BrazilFW 3.0 - Tutorial

BrazilFW 3.0 - Tutorial

Mensagempor Lelouch » Qua Set 02, 2009 5:51 pm

***** BrazilFW 3.0 - Tutorial *****


      BrazilFW Firewall and Router
    • A powerful network security tool, easy, safe and totally free.


    Imagem



    Develper of BrazilFW version 3.0: Washington Rodrigues - (Woshman)
    Tutorial by: Reginaldo Melo - (Reginaldo)
    Translated by: (TeAm?)


    :arrow: Document available in the following languages: (Click on a flag)

    Imagem *** Imagem *** Imagem
    ******************************************************************************************************************************************
    ATTENTION!!!
      This version (3.0) is currently in developed state.
      Don't have a GUI (graphical user interface)
      You must set it up manually.
Avatar do usuário
Lelouch
BFW Beneméritos
 
Mensagens: 1324
Registrado em: Dom Out 05, 2008 7:39 pm
Localização: #!/bin/sh
BrazilFW Box: BrazilFW: RAM 3GB, ATHLON X2 5600+, HDD 160GB+120GB, LB: 2Mb+8Mb.
BFW3 BuildTree on GNU/Linux Archlinux 64 bits.


BrazilFW 3.0 - Tutorial - Introduction

Mensagempor Lelouch » Sex Set 04, 2009 2:14 pm

:arrow: Introduction.

    Colleagues, this tutorial is the collection of of tests version topics of BrazilFW 3.0, but this incluye new information, ie. How to install the secure certificate of BrazilFW.
    All information needed to elaborate this manual is the authorship of WoshMan.

    The ideal would be publish in this tutorial the latest information about use of BrazilFW 3.0.

    The BFW version 3.0 is actually developed by, Woshman = Washington Filho with help of Peart = Felipe.
to test in the first versions.


:arrow: Click here to return to the index.

Avatar do usuário
Lelouch
BFW Beneméritos
 
Mensagens: 1324
Registrado em: Dom Out 05, 2008 7:39 pm
Localização: #!/bin/sh
BrazilFW Box: BrazilFW: RAM 3GB, ATHLON X2 5600+, HDD 160GB+120GB, LB: 2Mb+8Mb.
BFW3 BuildTree on GNU/Linux Archlinux 64 bits.

BrazilFW 3.0 - Tutorial - Origin

Mensagempor Lelouch » Sex Set 04, 2009 2:15 pm

:arrow: BrazilFW 3.0 Origin

Chapter under construction!!!!

:arrow: BrazilFW 3.0 Origin.



:arrow: Click here to return to the index.

Avatar do usuário
Lelouch
BFW Beneméritos
 
Mensagens: 1324
Registrado em: Dom Out 05, 2008 7:39 pm
Localização: #!/bin/sh
BrazilFW Box: BrazilFW: RAM 3GB, ATHLON X2 5600+, HDD 160GB+120GB, LB: 2Mb+8Mb.
BFW3 BuildTree on GNU/Linux Archlinux 64 bits.

BrazilFW 3.0 - Tutorial - Technical specifications.

Mensagempor Lelouch » Sex Set 04, 2009 2:16 pm

:arrow: BrazilFW 3.0 Technical specifications.
  • Kernel: 2.6.25.4
  • Beep: 1.2.2
  • Bind: 9.6.1rc1
  • Bridge-utils: 1.4
  • Busybox-1.13.4
  • Dialog: 1.1.20080316
  • Dhcpd-4.1.1b1
  • Dosfstools: 2.11
  • Dropbear: 0.50
  • E2fsprogs 1.41.1
  • E3 (edit) 2.7.1 Include backup file with "~"
  • Ebtables: 2.0.8-2
  • Hdparm: 8.9 (include S.A.T.A. Support)
  • Iproute2: 2.6.25
  • Iptables: 1.4.0
  • Iputils: 20071127
  • Ipwatchd: 1.1 (stop ip crash when other person clone the brazilfw ip)
  • lshw B.02.13
  • l7filter
  • Init-tools: 3.3
  • Madwifi: 0.9.4 (Drivers for atheros)
  • Mtools: 3.9.11 (syslinux Support)
  • Ndiswrapper: 1.52 (Drivers Windows XP)
  • Pppd 2.4.4
  • Rp-pppoe: 3.8
  • Stunnel: 4.23 (SSL Support)
  • Syslinux 3.71
  • Thttpd: 2.25b (http server)
  • Util-linux-ng 2.14.1
  • Wireless_tools: 0.29
  • Wpa_supplicant: 0.5.10 (wpa wireless)

Libs:
  • ld-2.7.so*
  • ld-linux.so.2@
  • libc-2.7.so*
  • libcom_err.so.2@
  • libcom_err.so.2.1*
  • libcrypt-2.7.so*
  • libcrypt.so.1@
  • libc.so.6@
  • libdl-2.7.so*
  • libdl.so.2@
  • libe2p.so.2@
  • libe2p.so.2.3*
  • libgcc_s.so@
  • libgcc_s.so.1*
  • libm-2.7.so*
  • libm.so.6@
  • libncursesw.so.5@
  • libncursesw.so.5.6*
  • libnsl-2.7.so*
  • libnsl.so.1@
  • libnss_compat-2.7.so*
  • libnss_compat.so.2@
  • libnss_dns-2.7.so*
  • libnss_dns.so.2@
  • libnss_files-2.7.so*
  • libnss_files.so.2@
  • libnss_hesiod-2.7.so*
  • libnss_hesiod.so.2@
  • libnss_nis-2.7.so*
  • libnss_nisplus-2.7.so*
  • libnss_nisplus.so.2@
  • libnss_nis.so.2@


Avaliable Services:
  • Conection Modes
    • STATIC (Fixed IP)
    • DHCP,
    • Dinamic (PPPoE)
    • edge
  • Secure access to WebAdmin using SSL protocol.
  • BIND Server (DNS Server)
  • Squid-3.0.STABLE15
  • QOS
  • Subnetting
  • Load Balance integrated.
    • With any type of connection (STATIC, PPPOE, DHCP and edge)
  • DHCP Server to work for nets and subnets
  • GSM
  • New Automatic Conntrack Calculation:
    • With the new calculation, is possible aprox. 1.652 connectios for each MB of RAM Memory installed.
  • Ipupdate 2.0 for each link.
  • Support wireless for client mode
  • Email with ssl support (gmail)
  • Port Forwarding
  • Smart Route
  • Control IP/MAC
  • DansGuardian - Ideal to use in corporative networks
  • Sarg to be use in corporative networks
  • WebAlizer for providers use


  • Development new "framework" for webadmin
  • Native suporte with ssl
  • Startup work with iface
  • Ilimited interfaces
  • Ilimited pppoe
  • Ilimited dhcp-client
  • Automated detect hardware
  • No more sleep time in the boot

:arrow: Click here to return to the index.

Avatar do usuário
Lelouch
BFW Beneméritos
 
Mensagens: 1324
Registrado em: Dom Out 05, 2008 7:39 pm
Localização: #!/bin/sh
BrazilFW Box: BrazilFW: RAM 3GB, ATHLON X2 5600+, HDD 160GB+120GB, LB: 2Mb+8Mb.
BFW3 BuildTree on GNU/Linux Archlinux 64 bits.

BrazilFW 3.0 - Tutorial - Evolution

Mensagempor Lelouch » Sex Set 04, 2009 2:17 pm

Avatar do usuário
Lelouch
BFW Beneméritos
 
Mensagens: 1324
Registrado em: Dom Out 05, 2008 7:39 pm
Localização: #!/bin/sh
BrazilFW Box: BrazilFW: RAM 3GB, ATHLON X2 5600+, HDD 160GB+120GB, LB: 2Mb+8Mb.
BFW3 BuildTree on GNU/Linux Archlinux 64 bits.

BrazilFW 3.0 - Tutorial - Requirements to run version 3.0

Mensagempor kmus2003 » Ter Set 08, 2009 6:52 pm

:arrow: Requirements to run version 3.0


:arrow: Computer Required:
  • To run BFW 3.0 is recommended at least a Pentium 233 MHz with 128 MB of RAM, 600 MB HD, but we recommend at least a "Pentium III 500 MHZ" with 256 MB of RAM.
    • Attention Motherboards with integrated video. If you install a server with 128 MB of RAM and integrated video board is the RAM that is available to the system likely will be below the 128 MB.

