On Tuesday 16 December 2003 12:40 am, Paul Trevethan wrote:> > > Am I correct in naming the parts as below for Shorewall purposes: > > net = modem/internet > fw = Linux box > local = Windows machine & laptop. > and I should start my config with two-interface template? > > Guidance appreciated,I would start with the two-interface sample. You can disable local network access to the internet, if that''s what you want, by removing the "loc net ACCEPT" policy and by removing the entry from the ''masq'' file. You will probably also want to add the following policies: fw loc ACCEPT loc fw ACCEPT -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Tuesday 16 December 2003 02:23 am, Paul Trevethan wrote:> On Mon, 15 Dec 2003 14:16:49 -0800 > > Tom Eastep <teastep@shorewall.net> wrote: > > On Tuesday 16 December 2003 12:40 am, Paul Trevethan wrote: > > > Am I correct in naming the parts as below for Shorewall purposes: > > > > > > net = modem/internet > > > fw = Linux box > > > local = Windows machine & laptop. > > > and I should start my config with two-interface template? > > > > > > Guidance appreciated, > > > > I would start with the two-interface sample. You can disable local > > network access to the internet, if that''s what you want, by removing the > > "loc net ACCEPT" policy and by removing the entry from the ''masq'' file. > > You will probably also want to add the following policies: > > > > fw loc ACCEPT > > loc fw ACCEPT > > > > -Tom > > Thank you Tom. The only part I was not sure of was whether the Linux box > was fw AND part of loc or fw only. >The way that Netfilter is organized, the firewall must be placed in a zone by itself. By adding the two policies that I included in my previous post, you are allowing all traffic between the firewall and your local systems. Note that adding these policies also allows you to delete all fw->loc and loc->fw rules from the two-interface sample rules file. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
I am currently using Suse v9.0 with Susefirewall2 as my firewall on a 3 machine network. I want to move to Shorewall as the firewall. I just want to be sure that I use the right template when I set up the config files. Here is my hardware setup: Internet | | Dlink 302G dsl modem | | primary Linux box where Shorewall will reside etho to modem, eth1 to switch | | 4 port switch | | 2nd machine running WinME & Linux laptop I use only the Linux box for internet. The Windows machine is games and some file archiving, the laptop gets work files from the network (Linux box) when going offsite. The Linux box operates pretty much like a stand-alone machine, but is the centre of my internal network on occasion, if that makes sense. The 3 boxes have fixed ip addresses in 192.168.100.x range and the modem has ip address 10.1.1.3 (web browser maintained). I get my ISP ip address allocation by dhcp when the modem connects (210.23.x.x). Am I correct in naming the parts as below for Shorewall purposes: net = modem/internet fw = Linux box local = Windows machine & laptop. and I should start my config with two-interface template? Guidance appreciated, Paul.
I''m just wondering. Why are you moving away from SuSE? ===================================================Chris Baker -- technical specialist 614-839-2447x108 cbaker@bbbscentralohio.org www.bbbscentralohio.org Big Brothers Big Sisters of Central Ohio Opinions expressed in this e-mail are solely my own. The document(s) accompanying or within this email transmission may contain confidential information belonging to Big Brothers Big Sisters of Central Ohio, which is legally privileged for the entity named above. If you are not the intended recipient, you are hereby cautioned that any disclosure, copying, distribution, or the taking of any action in reliance on the contents of this email information is strictly prohibited. If you receive this email in error, please notify us immediately by fax (614-839-5437) or phone (614-839-2447) to advise of the error. -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Paul Trevethan Sent: Tuesday, December 16, 2003 3:40 AM To: Shorewall-users@lists.shorewall.net Subject: [Shorewall-users] Two-interface setup confirmation I am currently using Suse v9.0 with Susefirewall2 as my firewall on a 3 machine network. I want to move to Shorewall as the firewall. I just want to be sure that I use the right template when I set up the config files. Here is my hardware setup: Internet | | Dlink 302G dsl modem | | primary Linux box where Shorewall will reside etho to modem, eth1 to switch | | 4 port switch | | 2nd machine running WinME & Linux laptop I use only the Linux box for internet. The Windows machine is games and some file archiving, the laptop gets work files from the network (Linux box) when going offsite. The Linux box operates pretty much like a stand-alone machine, but is the centre of my internal network on occasion, if that makes sense. The 3 boxes have fixed ip addresses in 192.168.100.x range and the modem has ip address 10.1.1.3 (web browser maintained). I get my ISP ip address allocation by dhcp when the modem connects (210.23.x.x). Am I correct in naming the parts as below for Shorewall purposes: net = modem/internet fw = Linux box local = Windows machine & laptop. and I should start my config with two-interface template? Guidance appreciated, Paul. _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
