Table of Contents
1. Getting the software
2. Resolving the dependences
3. Instaling for Redhat systems
4. Instaling for other rpm based systems
5. Instaling for Slackware systems
6. Instaling for Debian and another systems
7. Configuring global options
8. Tuning kernel Ipv4 configuration
9. Configuring Interfaces
10. Managing Alfandega ACL's
11. Configuring system services
12. Using firewall blacklists
13. Protecting system from spoofed access
14. Enabling masquerading
15. Enabling port-forwarding
16. Setting a Alfandega simple IDS
17. Hacking Alfandega core
1. Getting the software
You may get the Alfandega distributions and modules in download
section of software site or at one of sourceforge.net
mirrors. I recommend you choose your package according follow table:
|
Distro Name |
Package Type |
Dependences |
| Redhat Linux 7.x | rpm 7.3 packages | dependences rpms |
| Redhat Linux 8.x | rpm 8.0 packages | dependences rpms |
| Slackware Linux 8.x | tgz packages | dependences CPAN tarballs |
| Suse Linux 8.0 | rpm 7.3 packages | dependences rpms |
| Suse Linux 8.1 | rpm 8.0 packages | dependences rpms |
| Conectiva Linux 8.0 | rpm 8.0 packages | dependences rpms |
| Debian Linux 3.0 | CPAN tarballs | dependences CPAN tarballs |
| Other | CPAN tarballs | dependences CPAN tarballs |
2. Resolving the dependences
If you are running a rpm based distro, you must unpack the dependences rpms
tarball and chdir into the folder for your perl version. Install all packages
by executing follow command as root:
# rpm -Uhv *.rpm
This only satisfact uncommon modules dependences. The perl header files, perl libnet and Digest-MD5 are installed by default in a full install of any system and it wasn't provided by any of the Alfandega dependences tarballs.
Case your system is Slackware, Debian or another, unpack the dependences CPAN
tarball, and for each of CPAN modules, unpack it, chdir extracted folder and
run follow commands in this order:
$ perl Makefile.PL
$ make
$ make test
$ su
# make install
or you can try to use CPAN shell to install dependences modules:
# perl -MCPAN -e shell
If is the first time you use CPAN shell, you need to configure it:
Are you ready for manual configuration? [yes]
CPAN build and cache directory? [/root/.cpan]
Cache size for build directory (in MB)? [10]
Perform cache scanning (atstart or never)? [atstart]
Policy on building prerequisites (follow, ask or ignore)? [follow]
Where is your gzip program? [/bin/gzip]
Where is your tar program? [/bin/tar]
Where is your unzip program? [/usr/bin/unzip]
Where is your make program? [/usr/bin/make]
Where is your lynx program? [/usr/bin/lynx]
Where is your ncftpget program? [/usr/bin/ncftpget]
Where is your ftp program? [/usr/bin/ftp]
What is your favorite pager program? [/usr/bin/less]
What is your favorite shell? [/bin/bash]
Parameters for the 'perl Makefile.PL' command? []
Parameters for the 'make' command? []
Parameters for the 'make install' command? []
Timeout for inactivity during Makefile.PL? [0]
Your ftp_proxy?
Your http_proxy?
Your no_proxy?
Select your continent (or several nearby continents) [] 7
Select your country (or several nearby countries) [] 2
Select as many URLs as you like [] 3
Your favorite WAIT server? [wait://ls6.informatik.uni-dortmund.de:1404]
cpan>
Now you install the modules:
cpan> install Class::MethodMaker
cpan> install Term::ReadKey
cpan> install Term::ProgressBar
cpan> install Compress::Zlib
cpan> install Net::IP
cpan> install IO::Inteface
cpan> quit
3. Installing for Redhat systems
Assuming you don't forget to resolve all the dependences, you must only install
the Alfandega rpm:
# rpm -ihv alfandega-{version}-{release}.noarch.rpm
replacing {version} and {release} by sotware version and rpm release respectivelly.
If you are upgrading, change "-ihv" for "-Uhv".
