Set Up Ubuntu-Server 6.10 As A Firewall/Gateway For Your Small Business Environment - Page 2
Now do:
apt-get install libmd5-perl libnet-ssleay-perl libauthen-pam-perl libio-pty-perl shorewall dnsmasq
wget http://surfnet.dl.sourceforge.net/sourceforge/webadmin/webmin_1.330_all.deb
"surfnet" is the dutch server. Change that to "heanet"(for Ireland), "belnet"(for Belgium), "mesh" (for Germany) and so on.
dpkg -i webmin_1.330_all.deb
cp /usr/share/doc/shorewall/examples/two-interfaces/* /etc/shorewall/
cd /etc/shorewall
gunzip interfaces.gz masq.gz rules.gz policy.gz
Now open your browser and login to webmin at https://192.168.1.1:10000 as root with your root password and, using webmin's shorewall module, change the policy's and rules of your firewall as needed (for now, I only set the policy file to the example as shown, you may copy and paste my policy file for starters, if you don't like webmin).
Also set in /etc/shorewall.conf the line "IP_FORWARDING=Keep" to "IP_FORWARDING=On" (without quotes) and enable the firewall in /etc/default/shorewall.
My /etc/shorewall/policy now looks like this:
############################################################################### #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST # # Note about policies and logging: # This file contains an explicit policy for every combination of # zones defined in this sample. This is solely for the purpose of # providing more specific messages in the logs. This is not # necessary for correct operation of the firewall, but greatly # assists in diagnosing problems. # # # Policies for traffic originating from the local LAN (loc) # # If you want to force clients to access the Internet via a proxy server # on your firewall, change the loc to net policy to REJECT info. loc net ACCEPT loc $FW ACCEPT loc all REJECT info # # Policies for traffic originating from the firewall ($FW) # # If you want open access to the Internet from your firewall, change the # $FW to net policy to ACCEPT and remove the 'info' LOG LEVEL. # This may be useful if you run a proxy server on the firewall. $FW net ACCEPT $FW loc ACCEPT $FW all REJECT info # # Policies for traffic originating from the Internet zone (net) # net $FW DROP info net loc DROP info net all DROP info # THE FOLLOWING POLICY MUST BE LAST all all REJECT info #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
Next do:
/etc/init.d/shorewall start
You should be able now to surf the net.
DO NOT PROCEED UNTILL YOU SUCCEED IN SURFING THE NET. SINCE THIS IS YOUR FRAMEWORK. IT HAS TO BE OK.