Set Up Ubuntu-Server 6.06 LTS As A Firewall/Gateway For Your Small Business Environment - Page 4

Next edit /etc/courier/imapd-ssl and change the following:

TLS_CERTFILE=/etc/apache2/ssl/apache.pem

Now do the same with your /etc/courier/pop3d-ssl.

Now edit /etc/apache2/sites-available/default. The top has to be changed so that it reads:

NameVirtualHost *:80
<VirtualHost *:80>

Edit /etc/apache2/sites-available/https as well, the top of the file should read:

NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
Edit /etc/squirrelmail/apache.conf It should look like this:
Alias /webmail /usr/share/squirrelmail

<Directory /usr/share/squirrelmail>
php_flag register_globals off
Options Indexes FollowSymLinks
<IfModule mod_dir.c>
DirectoryIndex index.php
</IfModule>

# access to configtest is limited by default to prevent information leak
<Files configtest.php>
order deny,allow
deny from all
allow from 127.0.0.1
</Files>
</Directory>
# users will prefer a simple URL like http://webmail.example.com
#<VirtualHost 1.2.3.4>
# DocumentRoot /usr/share/squirrelmail
# ServerName webmail.example.com
#</VirtualHost>
# redirect to https when available (thanks omen@descolada.dartmouth.edu)
#
# Note: There are multiple ways to do this, and which one is suitable for
# your site's configuration depends. Consult the apache documentation if
# you're unsure, as this example might not work everywhere.
#
<IfModule mod_rewrite.c>
<IfModule mod_ssl.c>
<Location /webmail>
RewriteEngine on
RewriteCond %{HTTPS} !^on$ [NC]
RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [L]
</Location>
</IfModule>
</IfModule>

Now make sure that the DirectoryIndex line in /etc/apache2/apache2.conf reads:

DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl index.xhtml

Edit /etc/apache2/ports.conf and add Listen 443:

Listen 80
Listen 443
Share this page:

2 Comment(s)

Add comment

Comments

From: at: 2006-12-17 23:46:26

a lot of lines in policy file.. i'm using simpler version.. is this any less secure??

$FW    all    ACCEPT
loc    all    ACCEPT
all    all    DROP    info

 

From: at: 2007-06-06 13:18:17

This work is very helpful, but for novice it can be added (Page 8, before words

"To complete this step, do:

/etc/init.d/shorewall restart")

because if I establish VPN connection then I get new zone. I added:

To add in file /etc/shorewall/policy before the last line:

##### Added for support VPN connections

vpn loc ACCEPT

vpn $FW ACCEPT

loc vpn ACCEPT

$FW vpn ACCEPT

To add in file /etc/shorewall/zones before the las line:

vpn ipv4

To add in file /etc/shorewall/interfaces before the last line:

vpn ppp0

It was necessary to my system to allow VPN connections from Internet.

Sorry for dump question, but why in /etc/shorewall/rules exists a line

DNAT   net   fw:192.168.1.1 47

I can't find the protocol 47 anywhere

Sincerely yours, buhcia2006 dog yandex dot ru