mes fichiers de configuration avec eth0 mon reseau local qui prend les ip en 192.168.0.x et eth1 le modem 192.168.1.1 qui n'est autre qu'une freebox
interfaces :
##############################################################################
#ZONE INTERFACE BROADCAST OPTIONS
net eth1 detect routefilter,dhcp,tcpflags
loc eth0 detect tcpflags
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
policy:
###############################################################################
#CLIENT SERVER POLICY LOG LEVEL
fw net ACCEPT
loc net ACCEPT
net all DROP
#web all ACCEPT info
all all REJECT
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
rules:
##############################################################################
#RESULT CLIENT(S) SERVER(S) PROTO PORT(S) CLIENT PORT(S) ADDRESS
#
#
# To avoid connection delays, reject AUTH if the user hasn't ACCEPTED it above
#
REJECT net fw tcp 113
#
# Accept DNS connections from the firewall to the network
#
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
#
# Accept SSH connections from the local network for administration
#
ACCEPT loc fw tcp 22
# Accept SSH connections from internet to local network for administration
ACCEPT net fw tcp 22
ACCEPT net fw tcp 25
# accept SSH from firewall to local network for administration
ACCEPT fw loc tcp 22
# DNS server for internal marchines (dnsmasq)
ACCEPT loc fw tcp 53
ACCEPT loc fw udp 53
#ACCEPT web fw tcp 53
#ACCEPT web fw udp 53
# DHCPD server for internal machines (dhcpd)
# See 'interface'
#
# Make ping work
#
ACCEPT fw loc icmp 8
ACCEPT loc fw icmp 8
ACCEPT fw net icmp 8
#ACCEPT fw web icmp 8
#ACCEPT web fw icmp 8
#ACCEPT fw loc tcp 5900
#ACCEPT fw loc tcp 5901
#DNAT net loc:192.168.0.12 tcp 17169
#DNAT net loc:192.168.0.12 udp 26092
#DNAT fw loc:192.168.0.10 tcp 5901
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
zones:
#ZONE DISPLAY COMMENTS
net Net Internet
loc Local Local networks
#web WebFtp Machine pas secure
#dmz DMZ Demilitarized zone
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
masq
##############################################################################
#INTERFACE SUBNET ADDRESS
eth1 eth0
#ppp0 eth1
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
##############################################################################
# /etc/shorewall/shorewall.conf V1.2 - Change the following variables to
# match your setup
#
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
#
# This file should be placed in /etc/shorewall
#
# (c) 1999,2000,2001,2002 - Tom Eastep (teastep@shorewall.net)
##############################################################################
#
# Name of the firewall zone -- if not set or if set to an empty string, "fw"
# is assumed.
#
FW=fw
# Set this to the name of the lock file expected by your init scripts. For
# RedHat, this should be /var/lock/subsys/shorewall. On Debian, it
# should be /var/state/shorewall. If your init scripts don't use lock files,
# set -this to "".
#
SUBSYSLOCK=""
# This is the directory where the firewall maintains state information while
# it is running
#
STATEDIR=/var/lib/shorewall
#
# Set this to "yes" or "Yes" if you want to accept all connection requests
# that are related to already established connections. For example, you want
# to accept FTP data connections. If you say "no" here, then to accept
# these connections between particular zones or hosts, you must include
# explicit "related" rules in /etc/shorewall/rules.
#
ALLOWRELATED="yes"
#
# If your netfilter kernel modules are in a directory other than
# /lib/modules/`uname -r`/kernel/net/ipv4/netfilter then specify that
# directory in this variable. Example: MODULESDIR=/etc/modules.
MODULESDIR=""
