From 49c0bdb2dcfd16141a10c454c1ec2e8ba453261b Mon Sep 17 00:00:00 2001 From: teastep Date: Tue, 2 May 2006 01:09:57 +0000 Subject: [PATCH] Add some expectation-setting warnings to two of the documents git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3831 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/MultiISP.xml | 37 ++++++++++++++++++++++++++++--------- docs/traffic_shaping.xml | 22 ++++++++++++++++++++++ 2 files changed, 50 insertions(+), 9 deletions(-) diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml index 3868f1d94..d035f1e35 100644 --- a/docs/MultiISP.xml +++ b/docs/MultiISP.xml @@ -46,6 +46,25 @@ you. + + Reading just Shorewall documentation is probably not going to give + you enough background to use this material. Shorewall may make iptables + easy but the Shorewall team simply can't be expected to spoon-feed Linux + policy routing to you (please remember that the user's manual for a + tractor doesn't teach you to grow corn). You will need to refer to at + least the following additional information: + + + The LARTC HOWTO: http://www.lartc.org + + Output of man ip + + Output of ip route help and ip rule + help + + +
Multiple Internet Connection Support @@ -565,13 +584,13 @@ eth1 eth2 130.252.99.27 successfully routed. gateway:~ # ip rule ls -0: from all lookup local -10001: from all fwmark 0x1 lookup Blarg -10002: from all fwmark 0x2 lookup Comcast -20000: from 206.124.146.176 lookup Blarg -20256: from 24.12.22.33 lookup Comcast -32766: from all lookup main -32767: from all lookup default +0: from all lookup local <=== Local (to the firewall) IP addresses +10001: from all fwmark 0x1 lookup Blarg <=== This and the next rule are generated by the +10002: from all fwmark 0x2 lookup Comcast 'MARK' values in /etc/shorewall/providers. +20000: from 206.124.146.176 lookup Blarg <=== This and the next rule are generated unless +20256: from 24.12.22.33 lookup Comcast 'loose' is specified; based in the output of 'ip addr ls' +32766: from all lookup main <=== This is the routing table shown by 'iproute -n' +32767: from all lookup default <=== This table is empty gateway:~ # In the above example, there are two providers: Blarg and Comcast @@ -585,7 +604,7 @@ gateway:~ # - SOURCE(Optional) + SOURCE (Optional) An ip address (network or host) that matches the source IP @@ -597,7 +616,7 @@ gateway:~ # - DEST(optional) + DEST (Optional) An ip address (network or host) that matches the diff --git a/docs/traffic_shaping.xml b/docs/traffic_shaping.xml index 330b80549..e5f110400 100644 --- a/docs/traffic_shaping.xml +++ b/docs/traffic_shaping.xml @@ -55,6 +55,28 @@ you. + + Said another way, reading just Shorewall documentation is probably + not going to give you enough background to use this material. Shorewall + may make iptables easy but the Shorewall team simply can't be expected to + spoon-feed Linux traffic control to you (please remember that the user's + manual for a tractor doesn't teach you to grow corn). + + You will need to refer to at least the following additional + information: + + + The LARTC HOWTO: http://www.lartc.org + + The documents listed at http://www.netfilter.org/documentation/index.html#documentation-howto. + The tutorial by Oskar Andreasson is particularly good. + + The output of man iptables + + +
Introduction