Shorewall and Heimdall Firewall. Can thwy be togheter?

[emilioestevezz]

Hi, i ve been looking further in my linux configuration and i discover that i have 2 firewalls interactivating in my host, heimdall firewall and shorewall, the question is can they work togheter or must they? and in case that i must remove heimdall how do i remove it???

 

Well thats all by know thanks.

Emilio

[Gowator]

That looks wrong ...

First off is in not Heimdaal not heimdall ... Just from my Scandanavian spelling the former seems more likely but then so does hjemdaal

 

Anyway, two firewalls is one to many...

Shorewall does other stuff apart from being a firewall so be carefull.

 

Also unless you have got your head round the config files from Mandrake I found the shorewall ones from their website much easier.

You might have activated the other firewall accidentally in Webmin ...

I know I was messing with it and it said 'hey you got shorewall, you don't really wanna do this'

Anyway, once I stuck the shorewall config files and read their quickstart guide 5 mins it all made sense. I guess now I understand it I'd understand the Mdk config but I haven't the patience.

[Gowator]

Or shorewall - My Way.

Actually this is shorewall the shorewall way ...

 

1) Make sure you have webmin and its working ...

2) Stop shorewall with

shorewall clear

3) Make sure you can access the internet from the PC you will be using as the firewall. If this doesn't work then it won't work with shorewall running either.

4) Work out which type of configuration you will use ...

http://www.shorewall.net/ you need to work out according to the pictures in the quickstart guides.

5) Download the relevant quickstart guide .... follow the links as you read the documentation.....

6) Copy their sample config files over, you can save your mdk ones if you really want ... I did but never went back !!!

7) Thats worked for me ... Nothing clever .. I just followed the instructions ..

8) Now you can add anything fancy like allowing NFS from your other PC's to your firewall etc... I just used WEBMIN !!!

[Gowator]

On my way home ....

Will be on the firewall in 35-45 minutes if anything doesn't work :-)

[iphitus]

Anyway, two firewalls is one to many...

Shorewall does other stuff apart from being a firewall so be carefull.

 

I had a friend who had more than 4 firewalls on his computer. It was running Windex, so he needed it.

 

James

[Gowator]

Seriously,

One firewall should be plenty.

You can block any port by protocol and run NAT.... Without the beast that is ActiveX you can choose exactly what is and what is not seen and modifiable/runable.

 

Having two firewalls is just likely to be confusing ... ie. port 21 might be blocked by one, not the other ... if your also running a proxy server and remapping port 21 then thats likely to be confusing...

 

In reality

Do you want ftp?

No .... turn it off

Yes ...

Do you want it within your internal network ...

Allow port 21 for your internal zone

Do you want it to the internet....

Allow port 21 from your internal to internet zones

Do you want it from the internet ....

etc. etc.

Firewalls are enough problems to configure without having 2....

[iphitus]

I agree more than one is silly. I was just making a comment.

 

Anyway i use shorewall and it works fine. I just configure it in MCC.

 

James