[Modularit-users] Translation for firewall guide

Agustín Benito abenito at grupocpd.com
Thu Feb 12 12:30:34 WET 2009 

Hi ben,

put the translation of this guide that you have done on the twiki and send
an e-mail to kuko. Maybe part of it can be reused by him. Take away the
spanish and the english firewall guide from modularit's wiki.

Kuko,  is there any unupdated guide? If there is any, please tell Ben about
it so he won't translate it.

saludos

2009/2/12 Agustín Benito <abenito at grupocpd.com>

> Hi,
>
> finally I did it on the e-amil. Sorry for the confusion.
>
> saludos
>
> 2009/2/12 Agustín Benito <abenito at grupocpd.com>
>
> Hi,
>>
>> yes, I'll do it directly on the wiki....
>>
>> 2009/2/12 Ben Jarenicz <bjarenicz at me.com>
>>
>>> Richard,
>>>
>>> There is a lot in here I do not understand, please can you help me
>>> translate the remaining lines of Spanish.
>>>
>>> Thank you.
>>>
>>>
>>>
>>> h1. Firewall deployment guide
>>>
>>> This document is under development. If you have any trouble, please get
>>> in contact with the ModularIT team through the mailing list.
>>>
>>>
>>> h2. Preparation
>>>
>>> * Prior to commencing, read the [[ModularITXen0DeploymentGuideEn|Dom0
>>> deployment]] guide, ya que los firewall siempre se depliegan sobre hierro.
>>> * Install the Firewall services
>>>
>>> <pre>
>>>  yum install dhcp squid bind ntp perl-Config-Simple libmcrypt screen
>>> vim-enhanced nmap  wireshark  vixie-cron at crontabs usbutils lshw iptraf
>>> telnet
>>> </pre>
>>>
>>> * Install the Shorewall from the ctktools repository
>>>
>>> <pre>
>>>  yum install --enablerepo=ctktools shorewall
>>> </pre>
>>>
>>> h2. Preparation and configuration of the PICA for Shorewall, dhcpd and
>>> server names
>>>
>>> * Dado que estos tres servicios esta interelaccionados entres si los
>>> trataremos en este apartado
>>
>> * since these three services are related to each other, we will go thrugh
>> them in this section.
>>
>>>
>>> * ?The following configuration is recommended? Es importante tener un
>>> criterio, aunque sea arbitrario.. y el nuestro es:
>>
>> It is important to unify a criteria no matter how arbitrary can seem. Ours
>> is:
>>
>>>
>>>
>>> <pre>
>>>  eth0  is connected to the internet or in it's absence, the closest
>>> alternative
>>>  eth1 to the intranet
>>>  eth2 to the DMZ
>>> </pre>
>>>
>>> * En el fichero del pica bien en la parte del hosts si estamos ante una
>>> instalación con multiples sedes y un firewall por sede. Damos de alta las
>>> varibles
>>
>> In the host part of the PICA archive if we are on a distributed
>> installation and a single firewall in each site, we define the variables.
>>
>>>
>>>
>>> h3. Network
>>>
>>> * ?Ensure that the file _/etc/sysctl.conf_ is configured to send packets
>>> between interfaces? tiene activado el reenvio de paquetes entre intefaces
>>
>> and has activated the packets resent between interfaces
>>
>>>
>>>
>>> <pre>
>>>  # Controls IP packet forwarding
>>>  net.ipv4.ip_forward = 1
>>> </pre>
>>>
>>> h3. Shorewall
>>>
>>> * Add the machine to the _shorewall_ group
>>> * Damos de alta dentro de la definición de maquina en pica
>>
>> We define in the machine definition in PICA:
>>
>>>
>>>
>>> <pre>
>>>  inet_iface = 'eth0';
>>>  loc_iface = 'eth1';
>>> </pre>
>>>
>>> h3. Primary Nameserver and dhcp server
>>>
>>> * Daremos de alta la maquina en el grupo _dnsdhcp_ en el caso de ser
>>> tanto Servidor de nombre principal, Servidor dhcp  dnsservers, dnsslaves
>>> dhcpservers
>>> * Y las varibles que vamos a fijar dentro de la definición de la maquina
>>> son:
>>> * The subnet, default gateway, name server and the Wins or NetBIOS that
>>> the dhcp server serves
>>
>> * We will add the machine into the _dnsdhcp_ group if acts as master DNS
>> machine, dhcp  dnsservers, dnsslaves dhcpservers server.
>> * The variables to define in the machine are:   subnet, default gateway,
>> name server and the Wins or NetBIOS that the dhcp server serves
>>
>>>
>>>
>>> <pre>
>>>  netprefix = '192.168.100';
>>>  router = '192.168.100.1';
>>>  dnsservers = '192.168.100.1';
>>>  nbservers = '192.168.100.1';
>>> </pre>
>>>
>>> * If you wish to dynamically update the DNS when the dhcp server assigns
