Follow That Page sends you an email when this page is changed.
|
Upgrade to Ubuntu 6.06
Do you want to upgrade your firewall PC from Ubuntu Linux 5.10 to 6.06? Then beware of problems with Shorewall, the popular firewall package for Linux.
I like Ubuntu very much, especially because of the almost perfect package management. Even a major upgrade like this one can be done with the usual update manager, and that works fine, except for Shorewall. There are some significent changes in Shorewall 3 compared to 2. You should manually check all configuration files.
Some important things:
- Do you have a file called modules, then replace it by the newer version from /usr/share/doc/shorewall/default-config (if only I had known this, AAAAAARGH!)
- The structure of the zones file is changed: a row like "net net Internet" becomes "net ipv4". See also the comments in the new version of this file.
- The firewall zone (fw) if no longer defined in shorewall.conf, but in the zones file.
- In shorewall.conf (van versie 3), check the value of IP_FORWARDING. I changed it from Keep to On.
Here a general recipy to prevent problems:
1. Backup your /etc/shorewall directory before the upgrade.
2. Do the upgrade. This can take a few hours, if you have many packages installed.
3. After the upgrade, copy the default configuration files from /usr/share/doc/shorewall/default-config to /etc/shorewall.
4 Then open your old configuration files one by one, put them next to the new configuration files and copy your own rules to the new files. Do this with the following files:
interfaces
zones
hosts
policy
rules
masq
shorewall.conf
And with the zones and shorewall.conf files, be careful not to copy your old configuration without reading the comments carefully.
I hope this may save someone some work.
Onno - june 20, 2006, 11:54 - 1 comment
|