#
# The next two variables can be used to control the amount of log output
# generated. LOGRATE is expressed as a number followed by an optional
# `/second', `/minute', `/hour', or `/day' suffix and specifies the maximum
# rate at which a particular message will occur. LOGBURST determines the
# maximum initial burst size that will be logged. If set empty, the default
# value of 5 will be used.
#
# If BOTH variables are set empty then logging will not be rate-limited.
#
LOGRATE=""
LOGBURST=""
#
# This variable determines the level at which Mangled/Invalid packets are logged
# under the 'dropunclean' interface option. If you set this variable to an
# empty value (e.g., LOGUNCLEAN= ), Mangled/Invalid packets will be dropped
# silently.
#
LOGUNCLEAN=info
# This variable tells the /sbin/shorewall program where to look for Shorewall
# log messages. If not set or set to an empty string (e.g., LOGFILE="") then
# /var/log/messages is assumed.
#
# WARNING: The LOGFILE variable simply tells the 'shorewall' program where to
# look for Shorewall messages.It does NOT control the destination for
# these messages. For information about how to do that, see
#
# [www.shorewall.net]
LOGFILE="/var/log/messages.shorewall"
#
# Enable nat support.
#
# You probally want yes here. Only gateways not doing NAT in any form, like
# SNAT,DNAT masquerading, port forwading etc. should say "no" here.
#
NAT_ENABLED="Yes"
#
# Enable mangle support.
#
# If you say "no" here, Shorewall will ignore the /etc/shorewall/tos file
# and will not initialize the mangle table when starting or stopping
# your firewall. You must enable mangling if you want Traffic Shaping
# (see TC_ENABLED below).
#
MANGLE_ENABLED="Yes"
#
# Enable IP Forwarding
#
# If you say "On" or "on" here, IPV4 Packet Forwarding is enabled. If you
# say "Off" or "off", packet forwarding will be disabled. You would only want
# to disable packet forwarding if you are installing Shorewall on a
# standalone system or if you want all traffic through the Shorewall system
# to be handled by proxies.
#
# If you set this variable to "Keep" or "keep", Shorewall will neither
# enable nor disable packet forwarding.
#
IP_FORWARDING="On"
#
# Automatically add IP Aliases
#
# If you say "Yes" or "yes" here, Shorewall will automatically add IP aliases
# for each NAT external address that you give in /etc/shorewall/nat. If you say
# "No" or "no", you must add these aliases youself.
#
ADD_IP_ALIASES="Yes"
#
# Automatically add SNAT Aliases
#
# If you say "Yes" or "yes" here, Shorewall will automatically add IP aliases
# for each SNAT external address that you give in /etc/shorewall/masq. If you say
# "No" or "no", you must add these aliases youself.
#
ADD_SNAT_ALIASES="No"
#
# Enable Traffic Shaping
#
# If you say "Yes" or "yes" here, Traffic Shaping is enabled in the firewall. If
# you say "No" or "no" then traffic shaping is not enabled. If you enable traffic
# shaping you must have iproute[2] installed (the "ip" and "tc" utilities) and
# you must enable packet mangling above.
#
TC_ENABLED="No"
#
# Blacklisting
#
# Set this variable to the action that you want to perform on packets from
# Blacklisted systems. Must be DROP or REJECT. If not set or set to empty,
# DROP is assumed.
#
BLACKLIST_DISPOSITION=DROP
#
# Blacklist Logging
#
# Set this variable to the syslogd level that you want blacklist packets logged
# (beward of DOS attacks resulting from such logging). If not set, no logging
# of blacklist packets occurs.
#
BLACKLIST_LOGLEVEL=
#
# MSS Clamping
#
# Set this variable to "Yes" or "yes" if you want the TCP "Clamp MSS to PMTU"
# option. This option is most commonly required when your internet
# interface is some variant of PPP (PPTP or PPPoE). Your kernel must
#
# If left blank, or set to "No" or "no", the option is not enabled.
#
CLAMPMSS="Yes"
#
# Route Filtering
#
# Set this variable to "Yes" or "yes" if you want kernel route filtering on all
# interfaces.
#
ROUTE_FILTER="No"
#LAST LINE -- DO NOT REMOVE
et j'ai fixé les adresse dans /etc/network/interfaces
a toi de voir si tu veux que ton modem fournissent par dhcp ou pas l'addrese a eth1
Uptime serveur Samba :