mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 06:10:42 +01:00
Add a FAQ
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4356 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
6f59b28ecd
commit
6842ce6432
50
docs/FAQ.xml
50
docs/FAQ.xml
@ -103,7 +103,7 @@
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<section id="PortForwarding">
|
||||
<title>Port Forwarding (Port Redirection)</title>
|
||||
|
||||
<section id="faq1">
|
||||
@ -605,6 +605,54 @@ to debug/develop the newnat interface.</programlisting></para>
|
||||
<section>
|
||||
<title>Open Ports</title>
|
||||
|
||||
<section id="faq0">
|
||||
<title>(FAQ 0) How do I Open Ports in Shorewall?</title>
|
||||
|
||||
<para><emphasis role="bold">Answer:</emphasis> No one who has installed
|
||||
Shorewall using one of the <ulink
|
||||
url="shorewall_quickstart_guide.htm">Quick Start Guides</ulink> should
|
||||
have to ask this question.</para>
|
||||
|
||||
<para>Regardless of which guide you used, all outbound communcation is
|
||||
open by default. So you do not need to 'open ports' for output.</para>
|
||||
|
||||
<para>For input:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>If you installed using the Standalone Guide, then please
|
||||
<ulink url="standalone.htm#id2499092">re-read this
|
||||
section</ulink>.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>If you installed using the Two-interface Guide, then please
|
||||
re-read these sections: <ulink
|
||||
url="two-interface.htm#id2499962">Port Forwarding (DNAT)</ulink>,
|
||||
and <ulink url="two-interface.htm#id2500428">Other
|
||||
Connections</ulink></para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>If you installed using the Three-interface Guide, then please
|
||||
re-read these sections: <ulink
|
||||
url="three-interface.htm#id2499698">Port Forwarding (DNAT)</ulink>
|
||||
and <ulink url="three-interface.htm#id2500224">Other
|
||||
Connections</ulink></para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>If you installed using the <ulink
|
||||
url="shorewall_setup_guide.htm">Shorewall Setup Guide</ulink> then
|
||||
you had better read the guide again -- you clearly missed a
|
||||
lot.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>Also please see the <link linkend="PortForwarding">Port Forwarding
|
||||
section of this FAQ</link>.</para>
|
||||
</section>
|
||||
|
||||
<section id="faq4">
|
||||
<title>(FAQ 4) I just used an online port scanner to check my firewall
|
||||
and it shows some ports as <quote>closed</quote> rather than
|
||||
|
@ -195,14 +195,15 @@
|
||||
|
||||
<para><filename>/etc/modprobe.conf.local</filename></para>
|
||||
|
||||
<para>See <ulink
|
||||
url="http://wiki.xensource.com/xenwiki/Assign_hardware_to_DomU_with_PCIBack_as_module">http://wiki.xensource.com/xenwiki/Assign_hardware_to_DomU_with_PCIBack_as_module</ulink>
|
||||
The SuSE 10.1 Xen kernel compiles pciback as a module. <filename
|
||||
class="devicefile">eth1</filename> (PCI 00:09.0) and <filename
|
||||
class="devicefile">eth2</filename> (PCI 00:0a.0) are delegated to the
|
||||
firewall DomU where they become <filename
|
||||
<para><filename class="devicefile">eth1</filename> (PCI 00:09.0) and
|
||||
<filename class="devicefile">eth2</filename> (PCI 00:0a.0) are
|
||||
delegated to the firewall DomU where they become <filename
|
||||
class="devicefile">eth3</filename> and <filename
|
||||
class="devicefile">eth4</filename> respectively.</para>
|
||||
class="devicefile">eth4</filename> respectively. The SuSE 10.1 Xen
|
||||
kernel compiles pciback as a module so the instructions for PCI
|
||||
delegation in the Xen Users Manual can't be followed directly (see
|
||||
<ulink
|
||||
url="http://wiki.xensource.com/xenwiki/Assign_hardware_to_DomU_with_PCIBack_as_module">http://wiki.xensource.com/xenwiki/Assign_hardware_to_DomU_with_PCIBack_as_module</ulink>).</para>
|
||||
|
||||
<programlisting>options pciback hide=(00:09.0)(00:0a.0)
|
||||
install tulip /sbin/modprobe pciback ; /sbin/modprobe --first-time --ignore-install tulip
|
||||
@ -217,7 +218,7 @@ options netloop nloopbacks=1</programlisting>
|
||||
name = "firewall"
|
||||
|
||||
# usable ram:
|
||||
memory = 256
|
||||
memory = 384
|
||||
|
||||
# kernel and initrd:
|
||||
kernel = "/xen2/vmlinuz-xen"
|
||||
@ -231,8 +232,6 @@ extra = "3"
|
||||
|
||||
# network interface:
|
||||
vif = [ 'mac=aa:cc:00:00:00:02, bridge=xenbr0', 'mac=aa:cc:00:00:00:03, bridge=xenbr1' ]
|
||||
dhcp = 'dhcp'
|
||||
hostname = name
|
||||
# Interfaces deletgated from Dom0
|
||||
pci=[ '00:09.0' , '00:0a.0' ]
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user