Add warning about side effects of ADD_SNAT_ALIASES and ADD_IP_ALIASES

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2746 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-01-02 19:49:08 +01:00 · 2005-09-29 15:21:48 +00:00 · 2005-09-29 15:21:48 +00:00 · 5185a8a54a
commit 5185a8a54a
parent f1dadbd601
2 changed files with 42 additions and 12 deletions
--- a/Shorewall-docs2/Documentation.xml
+++ b/Shorewall-docs2/Documentation.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>

-    <pubdate>2005-09-12</pubdate>
+    <pubdate>2005-09-29</pubdate>

    <copyright>
      <year>2001-2005</year>
@ -3365,6 +3365,13 @@ LOGBURST=5</programlisting>

          <para>If this variable is not set or is given an empty value
          (ADD_IP_ALIASES="") then ADD_IP_ALIASES=Yes is assumed.</para>
+
+          <warning>
+            <para>Addresses added by ADD_IP_ALIASES=Yes are deleted and
+            re-added during <command>shorewall restart</command>. As a
+            consequence, all connections using those addresses are
+            severed.</para>
+          </warning>
        </listitem>
      </varlistentry>

@ -3382,6 +3389,13 @@ LOGBURST=5</programlisting>

          <para>If this variable is not set or is given an empty value
          (ADD_SNAT_ALIASES="") then ADD_SNAT_ALIASES=No is assumed.</para>
+
+          <warning>
+            <para>Addresses added by ADD_SNAT_ALIASES=Yes are deleted and
+            re-added during <command>shorewall restart</command>. As a
+            consequence, all connections using those addresses are
+            severed.</para>
+          </warning>
        </listitem>
      </varlistentry>

--- a/Shorewall-docs2/Shorewall_and_Aliased_Interfaces.xml
+++ b/Shorewall-docs2/Shorewall_and_Aliased_Interfaces.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>

-    <pubdate>2005-09-03</pubdate>
+    <pubdate>2005-09-29</pubdate>

    <copyright>
      <year>2001-2005</year>
@ -190,11 +190,19 @@ eth0                   eth1            206.124.146.178</programlisting>

      <para>Shorewall can create the alias (additional address) for you if you
      set ADD_SNAT_ALIASES=Yes in
-      <filename>/etc/shorewall/shorewall.con</filename>f. Beginning with
-      Shorewall 1.3.14, Shorewall can actually create the <quote>label</quote>
-      (virtual interface) so that you can see the created address using
-      ifconfig. In addition to setting ADD_SNAT_ALIASES=Yes, you specify the
-      virtual interface name in the INTERFACE column as follows.</para>
+      <filename>/etc/shorewall/shorewall.con</filename>f.</para>
+
+      <warning>
+        <para>Addresses added by ADD_SNAT_ALIASES=Yes are deleted and re-added
+        during <command>shorewall restart</command>. As a consequence, all
+        connections using those addresses are severed.</para>
+      </warning>
+
+      <para>Beginning with Shorewall 1.3.14, Shorewall can actually create the
+      <quote>label</quote> (virtual interface) so that you can see the created
+      address using ifconfig. In addition to setting ADD_SNAT_ALIASES=Yes, you
+      specify the virtual interface name in the INTERFACE column as
+      follows.</para>

      <para><filename>/etc/shorewall/masq</filename><programlisting>#INTERFACE              SUBNET         ADDRESS
 eth0:0                  eth1           206.124.146.178</programlisting></para>
@ -227,11 +235,19 @@ eth0:2 = 206.124.146.180</programlisting>
 206.124.146.178    eth0              192.168.1.3  no                no</programlisting>

      <para>Shorewall can create the alias (additional address) for you if you
-      set ADD_IP_ALIASES=Yes in /etc/shorewall/shorewall.conf. Beginning with
-      Shorewall 1.3.14, Shorewall can actually create the <quote>label</quote>
-      (virtual interface) so that you can see the created address using
-      ifconfig. In addition to setting ADD_IP_ALIASES=Yes, you specify the
-      virtual interface name in the INTERFACE column as follows.</para>
+      set ADD_IP_ALIASES=Yes in /etc/shorewall/shorewall.conf.</para>
+
+      <warning>
+        <para>Addresses added by ADD_IP_ALIASES=Yes are deleted and re-added
+        during <command>shorewall restart</command>. As a consequence, all
+        connections using those addresses are severed.</para>
+      </warning>
+
+      <para>Beginning with Shorewall 1.3.14, Shorewall can actually create the
+      <quote>label</quote> (virtual interface) so that you can see the created
+      address using ifconfig. In addition to setting ADD_IP_ALIASES=Yes, you
+      specify the virtual interface name in the INTERFACE column as
+      follows.</para>

      <para><filename>/etc/shorewall/nat</filename><programlisting>#EXTERNAL          INTERFACE         INTERNAL     ALL INTERFACES    LOCAL
 206.124.146.178    eth0:0            192.168.1.3  no                no</programlisting></para>