Re: Setup a firewall/gateway/server
Andrei Popescu <andreimpopescu@gmail.com> writes:
> On Sb, 14 ian 12, 12:48:42, Csanyi Pal wrote:
>>
>> allow-hotplug eth0
>> iface eth0 inet dhcp
>>
>> allow-hotplug eth1
>> iface eth1 inet static
>> address 192.168.10.1
>> netmask 255.255.255.0
<snipped>
>> I setup IP Forwarding so:
>> nano /etc/sysctl.conf
>> # Uncomment the following to stop low-level messages on console
>> kernel.printk = 3 4 1 3
net.ipv4.ip_forward = 0
>>
>> /etc/init.d/procps restart
>>
>> nano /etc/shorewall/shorewall.conf
>> IP_FORWARDING=Yes
<snipped>
>> nano /etc/shorewall/masq
>> eth0 192.168.10.0/24
<snipped>
>> nano /etc/shorewall/interfaces
>> net eth0 detect blacklist,dhcp
>> loc eth1 detect dhcp
>>
>> nano /etc/shorewall/zones
>> fw firewall
>> net ipv4
>> loc ipv4
>>
>> nano /etc/shorewall/policy
loc all ACCEPT
fw all ACCEPT
net all DROP info
# THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
<snipped>
>> nano /etc/shorewall/rules
>> DNS(ACCEPT) $FW net
>>
>> SSH(ACCEPT) loc $FW
>>
>> Ping(ACCEPT) loc $FW
>>
>> Ping(DROP) net $FW
>>
>> ACCEPT $FW loc icmp
>> ACCEPT $FW net icmp
>>
>> ACCEPT all all icmp time-exceeded # traceroute
>> ACCEPT all all tcp http,https
<snipped>
> Again, please explain why you have to reinstall and can't fix the
> problem instead.
I must to reinstall instead of fixing the problem because this is a
headless PC Box, so if I make a mistake then it can be happen that that
I can't to SSH into that system again to fix the problem this way.
--
Regards from Pal
Reply to: