index   Previous   Next

shorewall is a linux firewall from the http://www.shorewall.net/.
This is two interface configuration, the configuration files are in the /etc/shorewall.
To enbale the starting at system boot change the startup values in the shorewall.conf and /etc/default/shorewall from 0 to 1:

Startup = 1

As well set these values in the shorewall.conf as:

IP_FORWARDING=on
ROUTE_FILTER=no
DISABLE_IPV6=yes

Configure these files /etc/shorewall as:
interfaces:

#ZONE   INTERFACE   BROADCAST   OPTIONS
#net   eth0    detect    dhcp,tcpflags,nosmurfs,routefilter,logmartians
net   ppp0     -    dhcp,tcpflags,nosmurfs,routefilter,logmartians
loc   eth0    detect    tcpflags,nosmurfs,routefilter,logmartians

policy:

#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
$FW    net    ACCEPT
loc    net    ACCEPT
net   all    DROPE    info
loc    $FW    ACCEPT
$FW    loc    ACCEPT
# THE FOLLOWING POLICY MUST BE LAST
all    all    REJECT    info


zones:

#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw    firewall
net    ipv4
loc    ipv4

masq:

#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0    192.168.1.0/29,\
        10.0.0.0/8,\
       169.254.0.0/16,\
       172.16.0.0/12,\
       192.168.0.0/16

Downalod the two other config files rules and shorewall.conf.

To see the shorewall log run the command:

/sbin/shorewall show log


for debug run:

shorewall debug start 2> /tmp/trace


and read the /tmp/trace file for errors.

---