extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-17 02:00:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

More updates to OpenVZ doc

Browse Source
This commit is contained in:
Tom Eastep 2009-07-11 08:16:25 -07:00
parent 966729a665
commit 2ca7e4b1eb
1 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docs/OpenVZ.xml
View File

@ -143,20 +143,15 @@ server:~ # </programlisting>
<programlisting>############################################################################### <programlisting>###############################################################################
#ZONE TYPE OPTIONS IN OUT #ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS # OPTIONS OPTIONS
net ipv4
vz ipv4</programlisting> vz ipv4</programlisting>
<para><filename>/etc/shorewall/interfaces</filename>:</para> <para><filename>/etc/shorewall/interfaces</filename>:</para>
<programlisting>############################################################################### <programlisting>###############################################################################
#ZONE INTERFACE BROADCAST OPTIONS #ZONE INTERFACE BROADCAST OPTIONS
net eth0 - proxyarp=1
vz venet0 - routeback,rp_filter=0</programlisting> vz venet0 - routeback,rp_filter=0</programlisting>
<para><filename>/etc/shorewall/proxyarp</filename> (assumes that
external interface is eth0):</para>
<programlisting>###############################################################################
#ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT
206.124.146.178 venet0 eth0 Yes</programlisting>
</section> </section>
<section> <section>
@ -465,17 +460,21 @@ NAME="server"</emphasis></programlisting>
<programlisting>#ZONE TYPE OPTIONS IN OUT <programlisting>#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS # OPTIONS OPTIONS
fw firewall fw firewall
net ipv4 #Internet
loc ipv4 #Local wired Zone loc ipv4 #Local wired Zone
<emphasis role="bold">dmz ipv4 #DMZ</emphasis> <emphasis role="bold">dmz ipv4 #DMZ</emphasis>
...</programlisting> ...</programlisting>
<para><filename>/etc/shorewall/params</filename>:</para> <para><filename>/etc/shorewall/params</filename>:</para>
<programlisting>INT_IF=eth1 <programlisting>NET_IF=eth3
INT_IF=eth1
<emphasis role="bold">VPS_IF=venet0</emphasis> <emphasis role="bold">VPS_IF=venet0</emphasis>
...</programlisting> ...</programlisting>
<para><filename>/etc/shorewall/interfaces</filename>:<programlisting>#ZONE INTERFACE BROADCAST OPTIONS <para><filename>/etc/shorewall/interfaces</filename>:<programlisting>#ZONE INTERFACE BROADCAST OPTIONS
net $NET_IF detect dhcp,blacklist,tcpflags,optional,routefilter=0,nosmurfs,logmartions=0,<emphasis
role="bold">proxyarp=1</emphasis>
loc $INT_IF detect dhcp,logmartians=1,routefilter=1,nets=(172.20.1.0/24),tcpflags loc $INT_IF detect dhcp,logmartians=1,routefilter=1,nets=(172.20.1.0/24),tcpflags
<emphasis role="bold">dmz $VPS_IF detect logmartians=1,routefilter=0,nets=(206.124.146.177,206.124.146.178),routeback</emphasis> <emphasis role="bold">dmz $VPS_IF detect logmartians=1,routefilter=0,nets=(206.124.146.177,206.124.146.178),routeback</emphasis>
...</programlisting>This is a multi-ISP configuration so entries are required ...</programlisting>This is a multi-ISP configuration so entries are required