-- Phil Foxton +44 7966 336218> > I am currently using Suse v9.0 with Susefirewall2 as my firewall on > a 3 machine network. I want to move to Shorewall as the firewall. I > just want to be sure that I use the right template when I set up the > config files. Here is my hardware setup: > > Internet > | > | > Dlink 302G dsl modem > | > | > primary Linux box where Shorewall will reside > etho to modem, eth1 to switch > | > | > 4 port switch > | > | > 2nd machine running WinME & > Linux laptopExactly the same setup as me, but I use a very cut down version of RH7.3 for the shorewall box. The two interface example works fine. RGDS Phil> > I use only the Linux box for internet. The Windows machine is games and > some file archiving, the laptop gets work files from the network > (Linux box) when going offsite. > > The Linux box operates pretty much like a stand-alone machine, but > is the centre of my internal network on occasion, if that makes sense. > > The 3 boxes have fixed ip addresses in 192.168.100.x range and the modem > has ip address 10.1.1.3 (web browser maintained). I get my ISP ip address > allocation by dhcp when the modem connects (210.23.x.x). > > Am I correct in naming the parts as below for Shorewall purposes: > > net = modem/internet > fw = Linux box > local = Windows machine & laptop. > and I should start my config with two-interface template? > > Guidance appreciated, > Paul. > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm FAQ:http://www.shorewall.net/FAQ.htm ------- End of Original Message -------
On Tue, 16 Dec 2003 10:33:43 -0500 "Chris Baker" <cbaker@bbbscentralohio.org> wrote:> I''m just wondering. Why are you moving away from SuSE? >> > -----Original Message-----> To: Shorewall-users@lists.shorewall.net > Subject: [Shorewall-users] Two-interface setup confirmation > > I am currently using Suse v9.0 with Susefirewall2 as my firewall on a 3 > machine network. I want to move to Shorewall as the firewall. I just > want to be sure that I use the right template when I set up the config > files. Here is my hardware setup: >I presume you mean why am I moving away from SuSEfirewall2? Personal ability to learn I guess. I just find Tom''s implementation of zone use conceptually much easier to understand to do what I want to do. Just allowing my internal Samba to work on the local network for example, I got lost in SF2 allowing specific port numbers, but I can do quite readily in Shorewall. I don''t think there is anything wrong with SF2, I presume they are as powerful as each other, but, as a very inexperienced user in this area and not knowing how to thoroughly test (www.grc.com does not count), I want to feel comfortable that I have not left gaping holes in my setup. I just get a stronger feeling of "it works" with Shorewall. That''s all. Paul.
Does anyone have a recommendation on a good Sendmail book? Thanks. ===================================================Chris Baker -- technical specialist 614-839-2447x108 cbaker@bbbscentralohio.org www.bbbscentralohio.org Big Brothers Big Sisters of Central Ohio Opinions expressed in this e-mail are solely my own. The document(s) accompanying or within this email transmission may contain confidential information belonging to Big Brothers Big Sisters of Central Ohio, which is legally privileged for the entity named above. If you are not the intended recipient, you are hereby cautioned that any disclosure, copying, distribution, or the taking of any action in reliance on the contents of this email information is strictly prohibited. If you receive this email in error, please notify us immediately by fax (614-839-5437) or phone (614-839-2447) to advise of the error. -----Original Message----- From: Chris Baker [mailto:cbaker@bbbscentralohio.org] Sent: Tuesday, December 16, 2003 10:34 AM To: ''Mailing List for Experienced Shorewall Users'' Subject: RE: [Shorewall-users] Two-interface setup confirmation I''m just wondering. Why are you moving away from SuSE? ===================================================Chris Baker -- technical specialist 614-839-2447x108 cbaker@bbbscentralohio.org www.bbbscentralohio.org Big Brothers Big Sisters of Central Ohio Opinions expressed in this e-mail are solely my own. The document(s) accompanying or within this email transmission may contain confidential information belonging to Big Brothers Big Sisters of Central Ohio, which is legally privileged for the entity named above. If you are not the intended recipient, you are hereby cautioned that any disclosure, copying, distribution, or the taking of any action in reliance on the contents of this email information is strictly prohibited. If you receive this email in error, please notify us immediately by fax (614-839-5437) or phone (614-839-2447) to advise of the error. -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Paul Trevethan Sent: Tuesday, December 16, 2003 3:40 AM To: Shorewall-users@lists.shorewall.net Subject: [Shorewall-users] Two-interface setup confirmation I am currently using Suse v9.0 with Susefirewall2 as my firewall on a 3 machine network. I want to move to Shorewall as the firewall. I just want to be sure that I use the right template when I set up the config files. Here is my hardware setup: Internet | | Dlink 302G dsl modem | | primary Linux box where Shorewall will reside etho to modem, eth1 to switch | | 4 port switch | | 2nd machine running WinME & Linux laptop I use only the Linux box for internet. The Windows machine is games and some file archiving, the laptop gets work files from the network (Linux box) when going offsite. The Linux box operates pretty much like a stand-alone machine, but is the centre of my internal network on occasion, if that makes sense. The 3 boxes have fixed ip addresses in 192.168.100.x range and the modem has ip address 10.1.1.3 (web browser maintained). I get my ISP ip address allocation by dhcp when the modem connects (210.23.x.x). Am I correct in naming the parts as below for Shorewall purposes: net = modem/internet fw = Linux box local = Windows machine & laptop. and I should start my config with two-interface template? Guidance appreciated, Paul. _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
