diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml
index f9d7aab98..5a0c568d2 100644
--- a/docs/MultiISP.xml
+++ b/docs/MultiISP.xml
@@ -1020,9 +1020,9 @@ gateway:~ #Note that because we used a priority of 1000, the
- You must specify a gateway IP address in the GATEWAY column of
- /etc/shorewall/providers; detect is
- not permitted.
+ You must specify a gateway IP address in the GATEWAY column
+ of /etc/shorewall/providers; detect is not permitted.
@@ -1080,14 +1080,16 @@ wireless 3 3 - wlan0 172.20.1.1 track,o
- 172.20.1.130 is specified as the eth0 IP address for both
+ 172.20.1.130 is specified as the eth0 IP address for both
providers.
- Both providers have the loose
- option. This prevents Shorewall from automatically generating
- routing rules based on the source IP address.
+ Both wired providers have the loose option. This prevents Shorewall from
+ automatically generating routing rules based on the source IP
+ address.
@@ -1099,6 +1101,16 @@ wireless 3 3 - wlan0 172.20.1.1 track,o
USE_DEFAULT_RT=Yes, it must be specified explicitly when loose is also specified.
+
+
+ The wireless provider is
+ never used when the laptop is connected to the wired network.
+
+
+
+ I use a different Shorewall configuration when I take the
+ laptop on the road.
+
Here is the route_rules file:#SOURCE DEST PROVIDER PRIORITY
@@ -1107,12 +1119,12 @@ wireless 3 3 - wlan0 172.20.1.1 track,o
- 206.124.146.180/32 avvanta 1000
Those rules direct traffic to the five static Avvanta IP addresses
- through the avvanta provider.
+ (only two are currently used) through the avvanta provider.
Here is the tcrules file (MARK_IN_FORWARD_CHAIN=No in
shorewall.conf):#MARK SOURCE DEST PROTO PORT(S) CLIENT USER TEST LENGTH TOS CONNBYTES HELPER
# PORT(S)
-2 $FW 206.124.146.176/31
2 $FW 0.0.0.0/0 tcp 21
2 $FW 0.0.0.0/0 tcp - - - - - - - ftp
2 $FW 0.0.0.0/0 tcp 119
@@ -1120,11 +1132,6 @@ wireless 3 3 - wlan0 172.20.1.1 track,o
These rules:
-
- Mark traffic from 206.124.146.176 and 206.124.146.177 to be
- associated with avvanta.
-
-
Use avvanta for FTP.
@@ -1140,17 +1147,11 @@ wireless 3 3 - wlan0 172.20.1.1 track,o
zones:#ZONE IPSEC OPTIONS IN OUT
# ONLY OPTIONS OPTIONS
fw firewall
-lan ipv4
net ipv4
kvm ipv4policy:net net NONE
-lan lan NONE
fw net ACCEPT
-fw lan ACCEPT
fw kvm ACCEPT
kvm all ACCEPT
-lan fw ACCEPT
-net lan NONE
-lan net NONE
net all DROP info
all all REJECT info
@@ -1158,16 +1159,18 @@ all all REJECT info
#
net eth0 detect dhcp,tcpflags,routefilter,blacklist,logmartians,optional,arp_ignore
net wlan0 detect dhcp,tcpflags,routefilter,blacklist,logmartians,optional
-lan tun0 detect optional #OpenVPN
kvm br0 detect routeback #Virtual Machines
- wlan0 is the wireless adapter in the notebook. Used when I'm
- not in the office.
+ wlan0 is the wireless
+ adapter in the notebook. Used when the laptop is in our home but not
+ connected to the wired network.
masq:#INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC
-tun0 192.168.0.0/24
eth0 192.168.0.0/24
-wlan0 192.168.0.0/24
+wlan0 192.168.0.0/24
+ Because the firewall has only a single external IP address, I
+ don't need to specify the providers in the masq rules.
+
diff --git a/docs/images/Network2008a.dia b/docs/images/Network2008a.dia
index 0c8b615d0..381610279 100644
Binary files a/docs/images/Network2008a.dia and b/docs/images/Network2008a.dia differ
diff --git a/docs/images/Network2008a.png b/docs/images/Network2008a.png
index 5685366ad..c2aafbfc5 100644
Binary files a/docs/images/Network2008a.png and b/docs/images/Network2008a.png differ