>>> an ip you will need to generate a password, to do this connect to the name
>>> server and execute _dns-keygen_
>>>
>>> <pre>
>>>  ddns = 1;
>>>  dhcpkey = 'XXXXXXXXXXXXXXXXXXXXXXXX';
>>>  rndckey = 'XXXXXXXXXXXXXXXXXXXXXXXX';
>>> </pre>
>>>
>>> * En zona de variables comunes para este grupo se da alta del nombre de
>>> dominio:
>>
>> In the common variables zone for this group, the domain name must be
>> defined:
>>
>>>
>>>
>>> <pre>
>>>  domainname = 'example.com';
>>> </pre>
>>>
>>> * List the  _forwarders_, si queremos que los cambios sean propagados a
>>> otro servidores secundarios.
>>>
>>> <pre>
>>>  forwarders = '1.1.1.1 ; 2.2.2.2; ';
>>>
>>> * distzonefiles : set this variable if you want to distribute the zone
>>> files using pica. If you do, you must create the zone files with the
>>> appropriate name (see below) in the PICA server.  If you don't use this
>>> feature, you have to create those files in the DNS server
>>>
>>>  distzonefiles = 1;
>>>
>>>   * Additional variables for splitdns:
>>>
>>>  #splitdns : Set this variable if you want to generate a splitdns
>>>  configuration
>>>  splitdns = 0;
>>>  #dnsextmasters : list of master servers for the external zone
>>>  #dnsextmasters = '217.126.206.5 ; ';
>>>  # Set this if you want to distribute the zone files using pica
>>>  #distzonefiles = 1;
>>>
>>>   * Zone files, This modules assumes the zone files will be named:
>>>      * ${domainname}.db : for the zone
>>>      * ${domainname}-ext.db : for the EXTERNAL zone
>>>      * ${netprefix}.db : for the reverse zone
>>>      * You can use example.com.db and 192.168.1.db as a model to create
>>> your zone file
>>> </pre>
>>>
>>> * Launch the pica
>>>
>>> <pre>
>>>  pica -iv +F ntp dhcp dnsserver shorewall+H ejemplo.fw
>>> </pre>
>>>
>>> h3. Configuration of the Nameserver in slave mode
>>>
>>> * Una vez tengamos en un red un dns principal puede ser que nos interese
>>> instalar un dns segundario. Damos de alta el host en los grupos
>>> _dnsservers_, _dnsslaves_ _dhcpservers_.
>>
>> * Once we have a master dns in our network, we might install a secundary
>> one. We define the host in _dnsservers_, _dnsslaves_ _dhcpservers_ groups.
>>
>>>
>>> * All parts of the _dhcp_ are identical to the previous example.
>>> * Set the _dnsmaster_ variable in the common area:
>>>
>>> <pre>
>>>  dnsmasters = '192.168.1.1 ; ';
>>> </pre>
>>>
>>> * Launch the pica
>>>
>>> <pre>
>>>  pica -iv +F ntp dhcp dnsserver shorewall+H ejemplo.fw
>>> </pre>
>>>
>>> h3 Preparation and configuration of PICA for the squid
>>>
>>> * Create the machine in PICA
>>> * Define the following variables in the _admingroup_:
>>> ** The _admindomain_ must have the same name as the pica group.
>>> ** Fijar _squid_visible_hostname_ , nombre con el que se anunciara la
>>> maquina al conectase y vera los usuarios cuando se produzca un error de
>>> navegación.
>>
>> ** Define _squid_visible_hostname_. This will be  the name used to
>> announce the machine when connecting and will see users when a brose through
>> the network error occurs.
>>
>>>
>>> * Install the firewall objects
>>>
>>> <pre>
>>>  pica -iv +F squid +H ejemplo.fw
>>> </pre>
>>>
>>>
>>> h2. Preparation of the Squid service
>>>
>>> * Edit the file _/etc/squid/squid.conf_ to revise the networks with which
>>> you can use the squid with by default:
>>>
>>> <pre>
>>>  acl our_networks src 192.168.130.0/24
>>>  http_access allow our_networks
>>> </pre>
>>
>>
>> Salduos
>>
>>>
>>> _______________________________________________
>>> Modularit-users mailing list
>>> Modularit-users at lists.modularit.org
>>> http://lists.modularit.org/mailman/listinfo/modularit-users
>>>
>>>
>>
>>
>> --
>> Agustín Benito Bethencourt (Toscalix)
>> abenito at grupocpd.com
>> ModularIT Community Manager
>> http://www.modularit.org
>>
>
>
>
> --
> Agustín Benito Bethencourt (Toscalix)
> abenito at grupocpd.com
> ModularIT Community Manager
> http://www.modularit.org
>



-- 
Agustín Benito Bethencourt (Toscalix)
abenito at grupocpd.com
ModularIT Community Manager
http://www.modularit.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.modularit.org/pipermail/modularit-users/attachments/20090212/92c4360e/attachment.html

More information about the Modularit-users mailing list