If you haven't done so already, please read and print a
copy of the Shorewall Documentation.
To install Shorewall using the RPM:
- Install the RPM (rpm -ivh <shorewall rpm>).
- Edit the configuration files to match your configuration.
- Start the firewall by typing "shorewall start"
To
install Shorewall using the tarball and install
script:
- unpack the tarball
- cd to the shorewall directory (the version is encoded in the
directory name as in "shorewall-3.0.1").
- Edit the configuration files to match your configuration.
- If you are using Caldera, RedHat,
Mandrake, Corel,
Slackware or
Debian
then type "./install.sh"
- If you are using SuSe then type
"./install.sh /etc/init.d"
- If your distribution has directory
/etc/rc.d/init.d or /etc/init.d then type
"./install.sh"
- For other distributions, determine where your
distribution installs init scripts and type
"./install.sh <init script directory>
- Start the firewall by typing "shorewall
start"
- If the install script was unable to configure Shorewall to be started automatically at boot,
see these
instructions.
There are a number of configuration files that need to be edited to
configure the firewall. Details are in the Shorewall Documentation.
- /etc/shorewall/shorewall.conf - used to set several firewall
parameters.
- /etc/shorewall/zones - partition the firewall's view of the world
into zones.
- /etc/shorewall/policy - establishes firewall high-level policy.
- /etc/shorewall/interfaces - describes the interfaces on the
firewall system.
- /etc/shorewall/hosts - allows defining zones in terms of individual
hosts and subnetworks.
- /etc/shorewall/masq - directs the firewall where to use many-to-one
(dynamic) NAT a.k.a. Masquerading.
- /etc/shorewall/modules - directs the firewall to load kernel modules.
- /etc/shorewall/rules - defines rules that are exceptions to the
overall policies established in /etc/shorewall/policy.
- /etc/shorewall/nat - defines static NAT rules.
- /etc/shorewall/proxyarp - defines use of Proxy ARP.
- /etc/shorewall/tos - defines rules for setting the TOS field in packet
headers.
- /etc/shorewall/tunnels - defines IPSEC tunnels with end-points on
the firewall system.
If you already have the Shorewall RPM installed and are upgrading to a new
version:
- Upgrade the RPM (rpm -Uvh <shorewall rpm file>)
- Restart the firewall (shorewall restart).
If you already have Shorewall installed and are upgrading to a new version
using the tarball:
- unpack the tarball
- cd to the shorewall directory (the version is encoded in the
directory name as in "shorewall-3.0.1").
- If you are using Caldera, RedHat,
Mandrake, Corel,
Slackware or
Debian
then type "./install.sh"
- If you are using SuSe then type
"./install.sh /etc/init.d"
- If your distribution has directory
/etc/rc.d/init.d or /etc/init.d then type
"./install.sh"
- For other distributions, determine where your
distribution installs init scripts and type
"./install.sh <init script directory>
- Restart the firewall by typing "shorewall restart"
|