Seattle Firewall Version 3.2

Installing Seattle Fireall on the Eiger LRP Distribution


The following instructions are thanks to Tim Wegner.

These instructions assume that you already have a working EigerStein disk, but should work with minor changes for other LRP distributions that support ipchains. If you need EigerStein, see http://lrp.steinkuehler.net/DiskImages/Eiger.htm.

  1. Download the Seattle Firewall LRP file.
  2. Rename the file seawall.lrp and copy it to your EigerStein boot disk.
  3. Edit the syslinux.cfg file on the Eigerstein disk and add the seawall package. To do this, edit the long (probably wrapped) line that begins

    append=

    and add

    ,seawall

    at the end of the list of packages, right after dhclient. (If your disk doesn't use dhclient just put seawall at the end of the package list.) There should be no space before or after the comma, but be sure there is a space after seawall.
  4. Reboot
  5. You will now configure Seattle Firewall as described in the configuration documentation . For an EigerStein setup, you probably won't have to make changes other than those mentioned here to get things working. (Don't worry right now if your LRP box won't communicate with other systems.)
  6. To edit the various configuration files, start lrcfg if it isn't already running and select Package Settings (menu item 3), seawall (menu item 6 on my EigerStein system) and then the number corresponding to the file that you wish to edit. (If you don't see seawall in the list of packages, then you didn't correctly edit syslinux.cfg in step 3.)
  7. The first seawall menu item, Config, edits the file /etc/seawall.conf. Check to make sure that the network devices correspond to those selected in the lrcfg Network settings/Network Configuration (menu item numbers 1-1). For EigenStein, the usual seawall.conf values are internet="eth0" (same as the LRP EXTERN_IF variable) and local="eth1" (same as the LRP INTERN_IF variable.)
  8. If you are running dnscache on your LRP box, be sure to set dnslocalports="1025:" in /etc/seawall.conf. This is required because dnscache selects local ports at random from the range 1025:65535 whereas the default range for local ports is determined by the contents of /proc/sys/net/ipv4/ip_local_port_range (normally 1024:4999).
  9. To see the effect of your changes, you do not need to reboot -- just type seawall restart at the Linux prompt. Try the command seawall monitor to see an ongoing report on Seawall's operation. You can terminate the monitoring with ctrl-C.
  10. Once you have the firewall working, be sure to save the RAMdisk copies of the Seattle Firewall configuration files to your boot floppy. To do this from the main lrcfg menu, type b and then the number corresponding to seawall (9 on my system).

Last updated 7/29/2000 - Tom Eastep