Set Up Ubuntu-Server 6.10 As A Firewall/Gateway For Your Small Business Environment - Page 2

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Submitted by tycho (Contact Author) (Forums) on Sat, 2006-11-18 22:01. ::

Now do:

apt-get install libmd5-perl libnet-ssleay-perl libauthen-pam-perl libio-pty-perl shorewall dnsmasq

wget http://surfnet.dl.sourceforge.net/sourceforge/webadmin/webmin_1.330_all.deb

"surfnet" is the dutch server. Change that to "heanet"(for Ireland), "belnet"(for Belgium), "mesh" (for Germany) and so on.

dpkg -i webmin_1.330_all.deb

cp /usr/share/doc/shorewall/examples/two-interfaces/* /etc/shorewall/

cd /etc/shorewall

gunzip interfaces.gz masq.gz rules.gz policy.gz

Now open your browser and login to webmin at https://192.168.1.1:10000 as root with your root password and, using webmin's shorewall module, change the policy's and rules of your firewall as needed (for now, I only set the policy file to the example as shown, you may copy and paste my policy file for starters, if you don't like webmin).

Also set in /etc/shorewall.conf  the line "IP_FORWARDING=Keep"  to  "IP_FORWARDING=On" (without quotes) and enable the firewall in /etc/default/shorewall.

My /etc/shorewall/policy  now looks like this:

###############################################################################
#SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST
#
# Note about policies and logging:
#	This file contains an explicit policy for every combination of
#	zones defined in this sample.  This is solely for the purpose of
#	providing more specific messages in the logs.  This is not
#	necessary for correct operation of the firewall, but greatly
#	assists in diagnosing problems.
#
#
# Policies for traffic originating from the local LAN (loc)
#
# If you want to force clients to access the Internet via a proxy server
# on your firewall, change the loc to net policy to REJECT info.
loc		net		ACCEPT
loc	$FW	ACCEPT
loc		all		REJECT		info
#
# Policies for traffic originating from the firewall ($FW)
#
# If you want open access to the Internet from your firewall, change the
# $FW to net policy to ACCEPT and remove the 'info' LOG LEVEL.
# This may be useful if you run a proxy server on the firewall.
$FW	net	ACCEPT
$FW	loc	ACCEPT
$FW		all		REJECT		info
#
# Policies for traffic originating from the Internet zone (net)
#
net		$FW		DROP		info
net		loc		DROP		info
net		all		DROP		info
# THE FOLLOWING POLICY MUST BE LAST
all		all		REJECT		info
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

Next do:

/etc/init.d/shorewall start

You should be able now to surf the net.

DO NOT PROCEED UNTILL YOU SUCCEED IN SURFING THE NET.  SINCE THIS IS YOUR FRAMEWORK. IT HAS TO BE OK.

up

Copyright © 2006 Tycho Lursen
All Rights Reserved.
add comment | view as pdf view as pdf | print: this | all page(s) |
Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Sponsored Links: Unified Communications: Thoughts, Strategies and Predictions
Join the discussion.
www.seamlessenterprise.com

IP Convergence
Integrate your wireless and wireline networks.
Learn how from the experts at Sprint.
www.seamlessenterprise.com

Wireless & Wireline Integration
Thoughts, strategies and solutions: join the discussion
www.seamlessenterprise.com

Unified Communications 2009
Join the Discussion. Now.
www.seamlessenterprise.com

Red Hat Virtual Experience - a free virtual event. Dec. 9th