Difference between revisions of "Software projects/OS/Slackware/Advanced usage/Firewall"

From Pandora Wiki
Jump to: navigation, search
(Network interfaces)
Line 1: Line 1:
= Network interfaces =
 
* eth0 is the interface that shows up when you plug an USB to ethernet adapter. A list of compatible ones is located [http://pandorawiki.org/USB_compatibility_list#USB_to_Ethernet_adapters here].
 
* wlan0 is the embedded Wi-fi interface.
 
* wlan1 is the name of a Wi-fi dongle.
 
* usb0 is the big USB port (not sure, may be the first plugged).
 
* usb1 is the small USB port (not sure).
 
* If you connect an OP with another using an USB cable, the OP at the little end of the cable will dramatically drain the current from the other OP's big USB port.
 
* To avoid this, at the little end, type as root:
 
echo 0 > /sys/class/power_supply/twl4030_usb/enable
 
* there's also a bluetooth interface, but until now i never used it, so can't tell much about it.
 
* These interface numbers may vary, depending which one you plug first.
 
* The numbers can be fixed using the /etc/udev/rules.d/70-persistent-net.rules file.
 
* This file is deleted at each shutdown. To make use of it, edit /etc/rc.d/rc.local_shutdown , and comment this line:
 
rm /etc/udev/rules.d/70-persistent-net.rules
 
into
 
#rm /etc/udev/rules.d/70-persistent-net.rules
 
 
 
= Firewall =
 
= Firewall =
 
* I shipped some default firewall configurations for eth0, wlan0 and usb0. I generated them using the [http://connie.slackware.com/~alien/efg/ easy firewall generator].
 
* I shipped some default firewall configurations for eth0, wlan0 and usb0. I generated them using the [http://connie.slackware.com/~alien/efg/ easy firewall generator].

Revision as of 01:21, 22 April 2012

Firewall

  • I shipped some default firewall configurations for eth0, wlan0 and usb0. I generated them using the easy firewall generator.
  • I didn't test them as i use a router, so it's up to you to try it.
  • If you want to use a firewall, ie. for eth0, then do:
cp /etc/rc.d/rc.firewall.eth0 /etc/rc.d/rc.firewall
chmod +x /etc/rc.d/rc.firewall
/etc/rc.d/rc.firewall start

Gateway

  • To use the OP as a simple gateway
chmod +x /etc/rc.d/rc.ip_forward
/etc/rc.d/rc.ip_forward start

NAT Router

  • It also uses a /etc/rc.d/rc.firewall script.
  • I don't provide any because everyone have a different setup.
  • Create it yourself with the easy firewall generator.
  • Then save it as /etc/rc.d/rc.firewall and do this:
chmod +x /etc/rc.d/rc.firewall
/etc/rc.d/rc.firewall start

QoS

  • For now, a recompiled kernel is necessary.
  • A basic setting consists of packet mangling who changes the ToS field in the packets, through rc.firewall rules. A simple example:
iptables -A PREROUTING -t mangle -p tcp --sport ftp -j TOS --set-tos Minimize-Delay
iptables -A PREROUTING -t mangle -p tcp --dport ftp -j TOS --set-tos Minimize-Delay
iptables -A PREROUTING -t mangle -p tcp --sport ftp-data -j TOS --set-tos Maximize-Throughput
iptables -A PREROUTING -t mangle -p tcp --dport ftp-data -j TOS --set-tos Maximize-Throughput
  • A more advanced setup makes use of dedicated kernel modules. The most known script is the outdated wondershaper.
Retrieved from "https://pandorawiki.org/index.php?title=Software_projects/OS/Slackware/Advanced_usage/Firewall&oldid=10183"