Hatalar205 at 09:08, 18 November 2012

2012-11-18T09:08:34Z

Darksurf: webmin no longer defaults to root for user and root password for password.

2010-08-28T21:26:04Z

webmin no longer defaults to root for user and root password for password.

New page

OK, I'm sure you are here to learn how to start up your own personal firewall. This can be made easy via webmin & shorewall. All of the things I'm doing will be using the theme "MSC.Linux Theme". If something you are trying doesn't match or look right. I ask that you try that theme while configuring throughout reading this howto and see if that helps.
Lets start

open a root terminal and type "equo install webmin shorewall" without the quotes and press enter. This will take some time so don't worry about time or if its even doing anything.

Once finished, you need to set a user and password for access to webmin. enter the following into your root terminal
"/usr/libexec/webmin/changepass.pl /etc/webmin {username here} {passwordhere}"

Now once this is finished type "rc-update add webmin" and press enter in that root terminal.
Webmin should now load @ boot up. Restart Your computer and open Firefox. Now in the the box where you usually type in websites type

"https://localhost:10000"

and press enter. it will ask for a user name and password. type in the user and password you chose. If you have a problem you can repeat the step
and change the user and password. Don't worry, all this happens on Your OWN computer and IS encrypted nothing is sent over the network. BTW, its best to not allow Firefox to remember this password. This is for security reasons.

Now you should see the webmin interface. If you do not feel comfortable with the interface it is easily themeable to help you feel more comfortable. To change the theme, after login you should see "webmin". Select that and underneath will appear "Change language and Theme" click it. My personal favorite theme is "MSC.Linux Theme" select personal choice then select the theme and click "make changes". When you are ready click "return to index".

Now click "Networking"
Then click "Shoreline Firewall"

Now we will start to configure the firewall starting with the "Networking Zones" so click that and then click "Manually edit file"

Here is what mine & yours should look like.
{{File| |
<pre class="clear">
#
#Shorewall version 4 - Zones File
#
#For information about this file, type "man shorewall-zones"
#
#The manpage is also online at
#http://www.shorewall.net/manpages/shorewall-zones.html
#
#############################################
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
</pre>}}

OK, now that you have this down. Is basically saying I have a zone inside the firewall (a.k.a. fw) and a zone outside the firewall (a.k.a. net)
Now click "SAVE" and then click "return to list of tables"

Now click "Network Interfaces" and click "Manually Edit file"

This is how it should look.
{{File| |
<pre class="clear">

#
# Shorewall version 4 - Interfaces File
#
# For information about entries in this file, type "man shorewall-interfaces"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-interfaces.html
#
###################################################################
#ZONE INTERFACE BROADCAST OPTIONS
net eth1 detect
net eth0 detect
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
</pre>}}

Yours may be different pending on what NICs and wireless cards you have installed. instead of "eth1" you may have "wlan0". These are your cards that connect you to "outside the firewall" so the zone they connect to should be "net", of course. To see what interfaces you have type ifconfig as root in a terminal. please do not include "lo" in the Interfaces area.

Now click "SAVE" and click "return to list of tables" (I'm sure you're beginning to see a pattern)

Now click "Default policies" and click "Manually Edit File"

Here is what you should make it look like.

{{File| |
<pre class="clear">
#
# Shorewall version 4 - Policy File
#
# For information about entries in this file, type "man shorewall-policy"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-policy.html
#
######################################################################
#SOURCE DEST POLICY LOG LIMIT:BURST
# LEVEL
$FW net ACCEPT
net all DROP info
all all REJECT info
#LAST LINE -- DO NOT REMOVE
</pre>}}

Now notice that we now refer to the firewall as "$FW". This is important. Do not forget when we talk about the firewall as a "source" or "Destination" it will be referred to as "$FW". This is different than referring to it as a "ZONE". Also CAPITAL LETTERS ARE CRUCIAL! If they show up as capital letters in this how to, they must be capitals in the config files or they will NOT work!

Now click "SAVE" and click "return to list of tables"

Now click "Firewall Rules" and again click "Manually Edit File"
This is my personal firewall rules as to not restrict myself too much. you may add more or remove some. what ever you like. If you'd like to understand some of the port symbols port1:port2 means include all ports from
port1 to port2. (EX. 1-1024 includes all ports from 1 to 1024) port1,port2 means include port1 and port2
(EX. 1,5,9 means include just ports 1, 5, and 9.)

This is what mine looks like.

{{File| |
<pre class="clear">
#
# Shorewall version 4 - Rules File
#
# For information on the settings in this file, type "man shorewall-rules"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
####################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/MARK
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW
COMMENT Torrent Ports
ACCEPT net $FW tcp 6881:6968
ACCEPT net $FW udp 6881:6968
COMMENT Instant Relay Chat
ACCEPT net $FW tcp 6667:6668
COMMENT Samba Filesharing/Active Directory
ACCEPT net $FW tcp 139,445
ACCEPT net $FW udp 445
COMMENT Telnet/SSH
ACCEPT net $FW tcp 22,23,107,992
ACCEPT net $FW udp 22,23,992
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
</pre>}}

Now click "Save" and Click "return to list of tables" scroll to the bottom of the page and click "check firewall" if
everything checks out OK then click "return to list of tables" and then scroll to the bottom of the page again and
click "Start Firewall"

Great!! Now the Firewall is going, but what if I want it to start up automagically at boot up??

click "System" in your webmin menu

Now click "bootup and shutdown"

Scroll to the very bottom of this and press enter and get to a free line with nothing else on it and type "/sbin/shorewall start"
(without the quotes) and click Save.

Then Click "Networking" in the webmin menu again and once again click "Shoreline Firewall".
Search for "Master configuration file" and click it. On the Left it should say "STARTUP_ENABLED"
click that text. And in the Box next to "Value" make sure the text says "YES". If it says "NO" delete
that and type "YES" and click "SAVE"

This should make shorewall start at bootup as root without having you to make it start up yourself.

There, you should have a fully functional Firewall. Good Luck ;)

[[Category:Firewalls|Make a Firewall using Shorewall and Webmin]]

← Older revision		Revision as of 09:08, 18 November 2012
Line 1:		Line 1:
		+	{{i18n\| [[En:HOWTO: Make a Firewall using Shorewall and Webmin\|en]] [[Tr:HOWTO: Make a Firewall using Shorewall and Webmin\|tr]]}}
		+
	OK, I'm sure you are here to learn how to start up your own personal firewall. This can be made easy via webmin & shorewall. All of the things I'm doing will be using the theme "MSC.Linux Theme". If something you are trying doesn't match or look right. I ask that you try that theme while configuring throughout reading this howto and see if that helps.		OK, I'm sure you are here to learn how to start up your own personal firewall. This can be made easy via webmin & shorewall. All of the things I'm doing will be using the theme "MSC.Linux Theme". If something you are trying doesn't match or look right. I ask that you try that theme while configuring throughout reading this howto and see if that helps.
	Lets start		Lets start

En:HOWTO: Make a Firewall using Shorewall and Webmin - Revision history

Hatalar205 at 09:08, 18 November 2012

Darksurf: webmin no longer defaults to root for user and root password for password.