Tweak Xen Docs

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4405 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

docs/Xen.xml

@@ -117,6 +117,13 @@
       use Xen</ulink> is much more straight-forward.</para>
     </caution>
 
+    <warning>
+      <para>I know of no case where a user has successfully used NAT
+      (including Masquerade) in a Xen Dom0. So if you want to create a
+      masquerading firewall/gateway using Xen, you need to do so in a DomU
+      (see <ulink url="XenMyWay.html">how I do it</ulink>).</para>
+    </warning>
+
     <para>Here is an example. In this example, we will assume that the system
     is behind a second firewall that restricts incoming traffic so that we
     only have to worry about protecting the local LAN from the systems running

docs/XenMyWay.xml

@@ -151,7 +151,7 @@
       <listitem>
         <para>The second DomU (Dom name <emphasis
         role="bold">lists</emphasis>, DNS name lists.shorewall.net) is used as
-        a public Web/FTP/Mail/DNS serv</para>
+        a public Web/FTP/Mail/DNS server.</para>
       </listitem>
     </orderedlist>
 
@@ -275,6 +275,14 @@ disk     = [ 'phy:hda3,hda3,w' ]</programlisting>
       <para>The zones correspond to the Shorewall zones in the firewall DomU
       configuration.</para>
 
+      <note>
+        <para>If you want to run a simple NAT gateway in a Xen DomU, just omit
+        the second bridge (xenbr1), the second delegated interface, and the
+        second DomU from the above configuration. You can then install the
+        <ulink url="two-interface.htm">normal Shorewall two-interface sample
+        configuration</ulink> in the DomU.</para>
+      </note>
+
       <caution>
         <para>Under some circumstances, UDP and/or TCP communication from a
         domU won't work for no obvious reason. That happened with the