Add a FAQ

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4356 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-08 08:44:05 +01:00 · 2006-08-15 14:38:55 +00:00 · 2006-08-15 14:38:55 +00:00 · 6842ce6432
commit 6842ce6432
parent 6f59b28ecd
2 changed files with 58 additions and 11 deletions
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@ -103,7 +103,7 @@
    </section>
  </section>

-  <section>
+  <section id="PortForwarding">
    <title>Port Forwarding (Port Redirection)</title>

    <section id="faq1">
@ -605,6 +605,54 @@ to debug/develop the newnat interface.</programlisting></para>
  <section>
    <title>Open Ports</title>

+    <section id="faq0">
+      <title>(FAQ 0) How do I Open Ports in Shorewall?</title>
+
+      <para><emphasis role="bold">Answer:</emphasis> No one who has installed
+      Shorewall using one of the <ulink
+      url="shorewall_quickstart_guide.htm">Quick Start Guides</ulink> should
+      have to ask this question.</para>
+
+      <para>Regardless of which guide you used, all outbound communcation is
+      open by default. So you do not need to 'open ports' for output.</para>
+
+      <para>For input:</para>
+
+      <itemizedlist>
+        <listitem>
+          <para>If you installed using the Standalone Guide, then please
+          <ulink url="standalone.htm#id2499092">re-read this
+          section</ulink>.</para>
+        </listitem>
+
+        <listitem>
+          <para>If you installed using the Two-interface Guide, then please
+          re-read these sections: <ulink
+          url="two-interface.htm#id2499962">Port Forwarding (DNAT)</ulink>,
+          and <ulink url="two-interface.htm#id2500428">Other
+          Connections</ulink></para>
+        </listitem>
+
+        <listitem>
+          <para>If you installed using the Three-interface Guide, then please
+          re-read these sections: <ulink
+          url="three-interface.htm#id2499698">Port Forwarding (DNAT)</ulink>
+          and <ulink url="three-interface.htm#id2500224">Other
+          Connections</ulink></para>
+        </listitem>
+
+        <listitem>
+          <para>If you installed using the <ulink
+          url="shorewall_setup_guide.htm">Shorewall Setup Guide</ulink> then
+          you had better read the guide again -- you clearly missed a
+          lot.</para>
+        </listitem>
+      </itemizedlist>
+
+      <para>Also please see the <link linkend="PortForwarding">Port Forwarding
+      section of this FAQ</link>.</para>
+    </section>
+
    <section id="faq4">
      <title>(FAQ 4) I just used an online port scanner to check my firewall
      and it shows some ports as <quote>closed</quote> rather than
--- a/docs/XenMyWay.xml
+++ b/docs/XenMyWay.xml
@ -195,14 +195,15 @@

        <para><filename>/etc/modprobe.conf.local</filename></para>

-        <para>See <ulink
-        url="http://wiki.xensource.com/xenwiki/Assign_hardware_to_DomU_with_PCIBack_as_module">http://wiki.xensource.com/xenwiki/Assign_hardware_to_DomU_with_PCIBack_as_module</ulink>
-        The SuSE 10.1 Xen kernel compiles pciback as a module. <filename
-        class="devicefile">eth1</filename> (PCI 00:09.0) and <filename
-        class="devicefile">eth2</filename> (PCI 00:0a.0) are delegated to the
-        firewall DomU where they become <filename
+        <para><filename class="devicefile">eth1</filename> (PCI 00:09.0) and
+        <filename class="devicefile">eth2</filename> (PCI 00:0a.0) are
+        delegated to the firewall DomU where they become <filename
        class="devicefile">eth3</filename> and <filename
-        class="devicefile">eth4</filename> respectively.</para>
+        class="devicefile">eth4</filename> respectively. The SuSE 10.1 Xen
+        kernel compiles pciback as a module so the instructions for PCI
+        delegation in the Xen Users Manual can't be followed directly (see
+        <ulink
+        url="http://wiki.xensource.com/xenwiki/Assign_hardware_to_DomU_with_PCIBack_as_module">http://wiki.xensource.com/xenwiki/Assign_hardware_to_DomU_with_PCIBack_as_module</ulink>).</para>

        <programlisting>options pciback hide=(00:09.0)(00:0a.0)
 install tulip /sbin/modprobe pciback ; /sbin/modprobe --first-time --ignore-install tulip
@ -217,7 +218,7 @@ options netloop nloopbacks=1</programlisting>
 name     = "firewall"

 # usable ram:
-memory   = 256
+memory   = 384

 # kernel and initrd:
 kernel   = "/xen2/vmlinuz-xen"
@ -231,8 +232,6 @@ extra    = "3"

 # network interface:
 vif      = [ 'mac=aa:cc:00:00:00:02, bridge=xenbr0', 'mac=aa:cc:00:00:00:03, bridge=xenbr1' ]
-dhcp     = 'dhcp'
-hostname = name
 # Interfaces deletgated from Dom0
 pci=[ '00:09.0' , '00:0a.0' ]