Set Up Ubuntu-Server 6.10 As A Firewall/Gateway For Your Small Business Environment - Page 2

Now do:

apt-get install libmd5-perl libnet-ssleay-perl libauthen-pam-perl libio-pty-perl shorewall dnsmasq
wget http://surfnet.dl.sourceforge.net/sourceforge/webadmin/webmin_1.330_all.deb

"surfnet" is the dutch server. Change that to "heanet"(for Ireland), "belnet"(for Belgium), "mesh" (for Germany) and so on.

dpkg -i webmin_1.330_all.deb
cp /usr/share/doc/shorewall/examples/two-interfaces/* /etc/shorewall/
cd /etc/shorewall
gunzip interfaces.gz masq.gz rules.gz policy.gz

Now open your browser and login to webmin at https://192.168.1.1:10000 as root with your root password and, using webmin's shorewall module, change the policy's and rules of your firewall as needed (for now, I only set the policy file to the example as shown, you may copy and paste my policy file for starters, if you don't like webmin).

Also set in /etc/shorewall.conf  the line "IP_FORWARDING=Keep"  to  "IP_FORWARDING=On" (without quotes) and enable the firewall in /etc/default/shorewall.

My /etc/shorewall/policy  now looks like this:

###############################################################################
#SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST
#
# Note about policies and logging:
#	This file contains an explicit policy for every combination of
#	zones defined in this sample.  This is solely for the purpose of
#	providing more specific messages in the logs.  This is not
#	necessary for correct operation of the firewall, but greatly
#	assists in diagnosing problems.
#
#
# Policies for traffic originating from the local LAN (loc)
#
# If you want to force clients to access the Internet via a proxy server
# on your firewall, change the loc to net policy to REJECT info.
loc		net		ACCEPT
loc	$FW	ACCEPT
loc		all		REJECT		info
#
# Policies for traffic originating from the firewall ($FW)
#
# If you want open access to the Internet from your firewall, change the
# $FW to net policy to ACCEPT and remove the 'info' LOG LEVEL.
# This may be useful if you run a proxy server on the firewall.
$FW	net	ACCEPT
$FW	loc	ACCEPT
$FW		all		REJECT		info
#
# Policies for traffic originating from the Internet zone (net)
#
net		$FW		DROP		info
net		loc		DROP		info
net		all		DROP		info
# THE FOLLOWING POLICY MUST BE LAST
all		all		REJECT		info
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

Next do:

/etc/init.d/shorewall start

You should be able now to surf the net.

DO NOT PROCEED UNTILL YOU SUCCEED IN SURFING THE NET.  SINCE THIS IS YOUR FRAMEWORK. IT HAS TO BE OK.

Share this page:

0 Comment(s)