(Part of the detailed Step-by-Step Installation Guide for setting up the Server)

We use Shorewall as it simplifies Firewall setup & has excellent documentation.

sudo apt-get install shorewall

sudo vi /etc/default/shorewall

startup=1

NB We assume that there is a WAN router plugged into the LAN2 ethernet port (eth1). If using a USB ADSL modem then replace 'eth1' with 'ppp0'.

sudo cp /usr/share/doc/shorewall/examples/three-interfaces/* /etc/shorewall/

sudo gunzip /etc/shorewall/interfaces.gz /etc/shorewall/masq.gz /etc/shorewall/rules.gz /etc/shorewall/policy.gz 

sudo vi /etc/shorewall/interfaces

net eth1 detect tcpflags,dhcp,routefilter,norfc1918,nosmurfs,logmartians
loc eth0 detect tcpflags,detectnets,nosmurfs

sudo vi /etc/shorewall/shorewall.conf

IP_FORWARDING=On

sudo vi /etc/shorewall/masq

eth1 eth0
eth1 eth2

sudo vi /etc/shorewall/policy

$FW net ACCEPT
dmz net ACCEPT
dmz $FW ACCEPT
dmz loc ACCEPT

sudo vi /etc/shorewall/rules

#SSH/ACCEPT loc dmz
#DNS/ACCEPT dmz net
# Allow connections to the Server
DNS/ACCEPT loc $FW
ACCEPT loc $FW tcp 21
ACCEPT loc $FW tcp 25
ACCEPT loc $FW tcp 80
ACCEPT loc $FW tcp 8081
# Reject ICMP from LAN to Internet (we provide Smokeping instead)
REJECT loc net icmp

sudo /etc/init.d/shorewall restart

Provide priority access via LAN3:

sudo vi /etc/network/interfaces

# LAN3 (DMZ)
auto eth2
iface eth2 inet static
address 192.168.2.1
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255

sudo /etc/init.d/networking restart

Download Wondershaper & Tune:

wget http://lartc.org/wondershaper/wondershaper-1.1a.tar.gz

tar zxvf wondershaper-1.1a.tar.gz

sudo cp wondershaper-1.1a/wshaper /etc/shorewall/tcstart

sudo vi /etc/shorewall/tcstart

DOWNLINK=256
UPLINK=128
DEV=eth1
NOPRIOHOSTSRC= 192.168.1.0/24
#echo Please read the documentation in 'README' first :-\)
#exit

sudo vi /etc/shorewall/shorewall.conf

TC_ENABLED=Yes

sudo /etc/init.d/shorewall restart

Continue with the rest of the detailed Step-by-Step Installation Guide