Seattle Firewall Version 3.2
Installing Seattle Fireall on the Eiger LRP
Distribution
The following instructions are thanks to Tim Wegner.
These instructions assume that you already have a
working EigerStein disk, but should work with minor changes for
other LRP distributions that support ipchains. If you need
EigerStein, see http://lrp.steinkuehler.net/DiskImages/Eiger.htm.
- Download the Seattle
Firewall LRP file.
- Rename the file seawall.lrp and
copy it to your EigerStein boot disk.
- Edit the syslinux.cfg file on the Eigerstein disk
and add the seawall package. To do this, edit the long
(probably wrapped) line that begins
append=
and add
,seawall
at the end of the list of packages, right after dhclient.
(If your disk doesn't use dhclient just put seawall at
the end of the package list.) There should be no space
before or after the comma, but be sure there is a space
after seawall.
- Reboot
- You will now configure Seattle Firewall as
described in the configuration
documentation . For an EigerStein
setup, you probably won't have to make changes other than
those mentioned here to get things working. (Don't worry
right now if your LRP box won't communicate with other
systems.)
- To edit the various configuration files, start lrcfg
if it isn't already running and select Package
Settings (menu item 3), seawall
(menu item 6 on my EigerStein
system) and then the number corresponding to the file
that you wish to edit. (If you don't see seawall
in the list of packages, then you
didn't correctly edit syslinux.cfg in step 3.)
- The first seawall menu
item, Config,
edits the file /etc/seawall.conf. Check to make sure that
the network devices correspond to those selected in the
lrcfg Network settings/Network
Configuration (menu item numbers
1-1). For EigenStein, the usual seawall.conf values are internet="eth0"
(same as the LRP EXTERN_IF
variable) and local="eth1"
(same as the LRP INTERN_IF
variable.)
- If you are running dnscache
on your LRP box, be sure to set dnslocalports="1025:"
in /etc/seawall.conf. This is
required because dnscache
selects local ports at random from the range 1025:65535
whereas the default range for local ports is determined
by the contents of /proc/sys/net/ipv4/ip_local_port_range
(normally 1024:4999).
- To see the effect of your changes, you do not
need to reboot -- just type seawall
restart at the Linux prompt. Try
the command seawall monitor to
see an ongoing report on Seawall's operation. You can
terminate the monitoring with ctrl-C.
- Once you have the firewall
working, be sure to save the RAMdisk copies of the
Seattle Firewall configuration files to your boot floppy.
To do this from the main lrcfg
menu, type b
and then the number corresponding to seawall
(9 on my system).
Last updated 7/29/2000 - Tom
Eastep