:arrow: Virtualization:
    BrazilFW 3.0 version is compatible with applications FOLLOWING Virtualization:
    • VMWARE
    • VIRTUAL BOX
    • VIRTUAL PC

:arrow: Other Items :
  • Network Badges
  • Hubs or switches or hub-switches
  • cabling
  • APs, Antennas, etc...
    • Verifie Verified that the above items are in good condition for use, also check if installed properly.
    • Avoid using low quality cables or cables that are reused in doubtful condition.
    • Avoid using Rede plates of poor quality, such as a SIS900.
    • Puede It may not look, but these recommendations help us to have a fast and reliable network.


:arrow: Click here to return to the index.

kmus2003
 

BrazilFW 3.0 - Tutorial - Download

Mensagempor kmus2003 » Ter Set 08, 2009 7:06 pm

:arrow: Download from the iso Version 3.0 and Install/Update from the Build-Tree 3.0




:arrow: Click here to return to the index.

kmus2003
 

BrazilFW 3.0 - Tutorial - Boot from CD

Mensagempor laureano » Ter Set 08, 2009 7:21 pm

:arrow: Boot from CD.

The CD BrazilFW 3.0 brings the following items:

  • Boot Menu with 2 kernels both with support for Multi-Processor:
    1. The first is for machines that have up to 4 GB of RAM.
    2. The second is for machines that have up to 64 GB of RAM.
      • If you have a single processor, the system itself will make the necessary adjustments.
    3. Memory Test.
      • This option has the possibility to test the RAM for Server.

    Boot from CD:
    Boot Menu screen shortly after boot.
    • The Timer is 15 seconds. Please select an option, the installer automatically to enter the first option.
    Imagem


    After you choose the first or second option will add the following screen:
Imagem



:arrow: Click here to return to the index.


laureano
 

BrazilFW 3.0 - Tutorial - Installation

Mensagempor laureano » Ter Set 08, 2009 7:30 pm

:arrow: Installing BFW on a large capacity HD:

  • The installer creates the first partition and places with 100 MB of HD space remaining in the second Partition.

:arrow: To install follow these steps:

:arrow: Enter as :# root ==> Enter
Imagem

:arrow: Enter the default password: # root ==> Enter
Imagem

:arrow: ¿Entre com?: # Install ==> Enter
Imagem

:arrow: Now follow these steps
Imagem

Imagem

Imagem

Imagem

Imagem

Imagem

Imagem

Imagem


  • After finishing, click OK and the server will be restarted. Let the computer boot from the HD.
    • Be sure to remove the CD, as even giving boot from the HD, if the CD is
      still in the CD this can genear problem


:arrow: Click here to return to the index.


laureano
 

BrazilFW 3.0 - Tutorial - Update

Mensagempor ipnet » Ter Set 08, 2009 7:51 pm

:arrow: BrazilFW 3.0 Update after Install:

  • After being installed, when a new version is released, you just have to download the new .iso image, copy the files brazilfw.gz & version.inf in the /mnt folder and reboot the server. Upon completing this procedure, your server should be updated.

      OR
  • Update
    • Starting with version 3.0.197 ==> update ==> For webadmin


:arrow: Click here to return to the index.


ipnet
 

BrazilFW 3.0 - Tutorial - Changing the default password

Mensagempor ipnet » Ter Set 08, 2009 8:06 pm

:arrow: Changing the default password in BFW 3.0

The default password in BFW 3.0 is: root
Código: Selecionar todos
root

Change the password after install with the following command:
Código: Selecionar todos
passwd

Perform Backup:
Código: Selecionar todos
backup


:arrow:Screenshots:

Imagem

Imagem

Imagem



:arrow: Click here to return to the index.


ipnet
 

BrazilFW 3.0 - Tutorial - Web Administration Tool

Mensagempor ipnet » Qui Set 10, 2009 10:48 pm

:arrow: Web Administration Tool of BFW´s 3.0.

Webadmin Screenshots:

Imagem

Imagem

Imagem


:arrow: Click here to return to the index.


ipnet
 

BrazilFW 3.0 - Tutorial - Installing the Digital Certificate

Mensagempor ipnet » Qui Set 10, 2009 10:51 pm

:arrow: Installing the Digital Certificate.

Now, the access to the WebAdmin in BrazilFW 3.0 will be performed through an SSL certificate secure connection.

To get access to the WebAdmin interface you only need to type https://ns.brazilfw.local:8181in your browser.
Since the certificate hasn't yet been installed in your browser, you will see a red alert message when trying to access to the WebAdmin. For this message not to be shown again, we must install the SSL Certificate.
The certificate validity time is 10 years.

The following directions show the steps necessary to install the certificate.

==> 1 – This procedure is valid for Internet Explorer 6.0, 7.0 and 8.0 :In the address bar type: https://ns.brazilfw.local:8181/getcert.cgi
From now on, follow the next screenshots to install the certificate:

User Name (login) and password: Input the data created for BrazilFW
Imagem

Click "Open"
Imagem

Click "Install Certificate"
Imagem

Click "Next"
Imagem

Place all the certificates in the following store ==> Browse
Imagem

Trusted root publishing entities ==> OK (Ojo hay que ver como figura esta opción en el IE en inglés)
Imagem

Click "Next"
Imagem

Click "Finish"
Imagem

Imagem

Imagem

This procedure will install the certificate brazilfw cert 3. Once done, when you get into BFS's WebAdmin, the red warning message will no longer be displayed.

If you click over the lock icon, you will be able to see the certificate. Doing this, you will be able to know if the certificate has been assigned and that it is valid for this site.


Imagem

Imagem

:arrow: ==> 2 – Procedure valid for Mozila FireFox:

In FireFox, first, you have to download and save the certificate.

In the address bar, type the following: https://ns.brazilfw.local:8181/getcert.cgi

From now on, follow the next screenshots:

Click on "Or you can add an exception" (Ojo! hay que ver como figura esta opción en el Mozilla en Inglés)
Imagem

Click on "Add an Exception"
Imagem

Verify certificate ==> confirm the security exception
Imagem

Input User and Password
Imagem

Click on "Save File"
Imagem

Choose a folder to save the certificate
Imagem

==> After downloading and saving the certificate, follow the next steps:

Tools ==> Options
Imagem

“Advanced” ==> Criptography ==> Certificates
Imagem

Authorities ==> Import
Imagem

Locate the certificate in the folder where you saved it, select it and click Open
Imagem

Select the next options
==>Consider trusted this CA to identify Sites
==> ...................... To identify the users
==> ............. To identify programs authors
==> ............................................ OK
==> .............................................OK

Imagem

Remarks:

1 – If you login with the IP instead the dns name, a red warning message will be displayed again, since the certificate was installed only for that given name.
2 – If you rename your bfw (ns.brazilfw.local), you just have to delete the certificate and reboot the service WebAdmin, then a new certificate will be generated for the new domain. to do this, proceed as follows:


Commands to renew the certificate after the domain renewal:
Login via PuTTy
Código: Selecionar todos
/etc/init.d/webadmin stop
cd /etc/brazilfw/cert
rm -fr brazilfw_ssl.*
/etc/init.d/webadmin start
backup


Renew the Bind
Código: Selecionar todos
/etc/init.d/named reload


With the procedures listed above, the new domain now inputs for the whole network with a new certificate.

:arrow: If you changed the default domain in the BrazilFW, type the following address in your favorite browser's address bar:

https://ns.brazilfw.local:8181


:arrow: Click here to return to the index.


ipnet
 

BrazilFW 3.0 - Tutorial - Master File of BFW 3.0

Mensagempor reginaldo » Sáb Set 12, 2009 8:45 pm

:arrow: Knowing brazilfw.cfg file - Master File of BFW 3.0.


Chapter under construction!!!!


:arrow: Click here to return to the index.
Contribua para que o Projeto BFW permaneça no ar, Doe Click aqui
Contribua com o reginaldo, Doe, favor enviar e-mail para reginaldo@brazilfw.com.br
-----------------------------------------------------------------------------------------------------
"Disciplina é liberdade. Compaixão é fortaleza. Ter bondade é ter coragem" (Há Tempos [Dado Villa-Lobos/Renato Russo/Marcelo Bonfá])
Avatar do usuário
reginaldo
BFW Mediator
BFW Documenter
BFW Manager
BFW 3.x Update
 
Mensagens: 12682
Registrado em: Sáb Ago 27, 2005 12:10 pm
Localização: Rio de Janeiro - RJ
BrazilFW Box: Máquina Física
CPU: Intel Core i3 Model 530
Memória: 8.00 GiB / 2 Links
BFW 3.0.262 64 bits
Serviços Ativos: Control MAC, QOS
Addons: EBackup, EPM e Squid 3.5.x

BrazilFW 3.0 - Tutorial - BFW 3.0 Default ports.

