**SUPPORT** Personal Firewall with Shorewall Tutorial

[Sith_Happens]

This is the support thread for the Prompt and Powerful Firewalling with Shorewall tutorial. Haven't read it? Check it out and tell me what you think. If you've read it and need some help, post here and I'll see what I can do.
_________________
"That question was less stupid; though you asked it in a profoundly stupid way."
I'm the brains behind Jackass! | Tutorials: Shorewall

[WarMachine]

Would you consider expanding the tutorial to include instructions on how to configure shorewall for systems functioning as internet gateways?

[Sith_Happens]

Maybe I'll make a second tutorial to do that. This tutorial has a clear purpose and to expand upon it would take away from that. However, I wrote the tutorial with the hope that it not only gives a quick how-to that allows you to set up a personal firewall, but that it gives you enough of the basics of Shorewall that a more advanced configuration is eaisier to concieve and execute. The other nice thing about shorewall is their is a great deal of documentation that is available to you. Not only in man and info pages, but in the config files, and on their website. Check out this tutorial on setting up a bridge/router, and see if it helps you.
_________________
"That question was less stupid; though you asked it in a profoundly stupid way."
I'm the brains behind Jackass! | Tutorials: Shorewall

[Sheepdogj15]

i'm just posting to let you know if you do decide to write tutorial for setting up a firewall/gateway box, i'd use it. i actually tried setting up M0n0wall (like Smoothwall except based on FreBSD. site: http://m0n0.ch/wall) on a spare PC i had handy, but the install failed miserably.

i was thinking of switching to Smoothwall, but i like the idea of using Shorewall on Gentoo as it looks like it would give me more options. (i like bells and whistles.. ahem, i mean secured bells and whistles )

otherwise, i'll probably just check out the tutorial from the Shorewall website.

[Sith_Happens]

Here is a better tutorial from the site for setting up a simple two zone (loc and net) firewall/router. I was looking for this one earlier, but I could only find the first tutorial. I think if I were to create a tutorial for a two interface shorewall set up it would probably be a recreation of this only specifically for gentoo users. The other difference is this tutorial sets up a policy to accept all outgoing connections, as opposed to my approch which is to decide what outgoing connections I want to allow. See if this helps, if you have any questions from this two interface tutorial I can probably help you in this thread as well.
_________________
"That question was less stupid; though you asked it in a profoundly stupid way."
I'm the brains behind Jackass! | Tutorials: Shorewall

[rhill]

very nice. i'm just emerging shorewall now, after skimming over the tutorial. i just wanted to say thanks. it seems that everything written on the topic of linux and networking immediately assumes you have more than one box. i've been looking for a good guide applicable to a single pc setup for a while now.
_________________
by design, by neglect
for a fact or just for effect

[jdeane]

Thanks for the tutorial, just what I was looking for,
Jon

[Sheepdogj15]

excellent. thank you.

i might still use your tutorial for my local box as well. can never be too paranoid these days, eh?

[Sith_Happens]

I'm really pleased with the positive feedback. If you guys have any problems with the tutorial tell me your suggestions, if I can make it easier to understand or clearer in any part I'd like to know.
_________________
"That question was less stupid; though you asked it in a profoundly stupid way."
I'm the brains behind Jackass! | Tutorials: Shorewall

[spike_spiegel]

Shorewall seems pretty nice, but so far, Ive seen nothing that will help me set it up for my router and windows PC's.

Ill try and mess around with it some more, but any help would be great.
____
spike
Ircop at irc.Aniverse.net
#linux

[Sith_Happens]

Did you look at this tutorial?
_________________
"That question was less stupid; though you asked it in a profoundly stupid way."
I'm the brains behind Jackass! | Tutorials: Shorewall

[Sith_Happens]

Here is a tutorial on the Shorewall site for setting up a standalone firewall. Read my criticism of this how-to in the tutorial thread however before following it. Thanks to Krolden for posting the link.
_________________
"That question was less stupid; though you asked it in a profoundly stupid way."
I'm the brains behind Jackass! | Tutorials: Shorewall

[Dumphrey]

I apprecite the how-to. I had no idea shoewwall was out there till i stumbled on this thread. I had been trying to set up ip-tables manually. Gahh!
Shorewall is my new buddy.

[Sith_Happens]

Shorewall is certainly easier to understand than iptables by itself. Shorewall allows you to quickly and simply create a complex iptables setup in no time.
_________________
"That question was less stupid; though you asked it in a profoundly stupid way."
I'm the brains behind Jackass! | Tutorials: Shorewall

[Andersson]

I've only been using iptables until now, it's been working great. It never hurts trying new solutions, though. Shorewall might be a little quicker and give a little better overview. I'll try it for a while and see if I like it better.

Ok, how about this, I wish to have an ssh server running on port 22 (done), but drop connections to this port from the internet (done), then redirect internet connections addressed to port 2222, to port 22.

This is to avoid those annoying bots attempting to log in. So why not run the server on port 2222 and simply ACCEPT connections to that port? Well, I want to use port 22 to save me from typing "-p 2222" when I'm on the local network.

So anyway, this is my attempt but it does not work.

[Sith_Happens]

Try

[Andersson]

So a single port number means a port on the firewall itself?

I get no errors from shorewall using your rule. I still can't connect, but I must have misconfigured sshd somehow
_________________
Must...resist...posting....
One...step...closer...to...getting...stupid...l33t...ranking...

[Sith_Happens]

Well, let's test it just to be sure the rule is working. Go to this site and have it scan port 2222 on your firewall. Then run dmesg, it should have an entry for the scan, post that shorewall message, and we'll see if it works.
_________________
"That question was less stupid; though you asked it in a profoundly stupid way."
I'm the brains behind Jackass! | Tutorials: Shorewall

[Andersson]

It works like a charm! And the sshd wasn't misconfigured -just not started
_________________
Must...resist...posting....
One...step...closer...to...getting...stupid...l33t...ranking...

[Sith_Happens]

The thing about redirect is it implies you are talking about traffic to the firewall.
_________________
"That question was less stupid; though you asked it in a profoundly stupid way."
I'm the brains behind Jackass! | Tutorials: Shorewall

[Gripp]

hmm.. ofcoarse everything i do has a catch eh
at the line

[trooper_ryan]

I'm being finicky, but perhaps the subject should not include the phrase "Personal firewall". This suggests an app that interacts with the user.

Got me all excited - bastards!

[Sith_Happens]

[trooper_ryan]

[Sith_Happens]