Add note about 'loose' with certain single-interface configurations

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8685 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-22 07:33:43 +01:00 · 2008-08-25 00:36:41 +00:00 · 2008-08-25 00:36:41 +00:00 · 163c03751d
commit 163c03751d
parent 4382fe8975
1 changed files with 13 additions and 7 deletions
--- a/docs/MultiISP.xml
+++ b/docs/MultiISP.xml
@ -464,8 +464,8 @@
              </varlistentry>
            </variablelist>

-            <para>For those of you who are terminally confused between<emphasis
-            role="bold"> track</emphasis> and <emphasis
+            <para>For those of you who are terminally confused
+            between<emphasis role="bold"> track</emphasis> and <emphasis
            role="bold">balance</emphasis>:</para>

            <itemizedlist>
@ -532,8 +532,8 @@
      and any interfaces that do not have an IPv4 configuration. You should
      also omit interfaces like <emphasis role="bold">tun</emphasis>
      interfaces that are created dynamically. Traffic to networks handled by
-      those interfaces should be routed through the main table using entries in
-      <filename>/etc/shorewall/route_rules</filename> (see Example 2 <link
+      those interfaces should be routed through the main table using entries
+      in <filename>/etc/shorewall/route_rules</filename> (see Example 2 <link
      linkend="Examples">below</link>).</para>

      <para>In addition:</para>
@ -965,8 +965,8 @@ gateway:~ #</programlisting>Note that because we used a priority of 1000, the
        OpenVPN (routed setup w/tunX) in combination with multiple providers.
        In this case you have to set up a rule to ensure that the OpenVPN
        traffic is routed back through the tunX interface(s) rather than
-        through any of the providers. 10.8.0.0/24 is the subnet chosen in
-        your OpenVPN configuration (server 10.8.0.0 255.255.255.0).</para>
+        through any of the providers. 10.8.0.0/24 is the subnet chosen in your
+        OpenVPN configuration (server 10.8.0.0 255.255.255.0).</para>

        <programlisting>#SOURCE                 DEST            PROVIDER        PRIORITY
 -                       10.8.0.0/24     main            1000</programlisting>
@ -1034,6 +1034,12 @@ gateway:~ #</programlisting>Note that because we used a priority of 1000, the
 Blarg     1      1    main      eth0:206.124.146.176 206.124.146.254 ...
 Avvanta   2      2    main      eth0:130.252.144.8   130.252.144.254 ... </programlisting></para>

+      <caution>
+        <para>If the firewall's address is the same for both providers, you
+        must specify the <emphasis role="bold">loose</emphasis> option on both
+        providers.</para>
+      </caution>
+
      <para>/etc/shorewall/masq:<programlisting>#INTERFACE    SOURCE          ADDRESS
 eth0(Blarg)   130.252.144.8   206.124.146.176
 eth0(Avvanta) 206.124.146.176 130.252.144.8
@ -1129,4 +1135,4 @@ linksys       1    1    -        wlan0   172.20.1.1    track,balance=1,optional
 shorewall     2    2    -        eth0    192.168.1.254 track,balance=2,optional</programlisting>/etc/shorewall/rules:<programlisting>#SOURCE     DEST      PROVIDER        PRIORITY
 -           -         shorewall       11999</programlisting></para>
  </section>
-</article>
+</article>