On Tuesday 06 January 2004 10:56 am, Chris Baker wrote:> Does anyone have a recommendation on a good Sendmail book?I would recommend avoiding Sendmail and using Postfix instead :-) -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
I have used two over the last 6 years, Sendmail (now in the 3rd edition) http://www.oreilly.com/catalog/sendmail3/index.html and sendmail cookbook http://www.oreilly.com/catalog/sendmailckbk/index.html. Graeme> -----Original Message----- > From: shorewall-users-bounces@lists.shorewall.net > [mailto:shorewall-users-bounces@lists.shorewall.net] On > Behalf Of Chris Baker > Sent: Tuesday, January 06, 2004 1:56 PM > To: ''Mailing List for Experienced Shorewall Users'' > Subject: [Shorewall-users] sendmail books > > Does anyone have a recommendation on a good Sendmail book? > > Thanks. > > ===================================================> Chris Baker -- technical specialist > 614-839-2447x108 > cbaker@bbbscentralohio.org > www.bbbscentralohio.org > Big Brothers Big Sisters of Central Ohio > Opinions expressed in this e-mail are solely my own. > > The document(s) accompanying or within this email > transmission may contain > confidential information belonging to Big Brothers Big > Sisters of Central > Ohio, which is legally privileged for the entity named above. > If you are > not the intended recipient, you are hereby cautioned that any > disclosure, > copying, distribution, or the taking of any action in reliance on the > contents of this email information is strictly prohibited. > If you receive > this email in error, please notify us immediately by fax > (614-839-5437) or > phone (614-839-2447) to advise of the error. > > -----Original Message----- > From: Chris Baker [mailto:cbaker@bbbscentralohio.org] > Sent: Tuesday, December 16, 2003 10:34 AM > To: ''Mailing List for Experienced Shorewall Users'' > Subject: RE: [Shorewall-users] Two-interface setup confirmation > > I''m just wondering. Why are you moving away from SuSE? > > ===================================================> Chris Baker -- technical specialist > 614-839-2447x108 > cbaker@bbbscentralohio.org > www.bbbscentralohio.org > Big Brothers Big Sisters of Central Ohio > Opinions expressed in this e-mail are solely my own. > > The document(s) accompanying or within this email > transmission may contain > confidential information belonging to Big Brothers Big > Sisters of Central > Ohio, which is legally privileged for the entity named above. > If you are > not the intended recipient, you are hereby cautioned that any > disclosure, > copying, distribution, or the taking of any action in reliance on the > contents of this email information is strictly prohibited. > If you receive > this email in error, please notify us immediately by fax > (614-839-5437) or > phone (614-839-2447) to advise of the error. > > -----Original Message----- > From: shorewall-users-bounces@lists.shorewall.net > [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Paul > Trevethan > Sent: Tuesday, December 16, 2003 3:40 AM > To: Shorewall-users@lists.shorewall.net > Subject: [Shorewall-users] Two-interface setup confirmation > > I am currently using Suse v9.0 with Susefirewall2 as my > firewall on a 3 > machine network. I want to move to Shorewall as the firewall. > I just want > to be sure that I use the right template when I set up the > config files. > Here is my hardware setup: > > Internet > | > | > Dlink 302G dsl modem > | > | > primary Linux box where Shorewall will reside > etho to modem, eth1 to switch > | > | > 4 port switch > | > | > 2nd machine running WinME & > Linux laptop > > I use only the Linux box for internet. The Windows machine is > games and > some file archiving, the laptop gets work files from the network > (Linux box) when going offsite. > > The Linux box operates pretty much like a stand-alone > machine, but is the > centre of my internal network on occasion, if that makes sense. > > The 3 boxes have fixed ip addresses in 192.168.100.x range > and the modem > has ip address 10.1.1.3 (web browser maintained). I get my > ISP ip address > allocation by dhcp when the modem connects (210.23.x.x). > > Am I correct in naming the parts as below for Shorewall purposes: > > net = modem/internet > fw = Linux box > local = Windows machine & laptop. > and I should start my config with two-interface template? > > Guidance appreciated, > Paul. > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
On Tue, 2004-01-06 at 10:56, Chris Baker wrote:> Does anyone have a recommendation on a good Sendmail book?Chris, Dump Sendmail, and use a real MTA. PostFix - http://www.postfix.org/ Exim - http://www.exim.org/ If you must use it, check out O''Reilly''s Sendmail book. http://www.oreilly.com ADDITIONAL INFORMATION SOURCES http://www.sendmail.org/faq/section6.html -- Mike Noyes <mhnoyes at users.sourceforge.net> http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs