Shorewall users - Sep 2002 - Shorewall

Hi Everyone,

This is my first post, I''m new to  Shorewall as well as on Linux,
I''m
looking for a quick firewall setup for my LAN, where I''m hosting
Web/FTP/DNS services, my questions is, will I able to do all with
Shorewall?
Services are on W2K box, I want to open to Internet are WWW/FTP/DNS.

Linux is RH 7.3 (Will be Firewall system) with 2 nic. I have permanent
public ips for my web sites and dns server.

Thanks and Best Regards,
Arif

Arif Mahmood wrote:
> Hi Everyone,
> 
> This is my first post, I''m new to  Shorewall as well as on Linux,
Welcome!

  I''m
> looking for a quick firewall setup for my LAN, where I''m hosting
> Web/FTP/DNS services, my questions is, will I able to do all with
> Shorewall?
> Services are on W2K box, I want to open to Internet are WWW/FTP/DNS.
> 
> Linux is RH 7.3 (Will be Firewall system) with 2 nic. I have permanent
> public ips for my web sites and dns server.
> 
Should be no problem -- See 
http://www.shorewall.net/shorewall_setup_guide.htm. You''ll want to set
up
your local network like the DMZ is set up in that guide.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Oh I c,

Thanks and Best Regards,
Arif
 

-----Original Message-----
From: Tom Eastep [mailto:teastep@shorewall.net] 
Sent: Monday, September 16, 2002 6:34 PM
To: arif786@rogers.com
Subject: Re: [Shorewall-users] Shorewall


Arif Mahmood wrote:
> Tom, Thanks for quick reply.
> 
> I don''t have big network I have 4 machines, 3 W2K and 1 Linux, I
don''t
> want to configure as DMZ Layout, just the Local LAN, I  want to host 
> the websites. Also further down on the road my plan is to move all my 
> sites to Apache.
> 
I wasn''t suggesting that you use a DMZ -- I''m suggesting that
you use
Proxy ARP like I show in the Setup Guide DMZ example.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

On Monday 16 September 2002 14:22, Tom Eastep wrote:
> Arif Mahmood wrote:
> > Hi Everyone,
> >
> > This is my first post, I''m new to  Shorewall as well as on
Linux,
>
> Welcome!
>
>   I''m
>
> > looking for a quick firewall setup for my LAN, where I''m
hosting
> > Web/FTP/DNS services, my questions is, will I able to do all with
> > Shorewall?
> > Services are on W2K box, I want to open to Internet are WWW/FTP/DNS.
> >
> > Linux is RH 7.3 (Will be Firewall system) with 2 nic. I have permanent
> > public ips for my web sites and dns server.
>
> Should be no problem -- See
> http://www.shorewall.net/shorewall_setup_guide.htm. You''ll want to
set up
> your local network like the DMZ is set up in that guide.
With only two nics, would the DMZ be the most logical choice?


-- 
=====================John Andersen
NORCOM
Http://www.screenio.com/

John Andersen wrote:

 >
 > With only two nics, would the DMZ be the most logical choice?
 >
 >

I explained to the original poster in a private post that what I meant was
that he should set up his local network using Proxy ARP like the DMZ in
the Setup Guide example.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Do I need to have a proxy server in order to set the Firewall, I was not
planning to install any proxy server. (Sorry if my question not make any
sense to u, but I want to clear few things before I start).
Also I want to know that using Shorewall apps as a firewall front end,
do I need to know the iptables commands and functions, and is there a
gui to set up Shorewall apps so I can use that for setup and
configurations

Thanks and Best Regards,

Arif
 

-----Original Message-----
From: shorewall-users-admin@shorewall.net
[mailto:shorewall-users-admin@shorewall.net] On Behalf Of Tom Eastep
Sent: Monday, September 16, 2002 7:44 PM
To: Shorewall Users
Subject: Re: [Shorewall-users] Shorewall


John Andersen wrote:

 >
 > With only two nics, would the DMZ be the most logical choice?  >  >

I explained to the original poster in a private post that what I meant
was that he should set up his local network using Proxy ARP like the DMZ
in the Setup Guide example.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net


_______________________________________________
Shorewall-users mailing list
Shorewall-users@shorewall.net
http://www.shorewall.net/mailman/listinfo/shorewall-users

Arif Mahmood wrote:
> Do I need to have a proxy server in order to set the Firewall, I was not
> planning to install any proxy server. (Sorry if my question not make any
> sense to u, but I want to clear few things before I start).
You do not need a proxy server.

> Also I want to know that using Shorewall apps as a firewall front end,
> do I need to know the iptables commands and functions, and is there a
> gui to set up Shorewall apps so I can use that for setup and
> configurations

You do not need to know iptables commands -- you need to know how to use 
at least one Linux editor and you need to have a working knowledge of IP. 
There is no GUI.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

OK good enough, I know vi and pico test editors on Linux.

Thanks and Best Regards,

Arif
 

-----Original Message-----
From: shorewall-users-admin@shorewall.net
[mailto:shorewall-users-admin@shorewall.net] On Behalf Of Tom Eastep
Sent: Monday, September 16, 2002 8:07 PM
To: arif786@rogers.com
Cc: ''Shorewall Users''
Subject: Re: [Shorewall-users] Shorewall


Arif Mahmood wrote:
> Do I need to have a proxy server in order to set the Firewall, I was 
> not planning to install any proxy server. (Sorry if my question not 
> make any sense to u, but I want to clear few things before I start).
You do not need a proxy server.

> Also I want to know that using Shorewall apps as a firewall front end,
> do I need to know the iptables commands and functions, and is there a 
> gui to set up Shorewall apps so I can use that for setup and 
> configurations

You do not need to know iptables commands -- you need to know how to use

at least one Linux editor and you need to have a working knowledge of
IP. 
There is no GUI.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

_______________________________________________
Shorewall-users mailing list
Shorewall-users@shorewall.net
http://www.shorewall.net/mailman/listinfo/shorewall-users

On Tuesday 17 September 2002 02:04, Arif Mahmood wrote:
> Do I need to have a proxy server in order to set the Firewall, I was not
> planning to install any proxy server. (Sorry if my question not make any
> sense to u, but I want to clear few things before I start).
> Also I want to know that using Shorewall apps as a firewall front end,
> do I need to know the iptables commands and functions, and is there a
Read this, check the QuickStart Guides!
http://www.shorewall.net/
> gui to set up Shorewall apps so I can use that for setup and
> configurations
>
> Thanks and Best Regards,
>
> Arif
>
>
> -----Original Message-----
> From: shorewall-users-admin@shorewall.net
> [mailto:shorewall-users-admin@shorewall.net] On Behalf Of Tom Eastep
> Sent: Monday, September 16, 2002 7:44 PM
> To: Shorewall Users
> Subject: Re: [Shorewall-users] Shorewall
>
> John Andersen wrote:
>  > With only two nics, would the DMZ be the most logical choice?  > 
>
>
> I explained to the original poster in a private post that what I meant
> was that he should set up his local network using Proxy ARP like the DMZ
> in the Setup Guide example.
>
> -Tom

Maybe this has been already answered :

How can you nat a whole subnet into another one,
for example I want to NAT 192.168.0.0/24 (local network) in 192.168.2.0/24
(dmz network), so
I can do single nat (one translation by ip) and i''m not disturbed
anymore by
PAT problems
and I can hide my real IP (no routing).

Thanks.

Jérôme Tytgat wrote:
> Maybe this has been already answered :
> 
> How can you nat a whole subnet into another one,
> for example I want to NAT 192.168.0.0/24 (local network) in 192.168.2.0/24
> (dmz network), so
> I can do single nat (one translation by ip) and i''m not disturbed
anymore by
> PAT problems
> and I can hide my real IP (no routing).
> 
There was a feature in the NetFilter Patch-O-Matic to allow this to be 
done with a single rule but it hasn''t made it into the released version
as
far as I know. Until it does, you get to put all 253 entries in your 
/etc/shorewall/nat file (or write a 10-line shell script to build the file 
for you).

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net