Mention IP_FORWARD=On in FAQ 1g

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-22 07:33:43 +01:00 · 2011-10-11 15:33:32 -07:00 · 2011-10-11 15:33:32 -07:00 · 1052b481f3
commit 1052b481f3
parent a077a9821d
1 changed files with 7 additions and 2 deletions
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@ -519,9 +519,14 @@ DNAT       net           net:66.249.93.111:993  tcp      80          -         2
        eth0:<programlisting>#ZONE      INTERFACE     BROADCAST            OPTIONS
 net        eth0          detect               <emphasis role="bold">routeback</emphasis></programlisting></para>

-        <para>And in <filename>/etc/shorewall/masq</filename>;<programlisting>#INTERFACE          SOURCE      ADDRESS          PROTO        PORT
+        <para><filename>/etc/shorewall/masq</filename>;<programlisting>#INTERFACE          SOURCE      ADDRESS          PROTO        PORT
 eth0:66.249.93.111  0.0.0.0/0   206.124.146.176  tcp          993</programlisting></para>

+        <para>and in
+        <filename>/etc/shorewall/shorewall.conf</filename>:</para>
+
+        <programlisting>IP_FORWARDING=On</programlisting>
+
        <para>Like the hack in FAQ 2, this one results in all forwarded
        connections looking to the server (66.249.93.11) as if they originated
        on your firewall (206.124.146.176).</para>
@ -1139,7 +1144,7 @@ DNAT       loc           dmz:192.168.2.4    tcp      80          -         <emph
          <para>The DNS settings on the local systems are wrong or the user is
          running a DNS server on the firewall and hasn't enabled UDP and TCP
          port 53 from the local net to the firewall or from the firewall to
-          the Internet. </para>
+          the Internet.</para>
        </listitem>

        <listitem>