Mensagempor ghost » Sáb Set 12, 2009 8:53 pm

:arrow: BFW 3.0 Default ports.


  • BFW 3.0 Default ports

    • 22.....................SSH access
    • 53.....................DNS access
    • 3128..................Squid access
    • 8080..................Dansguardian access
    • 8181..................Webadmin access


:arrow: Click here to return to the index.

Avatar do usuário
ghost
BFW Beneméritos
 
Mensagens: 1351
Registrado em: Qui Abr 24, 2008 8:54 pm
Localização: Tierras Asperas de Zona Sur, Buenos Aires, Argentina
BrazilFW Box: No en uso actualmente

BrazilFW 3.0 - Tutorial - Port Blocking

Mensagempor ghost » Dom Set 13, 2009 4:09 pm

:arrow: Port Blocking

Content of file: "/etc/brazilfw/ports/blocked.cfg"
Código: Selecionar todos
yes 22 tcp # External SSH access
yes 53 all # External DNS access
yes 3128 tcp # External Squid access
yes 8080 tcp # External Dansguardian access
yes 8181 tcp # External Webadmin access


  • by default the following services are blocked from access from outside:
    • SSH
    • DNS
    • Squid
    • Dansguardian
    • Webadmin
  • to enable a particular port only needs to be altered yes to no and reload the service.


Example:
    if you want to unlock access to the Webadmin do the following:
Código: Selecionar todos
edit /etc/brazilfw/ports/blocked.cfg

change "yes 8181 tcp" to "no 8181 tcp"

save and exit


make a backup
Código: Selecionar todos
# backup


To restart the service:
Código: Selecionar todos
# /etc/rc.d/rc.blocked



:arrow: Click here to return to the index.

Avatar do usuário
ghost
BFW Beneméritos
 
Mensagens: 1351
Registrado em: Qui Abr 24, 2008 8:54 pm
Localização: Tierras Asperas de Zona Sur, Buenos Aires, Argentina
BrazilFW Box: No en uso actualmente

BrazilFW 3.0 - Tutorial - Automatic conntrack

Mensagempor ghost » Dom Set 13, 2009 4:12 pm

:arrow: Automatic conntrack new calculation

  • Automatic conntrack calculation. = the system automatically adjusts the maximum number of connections to its network in line with the amount of RAM in the system:

    • before the rule was: 64 connections per mega.
      Example: If you have 256 MB of ram, you will have 256 x 64 = 16.384 connections.
      Source: :arrow: viewtopic.php?f=2&t=67340#p158468


    • Now, with the new calculation is:
      1.652 Mega approximately connections
      Example: If you have 256 MB of RAM, you will have 256 x 1.652 = 422.912 connections.

:arrow: Click here to return to the index.

Avatar do usuário
ghost
BFW Beneméritos
 
Mensagens: 1351
Registrado em: Qui Abr 24, 2008 8:54 pm
Localização: Tierras Asperas de Zona Sur, Buenos Aires, Argentina
BrazilFW Box: No en uso actualmente

BrazilFW 3.0 - Tutorial - Configuring the connection

Mensagempor ghost » Dom Set 13, 2009 4:16 pm

:arrow: Configuring the connection.

:arrow: Important observation:
    BRazilFW default targets eth0 for the local network and eth1 for internet.
    With that for all examples in this chapter and the next will follow the default setup of BrazilFW. Taking for example that if you have a second internet connection would eth2 etcetera.

:arrow: Local net = eth0:
    eth0 comes with 192.168.0.1/24. I'll set that you normally use. But beware of using a valid class (any doubt as to private networks see the tutorial "Endereço IP, Máscaras de Redes e Sub-Rede (IPV4).").

    default eth0 route => /etc/brazilfw/logical/local
    Código: Selecionar todos
    LINK_ALIAS="local"
    LINK_CONNECTION="local"
    LINK_TYPE="static"
    LINK_IP="192.168.0.1"
    LINK_NETMASK="255.255.255.0"

    To change the local network configuration change the file /etc/brazilfw/logical/local
    Código: Selecionar todos
    edit /etc/brazilfw/logical/local

    Modify it to the IP and subnet mask of your network, save and exit

To change the local network and Internet connection go into /etc/brazilfw/logical


:arrow: Internet Link = eth1:
  • Config files of internet link found in the directory /etc/brazilfw/logical/
  • Below we will see examples for the types of internet connection in BFW3.0
  • Remembering that here was placed the file name for the internet connection, but you can change the name.

    1. Static connection:
      Código: Selecionar todos
      LINK_ALIAS="internet"
      LINK_CONNECTION="internet"
      LINK_TYPE="static"
      LINK_IP="10.1.1.2"
      LINK_NETMASK="255.255.255.252"
      LINK_GATEWAY="10.1.1.1"
      # LINK_WEIGHT is the weight for LoadBalance
      LINK_WEIGHT="1"


      Código: Selecionar todos
      edit /etc/brazilfw/logical/internet

      # Must modify the ip, mask and gateway of the static link. Save and exit

    2. pppoe connection:
      Código: Selecionar todos
      LINK_ALIAS="internet"
      LINK_CONNECTION="internet"
      LINK_TYPE="pppoe"
      LINK_USERNAME="xxxxxxxxxx@xxxxxxx.com.br"   
      LINK_PASSWORD="xxxxxxxxxxx"
      # LINK_WEIGHT is the weight for LoadBalance
      LINK_WEIGHT="1"

      Código: Selecionar todos
      edit /etc/brazilfw/logical/internet
      LINK_USERNAME="Place your DSL user"
      LINK_PASSWORD="Place your DSL password"
      Save and exit.

    3. DHCP connection:
      Código: Selecionar todos
      LINK_ALIAS="internet"
      LINK_CONNECTION="internet"
      LINK_TYPE="dhcp"
      # LINK_WEIGHT is the weight for LoadBalance
      LINK_WEIGHT="1"


    :arrow: ppp connection (Connection via grps/edge/evdo/3g:
    • Operator Claro:
      Código: Selecionar todos
      edit /etc/brazilfw/logical/claro
      LINK_DEVICE="ttyUSB0" #if it is detected at another port, please modify it.
      LINK_CONNECTION="internet"
      LINK_TYPE="ppp"
      LINK_PHONE="*99***1#"
      LINK_PROVIDER="claro.com.br'
      LINK_USERNAME="claro"
      LINK_PASSWORD="claro"
      LINK_WEIGHT="1"


    • Operator Vivo:
      Código: Selecionar todos
      edit /etc/brazilfw/logical/vivo
      LINK_DEVICE="ttyUSB0" #if it is detected at another port, please modify it.
      LINK_CONNECTION="internet"
      LINK_TYPE="ppp"
      LINK_PHONE="#777" #vivozap
      LINK_PROVIDER=""
      LINK_USERNAME="<ddd><telefone>@vivozap.com.br" #ex 1991234567@vivozap.com.br
      LINK_PASSWORD="vivo"
      LINK_WEIGHT="1"

Make a Backup
Código: Selecionar todos
backup


To start or restart the service:
Código: Selecionar todos
/etc/rc.d/rc.inet


    Note: if not using BFW as a DHCP server on the client machine must be configured as the DNS IP BFW otherwise not work.

:arrow: Click here to return to the index.

Avatar do usuário
ghost
BFW Beneméritos
 
Mensagens: 1351
Registrado em: Qui Abr 24, 2008 8:54 pm
Localização: Tierras Asperas de Zona Sur, Buenos Aires, Argentina
BrazilFW Box: No en uso actualmente

Re: BrazilFW 3.0 - Configuring LoadBalance

Mensagempor ramiropampa » Qui Set 17, 2009 3:18 pm

:arrow: Configuring LoadBalance.

* LoadBalance using two ADSL links (2MB and 1MB). Using pppoe in both links.
o Valid for links provided by different Internet Service Providers. For links provided by the same Service Provider see the remarks below.

:arrow:Network Card:

# In /etc/brazifw/physical we have the internet file that makes reference to eth1. What we have to do is to create the files for every ethX that we add.

