extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-19 17:28:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

More snat documentation changes

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-10-28 14:56:44 -07:00
parent 4d77d673e8
commit 174f46f3e6
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
3 changed files with 41 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/shorewall_setup_guide.xml
View File

@ -1373,8 +1373,9 @@ Destination Gateway Genmask Flags MSS Window irtt Iface
<member>SNAT is configured in Shorewall using the <filename><ulink <member>SNAT is configured in Shorewall using the <filename><ulink
url="manpages/shorewall-masq.html">/etc/shorewall/masq</ulink></filename> url="manpages/shorewall-masq.html">/etc/shorewall/masq</ulink></filename>
file (/etc/shorewall/snat when running Shorewall 5.0.14 or file (<ulink
later):</member> url="manpages/shorewall-snat.html">/etc/shorewall/snat</ulink> when
running Shorewall 5.0.14 or later):</member>
</simplelist> </simplelist>
<programlisting>#INTERFACE SOURCE ADDRESS <programlisting>#INTERFACE SOURCE ADDRESS

27
docs/three-interface.xml
View File

@ -194,6 +194,17 @@
/usr/share/doc/packages/shorewall/Samples/three-interfaces/policy /usr/share/doc/packages/shorewall/Samples/three-interfaces/policy
/usr/share/doc/packages/shorewall/Samples/three-interfaces/rules /usr/share/doc/packages/shorewall/Samples/three-interfaces/rules
/usr/share/doc/packages/shorewall/Samples/three-interfaces/zones /usr/share/doc/packages/shorewall/Samples/three-interfaces/zones
~#</programlisting>
<para>When running Shorewall 5.0.14 or later:</para>
<programlisting>~# rpm -ql shorewall | fgrep three-interfaces
/usr/share/doc/packages/shorewall/Samples/three-interfaces
/usr/share/doc/packages/shorewall/Samples/three-interfaces/interfaces
/usr/share/doc/packages/shorewall/Samples/three-interfaces/policy
/usr/share/doc/packages/shorewall/Samples/three-interfaces/rules
/usr/share/doc/packages/shorewall/Samples/three-interfaces/snat
/usr/share/doc/packages/shorewall/Samples/three-interfaces/zones
~#</programlisting> ~#</programlisting>
</listitem> </listitem>
@ -667,14 +678,18 @@ root@lists:~# </programlisting>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para> <para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para>If your external IP is static, you can enter it in the third column <para>If your external <acronym>IP</acronym> is static then, if you are
in the <filename running Shorewall 5.0.13 or earlier, you can enter our static IP in the
third column in the <filename
class="directory">/etc/shorewall/</filename><filename>masq</filename> class="directory">/etc/shorewall/</filename><filename>masq</filename>
entry if you like although your firewall will work fine if you leave that entry if you like although your firewall will work fine if you leave that
column empty. Entering your static IP in column 3 makes processing column empty (Masquerade). Entering your static <acronym>IP</acronym> in
outgoing packets a little more efficient. When running Shorewall 5.0.14 or column 3 (SNAT) makes the processing of outgoing packets a little more
later, the rule in /etc/shorewall/snat must be change from a MASQUERADE efficient.</para>
rule to an SNAT rule.</para>
<para>When running Shorewall 5.0.14 or later, the rule in
/etc/shorewall/snat must be change from a MASQUERADE rule to an SNAT
rule.</para>
<programlisting>#ACTION SOURCE DEST PROTO PORT <programlisting>#ACTION SOURCE DEST PROTO PORT
<emphasis role="bold">SNAT(<replaceable>static-ip</replaceable>)</emphasis> ...</programlisting> <emphasis role="bold">SNAT(<replaceable>static-ip</replaceable>)</emphasis> ...</programlisting>

20
docs/two-interface.xml
View File

@ -172,6 +172,17 @@
/usr/share/doc/packages/shorewall/Samples/two-interfaces/policy /usr/share/doc/packages/shorewall/Samples/two-interfaces/policy
/usr/share/doc/packages/shorewall/Samples/two-interfaces/rules /usr/share/doc/packages/shorewall/Samples/two-interfaces/rules
/usr/share/doc/packages/shorewall/Samples/two-interfaces/zones /usr/share/doc/packages/shorewall/Samples/two-interfaces/zones
~#</programlisting>
<para>When running Shorewall 5.0.14 or later:</para>
<programlisting>~# rpm -ql shorewall | fgrep three-interfaces
/usr/share/doc/packages/shorewall/Samples/three-interfaces
/usr/share/doc/packages/shorewall/Samples/three-interfaces/interfaces
/usr/share/doc/packages/shorewall/Samples/three-interfaces/policy
/usr/share/doc/packages/shorewall/Samples/three-interfaces/rules
/usr/share/doc/packages/shorewall/Samples/three-interfaces/snat
/usr/share/doc/packages/shorewall/Samples/three-interfaces/zones
~#</programlisting> ~#</programlisting>
</listitem> </listitem>
@ -618,13 +629,16 @@ root@lists:~# </programlisting>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para> <para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para>If your external <acronym>IP</acronym> is static, you can enter it <para>If your external <acronym>IP</acronym> is static then, if you are
in the third column in the <filename running Shorewall 5.0.13 or earlier, you can enter our static IP in the
third column in the <filename
class="directory">/etc/shorewall/</filename><filename>masq</filename> class="directory">/etc/shorewall/</filename><filename>masq</filename>
entry if you like although your firewall will work fine if you leave that entry if you like although your firewall will work fine if you leave that
column empty (Masquerade). Entering your static <acronym>IP</acronym> in column empty (Masquerade). Entering your static <acronym>IP</acronym> in
column 3 (SNAT) makes the processing of outgoing packets a little more column 3 (SNAT) makes the processing of outgoing packets a little more
efficient. When running Shorewall 5.0.14 or later, the rule in efficient.</para>
<para>When running Shorewall 5.0.14 or later, the rule in
/etc/shorewall/snat must be change from a MASQUERADE rule to an SNAT /etc/shorewall/snat must be change from a MASQUERADE rule to an SNAT
rule.</para> rule.</para>