Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: prasann4u on November 25, 2005, 03:58:10 PM

Title: is there any firewall gui module for sme??
Post by: prasann4u on November 25, 2005, 03:58:10 PM

hi,
does anyone know about firewall frontend module for sme v6.0??

Title: is there any firewall gui module for sme??
Post by: vincentmeek on November 25, 2005, 11:13:04 PM

Check out An easy firewall management system http://forums.contribs.org/index.php?topic=27217.msg120722#msg120722

Might want to try Firewall Admin
http://firewalladmin.sourceforge.net/index.php?newlang=en

Designed for iptables which sme 6x uses.

easily installs in Ibay

But beware rules can get a little confusing.  Make sure you understand how they work or you could block the wrong things and not be able to completely recover your original settings.

Title: Re: is there any firewall gui module for sme??
Post by: CharlieBrady on November 26, 2005, 03:41:19 AM

Quote from: "prasann4u"

hi,
does anyone know about firewall frontend module for sme v6.0??

This is a frequently asked question and frequently given answer.

The server manager is the GUI front end for the firewall. The firewall is modified automatically in response to changes you make in the configuration, such as enabling/disabling services, marking them public/private, forwarding ports, etc.

If you wish to make changes beyond those provided for by the server manager, you can do so by providing custom templates.

Title: really its amaizing
Post by: prasann4u on November 26, 2005, 01:10:34 PM

dear, vincentmeek
thanks a lot to give amaizing idea,
currently downloading firewall admin,but there is not enough documentation about installation process.
if it is possible and u have any idea pls give me steps to install it.
thanks again

Title: really its amaizing
Post by: prasann4u on November 26, 2005, 01:19:18 PM

dear, vincentmeek
thanks a lot to give amaizing idea,
currently downloading firewall admin,but there is not enough documentation about installation process.
if it is possible and u have any idea pls give me steps to install it.
thanks again

Title: is there any firewall gui module for sme??
Post by: vincentmeek on December 04, 2005, 03:00:32 AM

Some programs are necessary to Firewal Admin:

Apache with PHP 4 support
Command line programs like iptables, iptables-save e iptables-restore
sudo program to run iptables from apache as root
1. Finding iptables binaries

Run all commands below to determite absolute path:

updatedb

locate iptables*
  /sbin/iptables
  /sbin/iptables-save
  /sbin/iptables-restore

now make a backup copy of originals "JUST IN CASE"

cd /sbin
cp iptables iptables-org
cp iptables-save iptables-save-org
cp iptables-restore iptables-restore-org


Sudo configuration

First you'll need to discover what user runs apache, example:

[root@ftp root]# ps aux | egrep "(httpd|apache)"
root      2016  0.0  0.4  5884 2416 ?        S    21:06   0:00 /usr/sbin/httpd-a
admin     2825  0.0  0.4  5884 2424 ?        S    21:17   0:00 /usr/sbin/httpd-a
root      2938  0.0  1.3 80760 6824 ?        S    21:17   0:00 httpd
www       2941  0.0  1.3 80772 6908 ?        S    21:17   0:00 httpd
www       2942  0.0  1.3 80880 7032 ?        S    21:17   0:00 httpd
www       2943  0.0  1.3 80872 7056 ?        S    21:17   0:00 httpd
www       2944  0.0  1.3 80872 7052 ?        S    21:17   0:00 httpd
www       2945  0.0  1.3 80880 7088 ?        S    21:17   0:00 httpd
www       2946  0.0  1.3 80760 6828 ?        S    21:17   0:00 httpd
www       2947  0.0  1.3 80760 6828 ?        S    21:17   0:00 httpd
www       2948  0.0  1.3 80760 6828 ?        S    21:17   0:00 httpd
www       2949  0.0  1.3 80760 6828 ?        S    21:17   0:00 httpd
www       2950  0.0  1.3 80760 6828 ?        S    21:17   0:00 httpd

Apache is executed in sme6.x systems by www

mkdir /etc/e-smith/templates-custom/etc/ "it may already exist"
mkdir /etc/e-smith/templates-custom/etc/sudoers/

cp /etc/e-smith/templates/etc/sudoers/* /etc/e-smith/templates-custom/etc/sudoers/

edit /etc/e-smith/templates-custom/etc/sudoers/10root

add the following below any current entries:

www        ALL=NOPASSWD:   /sbin/iptables
www        ALL=NOPASSWD:   /sbin/iptables-save
www        ALL=NOPASSWD:   /sbin/iptables-restore

save and exit

expand template:
----------------
/sbin/e-smith/expand-template /etc/sudoers
/sbin/e-smith/signal-event console-save
/sbin/e-smith/signal-event reboot


wget -N http://internap.dl.sourceforge.net/sourceforge/firewalladmin/firewalladmin-0.4.tar.gz
wget -N http://firewalladmin.sourceforge.net/lang/firewalladmin-site-lang.tar.gz

Installing Firewall Admin

Unpack Firewal Admin tarballs

Create an ibay called fwadmin with php support

   Information bay name: fwadmin
   Description: Firewall Admin for iptables
   Group: Admin
   User access via file sharing or user ftp: Write = admin, Read = Group
   Public access via web or anonymous ftp: No access
   Execution of dynamic content (CGI, PHP, SSI): enabled

tar -xzf firewalladmin-0.4.tar.gz

mv firewalladmin-0.4/* /home/e-smith/files/ibays/fwadmin/html

tar -xzf firewalladmin-site-lang.tar.gz

mv lang-en.php /home/e-smith/files/ibays/fwadmin/html

Change write permissions of config.php to all (chmod a+w config.php)
delete or rename index.html

Setting up Firewall Admin

Put your browser to url where Firewall Admin was installed https://yourserver/fwadmin and choose Config to finish configuration process.

USE AT YOR OWN RISK !!!!

Have not tried this on SME 7

Title: is there any firewall gui module for sme??
Post by: Franco on December 22, 2005, 06:04:02 PM

Vincent,
How do you deal with the templating system, so it keeps your rules saved after masq restarts?

Thanks,