RuggedCom RX1000 ユーザーズマニュアル
RuggedRouter
User Guide
7) If your hosts must accept sessions from the Internet configure the rules file to
support Destination Network address Translation (DNAT). Which hosts need to
accept connections, from whom and on which ports?
accept connections, from whom and on which ports?
8) Configure the rules file to override the default policies. Have external
connections been limited to approved IP address ranges. Have all but the required
protocols been blocked?
protocols been blocked?
9) If you are supporting a VPN, add additional rules.
10) Check the configuration using the Shorewall Firewall menu, “Check Firewall”
10) Check the configuration using the Shorewall Firewall menu, “Check Firewall”
button.
11) Activate the firewall. It is usually a good idea to port scan the firewall after
activation and verify that logging is functioning.
ShoreWall Terminology And Concepts
This section provides background on various Shorewall terms and concepts.
References are made to the section where configuration applies.
References are made to the section where configuration applies.
Zones
A network zone is a collection of interfaces, for which forwarding decisions are
made, for example:
made, for example:
Name
Description
net
The Internet
loc
Your Local Network
dmz
Demilitarized Zone
fw
The firewall itself
vpn1
IPSec connections on w1ppp
vpn2
IPSec connections on w2ppp
You may create new zones if you wish. For example if all of your Ethernet interfaces
are part of the local network zone, disallowing traffic from the Internet zone to the
local zone will disallow it to all Ethernet interfaces. If you wanted some interfaces
(but not others) to access the Internet, you could create another zone.
Zones are defined in the file /etc/shorewall/zones and are modified from the Network
Zones menu.
are part of the local network zone, disallowing traffic from the Internet zone to the
local zone will disallow it to all Ethernet interfaces. If you wanted some interfaces
(but not others) to access the Internet, you could create another zone.
Zones are defined in the file /etc/shorewall/zones and are modified from the Network
Zones menu.
Interfaces
Shorewall Interfaces are simply the Ethernet and WAN interfaces available to the
router. You must place each interface into a network zone.
If an interface supports more than one subnet, place the interface in zone 'Any' and
use the zone hosts setup (see below) to define a zone for each subnet on the interface.
An example follows:
router. You must place each interface into a network zone.
If an interface supports more than one subnet, place the interface in zone 'Any' and
use the zone hosts setup (see below) to define a zone for each subnet on the interface.
An example follows:
Interface
Zone
eth1
loc
eth2
loc
eth3
Any
eth4
dmz
w1ppp
net
106 RuggedCom