hi guys..
install shorewall..
http://www.shorewall.net/pub/shorewall/4.0/
or installation
wget -c -t 0
http://www.shorewall.net/pub/shorewa...4.0.12.tar.bz2
wget -c -t 0
http://www.shorewall.net/pub/shorewa...4.0.12.tar.bz2
wget -c -t 0
http://www.shorewall.net/pub/shorewa...0.12.1.tar.bz2
wget -c -t 0
http://www.shorewall.net/pub/shorewa...4.0.12.tar.bz2
extract satu satu dan install mulai dari shell, perl, common
tar jxvf shorewall-shell-4.0.12.tar.bz2
cd shorewall-shell-4.0.12/
./install
cd
tar jxvf shorewall-perl-4.0.12.1.tar.bz2
cd shorewall-perl-4.0.12.1/
./install
cd
tar jxvf shorewall-common-4.0.12.tar.bz2
cd shorewall-common-4.0.12
./install
cd
In the shorewall configuration we need to do some configuration. I can configure the terminal:
> configuration rules with typing gedit /etc/shorewall/shorewall.conf
startup_enable = Yes
next to save
>configuration rules with typing gedit /etc/shorewall/zones
fill with:
Code:
########################################################################
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
net ipv4 # net untuk keluar (internet)
local ipv4 # untuk ip yang local
fw firewall
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
next to save
> configuration rules with typing gedit /etc/shorewall/interfaces
fill with:
Code:
########################################################################
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 # interface untuk internet
local eth1 # interface untuk local
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
next to save
>configuration rules with typing gedit /etc/shorewall/policy
fill with:
Code:
########################################################################
#SOURCE DEST POLICY LOG LIMIT:BURST
# LEVEL
fw all ACCEPT
net all DROP
local all ACCEPT
#LAST LINE -- DO NOT REMOVE
next to save
> configuration rules with typing gedit /etc/shorewall/masq
fill with :
Code:
########################################################################
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC
eth0 eth1 ===> typing eth0 eth1
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
next to save
> configuration rules with typing gedit /etc/shorewall/rules
fill with :
Code:
########################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
# Accept connection DNS (Port 53)
ACCEPT local fw tcp 53
ACCEPT local fw udp 53
# Accept connection Proxy (Port 3128/8080)
ACCEPT local fw tcp 3128
ACCEPT local fw tcp 8080
# Accept connection Web (Port 80)
ACCEPT local fw tcp 80
# Accept connection FTP (Port 20, 21)
ACCEPT local fw tcp 20
ACCEPT local fw tcp 21
# Accept connection SSH (Port 22)
ACCEPT local fw tcp 22
# Accept connection Webmin (Port 10000)
ACCEPT local fw tcp 10000
# Rule dari Internet ke mesin (firewall)
# Accept connection DNS
ACCEPT net fw tcp 53
ACCEPT net fw udp 53
# Accept connection SSH
ACCEPT net fw tcp 22
ACCEPT fw local tcp 22
# # Accept connection Web
ACCEPT net fw tcp 80
# # Accept connection SMTP,POP3,IMAP
ACCEPT net fw tcp 25,110,143
ACCEPT fw net tcp 25,110,143
ACCEPT local fw tcp 25,110,143
REJECT local net tcp 25,110,143
# # Accept connection Webmin
ACCEPT net fw tcp 10000
# # Redirect koneksi local port 80 ke port 3128
REDIRECT local 3128 tcp 80
#SECTION NEW
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
next to save
> next to typing /etc/init.d/shorewall start.
after typing /etc/init.d /shorewall start or service shorewall start, then I get results like this
Code:
[root@olympia init.d]# shorewall start
Compiling...
Initializing...
Determining Zones...
IPv4 Zones: net local
Firewall Zone: fw
Validating interfaces file...
Validating hosts file...
Pre-processing Actions...
Pre-processing /usr/share/shorewall/action.Drop...
ERROR: Invalid TARGET in rule "COUNT "
/sbin/shorewall: line 384: 15819 Terminated $command $SHOREWALL_SHELL $sc $@
PLEASE HELP ME
please help me
