extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-03 03:59:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Doc updates

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1607 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-09-07 16:09:11 +00:00
parent 5cf57190fb
commit 1f68772e22
4 changed files with 593 additions and 398 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Shorewall-docs2/bridge.xml
View File

@ -15,7 +15,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2004-08-19</pubdate> <pubdate>2004-09-05</pubdate>
<copyright> <copyright>
<year>2004</year> <year>2004</year>
@ -83,7 +83,10 @@
(CONFIG_IP_NF_MATCH_PHYSDEV=m or CONFIG_IP_NF_MATCH_PHYSDEV=y). (CONFIG_IP_NF_MATCH_PHYSDEV=m or CONFIG_IP_NF_MATCH_PHYSDEV=y).
Physdev match is standard in the 2.6 kernel series but must be patched Physdev match is standard in the 2.6 kernel series but must be patched
into the 2.4 kernels (see <ulink into the 2.4 kernels (see <ulink
url="http://bridge.sf.net">http://bridge.sf.net</ulink>).</para> url="http://bridge.sf.net">http://bridge.sf.net</ulink>). Bering and
Bering uCLibc users must find and install ipt_physdev.o for their
distribution and add <quote>ipt_physdev</quote> to
/etc/modules.</para>
</listitem> </listitem>
<listitem> <listitem>
@ -434,4 +437,18 @@ dmz br0:eth2</programlisting>
<para>Bridging doesn' t work with some wireless cards — see <ulink <para>Bridging doesn' t work with some wireless cards — see <ulink
url="http://bridge.sf.net">http://bridge.sf.net</ulink>.</para> url="http://bridge.sf.net">http://bridge.sf.net</ulink>.</para>
</section> </section>
<section>
<title>Other Links</title>
<itemizedlist>
<listitem>
<para><ulink
url="http://wiki.buenosaireslibre.org/HowTos_2fBridgedFirewall">Here
is an article in Spanish </ulink>detailing bridging a public and local
network using Shorewall. This is another router/bridge
configuration.</para>
</listitem>
</itemizedlist>
</section>
</article> </article>

