 5th January 2007 17:23
Recovering a server. (Ubuntu) eldaria Installation/Configuration 9 1st November 2006 18:08
newbie ububtu 6.0.6 error PHP binary line 816 davidsky73 Installation/Configuration 8 17th September 2006 12:51
Administrator receive empty mail ??? Stanev General 16 7th April 2006 21:56


All times are GMT +2. The time now is 22:57.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.