Add tip for identifying external interface

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5402 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-02-14 16:35:26 +00:00
parent e43c2287d4
commit 07308373de
4 changed files with 72 additions and 2 deletions

View File

@ -909,7 +909,7 @@ gateway:~ #</programlisting>Note that because we used a priority of 1000, the
test for <filename class="devicefile">eth1</filename> is inserted test for <filename class="devicefile">eth1</filename> is inserted
before the fwmark tests.</para> before the fwmark tests.</para>
<para>Example 2: You use OpenVPN (routed setup /tunX) in combination <para>Example 2: You use OpenVPN (routed setup w/tunX) in combination
with multiple providers. In this case you have to set up a rule to with multiple providers. In this case you have to set up a rule to
ensure that the OpenVPN traffic is routed back through the tunX ensure that the OpenVPN traffic is routed back through the tunX
interface(s) rather than through any of the providers. 10.8.0.0/24 is interface(s) rather than through any of the providers. 10.8.0.0/24 is

View File

@ -338,6 +338,28 @@ all all REJECT info</programlisting>
are there, you may wish to review the list of options that are specified are there, you may wish to review the list of options that are specified
for the interface. Some hints:</para> for the interface. Some hints:</para>
<tip>
<para>Be sure you know which interface is your external interface. Many
hours have been spent floundering by users who have configured the wrong
interface. If you are unsure, then as root type "ip route ls" at the
command line. The device listed in the last (default) route should be
your external interface.</para>
<para>Example:</para>
<programlisting>root@lists:~# ip route ls
192.168.2.2 dev tun0 proto kernel scope link src 192.168.2.1
10.13.10.0/24 dev tun1 scope link
192.168.2.0/24 via 192.168.2.2 dev tun0
206.124.146.0/24 dev eth0 proto kernel scope link src 206.124.146.176
10.10.10.0/24 dev tun1 scope link
default via 206.124.146.254 dev <emphasis role="bold">eth0</emphasis>
root@lists:~# </programlisting>
<para>In that example, <filename class="devicefile">eth0</filename> is
the external interface.</para>
</tip>
<tip> <tip>
<para>If your external interface is <filename <para>If your external interface is <filename
class="devicefile">ppp0</filename> or <filename class="devicefile">ppp0</filename> or <filename

View File

@ -429,6 +429,31 @@ $FW net ACCEPT</programlisting>
are there, you may wish to review the list of options that are specified are there, you may wish to review the list of options that are specified
for the interfaces. Some hints:</para> for the interfaces. Some hints:</para>
<tip>
<para>Be sure you know which interface is your external interface. Many
hours have been spent floundering by users who have configured the wrong
interface. If you are unsure, then as root type "ip route ls" at the
command line. The device listed in the last (default) route should be
your external interface.</para>
<para>Example:</para>
<programlisting>root@lists:~# ip route ls
192.168.1.1 dev eth0 scope link
192.168.2.2 dev tun0 proto kernel scope link src 192.168.2.1
192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.254
10.13.10.0/24 dev tun1 scope link
192.168.2.0/24 via 192.168.2.2 dev tun0
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.254
206.124.146.0/24 dev eth0 proto kernel scope link src 206.124.146.176
10.10.10.0/24 dev tun1 scope link
default via 206.124.146.254 dev <emphasis role="bold">eth0</emphasis>
root@lists:~# </programlisting>
<para>In that example, <filename class="devicefile">eth0</filename> is
the external interface.</para>
</tip>
<tip> <tip>
<para>If your external interface is <filename <para>If your external interface is <filename
class="devicefile">ppp0</filename> or <filename class="devicefile">ppp0</filename> or <filename

View File

@ -387,7 +387,30 @@ $FW net ACCEPT</programlisting> The above policy will:
<filename <filename
class="directory">/etc/shorewall/</filename><filename>interfaces</filename> class="directory">/etc/shorewall/</filename><filename>interfaces</filename>
file accordingly. While you are there, you may wish to review the list of file accordingly. While you are there, you may wish to review the list of
options that are specified for the interfaces. Some hints: <tip> options that are specified for the interfaces. Some hints:<tip>
<para>Be sure you know which interface is your external interface.
Many hours have been spent floundering by users who have configured
the wrong interface. If you are unsure, then as root type "ip route
ls" at the command line. The device listed in the last (default) route
should be your external interface.</para>
<para>Example:</para>
<programlisting>root@lists:~# ip route ls
192.168.1.1 dev eth0 scope link
192.168.2.2 dev tun0 proto kernel scope link src 192.168.2.1
192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.254
10.13.10.0/24 dev tun1 scope link
192.168.2.0/24 via 192.168.2.2 dev tun0
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.254
206.124.146.0/24 dev eth0 proto kernel scope link src 206.124.146.176
10.10.10.0/24 dev tun1 scope link
default via 206.124.146.254 dev <emphasis role="bold">eth0</emphasis>
root@lists:~# </programlisting>
<para>In that example, <filename class="devicefile">eth0</filename> is
the external interface.</para>
</tip><tip>
<para>If your external interface is <filename <para>If your external interface is <filename
class="devicefile">ppp0</filename> or <filename class="devicefile">ppp0</filename> or <filename
class="devicefile">ippp0</filename>, you can replace the class="devicefile">ippp0</filename>, you can replace the