FC3 RC5 - Networked LPD server printing still not working.

Rodolfo J. Paiz rpaiz at simpaticus.com
Wed Nov 3 06:18:54 UTC 2004 

On Tue, 2004-11-02 at 23:53 -0500, Phil Schaffner wrote:
> Well, checked out shorewall and it does indeed seem powerful and
> thoroughly documented, but is overkill for my little home network
> requirements, plus must admit to having gotten used to the Firestarter
> cute GUI - a tough admission from an old command-line guy.

You are more than welcome to keep Firestarter. No one tool is suitable
for all tasks. However, should you desire to attempt Shorewall, let me
offer (from memory, so not 100% guaranteed!) a quick-quick-start:

	1. Create a "net" and a "loc" zone in zones file. Probably already
there, not much to do. If not there, format is "net Net Internet" and
"loc Local Local Zone".

	2. Write "eth0 net" and "eth1 loc" lines in interfaces file. Check that
eth0 is actually your outside interface, adjust to needs. For reference,
since my Internet access (external) interface gets its address via DHCP,
mine actually say:

	net	eth0	detect	blacklist,dhcp
	loc	eth1	detect

	3. Check that "loc net ACCEPT" in in policy file if you want your local
network unrestricted access to the Net (most common).

	4. Add rules like "AllowSSH net fw" into the rules file.

	5. Add "eth1" (your local interface) to the routestopped file.

	6. If you want the local network on eth1 to access the Internet via
eth0 using masquerading, add "eth0 eth1" to the masq file.

	7. Remove the startup_disabled file.

	8. /sbin/chkconfig shorewall on

	9. /sbin/service shorewall start

That, and a little judicious reading of the docs inside each file,
should have you up and running in less than 100 seconds if I haven't
made any grievous mistakes. But even if I have, it's a good start to
show what needs to be done to get the average home firewall up and
running with Shorewall.

Cheers,

-- 
Rodolfo J. Paiz <rpaiz at simpaticus.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-test-list/attachments/20041103/771b5044/attachment.sig>

More information about the fedora-test-list mailing list