Set Up Ubuntu-Server 6.06 LTS As A Firewall/Gateway For Your Small Business Environment - Page 4

Next edit /etc/courier/imapd-ssl and change the following:


Now do the same with your /etc/courier/pop3d-ssl.

Now edit /etc/apache2/sites-available/default. The top has to be changed so that it reads:

NameVirtualHost *:80
<VirtualHost *:80>

Edit /etc/apache2/sites-available/https as well, the top of the file should read:

NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
Edit /etc/squirrelmail/apache.conf It should look like this:
Alias /webmail /usr/share/squirrelmail

<Directory /usr/share/squirrelmail>
php_flag register_globals off
Options Indexes FollowSymLinks
<IfModule mod_dir.c>
DirectoryIndex index.php

# access to configtest is limited by default to prevent information leak
<Files configtest.php>
order deny,allow
deny from all
allow from
# users will prefer a simple URL like
# DocumentRoot /usr/share/squirrelmail
# ServerName
# redirect to https when available (thanks
# Note: There are multiple ways to do this, and which one is suitable for
# your site's configuration depends. Consult the apache documentation if
# you're unsure, as this example might not work everywhere.
<IfModule mod_rewrite.c>
<IfModule mod_ssl.c>
<Location /webmail>
RewriteEngine on
RewriteCond %{HTTPS} !^on$ [NC]
RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [L]

Now make sure that the DirectoryIndex line in /etc/apache2/apache2.conf reads:

DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.xhtml

Edit /etc/apache2/ports.conf and add Listen 443:

Listen 80
Listen 443
Share this page:

2 Comment(s)

Add comment


From: at: 2006-12-17 23:46:26

a lot of lines in policy file.. i'm using simpler version.. is this any less secure??

$FW    all    ACCEPT
loc    all    ACCEPT
all    all    DROP    info


From: at: 2007-06-06 13:18:17

This work is very helpful, but for novice it can be added (Page 8, before words

"To complete this step, do:

/etc/init.d/shorewall restart")

because if I establish VPN connection then I get new zone. I added:

To add in file /etc/shorewall/policy before the last line:

##### Added for support VPN connections

vpn loc ACCEPT


loc vpn ACCEPT


To add in file /etc/shorewall/zones before the las line:

vpn ipv4

To add in file /etc/shorewall/interfaces before the last line:

vpn ppp0

It was necessary to my system to allow VPN connections from Internet.

Sorry for dump question, but why in /etc/shorewall/rules exists a line

DNAT   net   fw: 47

I can't find the protocol 47 anywhere

Sincerely yours, buhcia2006 dog yandex dot ru