mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-02 19:49:08 +01:00
Add warning about side effects of ADD_SNAT_ALIASES and ADD_IP_ALIASES
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2746 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
f1dadbd601
commit
5185a8a54a
@ -15,7 +15,7 @@
|
|||||||
</author>
|
</author>
|
||||||
</authorgroup>
|
</authorgroup>
|
||||||
|
|
||||||
<pubdate>2005-09-12</pubdate>
|
<pubdate>2005-09-29</pubdate>
|
||||||
|
|
||||||
<copyright>
|
<copyright>
|
||||||
<year>2001-2005</year>
|
<year>2001-2005</year>
|
||||||
@ -3365,6 +3365,13 @@ LOGBURST=5</programlisting>
|
|||||||
|
|
||||||
<para>If this variable is not set or is given an empty value
|
<para>If this variable is not set or is given an empty value
|
||||||
(ADD_IP_ALIASES="") then ADD_IP_ALIASES=Yes is assumed.</para>
|
(ADD_IP_ALIASES="") then ADD_IP_ALIASES=Yes is assumed.</para>
|
||||||
|
|
||||||
|
<warning>
|
||||||
|
<para>Addresses added by ADD_IP_ALIASES=Yes are deleted and
|
||||||
|
re-added during <command>shorewall restart</command>. As a
|
||||||
|
consequence, all connections using those addresses are
|
||||||
|
severed.</para>
|
||||||
|
</warning>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -3382,6 +3389,13 @@ LOGBURST=5</programlisting>
|
|||||||
|
|
||||||
<para>If this variable is not set or is given an empty value
|
<para>If this variable is not set or is given an empty value
|
||||||
(ADD_SNAT_ALIASES="") then ADD_SNAT_ALIASES=No is assumed.</para>
|
(ADD_SNAT_ALIASES="") then ADD_SNAT_ALIASES=No is assumed.</para>
|
||||||
|
|
||||||
|
<warning>
|
||||||
|
<para>Addresses added by ADD_SNAT_ALIASES=Yes are deleted and
|
||||||
|
re-added during <command>shorewall restart</command>. As a
|
||||||
|
consequence, all connections using those addresses are
|
||||||
|
severed.</para>
|
||||||
|
</warning>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
|||||||
@ -15,7 +15,7 @@
|
|||||||
</author>
|
</author>
|
||||||
</authorgroup>
|
</authorgroup>
|
||||||
|
|
||||||
<pubdate>2005-09-03</pubdate>
|
<pubdate>2005-09-29</pubdate>
|
||||||
|
|
||||||
<copyright>
|
<copyright>
|
||||||
<year>2001-2005</year>
|
<year>2001-2005</year>
|
||||||
@ -190,11 +190,19 @@ eth0 eth1 206.124.146.178</programlisting>
|
|||||||
|
|
||||||
<para>Shorewall can create the alias (additional address) for you if you
|
<para>Shorewall can create the alias (additional address) for you if you
|
||||||
set ADD_SNAT_ALIASES=Yes in
|
set ADD_SNAT_ALIASES=Yes in
|
||||||
<filename>/etc/shorewall/shorewall.con</filename>f. Beginning with
|
<filename>/etc/shorewall/shorewall.con</filename>f.</para>
|
||||||
Shorewall 1.3.14, Shorewall can actually create the <quote>label</quote>
|
|
||||||
(virtual interface) so that you can see the created address using
|
<warning>
|
||||||
ifconfig. In addition to setting ADD_SNAT_ALIASES=Yes, you specify the
|
<para>Addresses added by ADD_SNAT_ALIASES=Yes are deleted and re-added
|
||||||
virtual interface name in the INTERFACE column as follows.</para>
|
during <command>shorewall restart</command>. As a consequence, all
|
||||||
|
connections using those addresses are severed.</para>
|
||||||
|
</warning>
|
||||||
|
|
||||||
|
<para>Beginning with Shorewall 1.3.14, Shorewall can actually create the
|
||||||
|
<quote>label</quote> (virtual interface) so that you can see the created
|
||||||
|
address using ifconfig. In addition to setting ADD_SNAT_ALIASES=Yes, you
|
||||||
|
specify the virtual interface name in the INTERFACE column as
|
||||||
|
follows.</para>
|
||||||
|
|
||||||
<para><filename>/etc/shorewall/masq</filename><programlisting>#INTERFACE SUBNET ADDRESS
|
<para><filename>/etc/shorewall/masq</filename><programlisting>#INTERFACE SUBNET ADDRESS
|
||||||
eth0:0 eth1 206.124.146.178</programlisting></para>
|
eth0:0 eth1 206.124.146.178</programlisting></para>
|
||||||
@ -227,11 +235,19 @@ eth0:2 = 206.124.146.180</programlisting>
|
|||||||
206.124.146.178 eth0 192.168.1.3 no no</programlisting>
|
206.124.146.178 eth0 192.168.1.3 no no</programlisting>
|
||||||
|
|
||||||
<para>Shorewall can create the alias (additional address) for you if you
|
<para>Shorewall can create the alias (additional address) for you if you
|
||||||
set ADD_IP_ALIASES=Yes in /etc/shorewall/shorewall.conf. Beginning with
|
set ADD_IP_ALIASES=Yes in /etc/shorewall/shorewall.conf.</para>
|
||||||
Shorewall 1.3.14, Shorewall can actually create the <quote>label</quote>
|
|
||||||
(virtual interface) so that you can see the created address using
|
<warning>
|
||||||
ifconfig. In addition to setting ADD_IP_ALIASES=Yes, you specify the
|
<para>Addresses added by ADD_IP_ALIASES=Yes are deleted and re-added
|
||||||
virtual interface name in the INTERFACE column as follows.</para>
|
during <command>shorewall restart</command>. As a consequence, all
|
||||||
|
connections using those addresses are severed.</para>
|
||||||
|
</warning>
|
||||||
|
|
||||||
|
<para>Beginning with Shorewall 1.3.14, Shorewall can actually create the
|
||||||
|
<quote>label</quote> (virtual interface) so that you can see the created
|
||||||
|
address using ifconfig. In addition to setting ADD_IP_ALIASES=Yes, you
|
||||||
|
specify the virtual interface name in the INTERFACE column as
|
||||||
|
follows.</para>
|
||||||
|
|
||||||
<para><filename>/etc/shorewall/nat</filename><programlisting>#EXTERNAL INTERFACE INTERNAL ALL INTERFACES LOCAL
|
<para><filename>/etc/shorewall/nat</filename><programlisting>#EXTERNAL INTERFACE INTERNAL ALL INTERFACES LOCAL
|
||||||
206.124.146.178 eth0:0 192.168.1.3 no no</programlisting></para>
|
206.124.146.178 eth0:0 192.168.1.3 no no</programlisting></para>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user