[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] HOWTO: Installing Adaptive Firewall (for Qube) on a RaQ 4
- Subject: [cobalt-users] HOWTO: Installing Adaptive Firewall (for Qube) on a RaQ 4
- From: Bruce Timberlake <bruce@xxxxxxxxxx>
- Date: Wed Dec 18 17:14:00 2002
- Organization: BRTNet.org
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NOTE: This is an UNOFFICIAL and UNSUPPORTED procedure. It works for
me, but your results may vary. Proceed at your own risk!
NOTE: This _should_ work on any RaQ as well, but I have not tested it
on anything but a RaQ 4.
1. Shell into your RaQ and become root.
2. Get the two firewall RPMS from http://www.cobaltfaqs.com/download/
(the Adaptive Firewall PKG on the Sun download site doesn't seem to
untar properly, so I'm posting the actual RPMS from within the PKG):
wget http://www.cobaltfaqs.com/download/phoenix-1.7-0.i386.rpm
wget
http://www.cobaltfaqs.com/download/phoenix-kmodules-1.0-9.i386.rpm
MD5SUM info:
b51161006b586b77891a03931d5ed958 phoenix-1.7-0.i386.rpm
bb36c8070d9f48b077ef7724a1ca5448 phoenix-kmodules-1.0-9.i386.rpm
3. Install the RPMS:
rpm -ivh phoenix*.rpm
Note: if you have the SHP patch installed (RaQ 4), you have an older
version of the firewall partially installed, and might get some
messages about conflicts with the older version. Either uninstall
it, or use
rpm -ivh --force --nodeps phoenix*.rpm
to get the newer version installed. Not sure what the implications to
the existing SHP install are, but as it's currently a security hole
and should be uninstalled anyway, it shouldn't be a major problem...
You can verify the RPMs installed by doing:
rpm -qa | grep phoenix
You should see:
phoenix-1.7-0
phoenix-kmodules-1.0-9
4. Look in /etc/rc.d/rc3.d and ensure the startup script is there:
ls -alF /etc/rc.d/rc3.d/S*
You should see
S72phoenix
in the list of files.
5. Start the firewall by doing:
/etc/rc.d/init.d/phoenix start
You'll see this output:
Loading phoenix module...
Using /lib/modules/phoenix/phoenix-1.6.6-2.2.16C32_III.o
Symbol version prefix ''
phoenix-1.6.6-2.2.16C32_III.o successfully loaded.
Starting pafserver: pafserver
Starting thttpd-phoenix: thttpd-phoenix
Starting paflogd: paflogd
Establishing Default Firewalls
Establishing masquerading configuration
error opening file
(this 'error opening file' is due to the RPM thinking it's on a Qube,
which normally has masquerading set up; it's nothing to worry about
that I can tell on a RaQ 4)
6. Generate an initial firewall access password:
/etc/phoenix/scripts/initpassphrase
Enter a passphrase twice when prompted (it's a temp password, which
you'll change in the UI, so just use something like 'test' or
whatever)
7. Point your browser at the server, port 8181 (www.domain.com:8181
or ip.ad.re.ss:8181) and follow the prompts to bring up the Java UI.
Ignore warning messages for some browsers: it was only QA'd with
Internet Exploder 5.5 and 6.0, and Netscape 4.7x. Other browsers
should work just fine... I use Konqueror and Mozilla on Linux with no
issues.
There's a user manual (PDF) link in the firewall UI to explain how it
works, how to set options, etc.
Output from the firewall is in /var/log/phoenix.log
- --
Bruce Timberlake
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+ARu+vLA2hUZ9kgwRAkjnAJ4udzFJs0MmZSqD7ZzwoTS9Els5VACdECdq
5P1haN1hayMmuGYoK7EMuhQ=
=x/Pz
-----END PGP SIGNATURE-----