User manual BARRACUDA COMMAND LINE REV 1.1 INTERFACE GUIDE
Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!
If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Lastmanuals provides you a fast and easy access to the user manual BARRACUDA COMMAND LINE REV 1.1. We hope that this BARRACUDA COMMAND LINE REV 1.1 user guide will be useful to you.
Lastmanuals help download the user guide BARRACUDA COMMAND LINE REV 1.1.
Manual abstract: user guide BARRACUDA COMMAND LINE REV 1.1INTERFACE GUIDE
Detailed instructions for use are in the User's Guide.
[. . . ] Command Line Interface Guide
Barracuda NG Firewall Revision 1. 1
Barracuda Networks Inc. Winchester Blvd Campbell, CA 95008 http://www. barracuda. com
Copyright Notice
Copyright 2004-2010, Barracuda Networks www. barracuda. com v4. x-090623-06-1119 All rights reserved. Use of this product and this manual is subject to license. Information in this document is subject to change without notice.
Trademarks
Barracuda NG Firewall is a trademark of Barracuda Networks. [. . . ] 42
Network Activation 41
6. 1
General
This chapter is about activating a new network configuration using the console. · · Which tools are needed?Which files can be changed?
6. 2
Networking Layer
The networking layer is installed along with the etc_box package. It is called phionetc_box because almost all relevant files are located within the /etc/phion directory. The main purpose of this package is controlling every part of the system that communicates using the network. Along with the software modules, there are further packages, such as openssh or ntp, that retrieve their configuration from NGFW scripts and whose modules are started by these scripts.
6. 3
Configuration Files
There are three configuration files used to control the network behavior of the system: · · · 6. 3. 1 Options 6. 3. 2 boxadm. conf, page 43 6. 3. 3 boxnet. conf, page 43
6. 3. 1
Options
This is the only configuration file not managed by Barracuda NG Admin.
Fig. BOX_NETWORK="Y" # Number of retries to bring up all devices, sometimes useful for token ring devices NET_RETRY=0 # should the phion subsystem be started ?PHION_START="Y" #for some historical reason: should the NetDB subsystem be started?#CAUTION: Activate only if you know very well what you are doing. NETDB_START="N" # for advanced Servers START_ORA="N" #Y/N start ORACLE on BOOT START_ADABAS="N" #Y/N start ADABAS on BOOT
Table 63 Parameters in the options file Parameter
BOX_NETWORK NET_RETRY PHION_START NETDB_START
Options
Y/N numerical Y/N Y/N
Default
Y 0 Y N
Description
If set to "N", nothing will happen when trying to start networking. Number of allowed retries for network connectionestablishment. If set to "N", the Barracuda operative layer will not start. Use this if a box is running without proprietary Barracuda NGFW software. Only of use when using a box with NetDB database on it.
42
Barracuda NG Firewall - Command Line Interface Guide
6. 3. 2
boxadm. conf
Contains parameters related to services that don't require a network restart in order to get activated (e. g. Additionally, this file contains information about box services (box tuning).
Fig. 639 Example for boxadmin. conf content
ACLLIST[] = DNSSERVER[] = 212. 86. 0. 4 DOMAIN = phion. qa INACTFLAG = n NTPEVT = 0 RPASSWD = $1$someMD5encryption SPASSWD = $1$someMD5encryption STARTNTP = y SYNC = y TMASTER[] = 10. 0. 0. 33 TZONE = Europe/Vienna UTC = y [rootalias_mbr] AUTHLEVEL = 0 NAME = mbr PASSWD = $1$goelga$9ysSYZ4X. qpJqn8k0KpsC. PUBKEY = -----BEGIN RSA PUBLIC KEY----MIGJAoGBAOV2ltrcBSa4mV3S0ni6P6K9RTIWHG3aMoolsAQNEsImcReUqhdc+QQ2 kCHHHJ5HWpBc0ePF6P+nrv0Pgw3SZHcV3mA7L1JeHs2XEqvndnVlvA+uNhnbMVBD o/yUhq4Vwdgmu3OiUlspJhgRnCapRIvSAmoARNPWoGA/tw8HgJdTAgMBAAE= -----END RSA PUBLIC KEY----[rootalias_pmr] AUTHLEVEL = 0 NAME = pmr PASSWD = $1$djoanl$BPvPXlA87meC4. JVNljcP. PUBKEY = -----BEGIN RSA PUBLIC KEY----MIGJAoGBAM2dG/OHlJCdIASXy4DmOWb23u4SJr2q/BzalLDM31m9kc/zsKAbZasU Yevr86H7yZ2qqtILywycsCYKuYATZe37QlO30vyh+VCphgumwbfVXl9fkAeJUrzM XGNRUWpwiDCl4vEpGl0b5gHka/XjKdsM4RmXAE6k+6+5sAuIrZqPAgMBAAE= -----END RSA PUBLIC KEY-----
6. 3. 3
boxnet. conf
Contains information about dealing with network connections, such as host name, network devices, IP addresses and routing information.