# Example: internet2 for eth2 and so on (Note: The name "internet2" can be different and you can change it for one that you consider more convenient)

So in /etc/brazifw/physical we would have the following files among others:

# internet for eth1 (This comes as a default file)
Código: Selecionar todos
edit /etc/brazilfw/physical/internet

INTERFACE_TYPE="cabled"
INTERFACE_PHYSICAL="eth1"


#internet2 for eth2 (You will have to create this one)
Código: Selecionar todos
edit /etc/brazilfw/physical/internet2

INTERFACE_TYPE="cabled"
INTERFACE_PHYSICAL="eth2"


#If you have more network cards, you must follow the same scheme.

:arrow: Now, we have to create the dialers in /etc/brazifw/logical

#Here, we already have the file that references to eth1
Código: Selecionar todos
edit /etc/brazilfw/logical/internet

LINK_ALIAS="internet"
LINK_CONNECTION="internet"
LINK_TYPE="pppoe"
LINK_USERNAME="xxxxxx@xxxxx"
LINK_PASSWORD="xxxxxxx"
LINK_WEIGHT="2"


#Now, we have to create the file, internet2 i.e., that will act as the second dialer for the interface eth2
Código: Selecionar todos
edit /etc/brazilfw/logical/internet2

LINK_ALIAS="internet2"
LINK_CONNECTION="internet"
LINK_TYPE="pppoe"
LINK_USERNAME="xxxxxx@xxxxx"
LINK_PASSWORD="xxxxxxx"
LINK_WEIGHT="1"


If you have more network cards, you must follow the same scheme.

Perform Backup
Código: Selecionar todos
backup


To init or re-init the service:
Código: Selecionar todos
/etc/rc.d/rc.inet


# Remarks: If the links used for LoadBalance were from the same operator, the modems must be routed. If we use the modems in "bridge mode" with links belonging to the same operator, we will experience problems.

A couple of remarks before going on:

1. Motive: Links from the same operator, with the modem in Bridge mode, the Gateway for the BrazilFW will be the same.
Got it?
2. Routed Modem: Before that we start hearing about pros and cons of a routed modem, let me say sorry to the cons fans, we must use trustable modems for the task. So, please do not try to prove "this or that" about the routed modem. The matter is almost like a religion, and religion is not questioned, either you follow it or you don't.
Got it?


:arrow: Network Card

# In /etc/brazifw/physical we have the internet file that makes reference to eth1. What we have to do is to create the files for every ethX that we add.

# Example: internet2 for eth2 and so on (Note: The name "internet2" can be different and you can change it for one that you consider more convenient)

So in /etc/brazifw/physical we would have the following files among others:

# internet for eth1 (This comes as a default file)
Código: Selecionar todos
edit /etc/brazilfw/physical/internet

INTERFACE_TYPE="cabled"
INTERFACE_PHYSICAL="eth1"


#internet2 for eth2 (You will have to create this one)
Código: Selecionar todos
edit /etc/brazilfw/physical/internet2

INTERFACE_TYPE="cabled"
INTERFACE_PHYSICAL="eth2"


#If you have more network cards, you must follow the same scheme.

:arrow: Now, we have to create the dialers in /etc/brazifw/logical

#Here, we already have the file that references to eth1
Código: Selecionar todos
edit /etc/brazilfw/logical/internet

LINK_ALIAS="internet"
LINK_CONNECTION="internet"
LINK_TYPE="static"
LINK_IP="10.1.1.2"
LINK_NETMASK="255.255.255.252"
LINK_GATEWAY="10.1.1.1"
LINK_WEIGHT="2"


#Now, we have to create the file, internet2 i.e., that will act as the second dialer for the interface eth2
Código: Selecionar todos
edit /etc/brazilfw/logical/internet2

LINK_ALIAS="internet2"
LINK_CONNECTION="internet"
LINK_TYPE="static"
LINK_IP="10.50.1.2"
LINK_NETMASK="255.255.255.252"
LINK_GATEWAY="10.50.1.1"
LINK_WEIGHT="1"


If you have more network cards, you must follow the same scheme.

Perform Backup
Código: Selecionar todos
backup


To init or re-init the service:
Código: Selecionar todos
/etc/rc.d/rc.inet


:arrow: Click here to return to the index
Reglas del foro
Topics Importantes a leer antes de preguntar!
Que hacer al solucionar un problema

-Si compartes el Dinero, queda la mitad, Si compartes el Conocimiento, queda el DOBLE
Avatar do usuário
ramiropampa
BFW Beneméritos
 
Mensagens: 4141
Registrado em: Qua Dez 28, 2005 6:31 pm
Localização: En mi casa
BrazilFW Box:

Re: BrazilFW 3.0 - Tutorial - Working with "Smart Route"

Mensagempor ramiropampa » Qui Set 17, 2009 3:20 pm

:arrow: Working with "Smart Route"

Smart Route:

The link is verified every 10 seconds and in case of change, both Squid and the routes will be reloaded.

Parameters:
Header of /etc/brazilfw/route.cfg:
Código: Selecionar todos
[activo] [origen] [ruta(s)] [comando] [argumentos]


Examples:
Código: Selecionar todos
yes n internet1,internet2 port 443 tcp
yes n internet1,internet2 port 80 tcp browser
yes s internet1,internet2 source browser
yes f internet2,internet1 port 25 tcp
yes f internet2,internet. port 110 tcp
yes s internet1,internet2 source 192.168.0.1,192.168.0.2,192.168.0.3,192.168.0.4
yes s internet2,internet1 source 192.168.0.5,192.168.0.6,192.168.0.7
yes s internet1,internet2 source 192.168.0.0/24,10.0.0.5,192.168.50.0/30


[activo]
yes/no

[origen]
n = network (Network Origin)
f = firewall (Firewall Origin)
s = squid (Squid Origin)

[rutas] = besides the links
Example: We have 3 links named with aliases:
link 1 = internet1
link 2 = internet2
link 3 = internet3
1. To separate the links, we use the comma (,).
+ Example: internet,internet2,internet3
2. The order defines the priority. 1st,2nd,3rd...
3. If, for any reason, the first link goes down, the second link will take over, if the second link is down the third one will take over. When the first link comes back, this one will take over again.
4. If only one link is defined, having more than one server and the defined link is down, that one will enter in Load Balance.

[comando]
1. If [origen] for n o f
1. port [puerto] [protocolo] [filtro]
2. source [ip]
3. dest [ip/url]
4. source-port [ip] [puerto] [protocolo] [filtro]
5. dest-port [ip] [puerto] [protocolo] [filtro]
6. [protocolo] = tcp, udp
7. [filter] = All Level 7 protocol valid filters

2. If [origen] for s
source [ip(s) / browser]
browser = Detects which is the browser that is being used and only fixes the default route in the command
dest-domain [dominios] ex: .terra.com.br .orkut.com .uol.com.br

Examples to be used in route.cfg:
Código: Selecionar todos
 edit /etc/brazilfw/route.cfg


Código: Selecionar todos
 # sin squid
yes n internet1,internet2 port 80 tcp browser

# con squid
yes s internet1,internet2 source browser

# https
yes n internet1,internet2 port 443 tcp

# Change the name internet1,internet2,... for the name defined before system configuration



"Splitting (Sectorizing)" the network:

Remark: To split the IPs on Networks we use the comma (,).

Examples:

1. Assigning IPs to go out in one order and other IPs to go out in another order.
Código: Selecionar todos
yes s internet1,internet2 source 192.168.0.1,192.168.0.2,192.168.0.3,192.168.0.4
yes s internet2,internet1 source 192.168.0.5,192.168.0.6,192.168.0.7


2. Assigning a network to go out in one order and other networks to go out in another order.
Código: Selecionar todos
yes s internet1,internet2 source 192.168.0.0/24
yes s internet2,internet1 source 10.1.1.1/24,192.168.50.0/30


3. Forcing an IP to go out in one order and the rest of the network to go out in another order.
Código: Selecionar todos
yes s internet1,internet2 source 192.168.0.5
yes s internet2,internet3 source all
# Todo lo que no for do IP 192.168.0.5 entra en internet2 o en internet3


4. Forcing domains through one link.
Código: Selecionar todos
yes s internet1,internet2 dest-domain .terra.com.br,.orkut.com.br,.uol.com.br


Question posted by the user "rhine-pr":
I have a huge amount of IPs from youtube, globo and others. How should I configure LoadBalance to choose those destinations?

