The instructions that follow apply to building floppyfw on a Linux system. They include the steps I followed in creating a particular firewall, but hopefully, may be of use to someone else as well.
I downloaded the latest version of floppyfw from
http://www.zelow.no/floppyfw/download.html. On a Linux system, I then used
the dd
command to create a bootable floppy disk from the
floppyfw-current.img file I downloaded. I then used the mcopy
command to copy the config file from the DOS-formatted disk to the /tmp
directory on the system where I edited it and then copied it back to the
floppy again with mcopy. You could instead edit the file with notepad on a
Windows system, if you wished.
dd if=floppyfw-current.img of=/dev/fd0 bs=72k
cd /tmp
mcopy a:config
vi config
I wanted both sides of the firewall to have static IP addresses, rather than addresses dynamically assigned by a DHCP server, so I changed the lines referring to the assignment of the outside IP address and other network information by DHCP. I also changed the addresses for the inside of the firewall, i.e. the side facing my LAN to match what I was actually using on the LAN.
Original Values | New Values |
External Side of Firewall | |
#OUTSIDE_IP= | OUTSIDE_IP=10.0.6.50 |
OUTSIDE_IP=DHCP | #OUTSIDE_IP=DHCP |
OUTSIDE_NETMASK= | OUTSIDE_NETMASK=255.255.255.240 |
OUTSIDE_NETWORK= | OUTSIDE_NETWORK=10.0.6.48 |
OUTSIDE_BROADCAST= | OUTSIDE_BROADCAST=66.22.186.63 |
Internal Side of Firewall | |
INSIDE_IP=10.42.42.1 | INSIDE_IP=192.168.0.1 |
INSIDE_DEV=eth1 | INSIDE_DEV=eth1 |
INSIDE_NETWORK=10.42.42.0 | INSIDE_NETWORK=192.168.0.0 |
INSIDE_NETMASK=255.255.255.0 | INSIDE_NETMASK=255.255.255.240 |
INSIDE_BROADCAST=10.42.42.255 | INSIDE_BROADCAST=192.168.0.15 |
Miscellaneous | |
DEFAULT_GATEWAY= | DEFAULT_GATEWAY=10.0.6.1 |
NAME_SERVER_IP1= | NAME_SERVER_IP1=10.0.6.5 |
NAME_SERVER_IP2= | NAME_SERVER_IP2=64.83.0.10 |
HOSTNAME=floppyfw | HOSTNAME=floppyfw |
DOMAIN=floppyfwsecured.com | mydomain.com |
After making the above changes to the config file, I copied it back to the floppy and deleted the copy in the /tmp directory.
mcopy config a:
rm config
I then edited firewall.ini to set up the particular firewall rules I needed. I copied the file to the /tmp directory on a Linux system and edited it with the vi editor, but you could also edit the file with notepad on a Windows system, since the floppyfw diskette is DOS-formatted.
mcopy firewall.ini a:
vi firewall.ini
I did want to have SSH access to a server on the inside of the
firewall so I modified the line SERVER_IP=10.42.42.42
by replacing the default IP address of 10.42.42.42 with the address
of the internal system functioning as an SSH server. I then removed the
comment character, "#", from the beginning of the iptables lines below
(don't remove the one at the beginning of "# SSH:"):
# SSH:
#iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 22 -j DNAT --to ${SERVER_IP}:22
#iptables -A FORWARD -p tcp -d ${SERVER_IP} --dport 22 -o ${INSIDE_DEVICE} -j ACCEPT
I then saved the changes and used mcopy to copy the modified firewall.ini file back to the floppy
mcopy firewall.ini a:
floppyfw | |
MoonPoint |
References: