Ubuntu-Server 6.10 防火墙系统安装dpkg -i webmin_1.300_all.deb cp /usr/share/doc/shorewall/examples/two-interfaces/* /etc/shorewall/ cd /etc/shorewall gunzip interfaces.gz masq.gz rules.gz policy.gz Now open your browser and login to webmin at https://192.168.1.1:10000 as root with your root password and, using webmin's shorewall module, change the policy's and rules of your firewall as needed (for now, I only set the policy file to the example as shown, you may copy and paste my policy file for starters, if you don't like webmin). Also set in /etc/shorewall.conf the line "IP_FORWARDING=Keep" to "IP_FORWARDING=On" (without quotes) and enable the firewall in /etc/default/shorewall. My /etc/shorewall/policy now looks like this: ############################################################################### #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST # # Note about policies and logging: # This file contains an explicit policy for every combination of # zones defined in this sample. This is solely for the purpose of # providing more specific messages in the logs. This is not # necessary for correct operation of the firewall, but greatly # assists in diagnosing problems. # # # Policies for traffic originating from the local LAN (loc) # # If you want to force clients to access the Internet via a proxy server # on your firewall, change the loc to net policy to REJECT info. loc net ACCEPT loc $FW ACCEPT loc all REJECT info # # Policies for traffic originating from the firewall ($FW) # # If you want open access to the Internet from your firewall, change the # $FW to net policy to ACCEPT and remove the 'info' LOG LEVEL. # This may be useful if you run a proxy server on the firewall. $FW net ACCEPT $FW loc ACCEPT $FW all REJECT info # # Policies for traffic originating from the Internet zone (net) # net $FW DROP info net loc DROP info net all DROP info # THE FOLLOWING POLICY MUST BE LAST all all REJECT info #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE Next do: /etc/init.d/shorewall start You should be able now to surf the net. DO NOT PROCEED UNTILL YOU SUCCEED IN SURFING THE NET. SINCE THIS IS YOUR FRAMEWORK. IT HAS TO BE OK. So now we need some packages. Do (all in one line!): apt-get install postfix postfix-doc courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-modules-sql sasl2-bin libpam-mysql build-essential dpkg-dev fakeroot debhelper libdb4.2-dev libgdbm-dev libldap2-dev libpcre3-dev libmysqlclient12-dev libssl-dev libsasl2-dev postgresql-dev po-debconf dpatch zoo unzip arj rdate fetchmail unzip zip ncftp libarchive-zip-perl zlib1g-dev libpopt-dev nmap lynx fileutils curl mail-audit-tools libwww-perl imagemagick squirrelmail squirrelmail-locales munin munin-node ntp samba spamassassin razor pyzor unzoo spamc libio-string-perl libnet-ident-perl libio-socket-ssl-perl libapache2-mod-php4 libapache2-mod-perl2 php4 php4-cli php4-common php4-curl php4-dev php4-domxml php4-gd php4-imap php4-ldap php4-mcal php4-mhash php4-mysql php4-odbc php4-pear php4-xslt curl libwww-perl php-pear mailscanner mailx libzzip-dev libgmp3c2 libgmp3-dev dhcp3-server pptpd Accept all defaults. Now do: mysqladmin -u root password yourrootsqlpassword ##USE A REAL PASSWORD HERE! Now configure Apache and Squirrelmail. /usr/sbin/squirrelmail-configure Set it to courier (option D) and make ik otherwise as you like it. Don't forget to enable some plugins and to set a default language if desired. Also I suggest to set this: $show_contain_subfolders_option = true; My/etc/squirrelmail/config.php now looks like this: <?php 更多相关文章
|
推荐文章
精彩文章
|
