Configure the shorewall firewall in the UbuntuLinux System

Article Title: configure the shorewall firewall in the UbuntuLinux system. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

The server uses Ubuntu as the operating system. Two NICs are connected to the Internet (eth0) and the Intranet (eth1 ). Use shorewall as the firewall.

Configure the NIC:

Sudo vi/etc/network/interfaces

Set shorewall firewall in Ubuntu

The server uses Ubuntu as the operating system. Two NICs are connected to the Internet (eth0) and the Intranet (eth1 ). Use shorewall as the firewall.

Configure the NIC:

Sudo vi/etc/network/interfaces ------------------------------------------------ # This file describes the network interfaces available on your system # And how to activate them. For more information, see interfaces (5 ). # The loopback network interface Auto lo Iface lo inet loopback # This is a list of hotpluggable network interfaces. # They will be activated automatically by the hotplug subsystem. Mapping hotplug Script grep Map eth0 # The primary network interface Iface eth0 inet static Address 192.168.2.250 Netmask 255.255.255.0 Network 192.168.2.0 Broadcast 192.168.2.255 Gateway 192.168.2.1 # Dns-* options are implemented by the resolvconf package, if installed Dns-nameservers 202.96.209.6 Auto eth1 Iface eth1 inet static Address 192.168.10.254 Netmask 255.255.255.0 Network 192.168.10.0 Broadcast 192.168.10.255

1. Install shorewall

Sudo apt-get install shorewall

2. Copy the configuration file

Sudo cp/usr/share/shorewall/modules/etc/shorewall

Sudo cp/usr/share/doc/shorewall/default-config/policy/etc/shorewall/

Sudo cp/usr/share/doc/shorewall/default-config/nat/etc/shorewall/

Sudo cp/usr/share/doc/shorewall/default-config/zones/etc/shorewall/

Sudo cp/usr/share/doc/shorewall/default-config/maclist/etc/shorewall/

Sudo cp/usr/share/doc/shorewall/default-config/blacklist/etc/shorewall/

Sudo cp/usr/share/doc/shorewall/default-config/interfaces/etc/shorewall/interfaces

Sudo cp/usr/share/doc/shorewall/default-config/rules/etc/shorewall/rules

Sudo cp/usr/share/doc/shorewall/default-config/hosts/etc/shorewall/hosts

Sudo cp/usr/share/doc/shorewall/default-config/masq/etc/shorewall/masq

3. Configure the NIC

Sudo vi/etc/shorewall/interfaces

ADD:

Net eth0 detect

Loc eth1 detect

4. Configure the network alias

Sudo vi/etc/shorewall/zones

ADD:

Net Net Internet

Loc Local Networks

5. Configure IP camouflage, that is, transparent proxy

Sudo vi/etc/shorewall/masq

ADD:

Eth0 eth1

6. configure policies

Sudo vi/etc/shorewall/policy

Add the following at the end of the LINE # last line -- do not remove:

Loc net ACCEPT

Net all DROP info

All REJECT info

7. Configure Firewall Rules

Sudo vi/etc/shorewall/rules

ADD:

# Incoming traffic (from the internet to firewall)

AllowSSH net fw

AllowDNS net fw

AllowWeb net fw

AllowSMB net fw

AllowNNTP net fw

AllowNTP net fw

AllowRdate net fw

AllowSMTP net fw

DropPing net fw

# Outgoing traffic (from firewall to the internet)

AllowWeb fw net

AllowDNS fw net

AllowSMTP fw net

AllowSMB fw net

AllowSMTP fw net

AllowNNTP fw net

AllowNTP fw net

AllowRdate fw net

AllowSSH fw net

# Open special ports

ACCEPT net fw tcp 9980

8. Modify shorewall. conf to enable IP Forwarding automatically

Sudo gedit/etc/shorewall. conf

Found:

IP_FORWARDING = Keep

To:

IP_FORWARDING = On

# Saving closed files

9. Modify/etc/default/shorewall to automatically run the Firewall

Sudo vi/etc/default/shorewall

Found:

Startup = 0

To:

Startup = 1

10. Start the Firewall

Sudo shorewall start

11. Now the firewall configuration is complete.