I am trying to follow this how to http://www.howtoforge.com/ubuntu6.10_firewall_gateway but I have only gotten to page 2 when you install webmin then I got this error Code: root@LBox:/home/jmunson# dpkg -i webmin_1.350_all.deb (Reading database ... 29202 files and directories currently installed.) Preparing to replace webmin 1.330 (using webmin_1.350_all.deb) ... Unpacking replacement webmin ... dpkg: dependency problems prevent configuration of webmin: webmin depends on libnet-ssleay-perl; however: Package libnet-ssleay-perl is not installed. webmin depends on openssl; however: Package openssl is not installed. webmin depends on libauthen-pam-perl; however: Package libauthen-pam-perl is not installed. webmin depends on libio-pty-perl; however: Package libio-pty-perl is not installed. webmin depends on libmd5-perl; however: Package libmd5-perl is not installed. dpkg: error processing webmin (--install): dependency problems - leaving unconfigured Errors were encountered while processing: webmin I tried just installing the missing packages but that didn't seem to work. Any ideas?? Thanks for the help
So I was going to fast and missed that the step before that gave me this error Code: root@LBox:/home/jmunson# apt-get install libmd5-perl libnet-ssleay-perl libauthen-pam-perl libio-pty-perl shorewall dnsmasq Reading package lists... Done Building dependency tree Reading state information... Done Package libmd5-perl is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package libmd5-perl has no installation candidate
okay i got past that part. now I am trying to set up the firewall. at the moment on am only using one interface to connect the linux box to my LAN. I added that interface to the interfaces and gave it the appropriate zone. now when i try to start the fire wall i get this error Code: Starting "Shorewall firewall": not done (check /var/log/shorewall-init.log). and the log file looks like this Code: Loading /usr/share/shorewall/functions... Processing /etc/shorewall/shorewall.conf... Loading Modules... Clearing Shorewall...Disabling IPV6... IP Forwarding Enabled done. Loading /usr/share/shorewall/functions... Processing /etc/shorewall/shorewall.conf... Loading Modules... Starting Shorewall... Initializing... Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Extended Multi-port Match: Available Connection Tracking Match: Available Packet Type Match: Available Policy Match: Available Physdev Match: Available IP range Match: Available Recent Match: Available Owner Match: Available Ipset Match: Not available CONNMARK Target: Not available Connmark Match: Available Raw Table: Available CLASSIFY Target: Available FORWARD Mangle Chain: Not available Determining Zones... IPv4 Zones: net loc Firewall Zone: fw Validating interfaces file... Validating hosts file... Validating Policy file... Determining Hosts in Zones... net Zone: eth4:0.0.0.0/0 eth0:0.0.0.0/0 WARNING: Zone loc is empty Pre-processing Actions... Pre-processing /usr/share/shorewall/action.Drop... ..Expanding Macro /usr/share/shorewall/macro.Auth... ..End Macro ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs... ..End Macro ..Expanding Macro /usr/share/shorewall/macro.SMB... ..End Macro ..Expanding Macro /usr/share/shorewall/macro.DropUPnP... ..End Macro ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep... ..End Macro Pre-processing /usr/share/shorewall/action.Reject... Pre-processing /usr/share/shorewall/action.Limit... Deleting user chains... Processing /etc/shorewall/routestopped ... Creating Interface Chains... Configuring Proxy ARP Setting up NAT... Setting up NETMAP... Adding Common Rules Adding Anti-smurf Rules Adding rules for DHCP Enabling RFC1918 Filtering Setting up TCP Flags checking... Setting up Kernel Route Filtering... WARNING: Cannot set route filtering on eth0 Setting up Martian Logging... WARNING: Cannot set Martian logging on eth0 IP Forwarding Enabled Setting up IPSEC... Processing /etc/shorewall/rules... Warning -- Rule "ACCEPT net fw all " is a POLICY -- and should be moved to the policy file Rule "ACCEPT net fw all " added. ..Expanding Macro /usr/share/shorewall/macro.DNS... Rule "ACCEPT fw net udp 53 - - - -" added. Rule "ACCEPT fw net tcp 53 - - - -" added. ..End Macro ..Expanding Macro /usr/share/shorewall/macro.SSH... Rule "ACCEPT loc fw tcp 22 - - - -" added. ..End Macro ..Expanding Macro /usr/share/shorewall/macro.Ping... Rule "ACCEPT loc fw icmp 8 - - - -" added. ..End Macro ..Expanding Macro /usr/share/shorewall/macro.Ping... Rule "REJECT net fw icmp 8 - - - -" added. ..End Macro Rule "ACCEPT fw loc icmp " added. Rule "ACCEPT fw net icmp " added. Processing Actions... Generating Transitive Closure of Used-action List... Processing /usr/share/shorewall/action.Drop for Chain Drop... ..Expanding Macro /usr/share/shorewall/macro.Auth... Rule "REJECT - - tcp 113 - -" added. ..End Macro Rule "dropBcast " added. ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs... Rule "ACCEPT - - icmp fragmentation-needed - -" added. Rule "ACCEPT - - icmp time-exceeded - -" added. ..End Macro Rule "dropInvalid " added. ..Expanding Macro /usr/share/shorewall/macro.SMB... Rule "DROP - - udp 135,445 - -" added. Rule "DROP - - udp 137:139 - -" added. Rule "DROP - - udp 1024: 137 -" added. Rule "DROP - - tcp 135,139,445 - -" added. ..End Macro ..Expanding Macro /usr/share/shorewall/macro.DropUPnP... Rule "DROP - - udp 1900 - -" added. ..End Macro Rule "dropNotSyn - - tcp " added. ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep... Rule "DROP - - udp - 53 -" added. ..End Macro Processing /usr/share/shorewall/action.Reject for Chain Reject... ..Expanding Macro /usr/share/shorewall/macro.Auth... Rule "REJECT - - tcp 113 - -" added. ..End Macro Rule "dropBcast " added. ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs... Rule "ACCEPT - - icmp fragmentation-needed - -" added. Rule "ACCEPT - - icmp time-exceeded - -" added. ..End Macro Rule "dropInvalid " added. ..Expanding Macro /usr/share/shorewall/macro.SMB... Rule "REJECT - - udp 135,445 - -" added. Rule "REJECT - - udp 137:139 - -" added. Rule "REJECT - - udp 1024: 137 -" added. Rule "REJECT - - tcp 135,139,445 - -" added. ..End Macro ..Expanding Macro /usr/share/shorewall/macro.DropUPnP... Rule "DROP - - udp 1900 - -" added. ..End Macro Rule "dropNotSyn - - tcp " added. ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep... Rule "DROP - - udp - 53 -" added. ..End Macro Processing /etc/shorewall/policy... Policy ACCEPT for fw to net using chain fw2net Policy ACCEPT for fw to loc using chain fw2loc Policy DROP for net to fw using chain net2fw Policy DROP for net to loc using chain net2loc Policy ACCEPT for loc to fw using chain loc2fw Policy ACCEPT for loc to net using chain loc2net Masqueraded Networks and Hosts: ERROR: Unable to determine the routes through interface "eth1" Disabling IPV6... IP Forwarding Enabled Terminated Loading /usr/share/shorewall/functions... Processing /etc/shorewall/shorewall.conf... Loading Modules... Clearing Shorewall...Disabling IPV6... IP Forwarding Enabled done. If I try to access webmin after doing that i can't i have to stop the firewall Not sure what i am looking for. Or what to do next. Thanks for the help
Have you stopped all other firewalls before starting this one? If so, what's the output of Code: iptables -L now? For webmin, you must open port 10000 in the firewall.
I don't have any other firewalls on my system that i know of unless there is a default that comes with ubuntu server. The output of iptables -L is Code: Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere The other thing i don't understand is what's the difference between /etc/shorewall/policy and the firewall section in webmin? Thanks for the help
Can you switch off Shorewall and reboot the system? What's the output of Code: iptables -L then? I'm not sure, but I think that webmin lets you configure Shorewall.
ok here is what it looks like with it off Code: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
right i am only using the shorewall firewall. the question is how do i configure it so that it works properly? it looks to me like the shorewall/policy and what you do in webmin are two separated things. do you need both? is the /policy where you tell it witch interfaces to use the firewall on and then webmin is where you set up the firewall its self allowing certain ports to certain destinations etc..? Any ideas?
No, just use one, but not both at the same time. Otherwise both methods could interfere with each other.