extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-22 06:10:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Doc updates

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1607 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-09-07 16:09:11 +00:00
parent 5cf57190fb
commit 1f68772e22
4 changed files with 593 additions and 398 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Shorewall-docs2/bridge.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2004-08-19</pubdate>
<pubdate>2004-09-05</pubdate>
<copyright>
<year>2004</year>
@ -83,7 +83,10 @@
(CONFIG_IP_NF_MATCH_PHYSDEV=m or CONFIG_IP_NF_MATCH_PHYSDEV=y).
Physdev match is standard in the 2.6 kernel series but must be patched
into the 2.4 kernels (see <ulink
url="http://bridge.sf.net">http://bridge.sf.net</ulink>).</para>
url="http://bridge.sf.net">http://bridge.sf.net</ulink>). Bering and
Bering uCLibc users must find and install ipt_physdev.o for their
distribution and add <quote>ipt_physdev</quote> to
/etc/modules.</para>
</listitem>
<listitem>
@ -434,4 +437,18 @@ dmz br0:eth2</programlisting>
<para>Bridging doesn' t work with some wireless cards — see <ulink
url="http://bridge.sf.net">http://bridge.sf.net</ulink>.</para>
</section>
<section>
<title>Other Links</title>
<itemizedlist>
<listitem>
<para><ulink
url="http://wiki.buenosaireslibre.org/HowTos_2fBridgedFirewall">Here
is an article in Spanish </ulink>detailing bridging a public and local
network using Shorewall. This is another router/bridge
configuration.</para>
</listitem>
</itemizedlist>
</section>
</article>

55
Shorewall-docs2/myfiles.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2004-09-04</pubdate>
<pubdate>2004-09-06</pubdate>
<copyright>
<year>2001-2004</year>
@ -54,11 +54,12 @@
<para>I have DSL service and have 5 static IP addresses
(206.124.146.176-180). My DSL <quote>modem</quote> (Westell 2200) is
connected to eth0 and has IP address 192.168.1.1 (factory default). I have
a local network connected to eth2 (subnet 192.168.1.0/24) and a DMZ
connected to eth1 (206.124.146.176/32). Note that I configure the same IP
address on both <filename class="devicefile">eth0</filename> and <filename
class="devicefile">eth1</filename>.</para>
connected to eth0 and has IP address 192.168.1.1 (factory default). The
modem is configured in <quote>bridge</quote> mode so PPPoE is not
involved. I have a local network connected to eth2 (subnet 192.168.1.0/24)
and a DMZ connected to eth1 (206.124.146.176/32). Note that I configure
the same IP address on both <filename class="devicefile">eth0</filename>
and <filename class="devicefile">eth1</filename>.</para>
<para>In this configuration:</para>
@ -382,6 +383,12 @@ $EXT_IF:2 eth2 206.124.146.179
<title>Proxy ARP File</title>
<blockquote>
<para>I configure the host route to 206.124.146.177 on <filename
class="devicefile">eth1</filename> using the Yast2 Network Interface
tool; the <quote>Gateway</quote> is specified as 0.0.0.0 which
indicates that the host is directly attached to the LAN on that
interface.</para>
<programlisting>#ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT
206.124.146.177 eth1 eth0 Yes
192.168.1.1 eth0 eth2 yes # Allow access to DSL modem from the local zone
@ -615,37 +622,6 @@ ACCEPT tx loc:192.168.1.5 all
</programlisting>
</blockquote>
</section>
<section id="Interfaces">
<title>/etc/network/interfaces</title>
<blockquote>
<para>This file is Debian specific. My additional entries(which is
displayed in <emphasis role="bold">bold type</emphasis>) add a route
to my DSL modem when eth0 is brought up and a route to my DMZ server
when eth1 is brought up. It allows me to enter <quote>Yes</quote> in
the HAVEROUTE column of <link linkend="ProxyARP">my Proxy ARP
file</link>.</para>
<programlisting>...
auto auto eth0
iface eth0 inet static
address 206.124.146.176
netmask 255.255.255.0
network 206.124.146.0
broadcast 206.124.146.255
gateway 206.124.146.254
<emphasis role="bold">up ip route add 192.168.1.1 dev eth0</emphasis>
eth1
iface eth1 inet static
address 206.124.146.176
netmask 255.255.255.255
broadcast 0.0.0.0
<emphasis role="bold">up ip route add 206.124.146.177 dev eth1
</emphasis>...</programlisting>
</blockquote>
</section>
</section>
<section>
@ -693,13 +669,12 @@ WiFi Wireless Wireless Network
<programlisting>#SOURCE DEST POLICY LOG LIMIT:BURST
loc fw ACCEPT
loc net NONE
loc WiFi NONE
loc WiFi ACCEPT
net fw ACCEPT
net WiFi ACCEPT
net loc NONE
WiFi net ACCEPT
fw loc ACCEPT
fw net ACCEPT
fw all ACCEPT
#
# THE FOLLOWING POLICY MUST BE LAST
#

11
Shorewall-docs2/three-interface.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2004-08-10</pubdate>
<pubdate>2004-09-06</pubdate>
<copyright>
<year>2002-2004</year>
@ -159,8 +159,6 @@
<section>
<title>Shorewall Concepts</title>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>The configuration files for Shorewall are contained in the directory
<filename>/etc/shorewall</filename> -- for simple setups, you will only
need to deal with a few of these as described in this guide.<warning>
@ -181,9 +179,12 @@
even if you do not modify those files.</para>
</warning></para>
<para>After you have installed Shorewall, download the <ulink
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>After you have installed Shorewall, <emphasis role="bold">download
the <ulink
url="http://shorewall.net/pub/shorewall/Samples">three-interface
sample</ulink>, un-tar it (<command>tar <option>-zxvf</option>
sample</ulink>, un-tar it</emphasis> (<command>tar <option>-zxvf</option>
<filename>three-interfaces.tgz</filename></command>) and and copy the
files to <filename>/etc/shorewall</filename> (the files will replace files
with the same names that were placed in

904
Shorewall-docs2/two-interface.xml
View File

File diff suppressed because it is too large Load Diff