For example, determining that an Internet address (not from an internal IP) goes out through a particular link, say:
Código: Selecionar todos
dest y LB1 209.85.173.0/24 80 80 #googlevideos
dest y LB2 209.85.174.0/23 80 80 #googlevideos
dest y LB3 209.85.192.0/23 80 80 #googlevideos

# Determinar que cada IP saldrá por un link usando el puerto 80 ...


For the internal Network:
Código: Selecionar todos
net y LB1 LAN1 192.168.7.1 32 #

# Determinar que el link 1 va a ser direccionado para eth0 (lan1) para el IP 192.168.7.1


Answer from "Woshman":

In BrazilFW 3.x, using Squid, it would be:

Código: Selecionar todos
yes s internet1,internet2,internet3 dest-domain video.google.com
yes s internet2 dest-domain .globo.com
yes s internet3 dest-domain .youtube.com

yes s internet1,internet2,internet3 source 192.168.7.1/32


To restart the service:
Código: Selecionar todos
/etc/rc.d/rc.route


:arrow: Click here to return to the index
Reglas del foro
Topics Importantes a leer antes de preguntar!
Que hacer al solucionar un problema

-Si compartes el Dinero, queda la mitad, Si compartes el Conocimiento, queda el DOBLE
Avatar do usuário
ramiropampa
BFW Beneméritos
 
Mensagens: 4141
Registrado em: Qua Dez 28, 2005 6:31 pm
Localização: En mi casa
BrazilFW Box:

Re: BrazilFW 3.0 - Tutorial - Working with Scheduled Tasks -Cron

Mensagempor ramiropampa » Qui Set 17, 2009 3:23 pm

:arrow: Working with Scheduled Tasks - Cron.

Scheduled Tasks - Cron:
By default, cron (scheduled tasks) is enabled.
After modifying the file /etc/brazilfw/cron.cfg you only need to reload the service.


Parameters:

Header of /etc/brazilfw/cron.cfg:
Código: Selecionar todos
mm hh dd MM ss script comment
|  |  |  |  |    |       |
|  |  |  |  |    |       +-------- Comment
|  |  |  |  |    +---------------- Command/script to be executed/run
|  |  |  |  +--------------------- Day of Week (0 - 6) (starting on Sunday=0)
|  |  |  +------------------------ Month (1 - 12)
|  |  +--------------------------- Day of Month (1 - 31)
|  +------------------------------ Hour (0 - 23)
+--------------------------------- Minute (0 - 59)


Remarks:

1. In Day of Week, 0 refers to Sunday; and 6 to Saturday. You can also use the first three letters for the Day of Week (SUN,MON,TUE,WED,THU,FRI,SAT)

2. You can use the * (asterisk) in any position when for the scheduling fields (*=ALL).

3. You can use intervals in those scheduling fields. The character for implementing intervals is the - (Hyphen).

4. You can use a list of values in those scheduling fields. The character for doing lists is the comma(,).

5. Any text placed after the command or script to be executed, will be considered as a comment and will not be interpreted by cron.



Example:
1.
Código: Selecionar todos
00 * * * * script # Todos los días cada hora (siempre)


2.
Código: Selecionar todos
00-59/5 * * * * script #De cinco en cinco minutos (osea, cada 5 minutos) todos los días (note la división por 5 en el intervalo 00-59)


To restart the service:
Código: Selecionar todos
/etc/init.d/cron reload


:arrow: Click here to return to the index
Reglas del foro
Topics Importantes a leer antes de preguntar!
Que hacer al solucionar un problema

-Si compartes el Dinero, queda la mitad, Si compartes el Conocimiento, queda el DOBLE
Avatar do usuário
ramiropampa
BFW Beneméritos
 
Mensagens: 4141
Registrado em: Qua Dez 28, 2005 6:31 pm
Localização: En mi casa
BrazilFW Box:

Re: BrazilFW 3.0 - Tutorial - Enabling IP/MAC Control

Mensagempor ipnet » Qui Set 17, 2009 3:39 pm

:arrow: Enabling IP/MAC Control

Tie IP to MAC:

Parameters:
    Header of /etc/brazilfw/reserve.cfg:
    Código: Selecionar todos
    [ip] [mac]
    192.168.0.1 2e:00:54:16:a4:66

      Observation:
    1. The file /etc/brazilfw/reserve.cfg is used to reserve ips and the DHCP (translator's note: check info about this text line).
    2. The MAC address must be entering using the colon sign (:) dash sign is not valid (-)
      • For example: 192.168.0.1 2e:00:54:16:a4:66

To activate the tie mac/ip control is needed edit the follow file /etc/brazilfw/brazilfw.cfg and set to 'yes' on USE_MAC_CONTROL
Código: Selecionar todos
edit /etc/brazilfw/brazilfw.cfg
USE_MAC_CONTROL='yes'


  • The concept used for MAC/IP control is the same concept used for white lists. Only surf if established in list.
    If the MAC/IP controls is enabled in brazilfw.cfg, but the MAC is not declared in the list, the client cannot do nothing.
    Even, the ping to BFW is denied. For a MAC not registered only is available access to webadmin port and the ssh port too, in case maintenances works.

In example:
  • If you need block a MAC.
    Just go to the line IP/MAC, comment it (using a number # sign at begin) and reload the service. Automatically the client is blocked, and it won't go through neither QOS or Squid.
    Código: Selecionar todos
    edit /etc/brazilfw/reserve.cfg

    Código: Selecionar todos
    #192.168.0.1 2e:00:54:16:a4:66

    Código: Selecionar todos
    /etc/rc.d/rc.macip

To start/restart the service:
Código: Selecionar todos
/etc/rc.d/rc.macip
ipnet
 

Re: BrazilFW 3.0 - Tutorial - Enabling IPUpdate

Mensagempor ramiropampa » Qui Set 17, 2009 3:41 pm

:arrow: Enabling IPUpdate.

Parameters:

In the header /etc/brazilfw/ipupdate.cfg:

Código: Selecionar todos
edit /etc/brazilfw/ipupdate.cfg


Código: Selecionar todos
<alias> <servicio> <dominio> <usuario> <contraseña> son válidos para el no-ip y para el zoneedit
# Ejemplo
internet no-ip woshman.no-ip.info blablabla 123456

<alias> <servicio> <dominio> <usuario> <contraseña> <sistema> <backup mx (yes/no)> <wildcard * (yes/no)> <mail exchanger>
# Ejemplo
internet dyndns woshman.dyndns.info blablabla 123456 dyndns no yes (si usa, coloque el ip)

ctrl+qy


o IPUpdate must be enabled in the main file ( /etc/brazilfw/brazilfw.cfg )
Código: Selecionar todos
edit /etc/brazilfw/brazilfw.cfg

IPUPDATE="yes"

ctrl+qy


To start the Service:
Código: Selecionar todos
/etc/init.d/ipupdate start


To restart the Service:
Código: Selecionar todos
/etc/init.d/ipupdate reload


:arrow: Click here to return to the index
Reglas del foro
Topics Importantes a leer antes de preguntar!
Que hacer al solucionar un problema

-Si compartes el Dinero, queda la mitad, Si compartes el Conocimiento, queda el DOBLE
Avatar do usuário
ramiropampa
BFW Beneméritos
 
Mensagens: 4141
Registrado em: Qua Dez 28, 2005 6:31 pm
Localização: En mi casa
BrazilFW Box:

Re: BrazilFW 3.0 - Enabling the BFW 3.0 Internal Email Service

Mensagempor ramiropampa » Qui Set 17, 2009 3:43 pm

arrow: Enabling the BFW 3.0 internal Email service.

