NuFW Howto

Eric Leblond

Vincent Deffontaines

Copyright © 2005-2008 INL

Table of Contents

2. Introduction

2.1. Presentation

2.2. Requirements

2.2.1. Nuauth dependencies
2.2.2. nufw dependencies
2.2.3. User marking requirement on old kernel
2.2.4. Using nfnetlink and getting all latest NuFW features

3. Compilation and installation

3.1. Default distribution kernels

3.2. Kernel preparation

3.3. Linux 2.6.14 and better

3.4. NuFW compilation

3.5. Initial setup and tests

3.5.1. Certificates and client installation
3.5.2. Creating your own certificates
3.5.3. Basic nuauth setup

3.6. Testing

3.6.1. Setting up Netfilter rules before 2.6.14
3.6.2. Setting up Netfilter rules from 2.6.14
3.6.3. Testing the authentication system
3.6.4. Initial tests and debug process

4. Setting up NuFW

4.1. Using the LDAP module for acl checking

4.1.1. Installation of OpenLDAP server (slapd)
4.1.2. Slapd configuration
4.1.3. nuauth configuration
4.1.4. Using nuface, a web-based rules generator
4.1.5. nuaclgen configuration

4.2. Setting up NuFW authenticated connections tracking

4.2.1. nuauth settings
4.2.2. Installation of MySQL server
4.2.3. Installation of PostgreSQL server
4.2.4. SQL configuration
4.2.5. Life of a connection in the SQL table
4.2.6. Netfilter settings
4.2.7. Using the connection tracking

4.3. Single Sign On setup

4.3.1. Apache
4.3.2. Squid

4.4. Certificate authentication

4.5. User based Quality of Service

4.5.1. Setting up Kernel on non libnetfilter_queue system
4.5.2. Setting up nufw
4.5.3. Setting up Netfilter
4.5.4. Using marking modules
4.5.5. Using NuFW mark

4.6. Chaining modules in nuauth

4.6.1. Syntax description
4.6.2. Some examples

4.7. Hardening NuFW install

4.7.1. Nufw certificate verification
4.7.2. User authentication restrictions
4.7.3. On client side
4.7.4. Using ldaps for ACLs checking

4.8. Nuauth authentication configurations

4.8.1. PAM/LDAP authentication with Nuauth
4.8.2. PAM/Winbind authentication with Nuauth

5. Authentication Agents

5.1. Windows
5.2. Linux
5.3. MacOS
5.4. UNIX and BSD systems

6. Miscellaneous

6.1. Supported protocols

6.2. Big endian architectures

6.3. System with glibc 2.3.2

6.4. Debian specific

6.5. Mandrake specific

6.6. Suse specific

6.7. Redhat specific

6.7.1. RedHat Enterprise Linux 4

6.8. Known issues

6.8.1. Problem with ip_queue on kernel prior to 2.6.12
6.8.2. Running NuFW in a virtualized environment

		Next
		License