Fig. 640 Example for boxnet. conf content
HOSTNAME = mybox RAM = n VIP = [addnet_212er] BIND = y CRIT = n DEV = eth1 IP = 212. 86. 0. 112 MASK = 8 NAME = 212er PING = y [addroute_default1] DEST = 212. 86. 0. 100 DEV = FOREIGN = y MASK = 32 NAME = default1 PREF = 100 SRC = TARGET = 0. 0. 0. 0 TYPE = gw [addroute_default2] DEST = 212. 86. 1. 100 DEV = FOREIGN = y MASK = 32 NAME = default2 PREF = 200 FOREIGN = y MASK = 8 NAME = dev2 PREF = SRC = TARGET = 212. 86. 1. 0 TYPE = dev [addroute_devnet] DEST = 10. 0. 0. 101 DEV = FOREIGN = y MASK = 8 NAME = devnet PREF = SRC = TARGET = 10. 0. 3. 0 TYPE = gw [boxnet] DEV = eth0 IP = 10. 0. 0. 181 MASK = 8 [cards_10realtek] BLTIN = module MOD = 8139too. o NAME = 10realtek NUM = 2 TYPE = eth
Network Activation 43
44
Barracuda NG Firewall - Command Line Interface Guide
Chapter 7 Verification Scripts
/etc/phion/bin/verify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Verification Scripts 45
7. 1
/etc/phion/bin/verify
This script checks the logical consistency of the boxnet. conf and boxadm. conf files. It's also used by the GUI during network configuration checks.
Fig. 741 Example for a consistency check
[root@winix:/var/phion/logs]# verify /opt/phion/config/configroot/boxnet. conf SUCCESS: No obvious critical consistency errors in box configuration Info: [0140000] º boxnet(k, ARGS): box reaches MC@10. 0. 6. 3 from 10. 0. 6. 31 via »10. 0. 6. 0/8 dev eth0 src 10. 0. 6. 31 realm internal« Info: [0140000] º boxnet(k, ARGS): box reaches MC@10. 0. 6. 2 from 10. 0. 6. 31 via »10. 0. 6. 0/8 dev eth0 src 10. 0. 6. 31 realm internal« Info: [0140000] º boxnet(k, ARGS): box reaches server NTP@10. 0. 6. 96 from 10. 0. 6. 31 via »10. 0. 6. 0/8 dev eth0 src 10. 0. 6. 31 realm internal« Info: [0140000] º boxnet(k, ARGS): box reaches server DNS@10. 0. 6. 90 from all via »10. 0. 6. 0/8 dev eth0 src 10. 0. 6. 31 realm internal« Info: [0140000] º boxnet(k, ARGS): logical check passed [ local networks ] |name |addr |dev |ping |mgmt |ntpd ---------------------------------------------------------------net0 |loop |127. 0. 0. 1/8 |lo |y |y |n net1 |fw |127. 0. 1. 1/8 |tap0 |y |n |n net2 |vpn |127. 0. 2. 1/8 |tap1 |y |n |n net3 |vpnpers |127. 0. 3. 1/8 |tap2 |y |n |n net4 |mip0 |10. 0. 6. 31/8 |eth0 |y |y |y net5 |ospfVP |10. 0. 151. 33/8 |eth1 |y |n |n [ management IPs ] |addr -------------------------ip0 |127. 0. 0. 1/0 ip1 |10. 0. 6. 31/0 [ servers ] 1: mw primary box: secondary box: 1st server ip: 2nd server ip: 2: win0 primary box: secondary box: 1st server ip: 2nd server ip: add server ip: add server ip: add server ip: add server ip: add server ip: add server ip: [ IP tunnels ] |status |name |mode |dev/src addr | local <-> remote --------------------------------------------------------------------------------------tu0 |ready |tun1 |gre |10. 0. 150. 33/8 | 10. 0. 151. 33 <-> 10. 0. 151. 8 [ routing structure ] Type indicators: 'u' . . . . [. . . ] Finished Successfully
90
Barracuda NG Firewall - Command Line Interface Guide
Chapter 19 Linux Networking Commands
General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 tcpdump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Linux Networking Commands 91
19. 1 General
Amongst others, the herewith listed commands are particularly suitable for finding and soluting networking problems.
19. 2 ip
The ip tool is a TCP/IP interface configuration and routing utility. [. . . ]
DISCLAIMER TO DOWNLOAD THE USER GUIDE BARRACUDA COMMAND LINE REV 1.1
Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... In any way can't Lastmanuals be held responsible if the document you are looking for is not available, incomplete, in a different language than yours, or if the model or language do not match the description. Lastmanuals, for instance, does not offer a translation service.
Click on "Download the user manual" at the end of this Contract if you accept its terms, the downloading of the manual BARRACUDA COMMAND LINE REV 1.1 will begin.