Difference between revisions of "Software projects/OS/Slackware/Advanced usage/Firewall"

From Pandora Wiki
Jump to: navigation, search
(Network interfaces)
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Network interfaces =
 
* eth0 is the interface that shows up when you plug an USB to ethernet adapter. A list of compatible ones is located [http://pandorawiki.org/USB_compatibility_list#USB_to_Ethernet_adapters here].
 
* wlan0 is the embedded Wi-fi interface.
 
* wlan1 is the name of a Wi-fi dongle.
 
* usb0 is the big USB port (not sure, may be the first plugged).
 
* usb1 is the small USB port (not sure).
 
* there's also a bluetooth interface, but until now i never used it, so can't tell more about it.
 
* These interface numbers may vary, depending which one you plug first.
 
* The numbers can be fixed using the /etc/udev/rules.d/70-persistent-net.rules file.
 
* This file is deleted at each shutdown. To make use of it, edit /etc/rc.d/rc.local_shutdown , and comment this line:
 
rm /etc/udev/rules.d/70-persistent-net.rules
 
into
 
#rm /etc/udev/rules.d/70-persistent-net.rules
 
 
 
= Firewall =
 
= Firewall =
 
* I shipped some default firewall configurations for eth0, wlan0 and usb0. I generated them using the [http://connie.slackware.com/~alien/efg/ easy firewall generator].
 
* I shipped some default firewall configurations for eth0, wlan0 and usb0. I generated them using the [http://connie.slackware.com/~alien/efg/ easy firewall generator].
* I didn't test them as i use a router, so it's up to you to try it.
+
* I didn't test them, so it's up to you to check it, running services, using nmap from another computer etc..
 
* If you want to use a firewall, ie. for eth0, then do:
 
* If you want to use a firewall, ie. for eth0, then do:
 
  cp /etc/rc.d/rc.firewall.eth0 /etc/rc.d/rc.firewall
 
  cp /etc/rc.d/rc.firewall.eth0 /etc/rc.d/rc.firewall
 +
chmod 700 /etc/rc.d/rc.firewall
 
  chmod +x /etc/rc.d/rc.firewall
 
  chmod +x /etc/rc.d/rc.firewall
 
  /etc/rc.d/rc.firewall start
 
  /etc/rc.d/rc.firewall start
Line 31: Line 18:
 
* Create it yourself with the [http://connie.slackware.com/~alien/efg/ easy firewall generator].
 
* Create it yourself with the [http://connie.slackware.com/~alien/efg/ easy firewall generator].
 
* Then save it as /etc/rc.d/rc.firewall and do this:
 
* Then save it as /etc/rc.d/rc.firewall and do this:
 +
 +
chmod 700 /etc/rc.d/rc.firewall
 
  chmod +x /etc/rc.d/rc.firewall
 
  chmod +x /etc/rc.d/rc.firewall
 
  /etc/rc.d/rc.firewall start
 
  /etc/rc.d/rc.firewall start
Line 41: Line 30:
 
  iptables -A PREROUTING -t mangle -p tcp --sport ftp-data -j TOS --set-tos Maximize-Throughput
 
  iptables -A PREROUTING -t mangle -p tcp --sport ftp-data -j TOS --set-tos Maximize-Throughput
 
  iptables -A PREROUTING -t mangle -p tcp --dport ftp-data -j TOS --set-tos Maximize-Throughput
 
  iptables -A PREROUTING -t mangle -p tcp --dport ftp-data -j TOS --set-tos Maximize-Throughput
* A more advanced setup makes use of dedicated kernel modules. The most known is the outdated [http://lartc.org/wondershaper/ wondershaper].
+
* A more advanced setup makes use of dedicated kernel modules. The most known script is the outdated [http://lartc.org/wondershaper/ wondershaper].
 +
 
 +
 
 +
[[Category:Network]]
 +
[[Category:Security]]
 +
[[Category:Slackware]]
 +
[[Category:System]]

Latest revision as of 01:27, 6 May 2012

Firewall

  • I shipped some default firewall configurations for eth0, wlan0 and usb0. I generated them using the easy firewall generator.
  • I didn't test them, so it's up to you to check it, running services, using nmap from another computer etc..
  • If you want to use a firewall, ie. for eth0, then do:
cp /etc/rc.d/rc.firewall.eth0 /etc/rc.d/rc.firewall
chmod 700 /etc/rc.d/rc.firewall
chmod +x /etc/rc.d/rc.firewall
/etc/rc.d/rc.firewall start

Gateway

  • To use the OP as a simple gateway
chmod +x /etc/rc.d/rc.ip_forward
/etc/rc.d/rc.ip_forward start

NAT Router

  • It also uses a /etc/rc.d/rc.firewall script.
  • I don't provide any because everyone have a different setup.
  • Create it yourself with the easy firewall generator.
  • Then save it as /etc/rc.d/rc.firewall and do this:
chmod 700 /etc/rc.d/rc.firewall
chmod +x /etc/rc.d/rc.firewall
/etc/rc.d/rc.firewall start

QoS

  • For now, a recompiled kernel is necessary.
  • A basic setting consists of packet mangling who changes the ToS field in the packets, through rc.firewall rules. A simple example:
iptables -A PREROUTING -t mangle -p tcp --sport ftp -j TOS --set-tos Minimize-Delay
iptables -A PREROUTING -t mangle -p tcp --dport ftp -j TOS --set-tos Minimize-Delay
iptables -A PREROUTING -t mangle -p tcp --sport ftp-data -j TOS --set-tos Maximize-Throughput
iptables -A PREROUTING -t mangle -p tcp --dport ftp-data -j TOS --set-tos Maximize-Throughput
  • A more advanced setup makes use of dedicated kernel modules. The most known script is the outdated wondershaper.