mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 06:10:42 +01:00
Add some expectation-setting warnings to two of the documents
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3831 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
44a738842a
commit
49c0bdb2dc
@ -46,6 +46,25 @@
|
||||
you</emphasis>.</para>
|
||||
</warning>
|
||||
|
||||
<warning>
|
||||
<para>Reading just Shorewall documentation is probably not going to give
|
||||
you enough background to use this material. Shorewall may make iptables
|
||||
easy but the Shorewall team simply can't be expected to spoon-feed Linux
|
||||
policy routing to you (please remember that the user's manual for a
|
||||
tractor doesn't teach you to grow corn). You will need to refer to at
|
||||
least the following additional information: </para>
|
||||
|
||||
<simplelist>
|
||||
<member>The LARTC HOWTO: <ulink
|
||||
url="http://www.lartc.org">http://www.lartc.org</ulink></member>
|
||||
|
||||
<member>Output of <command>man ip</command></member>
|
||||
|
||||
<member>Output of <command>ip route help</command> and <command>ip rule
|
||||
help</command></member>
|
||||
</simplelist>
|
||||
</warning>
|
||||
|
||||
<section>
|
||||
<title>Multiple Internet Connection Support</title>
|
||||
|
||||
@ -565,13 +584,13 @@ eth1 eth2 130.252.99.27</programlisting>
|
||||
successfully routed.</para>
|
||||
|
||||
<programlisting>gateway:~ # <command>ip rule ls</command>
|
||||
0: from all lookup local
|
||||
10001: from all fwmark 0x1 lookup Blarg
|
||||
10002: from all fwmark 0x2 lookup Comcast
|
||||
20000: from 206.124.146.176 lookup Blarg
|
||||
20256: from 24.12.22.33 lookup Comcast
|
||||
32766: from all lookup main
|
||||
32767: from all lookup default
|
||||
0: from all lookup local <=== Local (to the firewall) IP addresses
|
||||
10001: from all fwmark 0x1 lookup Blarg <=== This and the next rule are generated by the
|
||||
10002: from all fwmark 0x2 lookup Comcast 'MARK' values in /etc/shorewall/providers.
|
||||
20000: from 206.124.146.176 lookup Blarg <=== This and the next rule are generated unless
|
||||
20256: from 24.12.22.33 lookup Comcast 'loose' is specified; based in the output of 'ip addr ls'
|
||||
32766: from all lookup main <=== This is the routing table shown by 'iproute -n'
|
||||
32767: from all lookup default <=== This table is empty
|
||||
gateway:~ #</programlisting>
|
||||
|
||||
<para>In the above example, there are two providers: Blarg and Comcast
|
||||
@ -597,7 +616,7 @@ gateway:~ #</programlisting>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>DEST(optional)</term>
|
||||
<term>DEST (Optional)</term>
|
||||
|
||||
<listitem>
|
||||
<para>An ip address (network or host) that matches the
|
||||
|
@ -55,6 +55,28 @@
|
||||
you.</para>
|
||||
</important>
|
||||
|
||||
<warning>
|
||||
<para>Said another way, reading just Shorewall documentation is probably
|
||||
not going to give you enough background to use this material. Shorewall
|
||||
may make iptables easy but the Shorewall team simply can't be expected to
|
||||
spoon-feed Linux traffic control to you (please remember that the user's
|
||||
manual for a tractor doesn't teach you to grow corn).</para>
|
||||
|
||||
<para>You will need to refer to at least the following additional
|
||||
information:</para>
|
||||
|
||||
<simplelist>
|
||||
<member>The LARTC HOWTO: <ulink
|
||||
url="http://www.lartc.org">http://www.lartc.org</ulink></member>
|
||||
|
||||
<member>The documents listed at <ulink
|
||||
url="http://www.netfilter.org/documentation/index.html#documentation-howto">http://www.netfilter.org/documentation/index.html#documentation-howto</ulink>.
|
||||
The tutorial by Oskar Andreasson is particularly good.</member>
|
||||
|
||||
<member>The output of <command>man iptables</command></member>
|
||||
</simplelist>
|
||||
</warning>
|
||||
|
||||
<section>
|
||||
<title>Introduction</title>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user