Re: Shorewall - setup RH8 - GW - webmin

Ohmster <ohmster@newsguy.com> wrote in
news:Xns93AF9362F5622ohmsternewsguycom@65.82.44.18 7:

> I decided to remove firestarter and install shorewall because it is a
> better firewall.

Actually it is not a firewall, it's just a collection of scripts, afaik,
which use genious iptables netfilter.

> I installed the rpm file and have a module for it in
> webmin. I am at a loss as to how to set this up and make it work for
> my system. The setup docs are pretty vague and I don't want to mess
> this up.

Uh, if you do not want to mess with firewalling, what's the point of help
then? Someone can tell you how to do it, but you wont be able to react
quickly if something happens. Then you will probaby ask again.

> I have:
> Red Hat Linux 8.0
> eth0 - ADSL modem, DCHP configured
> eth1 - to hub for small LAN (two XP computers, 192.168.0.2 &
> 192.168.0.3), IP address 192.168.0.1
>
> apache server running (php & mysql), default port 80.
> vsftpd running, default port.
> using UPnPd to allow the xp computers to message voice and video with
> Windows Messanger.
> ssh server.
> connect to RH machine with x-win32 via xdm.
>
> This machine is a gatway/server. Shorewall is pretty hard to setup.
> Can someone give me a basic how-to for this particular setup?

The only way to learn is to read documentation, and if something is not
clear, google for unclear and read that, as you see another unknown thing
to you follow that up and read read read.
I do the above method once a week and end up with almost 50 open browser
windows.
It's like a circle, if you have heared, smarter you get - more unknown
lies ahead, as circle gets wider in diameter, the length of the circle
also increases and that is the unknown.


P.Krumins

Here's where I started a year ago:

1.Read Shorewall's website (Quickstart Guides) and download the
configuration scripts that fits you e.g.
2.Edit the configuration scripts, especially the "zones," "policy" and
"rules" scripts.
3.Make sure you have physical access to the firewall box (in case your
configuration locks you out of a network connection).
4.Run "shorewall start" from root and read the messages.
5.Go back and read the forum at Shorewall for specific questions.

Also:
1. Keep a hardcopy of your network configuration
2. Check you hardware, cables, etc.

It works great for me.

Ohmster wrote:
> Peteris Krumins <pkruminsREMOVETHIS@inbox.lv> wrote in
> news:Xns93B020BF0D657whitesuneapollolv@130.133.1.4 :
>
>
>>Uh, if you do not want to mess with firewalling, what's the point of
>>help then? Someone can tell you how to do it, but you wont be able to
>>react quickly if something happens. Then you will probaby ask again.
>
>
> Hmmmm, yes, I will do all of that when time permits. As it is, I have an
> open system with no firewall and that is the reason for the urgency to get
> a firewall running. I was hoping that someone with a similar setup could
> pass on the configs in order to get it running. Then I could tweak and tune
> it as I understand it better. Webmin seems like a good front end to do this
> with.
>
> Ask again? If I don't understand something and need some assistance I sure
> will ask more questions. My payback is to help others with situations that
> I have already dealt with and I do that all the time. iptables is not
> something that one gets a handle on right away, or at least that is the way
> it seems to me.
>
> Your advice and analogies are good though. :P
>