LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-02-2009, 11:57 PM   #1
kipluxer
LQ Newbie
 
Registered: Apr 2009
Posts: 6

Rep: Reputation: 0
Error configuration shorewall in CentOS 5.0


hi guys..

install shorewall..
http://www.shorewall.net/pub/shorewall/4.0/

or installation

wget -c -t 0
http://www.shorewall.net/pub/shorewa...4.0.12.tar.bz2
wget -c -t 0
http://www.shorewall.net/pub/shorewa...4.0.12.tar.bz2
wget -c -t 0
http://www.shorewall.net/pub/shorewa...0.12.1.tar.bz2
wget -c -t 0
http://www.shorewall.net/pub/shorewa...4.0.12.tar.bz2

extract satu satu dan install mulai dari shell, perl, common
tar jxvf shorewall-shell-4.0.12.tar.bz2
cd shorewall-shell-4.0.12/
./install
cd
tar jxvf shorewall-perl-4.0.12.1.tar.bz2
cd shorewall-perl-4.0.12.1/
./install
cd
tar jxvf shorewall-common-4.0.12.tar.bz2
cd shorewall-common-4.0.12
./install
cd



In the shorewall configuration we need to do some configuration. I can configure the terminal:

> configuration rules with typing gedit /etc/shorewall/shorewall.conf
startup_enable = Yes
next to save

>configuration rules with typing gedit /etc/shorewall/zones
fill with:

Code:
########################################################################

#ZONE TYPE OPTIONS IN OUT

# OPTIONS OPTIONS

net ipv4 # net untuk keluar (internet)

local ipv4 # untuk ip yang local

fw firewall

#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
next to save

> configuration rules with typing gedit /etc/shorewall/interfaces

fill with:

Code:
########################################################################

#ZONE INTERFACE BROADCAST OPTIONS

net eth0 # interface untuk internet

local eth1 # interface untuk local

#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
next to save


>configuration rules with typing gedit /etc/shorewall/policy

fill with:

Code:
########################################################################

#SOURCE DEST POLICY LOG LIMIT:BURST

# LEVEL

fw all ACCEPT

net all DROP

local all ACCEPT

#LAST LINE -- DO NOT REMOVE
next to save

> configuration rules with typing gedit /etc/shorewall/masq

fill with :

Code:
########################################################################

#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC

eth0 eth1 ===> typing eth0 eth1

#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
next to save


> configuration rules with typing gedit /etc/shorewall/rules

fill with :

Code:
########################################################################

#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK

# PORT PORT(S) DEST LIMIT GROUP

#SECTION ESTABLISHED

#SECTION RELATED

# Accept connection DNS (Port 53)

ACCEPT local fw tcp 53

ACCEPT local fw udp 53

# Accept connection Proxy (Port 3128/8080)

ACCEPT local fw tcp 3128

ACCEPT local fw tcp 8080

# Accept connection Web (Port 80)

ACCEPT local fw tcp 80

# Accept connection FTP (Port 20, 21)

ACCEPT local fw tcp 20

ACCEPT local fw tcp 21

# Accept connection SSH (Port 22)

ACCEPT local fw tcp 22

# Accept connection Webmin (Port 10000)

ACCEPT local fw tcp 10000

# Rule dari Internet ke mesin (firewall)

# Accept connection DNS

ACCEPT net fw tcp 53

ACCEPT net fw udp 53

# Accept connection SSH

ACCEPT net fw tcp 22

ACCEPT fw local tcp 22

# # Accept connection Web

ACCEPT net fw tcp 80

# # Accept connection SMTP,POP3,IMAP

ACCEPT net fw tcp 25,110,143

ACCEPT fw net tcp 25,110,143

ACCEPT local fw tcp 25,110,143

REJECT local net tcp 25,110,143

# # Accept connection Webmin

ACCEPT net fw tcp 10000

# # Redirect koneksi local port 80 ke port 3128

REDIRECT local 3128 tcp 80

#SECTION NEW

#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
next to save


> next to typing /etc/init.d/shorewall start.

after typing /etc/init.d /shorewall start or service shorewall start, then I get results like this

Code:
[root@olympia init.d]# shorewall start
Compiling...
Initializing...
Determining Zones...
   IPv4 Zones: net local
   Firewall Zone: fw
Validating interfaces file...
Validating hosts file...
Pre-processing Actions...
   Pre-processing /usr/share/shorewall/action.Drop...
   ERROR: Invalid TARGET in rule "COUNT        "
/sbin/shorewall: line 384: 15819 Terminated              $command $SHOREWALL_SHELL $sc $@


PLEASE HELP ME

please help me

Last edited by unSpawn; 05-03-2009 at 09:16 AM. Reason: //merge OP reply to retain 0-reply status
 
Old 05-03-2009, 10:16 AM   #2
emetib
Member
 
Registered: Feb 2003
Posts: 484

Rep: Reputation: 33
what it looks like is something in the /usr/share/shorewall area.
take a look at the action.Drop and see if you can find that error message. that is what rules and targets it's stating. recheck your configs, rules, policy, actions.

shorewall is pretty straight forward, so you should be able to figure it out pretty quick.

question, why are you building this?
doesn't centos have this on their mirrors?
 
Old 05-03-2009, 09:43 PM   #3
kipluxer
LQ Newbie
 
Registered: Apr 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by emetib View Post
what it looks like is something in the /usr/share/shorewall area.
take a look at the action.Drop and see if you can find that error message. that is what rules and targets it's stating. recheck your configs, rules, policy, actions.

shorewall is pretty straight forward, so you should be able to figure it out pretty quick.

question, why are you building this?
doesn't centos have this on their mirrors?

I want to do load balancing 2 ISP with shorewall exploit the use of the iptables-based and hardware based mikrotikRouterOS


please help me
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Shorewall configuration help phantom_cyph Linux - Security 2 11-26-2008 11:18 PM
PPTPD CentOS 5 - Issues with Shorewall CoMMy Linux - General 0 08-10-2008 10:12 AM
LXer: How To Set Up Shorewall (Shoreline) 4.0 Firewall On CentOS 5.1 LXer Syndicated Linux News 0 07-04-2008 11:40 AM
Shorewall Configuration.... tagbantay Linux - Security 3 10-07-2007 07:15 PM
shorewall on centos vbsaltydog Linux - Security 4 04-17-2006 12:19 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 03:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration