Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Re: how2: FW1 on SuSE7

To: <[email protected]>
Subject: [FW1] Re: how2: FW1 on SuSE7
From: "Mike Thomi" <[email protected]>
Date: Tue, 13 Feb 2001 23:23:28 +0100
Cc: <[email protected]>
References: <[email protected]>
Sender: [email protected]

Hi

0. install a suse7 minimal installation
------------------------------------
+ components which are needed for compiling a new kernel
(Don't ask me which components, YOU should be familiar with the linux os, if
you want to run stuff like fw1)

1. you need to compile a kernel yourself
----------------------------------------
use a 2.2.x kernel, fw1 does *NOT* work with 2.4.x
I like to compile a minimal kernel without any special devices.
Only activate these components which are located in your box.
I like *not* to compile components as modules, I always inlcude them
directly into the kernel

Settings which are useful for fw1
--------------------------------
/usr/src/linux/.config
#
# Loadable module support
#
CONFIG_MODULES=y
CONFIG_KMOD=y

#
# Networking options
#
CONFIG_PACKET=y
CONFIG_NETLINK=y
CONFIG_RTNETLINK=y
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_IP_ROUTER=y
CONFIG_IP_ALIAS=y
CONFIG_SYN_COOKIES=y
CONFIG_SKB_LARGE=y

2. Install your kernel
--------------------
- test it (try to loop ftp up/downloads or something else to check if the
network works fine
- try to ping flood it with big packets and such stuff, if everything works
fine ...your kernel seems to be stable.

3. Install initial CPfw1 4.1 as root
----------------------------------
- rpm -i CPfw1-41-strong.i386.rpm
 *DO NOT BOOT*
- log off the console and relogon.as root again. Now FWDIR should be set
(set|grep FWDIR)
- cd /etc/fw/bin
./cpconfig
select the right stuff
again *DO NOT BOOT*

4. now install CPfw1 4.1 SP2 as root
--------------------------------------
rpm -i --replacefiles --nodeps CPfw1-41.2-SP2.i386.rpm
*DO NOT BOOT*

5. now the annoying stuff that takes some time
----------------------------------------------
- cd /sbin/init.d
- ls -lt |more
- take a look at the files which are newly created and associated with fw1
- move these files to a backup directory
- go to all runlevel rcX.d directories and check for newly created softlinks
which are associated with fw1
- remove these softlinks.

6. copy the attached fw1boot / fw1start to /sbin/init.d/
------------------------------------------------------
- Don't forget to mark the files as executables (chmod u+x fw1boot fw1start)

7. copy the attached fwstart to /etc/fw/bin/
------------------------------------------

8. now reboot the system
-------------------------

9. after reboot ...nothing special should happen and the system should be
like before
----------------------------------------------------------------------------
--------
If the system writes errors to the console, then you forgot to remove fw-1
soft links in /sbin/init.d/rcX.d

10. change to /etc/fw/bin and add your license informations
-----------------------------------------------------------
- ./fw putlic x.x.x.x never blblablablabl

11. now manually start the beast
--------------------------------
/sbin/init.d/fw1start

12. connect with your management gui to the firewall
-----------------------------------------------------
- start configure rules/objects
- try to upload rules to the fw1

13. if everything worked fine you can add the softlinks to the
/sbin/init.d/rc2.d
----------------------------------------------------------------------------
-
S06fw1boot -> ../fw1boot
S99fw1start -> ../fw1start
K39fw1stop -> ../fw1start

14. drink a beer and have fun....
--------------------------------

regards,
mike

----- Original Message -----
From: <[email protected]>
To: <[email protected]>
Sent: Tuesday, February 13, 2001 9:19 AM
Subject: Question to Miko Thomi about FW1 on SuSE


> Dear Mike,
> On the fw1-mailinglist, i noticed that you have managed to got the
> CheckPoint FW1 for Linux working on SuSE 7.0
> Since i am a SuSE user i am not so familiar with RedHat Linux
distribution.
> I managed to get hold of a copy of RH 7 but found all sorts of problems
> with the running of FW1.
> Hopefully you have documented in some form your FW1 installation on SuSE
7.
> I would be verry gratefuI if you would like to share your information on
> your SuSE inplementation. (I hope you dont feel offended by my question.)
>
>
> With kind regards,

Attachment: fwstart
Description: Binary data

Attachment: fw1boot
Description: Binary data

Attachment: fw1start
Description: Binary data

Prev by Date: RE: [FW1] More network neighborhood browsing questions
Next by Date: [FW1] Using Secure Remote with Secure ID
Previous by thread: [FW1] AW: SMTP troubles with FW-1, eSafe and a Notes SMTP Relay
Next by thread: [FW1] Using Secure Remote with Secure ID
Index(es):
- Date
- Thread