 |
 |
Linux - Ubuntu 7.04 Gateway and Firewall
From http://www.howtoforge.com/ubuntu6.10_firewall_gateway
edited with my own specifics, and some errors corrected...
This covers pages 1 and 2 of that tutorial/walk-though, gets my workstation connected to my server, both on the net...
Tested on Ubuntu 7.04 Server i386 and PPC.
After succesfully installing a Ubuntu 7.04 LAMP server, login and proceed as follows...
sudo passwd It is my understanding from the tutorials I've followed so far that this is not the most secure thing to do, but will do for a newbie...will revisit this...
apt-get install nano
apt-get update
apt-get install openssh-server
Open the file /etc/network/interfaces and add your second network device
nano /etc/network/interfaces
by adding the following text (this is the one you will connect to other computers via a switch. This also asumes that this network card is "eth1")
auto eth1/p>
face eth1 inet static
address 192.168.9.1
netmask 255.255.255.0
broadcast 192.168.9.255
network 192.168.9.0
/etc/init.d/networking restart
This apt-get should install everything you need.
apt-get install perl libmd5-perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl shorewall dnsmasq
wget http://surfnet.dl.sourceforge.net/sourceforge/webadmin/webmin_1.330_all.deb version 1.360 is current as of this writing
dpkg -i webmin_1.360_all.deb
apt-get update
cp /usr/share/doc/shorewall/examples/two-interfaces/* /etc/shorewall/
cd /etc/shorewall
gunzip interfaces.gz masq.gz rules.gz policy.gz
In the file /etc/shorewall/shorewall.conf, change the line " nano /etc/shorewall/shorewall.confIP_FORWARDING=Keep" to "IP_FORWARDING=On".
(This line was corrected from the previous tutuorial, was "/etc/shorewall.conf" in original tutorial. That would get you nowhere... )
nano /etc/default/shorewall
change the line "startup=0" to "startup=1"
nano /etc/shorewall/policy
edit to match the following lines:
| loc | net | ACCEPT | |
| loc | $FW | ACCEPT | |
| loc | all | REJECT | |
| $FW | net | ACCEPT | |
| $FW | loc | ACCEPT | |
| $FW | all | REJECT | info |
| net | $FW | DROP | info |
| net | loc | DROP | info |
| net | all | DROP | info |
/etc/init.d/shorewall stop At this point I recieved a message stating that the shorewall start was "not done" and gave me a log to check out,
/etc/init.d/shorewall start
nano /var/log/shorewall-init.log
In which I found this "ERROR: The 'norfc1918' option has been specified on an interface with an RFC 1918 address. Interface:eth0"
so.
nano /etc/shorewall/interfaces
remove the "norfc1918," from the primary interface (eth0).
I no errors, keep going...
/etc/init.d/networking restart
I used "ifconfig" to get my eth0 ip and connect to "https://eth0's ip:10000"
shutdown -r now (reboots, or, shuts down and restarts computer)
Set internet connection on WinXP to:
IP: 192.168.9.10
sN: 255.255.255.1
Gateway and DNS: 192.168.9.1
Optional Desktop install:
apt-get update
apt-get install ubuntu-desktop
