OK, so you've got LBU all installed and working. Now what? From the local network, point your browser at the IP address of the firewall (by default, it's 192.168.1.254).

Figure 5: LBU Status
(click on the image for a larger view)

Nice. Who says a firewall isn't sexy? The LBU Weblet package, part of the base system, presents a nice looking status page with lots of clickable links to more information. From here, it's easy to get a very good idea, from the comfort of your desktop web browser, of exactly what the firewall has been up to.

Notice that the firewall is showing a "warning" condition in the above screenshot? Nothing is wrong, it's just been getting hit a lot lately by all the other systems on the Internet (probably infected with the latest virus) looking for their next victim. In other words, it's doing the job it's supposed to do. Want to know more? Just click a link. Here's a look at the "pretty" Shorewall log:

Figure 6: Shorewall log
(click on the image for a larger view)

Yep, it's pretty all right. You can find out just about anything you want to know about the firewall's basic status by following links. Very cool. I've included a few more screen shots below of other status info you can get (click on any of them for a larger view).

To provide for remote administration, the base LBU system includes an SSH server. If your desktop is a Windows system, you can download a free SSH client called PuTTY and use it to log into and configure your firewall system from your desktop. Of course, if your desktop is Linux, then you probably already have an SSH client installed.

When you log into your firewall remotely with SSH, you're presented with the familiar LBU configuration utility shown earlier. Use it to make your changes, and then be sure to back up the affected packages. You can also use common Linux utilities like "cat" and "less" to read log files or even watch them in real time to help with troubleshooting. For instance, let's say you think that the LBU firewall is blocking a local user's computer, whose IP address is 192.168.1.10, when he tries to check his email. Simply SSH to the firewall and enter something like this:

tail -f /var/log/shorewall.log | grep 192.168.1.10

and then watch as your user tries to check his email. Shorewall itself also provides "monitor", "logwatch", and "show" functions that enable you to watch the firewall status in real time.