55
Shorewall-docs2/myfiles.xml
View File

@ -15,7 +15,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2004-09-04</pubdate> <pubdate>2004-09-06</pubdate>
<copyright> <copyright>
<year>2001-2004</year> <year>2001-2004</year>
@ -54,11 +54,12 @@
<para>I have DSL service and have 5 static IP addresses <para>I have DSL service and have 5 static IP addresses
(206.124.146.176-180). My DSL <quote>modem</quote> (Westell 2200) is (206.124.146.176-180). My DSL <quote>modem</quote> (Westell 2200) is
connected to eth0 and has IP address 192.168.1.1 (factory default). I have connected to eth0 and has IP address 192.168.1.1 (factory default). The
a local network connected to eth2 (subnet 192.168.1.0/24) and a DMZ modem is configured in <quote>bridge</quote> mode so PPPoE is not
connected to eth1 (206.124.146.176/32). Note that I configure the same IP involved. I have a local network connected to eth2 (subnet 192.168.1.0/24)
address on both <filename class="devicefile">eth0</filename> and <filename and a DMZ connected to eth1 (206.124.146.176/32). Note that I configure
class="devicefile">eth1</filename>.</para> the same IP address on both <filename class="devicefile">eth0</filename>
and <filename class="devicefile">eth1</filename>.</para>
<para>In this configuration:</para> <para>In this configuration:</para>
@ -382,6 +383,12 @@ $EXT_IF:2 eth2 206.124.146.179
<title>Proxy ARP File</title> <title>Proxy ARP File</title>
<blockquote> <blockquote>
<para>I configure the host route to 206.124.146.177 on <filename
class="devicefile">eth1</filename> using the Yast2 Network Interface
tool; the <quote>Gateway</quote> is specified as 0.0.0.0 which
indicates that the host is directly attached to the LAN on that
interface.</para>
<programlisting>#ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT <programlisting>#ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT
206.124.146.177 eth1 eth0 Yes 206.124.146.177 eth1 eth0 Yes
192.168.1.1 eth0 eth2 yes # Allow access to DSL modem from the local zone 192.168.1.1 eth0 eth2 yes # Allow access to DSL modem from the local zone
@ -615,37 +622,6 @@ ACCEPT tx loc:192.168.1.5 all
</programlisting> </programlisting>
</blockquote> </blockquote>
</section> </section>
<section id="Interfaces">
<title>/etc/network/interfaces</title>
<blockquote>
<para>This file is Debian specific. My additional entries(which is
displayed in <emphasis role="bold">bold type</emphasis>) add a route
to my DSL modem when eth0 is brought up and a route to my DMZ server
when eth1 is brought up. It allows me to enter <quote>Yes</quote> in
the HAVEROUTE column of <link linkend="ProxyARP">my Proxy ARP
file</link>.</para>
<programlisting>...
auto auto eth0
iface eth0 inet static
address 206.124.146.176
netmask 255.255.255.0
network 206.124.146.0
broadcast 206.124.146.255
gateway 206.124.146.254
<emphasis role="bold">up ip route add 192.168.1.1 dev eth0</emphasis>
eth1
iface eth1 inet static
address 206.124.146.176
netmask 255.255.255.255
broadcast 0.0.0.0
<emphasis role="bold">up ip route add 206.124.146.177 dev eth1
</emphasis>...</programlisting>
</blockquote>
</section>
</section> </section>
<section> <section>
@ -693,13 +669,12 @@ WiFi Wireless Wireless Network
<programlisting>#SOURCE DEST POLICY LOG LIMIT:BURST <programlisting>#SOURCE DEST POLICY LOG LIMIT:BURST
loc fw ACCEPT loc fw ACCEPT
loc net NONE loc net NONE
loc WiFi NONE loc WiFi ACCEPT
net fw ACCEPT net fw ACCEPT
net WiFi ACCEPT net WiFi ACCEPT
net loc NONE net loc NONE
WiFi net ACCEPT WiFi net ACCEPT
fw loc ACCEPT fw all ACCEPT
fw net ACCEPT
# #
# THE FOLLOWING POLICY MUST BE LAST # THE FOLLOWING POLICY MUST BE LAST
# #

11
Shorewall-docs2/three-interface.xml
View File

@ -15,7 +15,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2004-08-10</pubdate> <pubdate>2004-09-06</pubdate>
<copyright> <copyright>
<year>2002-2004</year> <year>2002-2004</year>
@ -159,8 +159,6 @@
<section> <section>
<title>Shorewall Concepts</title> <title>Shorewall Concepts</title>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>The configuration files for Shorewall are contained in the directory <para>The configuration files for Shorewall are contained in the directory
<filename>/etc/shorewall</filename> -- for simple setups, you will only <filename>/etc/shorewall</filename> -- for simple setups, you will only
need to deal with a few of these as described in this guide.<warning> need to deal with a few of these as described in this guide.<warning>
@ -181,9 +179,12 @@
even if you do not modify those files.</para> even if you do not modify those files.</para>
</warning></para> </warning></para>
<para>After you have installed Shorewall, download the <ulink <para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>After you have installed Shorewall, <emphasis role="bold">download
the <ulink
url="http://shorewall.net/pub/shorewall/Samples">three-interface url="http://shorewall.net/pub/shorewall/Samples">three-interface
sample</ulink>, un-tar it (<command>tar <option>-zxvf</option> sample</ulink>, un-tar it</emphasis> (<command>tar <option>-zxvf</option>
<filename>three-interfaces.tgz</filename></command>) and and copy the <filename>three-interfaces.tgz</filename></command>) and and copy the
files to <filename>/etc/shorewall</filename> (the files will replace files files to <filename>/etc/shorewall</filename> (the files will replace files
with the same names that were placed in with the same names that were placed in

870
Shorewall-docs2/two-interface.xml
View File

File diff suppressed because it is too large Load Diff