4.Instaling for other rpm based
systems
Alfandega rpm's only tested on Redhat systems, but you can try to install them
under your distro. Probally if you are running a distro with perl version 5.6.1
or 5.8.0, and the dependences rpm's was sucessfully installed, you can't greater
problems in install Alfandega's rpm. There is the list of more important files
the Alfandega's rpm install:
/etc/alfandega/README
/etc/alfandega/acl.conf
/etc/alfandega/addons/CheckProbe.conf
/etc/alfandega/addons/CheckSpoofing.conf
/etc/alfandega/addons/IcmpControl.conf
/etc/alfandega/addons/LocalBlacklist.conf
/etc/alfandega/addons/LogControl.conf
/etc/alfandega/addons/Masquerading.conf
/etc/alfandega/addons/PacketForwarding.conf
/etc/alfandega/addons/RemoteBlacklist.conf
/etc/alfandega/addons/Services.conf
/etc/alfandega/alfandega.conf
/etc/alfandega/chains.conf
/etc/alfandega/core/dual/README
/etc/alfandega/core/dual/forward.conf
/etc/alfandega/core/dual/input.conf
/etc/alfandega/core/dual/logpolicy.conf
/etc/alfandega/core/dual/output.conf
/etc/alfandega/core/dual/statefull.conf
/etc/alfandega/interfaces.conf
/etc/alfandega/modules.conf
/etc/alfandega/net/timeservers.conf
/sbin/alfandega
/usr/lib/perl5/{perl_version}/{perl_arch}/Alfandega/Addons.pm
/usr/lib/perl5/{perl_version}/{perl_arch}/Alfandega/Addons/CheckProbe.pm
/usr/lib/perl5/{perl_version}/{perl_arch}/Alfandega/Addons/CheckSpoofing.pm
/usr/lib/perl5/{perl_version}/{perl_arch}/Alfandega/Addons/IcmpControl.pm
/usr/lib/perl5/{perl_version}/{perl_arch}/Alfandega/Addons/LocalBlacklist.pm
/usr/lib/perl5/{perl_version}/{perl_arch}/Alfandega/Addons/LogControl.pm
/usr/lib/perl5/{perl_version}/{perl_arch}/Alfandega/Addons/Masquerading.pm
/usr/lib/perl5/{perl_version}/{perl_arch}/Alfandega/Addons/PacketForwarding.pm
/usr/lib/perl5/{perl_version}/{perl_arch}/Alfandega/Addons/RemoteBlacklist.pm
/usr/lib/perl5/{perl_version}/{perl_arch}/Alfandega/Addons/Services.pm
/usr/lib/perl5/{perl_version}/{perl_arch}/Alfandega/Config.pm
/usr/lib/perl5/{perl_version}/{perl_arch}/Alfandega/Control.pm
/usr/lib/perl5/{perl_version}/{perl_arch}/Alfandega/Firewall.pm
/usr/lib/perl5/{perl_version}/{perl_arch}/Alfandega/Interfaces.pm
/usr/lib/perl5/{perl_version}/{perl_arch}/Alfandega/Language.pm
/usr/lib/perl5/{perl_version}/{perl_arch}/Alfandega/Language/Brazilian.pm
/usr/lib/perl5/{perl_version}/{perl_arch}/Alfandega/Language/English.pm
/usr/lib/perl5/{perl_version}/{perl_arch}/Alfandega/Modules.pm
/usr/lib/perl5/{perl_version}/{perl_arch}/Alfandega/SysCtl.pm
where {perl_version} is 5.6.1 or 5.8.0 and {perl_arch} is i386-linux (perl
5.6.1)or i386-linux-thread-multi (perl 5.8.0).
If your document and perl paths are the same as created by this rpm you will
don't meet any problems.
You may want to compile new rpms to your distribution. In this case you need
to unpack the Alfandega's source tarball and chdir to expanded folder. After
this run (as root):
# make rpms
This command will create rpms for your distribution, unless a problem occur.
Note that common problems can require a patch to the Alfandega's Makefile.
5.Instaling for Slackware systems
To install alfandega in Slackware linux simple chdir to folder when you save
alfandega tgz package and run these command as root:
# pkgtool
and follow the instructions.
6. Instaling for Debian and another
systems
To install Alfandega Firewall in a Debian box you may need to install from CPAN
mode. After resolve the dependences (using CPAN method too) you must expand
the Alfandega's CPAN distribution, chdir to expanded folder and run this commands:
$ perl Makefile.PL
$ make
$ make test
$ su
# make install
Note that to do it perl header files must to be installed first and you can
need to patch Makefile.PL.