Relocate interface identification tip

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5403 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

docs/standalone.xml

@@ -329,15 +329,6 @@ all            all                REJECT   info</programlisting>
     <acronym>ISDN</acronym>, your external interface will be <filename
     class="devicefile">ippp0</filename>.</para>
 
-    <para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
-
-    <para>The Shorewall one-interface sample configuration assumes that the
-    external interface is <filename class="devicefile">eth0</filename>. If
-    your configuration is different, you will have to modify the sample
-    <filename>/etc/shorewall/interfaces</filename> file accordingly. While you
-    are there, you may wish to review the list of options that are specified
-    for the interface. Some hints:</para>
-
     <tip>
       <para>Be sure you know which interface is your external interface. Many
       hours have been spent floundering by users who have configured the wrong
@@ -360,6 +351,15 @@ root@lists:~# </programlisting>
       the external interface.</para>
     </tip>
 
+    <para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
+
+    <para>The Shorewall one-interface sample configuration assumes that the
+    external interface is <filename class="devicefile">eth0</filename>. If
+    your configuration is different, you will have to modify the sample
+    <filename>/etc/shorewall/interfaces</filename> file accordingly. While you
+    are there, you may wish to review the list of options that are specified
+    for the interface. Some hints:</para>
+
     <tip>
       <para>If your external interface is <filename
       class="devicefile">ppp0</filename> or <filename

docs/three-interface.xml

@@ -382,6 +382,31 @@ $FW        net         ACCEPT</programlisting>
     external interface will be <filename
     class="devicefile">ippp0</filename>.</para>
 
+    <tip>
+      <para>Be sure you know which interface is your external interface. Many
+      hours have been spent floundering by users who have configured the wrong
+      interface. If you are unsure, then as root type "ip route ls" at the
+      command line. The device listed in the last (default) route should be
+      your external interface.</para>
+
+      <para>Example:</para>
+
+      <programlisting>root@lists:~# ip route ls
+192.168.1.1 dev eth0  scope link 
+192.168.2.2 dev tun0  proto kernel  scope link  src 192.168.2.1 
+192.168.3.0/24 dev br0  proto kernel  scope link  src 192.168.3.254 
+10.13.10.0/24 dev tun1  scope link 
+192.168.2.0/24 via 192.168.2.2 dev tun0 
+192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.254 
+206.124.146.0/24 dev eth0  proto kernel  scope link  src 206.124.146.176 
+10.10.10.0/24 dev tun1  scope link 
+default via 206.124.146.254 dev <emphasis role="bold">eth0</emphasis> 
+root@lists:~# </programlisting>
+
+      <para>In that example, <filename class="devicefile">eth0</filename> is
+      the external interface.</para>
+    </tip>
+
     <para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
 
     <para>I<emphasis role="bold">f your external interface is <filename
@@ -429,31 +454,6 @@ $FW        net         ACCEPT</programlisting>
     are there, you may wish to review the list of options that are specified
     for the interfaces. Some hints:</para>
 
-    <tip>
-      <para>Be sure you know which interface is your external interface. Many
-      hours have been spent floundering by users who have configured the wrong
-      interface. If you are unsure, then as root type "ip route ls" at the
-      command line. The device listed in the last (default) route should be
-      your external interface.</para>
-
-      <para>Example:</para>
-
-      <programlisting>root@lists:~# ip route ls
-192.168.1.1 dev eth0  scope link 
-192.168.2.2 dev tun0  proto kernel  scope link  src 192.168.2.1 
-192.168.3.0/24 dev br0  proto kernel  scope link  src 192.168.3.254 
-10.13.10.0/24 dev tun1  scope link 
-192.168.2.0/24 via 192.168.2.2 dev tun0 
-192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.254 
-206.124.146.0/24 dev eth0  proto kernel  scope link  src 206.124.146.176 
-10.10.10.0/24 dev tun1  scope link 
-default via 206.124.146.254 dev <emphasis role="bold">eth0</emphasis> 
-root@lists:~# </programlisting>
-
-      <para>In that example, <filename class="devicefile">eth0</filename> is
-      the external interface.</para>
-    </tip>
-
     <tip>
       <para>If your external interface is <filename
       class="devicefile">ppp0</filename> or <filename

docs/two-interface.xml

@@ -354,6 +354,31 @@ $FW        net         ACCEPT</programlisting> The above policy will:
     <acronym>ISDN</acronym>, your external interface will be <filename
     class="devicefile">ippp0</filename>.</para>
 
+    <tip>
+      <para>Be sure you know which interface is your external interface. Many
+      hours have been spent floundering by users who have configured the wrong
+      interface. If you are unsure, then as root type "ip route ls" at the
+      command line. The device listed in the last (default) route should be
+      your external interface.</para>
+
+      <para>Example:</para>
+
+      <programlisting>root@lists:~# ip route ls
+192.168.1.1 dev eth0  scope link 
+192.168.2.2 dev tun0  proto kernel  scope link  src 192.168.2.1 
+192.168.3.0/24 dev br0  proto kernel  scope link  src 192.168.3.254 
+10.13.10.0/24 dev tun1  scope link 
+192.168.2.0/24 via 192.168.2.2 dev tun0 
+192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.254 
+206.124.146.0/24 dev eth0  proto kernel  scope link  src 206.124.146.176 
+10.10.10.0/24 dev tun1  scope link 
+default via 206.124.146.254 dev <emphasis role="bold">eth0</emphasis> 
+root@lists:~# </programlisting>
+
+      <para>In that example, <filename class="devicefile">eth0</filename> is
+      the external interface.</para>
+    </tip>
+
     <para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
 
     <para>I<emphasis role="bold">f your external interface is <filename
@@ -388,29 +413,6 @@ $FW        net         ACCEPT</programlisting> The above policy will:
     class="directory">/etc/shorewall/</filename><filename>interfaces</filename>
     file accordingly. While you are there, you may wish to review the list of
     options that are specified for the interfaces. Some hints:<tip>
-        <para>Be sure you know which interface is your external interface.
-        Many hours have been spent floundering by users who have configured
-        the wrong interface. If you are unsure, then as root type "ip route
-        ls" at the command line. The device listed in the last (default) route
-        should be your external interface.</para>
-
-        <para>Example:</para>
-
-        <programlisting>root@lists:~# ip route ls
-192.168.1.1 dev eth0  scope link 
-192.168.2.2 dev tun0  proto kernel  scope link  src 192.168.2.1 
-192.168.3.0/24 dev br0  proto kernel  scope link  src 192.168.3.254 
-10.13.10.0/24 dev tun1  scope link 
-192.168.2.0/24 via 192.168.2.2 dev tun0 
-192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.254 
-206.124.146.0/24 dev eth0  proto kernel  scope link  src 206.124.146.176 
-10.10.10.0/24 dev tun1  scope link 
-default via 206.124.146.254 dev <emphasis role="bold">eth0</emphasis> 
-root@lists:~# </programlisting>
-
-        <para>In that example, <filename class="devicefile">eth0</filename> is
-        the external interface.</para>
-      </tip><tip>
         <para>If your external interface is <filename
         class="devicefile">ppp0</filename> or <filename
         class="devicefile">ippp0</filename>, you can replace the