[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Setup a firewall/gateway/server

Andrei Popescu <andreimpopescu@gmail.com> writes:

> On Sb, 14 ian 12, 12:48:42, Csanyi Pal wrote:
>> 
>> allow-hotplug eth0
>> iface eth0 inet dhcp
>> 
>> allow-hotplug eth1
>> iface eth1 inet static
>>     address 192.168.10.1
>>     netmask 255.255.255.0

<snipped>

>> I setup IP Forwarding so:
>> nano /etc/sysctl.conf
>>  # Uncomment the following to stop low-level messages on console
>> kernel.printk = 3 4 1 3
net.ipv4.ip_forward = 0
>> 
>> /etc/init.d/procps restart
>> 
>> nano /etc/shorewall/shorewall.conf
>>  IP_FORWARDING=Yes

<snipped>

>> nano /etc/shorewall/masq
>> eth0    192.168.10.0/24

<snipped>

>> nano /etc/shorewall/interfaces
>> net     eth0            detect          blacklist,dhcp
>> loc     eth1            detect          dhcp
>> 
>> nano /etc/shorewall/zones
>> fw      firewall
>> net     ipv4
>> loc     ipv4
>> 
>> nano /etc/shorewall/policy

loc    all   ACCEPT
fw     all   ACCEPT
net    all   DROP    info

 # THE FOLLOWING POLICY MUST BE LAST
all    all   REJECT  info

<snipped>

>> nano /etc/shorewall/rules
>> DNS(ACCEPT)     $FW             net
>> 
>> SSH(ACCEPT)     loc             $FW
>> 
>> Ping(ACCEPT)    loc             $FW
>> 
>> Ping(DROP)      net             $FW
>> 
>> ACCEPT          $FW             loc             icmp
>> ACCEPT          $FW             net             icmp
>> 
>> ACCEPT  all     all     icmp    time-exceeded  # traceroute
>> ACCEPT  all     all     tcp     http,https

<snipped>

> Again, please explain why you have to reinstall and can't fix the 
> problem instead.

I must to reinstall instead of fixing the problem because this is a
headless PC Box, so if I make a mistake then it can be happen that that
I can't to SSH into that system again to fix the problem this way.

-- 
Regards from Pal
Reply to: