This section contains general information about how to configure the Sentry Firewall CD, including information on which files to edit and how to setup specific daemons and services on a running system.
More information about configuring specific daemons or services can be found in the HOWTO.
This section covers specifically the configuration of the system via the various init scripts kept in /etc/rc.d/(Slackware) or /etc/init.d/(Debian).
NOTE: This section applies to the SENTRYCD and SENTRYCD-DEVEL(Slackware-based) branches.
Versions of the Sentry Firewall CD before 1.5.0-rc7 utilized a perl-based rc.inet1 script to add and configure interfaces. The syntax of this file was similiar to the syntax used in the sentry.conf file for network configuration support -
$interface(1..10) = "<IF>:<IP ADDRESS[/NETMASK]>|<DHCP>" ## Examples: $interface1 = "eth0:192.168.1.1/24"; ## Set up eth0 with ip 192.168.1.1 and ## netmask 255.255.255.0. $interface2 = "eth0:192.168.1.2/24"; ## Bind second IP to eth0. $interface3 = "eth1:dhcp"; ## Use DHCP to set up eth1.
As you can see, the syntax is fairly simple. You can configure an interface or add an IP address by adding a "$interface#" variable.
As of version 1.5.0-rc7, the Sentry Firewall CD utilizes a modified version of the rc.inet1 and rc.inet1.conf init files that appeared in Slackware 9.1. Once again, you alter the network setup by altering a bunch of variables, except this time you edit /etc/rc.d/rc.inet1.conf instead of rc.inet1 itself. By default, this file supports the setup of up to four ethernet devices. A basic entry to set up eth0 looks something like the following:
IPADDR="192.168.1.10" NETMASK="255.255.255.0" USE_DHCP="" DHCP_HOSTNAME="" ETH0_ALIAS="" ## For multiple IPs on interface. ETH0_ALIAS="" ## Ditto. GATEWAY="192.168.1.1"
To use DHCP instead of static IP addresses, set the "USE_DHCP" directive to "yes". You may also add any number of additional "alias" IP addresses to each interface with the "ETHx_ALIAS[#]" variable.
NOTE: Keep in mind that if neither of these rc files suit your needs you may simply replace the rc.inet1 file at boot time with your own script by using the 'rc.inet1' directive in your sentry.conf file.
If there is something you wish to add to this list or to the documentation in general, please feel free to email Obsid@Sentry.net.