:arrow: How to use the E-Mail system

Código: Selecionar todos
edit /etc/brazilfw/mail.cfg


If you are using GMail
Código: Selecionar todos
SERVER="smtp.gmail.com"
EMAIL="blabla@gmail.com"
NAME="Nombre de muestra"
AUTH="on"
PORT="587"
SSL="yes"
PASSWORD="blabla"
ctrl+qy


If you are using Terra
Código: Selecionar todos
SERVER="smtp.poa.terra.com.br"
EMAIL="blabla@terra.com.br"
NAME="Nombre de muestra"
AUTH="login" # login = autenticación POP3
PASSWORD="blabla"
ctrl+qy


Example:

Código: Selecionar todos
edit teste


Código: Selecionar todos
#!/bin/sh

. /lib/system-mail

to "teste@teste.com.br"
subject "Hello World"
message "<html><p>Hello World</p><img src=\"oi.jpg\"></html>"
image /teste/oi.jpg
logread | dos2unix -d > /tmp/log.txt
attach /tmp/log.txt
rm -fr /tmp/log.txt
priority high
send

ctrl+qy


Código: Selecionar todos
chmod +x teste


Código: Selecionar todos
./teste


:arrow: Click here to return to the index
Reglas del foro
Topics Importantes a leer antes de preguntar!
Que hacer al solucionar un problema

-Si compartes el Dinero, queda la mitad, Si compartes el Conocimiento, queda el DOBLE
Avatar do usuário
ramiropampa
BFW Beneméritos
 
Mensagens: 4141
Registrado em: Qua Dez 28, 2005 6:31 pm
Localização: En mi casa
BrazilFW Box:

Re: BrazilFW 3.0 - Tutorial - Enabling Squid

Mensagempor ramiropampa » Qui Set 17, 2009 3:44 pm

:arrow: Enabling Squid

Squid 3.0 for BrazilFW 3.0 specifications:

* In order of Squid 3.0 to work in a BFW 3.0 environment it is necessary to have an 840MB HD with a minimum of 541MB of available space on it.

* The amount of HD space for Squid is calculated as the 60% of the partition's capacity.
For example: For a 10GB HD partition the system liberates 6GB for cache.

* In Squid for BrazilFW 2.x 16 directory folders are created automatucally, no matter the size of the disk. Now in Squid 3.0 for Brazil 3.0, directory folders are created acording the size of the disk
For example: 541MB creates 1 directory folder, 10GB creates 14 directory folders .

* For each GB of cache we have ton add 10MB of RAM memory, the system calculates automatically the cache space needed.

* For the moment, Squid works only in transparent mode.


* Parameters defined (fixed for the moment) in Squid for BFW 3.0:

o cache_mem 16 MB ======================> Right now the memory cache is 16MB
o maximum_object_size 20480 KB ==========> Maximum Object 20 MB
o minimum_object_size 0 KB ==============> Minimum Object 0 KB
o maximum_object_size_in_memory 256 KB => Maximum Object in memory 256 KB

These are fixed configuration parameter for now, not being allowed to modify them.

To enable Squid do the following:
Código: Selecionar todos
edit /etc/brazilfw/brazilfw.cfg
# Donde dice CACHE_DISK='no' colocar CACHE_DISK='yes'
Salve y Salga


Perform Backup
Código: Selecionar todos
backup


To Start the Service:
Código: Selecionar todos
/etc/init.d/squid start


:arrow: Click here to return to the index
Reglas del foro
Topics Importantes a leer antes de preguntar!
Que hacer al solucionar un problema

-Si compartes el Dinero, queda la mitad, Si compartes el Conocimiento, queda el DOBLE
Avatar do usuário
ramiropampa
BFW Beneméritos
 
Mensagens: 4141
Registrado em: Qua Dez 28, 2005 6:31 pm
Localização: En mi casa
BrazilFW Box:

Re: BrazilFW 3.0 - Tutorial - Working with DansGuardian

Mensagempor ramiropampa » Qui Set 17, 2009 3:46 pm

:arrow: Working with DansGuardian.

DansGuardian para BrazilFW 3.0:

Dansguardian is a filter that integrates to Squid to filter "incorrect contents" acording to our configuration.

It is very useful in network environments where a high level of control of the browsed pages is needed, having yet much more complex rules compared to Squid. However, even though it is rigurous, it is extremely flexible.

WARNING:

It is advisable to use Dansguardian only in corporate networks. It is not recommended for ISP or Providers.

Dansguardian in action:
Imagem

Let's explore some of the files to be configured in DansGuardian to achieve content blocking:

Every file starting with "banner" are negation files and every file starting with "exception" are exception files.

Files placed in the folder /etc/brazilfw/dansguardian/lists/

o bannedextensionlist ==> File extention blocking list. Here you place the extentions of the files that you want to block.
o bannedsitelist ==> Sites blocking list. Place here your flile blacklist.
o filtergroupslist ==> Here you can assign a user to a particular group, at first all the users belong to the same group.
o bannediplist ==> List of blocked IPs. The IPs listed on this file will have no access at all.
o bannedmimetypelist ==> Type blocked MIME (blocked download).
o bannedphraselist ==> List of "forbidden" phrases within the page (not an URL).
o bannedregexpurllist ==> List of blocked regular expressions.
o bannedurllist ==> List of blocked URLs.
o banneduserlist ==> List of blocked users, users without Internet access.
o contentregexplist ==> Regular expressions based content to be replaced.
o exceptioniplist ==> Filtered IPs exception (Network IPs not to be filtered).
o exceptionsitelist ==> Free access sites. The sites listed here will be liberated of every content check.
o exceptionphraselist ==> List of phrases to be considered as an exeption.
o exceptionurllist ==> List of URLs to be considered as an exception (liberated urls).
o exceptionuserlist ==> List of users to be considered as an exception.
o greysitelist ==> White list sites ¿¿White??
o greyurllist ==> White list URLs ¿¿White??
o pics ==> PICS Labeling definition.
--------------------------
o weightedphraselist ==> List of phrases and their "weight" (the weights can be positive or negative)
--------------------------

Files placed in the directory folder /etc/brazilfw/dansguardian/

o dansguardian.conf ==> Main configuration file.
o dansguardianf1.conf ==> Users group configuration file.

Don't think twice, READ ALL THE CONFIGURATION FILES, that will help you to better understand the working logic of DansGuardian.

To enable DansGuardian in BFW do the following:
Código: Selecionar todos
edit /etc/brazilfw/custom/squid.cfg

En la linea WEB_CONTENT_FILTER='no'

Cambiar 'no' por 'yes'

Salvar y salir


Configure your blockings (then save and exit). Afterwards stop SQUID and restart it again.

To Stop SQUID
Código: Selecionar todos
/etc/init.d/squid stop


To Start SQUID
Código: Selecionar todos
/etc/init.d/squid start


When you modify any file in the directory folder /etc/brazilfw/dansguardian/lists/, do the following:
Código: Selecionar todos
/etc/init.d/squid reload


When you move the files dansguardian.conf:
dansguardianf1.conf, bannedip and exceptionip that are all together in the same directory folder than dansguardian.conf, run the following command:
Código: Selecionar todos
/etc/init.d/squid restart-dg



Sources:
* Woshman: memberlist.php?mode=viewprofile&u=1335
* DansGuardian: http://www.dansguardian.org
* http://br-linux.org/tutoriais/003552.html
* Squid + DansGuardian
* http://www.vivaolinux.com.br/dica/Liber ... nsguardian

:arrow: Click here to return to the index.
Reglas del foro
Topics Importantes a leer antes de preguntar!
Que hacer al solucionar un problema

-Si compartes el Dinero, queda la mitad, Si compartes el Conocimiento, queda el DOBLE
Avatar do usuário
ramiropampa
BFW Beneméritos
 
Mensagens: 4141
Registrado em: Qua Dez 28, 2005 6:31 pm
Localização: En mi casa
BrazilFW Box:

Re: BrazilFW 3.0 - Working with Log Generators - Sarg and WebA.

Mensagempor ramiropampa » Qui Set 17, 2009 3:48 pm

:arrow: Working with Log Generators - Sarg and WebAlizer.

Logs generators of BrazilFW 3.0 - Sarg y WebAlizer:

  • Sarg
    • Recommended for SOHO networks and companies uses.
  • WebAlizer
    • Recommended for Internet Providers uses.



:arrow: Sarg:

Imagem



Activating Sarg:
Código: Selecionar todos
 edit/etc/brazilfw/custom/squid.cfg

In line SQUID_REPORT=''

Put 'Sarg'

save and exit



Defining the language:
Código: Selecionar todos
 edit/etc/brazilfw/custom/squid.cfg

In line SARG_LANGUAGE=''

Put 'Portuguese' or 'Spanish' or 'English'

Save and exit


Length of stay of records:
Código: Selecionar todos
 edit /etc/brazilfw/custom/squid.cfg

In line DELETE_REPORT_AFTER_DAYS='0'

0(zero)=The records are disabled

If you put for example '30', files with more than 30 days will be deleted.

Save and exit


Note:
  • If the hosts are defined in the /etc/brazilfw/hosts.cfg in Sarg appear with the name of the Host.
    What this statement does not rise with the IP number.


