diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml
index 0c0df7e22..f783abfc6 100644
--- a/docs/MultiISP.xml
+++ b/docs/MultiISP.xml
@@ -909,7 +909,7 @@ gateway:~ #Note that because we used a priority of 1000, the
test for eth1 is inserted
before the fwmark tests.
- Example 2: You use OpenVPN (routed setup /tunX) in combination
+ Example 2: You use OpenVPN (routed setup w/tunX) in combination
with multiple providers. In this case you have to set up a rule to
ensure that the OpenVPN traffic is routed back through the tunX
interface(s) rather than through any of the providers. 10.8.0.0/24 is
diff --git a/docs/standalone.xml b/docs/standalone.xml
index cfaf547aa..2eb5261d5 100644
--- a/docs/standalone.xml
+++ b/docs/standalone.xml
@@ -338,6 +338,28 @@ all all REJECT info
are there, you may wish to review the list of options that are specified
for the interface. Some hints:
+
+ Be sure you know which interface is your external interface. Many
+ hours have been spent floundering by users who have configured the wrong
+ interface. If you are unsure, then as root type "ip route ls" at the
+ command line. The device listed in the last (default) route should be
+ your external interface.
+
+ Example:
+
+ root@lists:~# ip route ls
+192.168.2.2 dev tun0 proto kernel scope link src 192.168.2.1
+10.13.10.0/24 dev tun1 scope link
+192.168.2.0/24 via 192.168.2.2 dev tun0
+206.124.146.0/24 dev eth0 proto kernel scope link src 206.124.146.176
+10.10.10.0/24 dev tun1 scope link
+default via 206.124.146.254 dev eth0
+root@lists:~#
+
+ In that example, eth0 is
+ the external interface.
+
+
If your external interface is ppp0 or
are there, you may wish to review the list of options that are specified
for the interfaces. Some hints:
+
+ Be sure you know which interface is your external interface. Many
+ hours have been spent floundering by users who have configured the wrong
+ interface. If you are unsure, then as root type "ip route ls" at the
+ command line. The device listed in the last (default) route should be
+ your external interface.
+
+ Example:
+
+ root@lists:~# ip route ls
+192.168.1.1 dev eth0 scope link
+192.168.2.2 dev tun0 proto kernel scope link src 192.168.2.1
+192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.254
+10.13.10.0/24 dev tun1 scope link
+192.168.2.0/24 via 192.168.2.2 dev tun0
+192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.254
+206.124.146.0/24 dev eth0 proto kernel scope link src 206.124.146.176
+10.10.10.0/24 dev tun1 scope link
+default via 206.124.146.254 dev eth0
+root@lists:~#
+
+ In that example, eth0 is
+ the external interface.
+
+
If your external interface is ppp0 or The above policy will:
/etc/shorewall/interfaces
file accordingly. While you are there, you may wish to review the list of
- options that are specified for the interfaces. Some hints:
+ options that are specified for the interfaces. Some hints:
+ Be sure you know which interface is your external interface.
+ Many hours have been spent floundering by users who have configured
+ the wrong interface. If you are unsure, then as root type "ip route
+ ls" at the command line. The device listed in the last (default) route
+ should be your external interface.
+
+ Example:
+
+ root@lists:~# ip route ls
+192.168.1.1 dev eth0 scope link
+192.168.2.2 dev tun0 proto kernel scope link src 192.168.2.1
+192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.254
+10.13.10.0/24 dev tun1 scope link
+192.168.2.0/24 via 192.168.2.2 dev tun0
+192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.254
+206.124.146.0/24 dev eth0 proto kernel scope link src 206.124.146.176
+10.10.10.0/24 dev tun1 scope link
+default via 206.124.146.254 dev eth0
+root@lists:~#
+
+ In that example, eth0 is
+ the external interface.
+
If your external interface is ppp0 or ippp0, you can replace the