Relocate interface identification tip

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5403 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-02-14 16:39:35 +00:00
parent 07308373de
commit 00548ee4eb
3 changed files with 59 additions and 57 deletions

View File

@ -329,15 +329,6 @@ all all REJECT info</programlisting>
<acronym>ISDN</acronym>, your external interface will be <filename <acronym>ISDN</acronym>, your external interface will be <filename
class="devicefile">ippp0</filename>.</para> class="devicefile">ippp0</filename>.</para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>The Shorewall one-interface sample configuration assumes that the
external interface is <filename class="devicefile">eth0</filename>. If
your configuration is different, you will have to modify the sample
<filename>/etc/shorewall/interfaces</filename> file accordingly. While you
are there, you may wish to review the list of options that are specified
for the interface. Some hints:</para>
<tip> <tip>
<para>Be sure you know which interface is your external interface. Many <para>Be sure you know which interface is your external interface. Many
hours have been spent floundering by users who have configured the wrong hours have been spent floundering by users who have configured the wrong
@ -360,6 +351,15 @@ root@lists:~# </programlisting>
the external interface.</para> the external interface.</para>
</tip> </tip>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>The Shorewall one-interface sample configuration assumes that the
external interface is <filename class="devicefile">eth0</filename>. If
your configuration is different, you will have to modify the sample
<filename>/etc/shorewall/interfaces</filename> file accordingly. While you
are there, you may wish to review the list of options that are specified
for the interface. Some hints:</para>
<tip> <tip>
<para>If your external interface is <filename <para>If your external interface is <filename
class="devicefile">ppp0</filename> or <filename class="devicefile">ppp0</filename> or <filename

View File

@ -382,6 +382,31 @@ $FW net ACCEPT</programlisting>
external interface will be <filename external interface will be <filename
class="devicefile">ippp0</filename>.</para> class="devicefile">ippp0</filename>.</para>
<tip>
<para>Be sure you know which interface is your external interface. Many
hours have been spent floundering by users who have configured the wrong
interface. If you are unsure, then as root type "ip route ls" at the
command line. The device listed in the last (default) route should be
your external interface.</para>
<para>Example:</para>
<programlisting>root@lists:~# ip route ls
192.168.1.1 dev eth0 scope link
192.168.2.2 dev tun0 proto kernel scope link src 192.168.2.1
192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.254
10.13.10.0/24 dev tun1 scope link
192.168.2.0/24 via 192.168.2.2 dev tun0
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.254
206.124.146.0/24 dev eth0 proto kernel scope link src 206.124.146.176
10.10.10.0/24 dev tun1 scope link
default via 206.124.146.254 dev <emphasis role="bold">eth0</emphasis>
root@lists:~# </programlisting>
<para>In that example, <filename class="devicefile">eth0</filename> is
the external interface.</para>
</tip>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para> <para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>I<emphasis role="bold">f your external interface is <filename <para>I<emphasis role="bold">f your external interface is <filename
@ -429,31 +454,6 @@ $FW net ACCEPT</programlisting>
are there, you may wish to review the list of options that are specified are there, you may wish to review the list of options that are specified
for the interfaces. Some hints:</para> for the interfaces. Some hints:</para>
<tip>
<para>Be sure you know which interface is your external interface. Many
hours have been spent floundering by users who have configured the wrong
interface. If you are unsure, then as root type "ip route ls" at the
command line. The device listed in the last (default) route should be
your external interface.</para>
<para>Example:</para>
<programlisting>root@lists:~# ip route ls
192.168.1.1 dev eth0 scope link
192.168.2.2 dev tun0 proto kernel scope link src 192.168.2.1
192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.254
10.13.10.0/24 dev tun1 scope link
192.168.2.0/24 via 192.168.2.2 dev tun0
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.254
206.124.146.0/24 dev eth0 proto kernel scope link src 206.124.146.176
10.10.10.0/24 dev tun1 scope link
default via 206.124.146.254 dev <emphasis role="bold">eth0</emphasis>
root@lists:~# </programlisting>
<para>In that example, <filename class="devicefile">eth0</filename> is
the external interface.</para>
</tip>
<tip> <tip>
<para>If your external interface is <filename <para>If your external interface is <filename
class="devicefile">ppp0</filename> or <filename class="devicefile">ppp0</filename> or <filename

View File

@ -354,6 +354,31 @@ $FW net ACCEPT</programlisting> The above policy will:
<acronym>ISDN</acronym>, your external interface will be <filename <acronym>ISDN</acronym>, your external interface will be <filename
class="devicefile">ippp0</filename>.</para> class="devicefile">ippp0</filename>.</para>
<tip>
<para>Be sure you know which interface is your external interface. Many
hours have been spent floundering by users who have configured the wrong
interface. If you are unsure, then as root type "ip route ls" at the
command line. The device listed in the last (default) route should be
your external interface.</para>
<para>Example:</para>
<programlisting>root@lists:~# ip route ls
192.168.1.1 dev eth0 scope link
192.168.2.2 dev tun0 proto kernel scope link src 192.168.2.1
192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.254
10.13.10.0/24 dev tun1 scope link
192.168.2.0/24 via 192.168.2.2 dev tun0
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.254
206.124.146.0/24 dev eth0 proto kernel scope link src 206.124.146.176
10.10.10.0/24 dev tun1 scope link
default via 206.124.146.254 dev <emphasis role="bold">eth0</emphasis>
root@lists:~# </programlisting>
<para>In that example, <filename class="devicefile">eth0</filename> is
the external interface.</para>
</tip>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para> <para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>I<emphasis role="bold">f your external interface is <filename <para>I<emphasis role="bold">f your external interface is <filename
@ -388,29 +413,6 @@ $FW net ACCEPT</programlisting> The above policy will:
class="directory">/etc/shorewall/</filename><filename>interfaces</filename> class="directory">/etc/shorewall/</filename><filename>interfaces</filename>
file accordingly. While you are there, you may wish to review the list of file accordingly. While you are there, you may wish to review the list of
options that are specified for the interfaces. Some hints:<tip> options that are specified for the interfaces. Some hints:<tip>
<para>Be sure you know which interface is your external interface.
Many hours have been spent floundering by users who have configured
the wrong interface. If you are unsure, then as root type "ip route
ls" at the command line. The device listed in the last (default) route
should be your external interface.</para>
<para>Example:</para>
<programlisting>root@lists:~# ip route ls
192.168.1.1 dev eth0 scope link
192.168.2.2 dev tun0 proto kernel scope link src 192.168.2.1
192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.254
10.13.10.0/24 dev tun1 scope link
192.168.2.0/24 via 192.168.2.2 dev tun0
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.254
206.124.146.0/24 dev eth0 proto kernel scope link src 206.124.146.176
10.10.10.0/24 dev tun1 scope link
default via 206.124.146.254 dev <emphasis role="bold">eth0</emphasis>
root@lists:~# </programlisting>
<para>In that example, <filename class="devicefile">eth0</filename> is
the external interface.</para>
</tip><tip>
<para>If your external interface is <filename <para>If your external interface is <filename
class="devicefile">ppp0</filename> or <filename class="devicefile">ppp0</filename> or <filename
class="devicefile">ippp0</filename>, you can replace the class="devicefile">ippp0</filename>, you can replace the