:arrow:Webalizer:

Imagem


Activating WebAlizer:
Código: Selecionar todos
 edit /etc/brazilfw/custom/squid.cfg

In line SQUID_REPORT=''

Put 'webalizer'

Save and exit



    If Squid is already running then there will have to stop and restart it:
  • To stop Squid:
    Código: Selecionar todos
     /etc/init.d/squid stop
  • To start Squid:
    Código: Selecionar todos
     /etc/init.d/squid start


To view the records
Código: Selecionar todos
https://ns.brazilfw.local:8181/report


  • The records are updated every 10 minutes



:arrow:Click here to return to the index.
Reglas del foro
Topics Importantes a leer antes de preguntar!
Que hacer al solucionar un problema

-Si compartes el Dinero, queda la mitad, Si compartes el Conocimiento, queda el DOBLE
Avatar do usuário
ramiropampa
BFW Beneméritos
 
Mensagens: 4141
Registrado em: Qua Dez 28, 2005 6:31 pm
Localização: En mi casa
BrazilFW Box:

Re: BrazilFW 3.0 - Tutorial - Working with QoS

Mensagempor ramiropampa » Qui Set 17, 2009 3:49 pm

Working with QoS
Reglas del foro
Topics Importantes a leer antes de preguntar!
Que hacer al solucionar un problema

-Si compartes el Dinero, queda la mitad, Si compartes el Conocimiento, queda el DOBLE
Avatar do usuário
ramiropampa
BFW Beneméritos
 
Mensagens: 4141
Registrado em: Qua Dez 28, 2005 6:31 pm
Localização: En mi casa
BrazilFW Box:

Re: BrazilFW 3.0 - Tutorial - Working with DHCP

Mensagempor ghost » Qui Set 17, 2009 3:50 pm

:arrow: Working with DHCP.

1 - DHCP for conventional non-subnetted networks

    In the file /etc/brazilfw/brazilfw.cfg options are:

    • DHCP_SERVER=´no´ = Default is disabled. To enable change ´no´ to ´yes´

    • DHCP_DEFAULT_LEASE=´7200´ = which corresponds to 2 hours (you can change this value to your preference)

      Also in the directory (folder) /etc/brazilfw/ we have the files dhcp.cfg and reserve.cfg

    • Header of /etc/brazilfw/dhp.cfg:
      Código: Selecionar todos
      [ip start] [ip end]

      For example:
      192.168.0.2 192.168.0.50 # It goes from 192.168.0.2 to 192.168.0.50

    • If you want you can use ranges of IPs:
      Código: Selecionar todos
      Example:
      192.168.0.2 192.168.0.50
      192.168.0.60 192.168.0.90
      192.168.0.95 192.168.0.100

    • The file reserve.cfg is to make reservations MAC+IP:
      Header of /etc/brazilfw/reserve.cfg:
      Código: Selecionar todos
      [ip] [mac]
      Example:
      192.168.0.55 00:00:00:00:00:00


2 - DHCP for subnets and networks with QOS

  • As shown in the topic "Working with Subnets" to create the subnets simply enter the range for the subnet on the file /etc/brazilfw/subnet.cfg and then execute the command /etc/rc.d/rc.subnet
  • If we wished that the handle DHCP, hiding all the system for each range subnet having "its own DHCP server", simply add dhcpat the end of the range of subnet. Using the above example would then read the file /etc/brazilfw/subnet.cfg:
    Código: Selecionar todos
    local 192.168 0 254 dhcp

  • To create a subnet number and configuration of the QoS class of sub-network at a certain speed, follow these examples:


[*]Setting up reserves reserve.cfg
Código: Selecionar todos
[ip] [mac]
10.20.1.2 00:00:00:00:00:00

This isolate clients in the QOS without having to create a single QOS [/list]

Observation:
    DHCP is executed from the bottom up. Primeiro van subnets and then goes in the dhcp network. The system automatically assigns it this way.

:arrow: Click here to return to the index.

Avatar do usuário
ghost
BFW Beneméritos
 
Mensagens: 1351
Registrado em: Qui Abr 24, 2008 8:54 pm
Localização: Tierras Asperas de Zona Sur, Buenos Aires, Argentina
BrazilFW Box: No en uso actualmente

Re: BrazilFW 3.0 - Tutorial - Working with Subnets

Mensagempor ipnet » Qui Set 17, 2009 3:50 pm

:arrow: Working with Sub-Networks.

:arrow: Creating Sub-Networks:

First, an explanation on why the network mask is kept fixed in /30 (255.255.255.252)
in the file /etc/brazilfw/subnet.cfg:

o If we want to isolate the PCs so they are not seen by others in the network, the mask is set up in /30 (255.255.255.252), allowing only
two IPs in the subnetwork (the default gateway and the client PC).
With values lower than /30 for the mask, /29, /28, /27 for example, the clients will see each other.

o The design of /etc/brazilfw/subnet.cfg is exactly as described above to avoid the client PCs to be able to
see each other (it blocks the visibility in the network) by establishing a /30 network mask.

o If there is a need to establish a different network mask, other than /30, in order to increase the size of the subnetwork or to limit a
group, please proceed as described in item 2.


1 - Subnetworks with /30 Network mask.

* To create subnetworks we will work with the file /etc/brazilfw/subnet.cfg
and we create them using the command /etc/rc.d/rc.subnet

* Example: We will create 10 subnetworks. To do this, we will write the following in the file /etc/brazilfw/subnet.cfg
Código: Selecionar todos
local 10.50 1 10

Guarde y salga


#10 subnetworks will be created from 10.50.1.1 to 10.50.10.1 with /30 network mask.

# Explaining the local 10.50 1 10:

* local = Name of the network interface where the subnetwork will be created
* 10.50 = Network index
* 1 = Subnetwork start
* 10 = Subnetwork end

To create the subnetworks, run the next command:
Código: Selecionar todos
/etc/rc.d/rc.subnet


If you want to check the interface configuration:
Código: Selecionar todos
ifconfig


* In the client PC it would be as follows:
1. Client 1:
client = 10.50.1.2
mask = 255.255.255.252
gateway = 10.50.1.1
DNS = 10.50.1.1

2. Client 2:
client = 10.50.2.2
mask = 255.255.255.252
gateway = 10.50.2.1
DNS = 10.50.2.1

3. Etc ......


* To create subnetwork intervals , proceed as follows in /etc/brazilfw/subnet.cfg:

o creating intervals from 10 to 10
local 10.50 1 10
local 10.50 20 30
local 10.50 40 50
local 10.50 60 70
local 10.50 80 90

Save and exit:
o the following subnetworks will be created:
From 10.50.1.1 to 10.50.10.1
From 10.50.20.1 to 10.50.30.1
From 10.50.40.1 to 10.50.50.1
..............
Then execute the following command to create them:
Código: Selecionar todos
/etc/rc.d/rc.subnet


Perform backup
Código: Selecionar todos
backup


2 - Subnetworks with network mask different than /30

* To create subnetworks with network mask different than /30 it is necessary to create a new logic interface.
Remember that it already exists a logic interface called /etc/brazilfw/logical/local that is linked to the physical interface.

* Creating a new logical interface, "local2" for example.

Código: Selecionar todos
edit /etc/brafilw/logical/local2

[color=#0000BF]insert this:[/color]

LINK_ALIAS="local" # Nombre de la interface fisica
LINK_CONNECTION="local" # Tipo de conexion
LINK_TYPE="static"
LINK_IP="10.50.0.1" # Nueva subred
LINK_NETMASK="255.255.255.128" # /25 (128 utilizables)

Save and exit


Restart the network
Código: Selecionar todos
/etc/rc.d/rc.inet


Restart DHCP
Código: Selecionar todos
/etc/init.d/dhcp reload


:arrow: Click here to return to the index.

ipnet
 

Re: BrazilFW 3.0 - Tutorial - Working with Wireless Networks

Mensagempor ramiropampa » Qui Set 17, 2009 3:51 pm

Working with Wireless Networks
Reglas del foro
Topics Importantes a leer antes de preguntar!
Que hacer al solucionar un problema

-Si compartes el Dinero, queda la mitad, Si compartes el Conocimiento, queda el DOBLE
Avatar do usuário
ramiropampa
BFW Beneméritos
 
Mensagens: 4141
Registrado em: Qua Dez 28, 2005 6:31 pm
Localização: En mi casa
BrazilFW Box:

Working with Port Forwarding

Mensagempor Lelouch » Seg Set 21, 2009 1:57 pm

:arrow: Working with Port Forwarding.

