Shorewall users - Feb 2003 - First Time setting up a firewall

Hello all
This is the first time I?m setting up a firewall so I?m looking for some
help with the first steps.
 
My configuration :
ADSL Router  connected to eth0 on my linux box
eth1 connected to my LAN 
 
I would like to have all traffic from my LAN to eth1 accepted and of
course all traffic from my LAN to eth1.
And whatever port I would like to keep open out to the big bad world ;)
( I?ll be runnig a web server, ftp server and ssh  for starters )
 
Now I?ve tried using the default two-interface config found on the
shorewall web site but than didn?t work... I needed to set up a DNAT to
get it working ( was that right ? )
I?m new in this stuff so forgive me if this is stupid or something.
 
Could anyone advice me about how to do this properly :-) 
 
Thanks for any replies
Arnar
 
I?ve included some config files here to:
 
Interfaces
#ZONE    INTERFACE      BROADCAST       OPTIONS
net     eth0            192.168.254.255 dhcp,dropunclean
loc     eth1            192.168.0.255   routefilter
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
 
Zones
#ZONE   DISPLAY         COMMENTS
net     Net             Internet
loc     Local           Local networks
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
 
masq
#INTERFACE              SUBNET          ADDRESS
#eth0                   192.168.0.0/24  213.176.128.51
eth0                    eth1
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
 
nat
#EXTERNAL       INTERFACE       INTERNAL        ALL INTERFACES
LOCAL
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
 
policy
#SOURCE         DEST            POLICY          LOG LEVEL
LIMIT:BURST 
loc             net             ACCEPT
# If you want open access to the internet from your firewall, uncomment
the following line
fw              net             ACCEPT
loc             net             ACCEPT
net             all             DROP            info
all             all             REJECT          info
fw              loc             ACCEPT
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOTE
 
routestopped
#INTERFACE      HOST(S)
eth1            -
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
 
rules
#ACTION  SOURCE         DEST            PROTO   DEST    SOURCE
ORIGINAL
#                                               PORT    PORT(S)    DEST
# Accept DNS connections from the firewall to the network
ACCEPT  fw               net            tcp     53,http,ftp,https
ACCEPT  fw               net            udp     53
DNAT    net              loc:192.168.0.2 tcp    http
# Accept SSH connections from the local network for administration
ACCEPT          loc       fw            tcp     22
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

--On Thursday, February 06, 2003 11:10 PM +0000 Arnar ??rarinsson 
<art@strik.is> wrote:
>
> Could anyone advice me about how to do this properly :-)
>
All of the advice that I can give you is already in the guides. You might 
try looking at the Setup Guide 
(http://www.shorewall.net/shorewall_setup_guide.htm) if you are confused 
about the concepts since that guide goes into a lot more detail than the 
two-interface QuickStart Guide does.

-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net

On 6 Feb 2003 at 23:10, Arnar ??rarinsson wrote:
> Now I?ve tried using the default two-interface config found on the
> shorewall web site but than didn?t work... I needed to set up a DNAT
> to get it working ( was that right ? )
Surely you had some more specific complaints that that?
What precisely didn''t work?
What did you see in the logs?
Do you really have a 192.168 IP on BOTH interfaces?

______________________________________
John Andersen
NORCOM / Juneau, Alaska
http://www.screenio.com/
(907) 790-3386_______________________________________
John S. Andersen
NORCOM  mailto:JAndersen@norcomsoftware.com
Juneau, Alaska
http://www.screenio.com/