Parameters:
    Header of /etc/brazilfw/ports/forward.cfg:
    Código: Selecionar todos
    #<active> <alias> <protocol> <port> <ip-destination> [port]
    #active: yes/no
    #protocol: tcp/udp/all
    #alias: all/name of logical connection

    Ejemplos:
    Código: Selecionar todos
    yes internet all 21 192.168.0.11 21 #i.e.

    Código: Selecionar todos
    yes all all 21 192.168.0.11 21 #i.e.

  • <active>
      yes/no
  • <alias> = link alias = name of logic connection
      set it to “all” for use all logic connections, or input the link name to be used (LoadBalance)
  • <protocol>
      tcp / udp / all
  • <port>
      Source Port
  • <ip-destination>
      Internal Ip of network
  • [port]
      Destination Port


To Stara or restart this service:
Código: Selecionar todos
/etc/rc.d/rc.forward



:arrow: Click here to return to the index.

Avatar do usuário
Lelouch
BFW Beneméritos
 
Mensagens: 1324
Registrado em: Dom Out 05, 2008 7:39 pm
Localização: #!/bin/sh
BrazilFW Box: BrazilFW: RAM 3GB, ATHLON X2 5600+, HDD 160GB+120GB, LB: 2Mb+8Mb.
BFW3 BuildTree on GNU/Linux Archlinux 64 bits.

Working with MAC Cloning

Mensagempor Lelouch » Seg Set 21, 2009 1:58 pm

:arrow: MAC Cloning

In the version 3.0.197 was added the MAC cloning feature. The steps to use MAC cloning in BFW 3.0 version are detailed below:

Go to the configuration file that set the physical NIC (/etc/brazilfw/physical)
And modify the var ( INTERFACE_MAC="<mac>" )

For example:
  • MAC Clone for eth1 = internet
Código: Selecionar todos
edit /etc/brazilfw/physical/internet


Código: Selecionar todos
Change for: INTERFACE_MAC="00:00:00:00:00:00"


The /etc/brazilfw/physical/internet file must contain the follow lines:
Código: Selecionar todos
INTERFACE_TYPE="wired"
INTERFACE_PHYSICAL="eth0"
INTERFACE_MAC="00:00:00:00:00:00"

Save an quit

Then, execute:
Código: Selecionar todos
/etc/rc.d/rc.inet


    Observation:
      In the version 2.x after change the MAC, the reboot was needed to roll back changes to the original MAC.
      In this new version 3.x you only need go to the Physical NIC configuration INTERFACE_MAC="".
      Then, execute /etc/rc.d/rc.inet to set the original MAC number.

:arrow: Click here to return to the index.

Avatar do usuário
Lelouch
BFW Beneméritos
 
Mensagens: 1324
Registrado em: Dom Out 05, 2008 7:39 pm
Localização: #!/bin/sh
BrazilFW Box: BrazilFW: RAM 3GB, ATHLON X2 5600+, HDD 160GB+120GB, LB: 2Mb+8Mb.
BFW3 BuildTree on GNU/Linux Archlinux 64 bits.

Native DNS server of BFW 3.0 - Bind

Mensagempor Lelouch » Seg Set 21, 2009 1:59 pm

:arrow: Native DNS server of BFW 3.0 = Bind

BrazilFW 3.0 include a native DNS Server. The server is Bind, and is the most frequently used DNS server.

The BIND is enabled by default. You can found this in:
Código: Selecionar todos
DNSSERVER='yes'


Into the file /etc/brazilfw/brazilfw.cfg

Too can found the follow lines:
Código: Selecionar todos
DNS1=''
DNS2=''
DHCP_DNS1=''
DHCP_DNS2=''


Please, with BIND enabled Don’t configure the before vars, you only need set this if the server DNS is disable.
Código: Selecionar todos
DNSSERVER='no'


Disable BIND is not recommended to use other resolving DNS systems. The BIND is an excellent DNS Server, and is perfectly integrated to this version of BFW


:arrow: Click here to return to the index.

Avatar do usuário
Lelouch
BFW Beneméritos
 
Mensagens: 1324
Registrado em: Dom Out 05, 2008 7:39 pm
Localização: #!/bin/sh
BrazilFW Box: BrazilFW: RAM 3GB, ATHLON X2 5600+, HDD 160GB+120GB, LB: 2Mb+8Mb.
BFW3 BuildTree on GNU/Linux Archlinux 64 bits.

Re: BrazilFW 3.0 - Tutorial

Mensagempor kmus2003 » Ter Set 22, 2009 2:45 pm

:arrow: Summary of Commands.

:arrow: Commands for Start, Reload, Restart and Stop Services:
    To be executed on the command line or directly on the server via ssh.

  • Install BrazilFW 3.0: install
  • Backup: backup
  • Restart Internet service: /etc/rc.d/rc.inet
  • Restart the locks: /etc/rc.d/rc.blocked
  • Restart Sub-Networks: /etc/rc.d/rc.subnet
  • Restart the QOS: /etc/rc.d/rc.qos
  • Restart the Firewall: /etc/rc.d/rc.firewall
  • Restart redirects Door: /etc/rc.d/rc.forward
  • Restart the control of IP x MAC: /etc/rc.d/rc.macip
  • Restart the service Smart Route: /etc/rc.d/rc.route
  • Altering the system password: passwd
  • Update the system time: /etc/rc.d/rc.time
  • Restart the system: reboot
  • Shutdown the system: poweroff
  • First system call: /etc/rc.d/rc.sysinit
  • System Log (daemon): /etc/rc.d/rc.syslogd


  • Squid:
    • Starting Squid: /etc/init.d/squid start
    • Reload Squid: /etc/init.d/squid reload
    • Stopr Squid: /etc/init.d/squid stop
    • Restart Squid with DansGuardian: /etc/init.d/squid restart-dg
    • Recreate the Squid Cache: /etc/init.d/squid cachedir
    • Rotate Squid Logs (It is automatically executed by CRON): /etc/init.d/squid rotate
  • DHCP:
    • Start the DHCP service: /etc/init.d/dhcp start
    • Reload DHCP: /etc/init.d/dhcp reload
    • Stop DHCP: /etc/init.d/dhcp stop
    • Restart DHCP: /etc/init.d/dhcp restart
  • WebAdmin:
    • Start the WebAdmin: /etc/init.d/webadmin start
    • Reload WebAdmin: /etc/init.d/webadmin reload
    • Stop WebAdmin: /etc/init.d/webadmin stop
  • BIND (Server DNS):
    • Start the service Bind: /etc/init.d/named start
    • Reload Bind: /etc/init.d/named reload
    • Stop Bind: /etc/init.d/named stop
    • Details Bind: /etc/init.d/named details
  • Cron (Tasks scheduled / programmed):
    • Start the Cron service: /etc/init.d/cron start
    • Reload Cron: /etc/init.d/cron reload
    • Stop Cron: /etc/init.d/cron stop
  • IpUpdate:
    • Start IpUpdate: /etc/init.d/ipupdate start
    • Reload IpUpdate: /etc/init.d/ipupdate reload
    • Stop IpUpdate: /etc/init.d/ipupdate stop
  • SSH:
    • StartSSH: /etc/init.d/sshd start
    • Reload SSH: /etc/init.d/sshd reload
    • Stop SSH: /etc/init.d/sshd stop
  • Acpi Support for machine stop):
    • To start: /etc/init.d/acpi start
    • To stop: /etc/init.d/acpi stop
  • IpWatch ( Protection against duplicate IP- If a network ip that duplicate the ip of the Brazilfw, the server Brazilfw does not fail and continue to work properly):
    • To Start: /etc/init.d/ipwatch start
    • To stop: /etc/init.d/ipwatch stop


:arrow: Other useful commands:
    To be executed on the command line or directly on the server via ssh.

  • To verify the version of BrazilFW: cat /etc/issue
  • To view kernel version: uname -r ó cat /proc/version
  • To see who this "On-line": cat /proc/net/arp
  • To find the MAC of a given IP network: arping -f -c1 -w1 <ip.de.máquina>
  • To view the status of Internet links: ip ro


:arrow: Click here to return to index.

kmus2003
 


Voltar para BrazilFW 3.x

Quem está online

Usuários navegando neste fórum: Nenhum usuário registrado e 1 visitante