mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-08 08:44:05 +01:00
correct name is now "SUSE" instead of "SuSE",
(of course word replacement was automatized ) git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3060 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
bc9f5bd790
commit
68f7ce57a5
@ -871,7 +871,7 @@ LOGBURST=""</programlisting>
|
|||||||
</tip>
|
</tip>
|
||||||
|
|
||||||
<tip>
|
<tip>
|
||||||
<para>Under SuSE, add <quote>-c 5</quote> to KLOGD_PARAMS in
|
<para>Under SUSE, add <quote>-c 5</quote> to KLOGD_PARAMS in
|
||||||
/etc/sysconfig/syslog to suppress info (log level 6) messages on the
|
/etc/sysconfig/syslog to suppress info (log level 6) messages on the
|
||||||
console.</para>
|
console.</para>
|
||||||
</tip>
|
</tip>
|
||||||
|
@ -53,7 +53,7 @@
|
|||||||
iptables must include the Netfilter+ipsec patches and policy match
|
iptables must include the Netfilter+ipsec patches and policy match
|
||||||
support. The Netfilter patches are available from Netfilter
|
support. The Netfilter patches are available from Netfilter
|
||||||
Patch-O-Matic-NG and are also included in some commercial distributions
|
Patch-O-Matic-NG and are also included in some commercial distributions
|
||||||
(most notably <trademark>SuSE</trademark> 9.1 through 9.3).</para>
|
(most notably <trademark>SUSE</trademark> 9.1 through 9.3).</para>
|
||||||
</warning>
|
</warning>
|
||||||
|
|
||||||
<important>
|
<important>
|
||||||
@ -97,7 +97,7 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>The ipsec-tools 0.5 rpm from SuSE 9.3.</para>
|
<para>The ipsec-tools 0.5 rpm from SUSE 9.3.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
@ -52,7 +52,7 @@
|
|||||||
implementation of IPSEC. Until that implementation is complete, only a
|
implementation of IPSEC. Until that implementation is complete, only a
|
||||||
simple network-network tunnel is described for 2.6.</para>
|
simple network-network tunnel is described for 2.6.</para>
|
||||||
|
|
||||||
<para>UPDATE: Some distributions such as <trademark>SuSE</trademark> are
|
<para>UPDATE: Some distributions such as <trademark>SUSE</trademark> are
|
||||||
now shipping Kernels and iptables with the IPSEC-Netfilter patches and
|
now shipping Kernels and iptables with the IPSEC-Netfilter patches and
|
||||||
policy match support. Check <ulink url="IPSEC-2.6.html">this
|
policy match support. Check <ulink url="IPSEC-2.6.html">this
|
||||||
article</ulink> for information concerning this support and
|
article</ulink> for information concerning this support and
|
||||||
|
@ -78,7 +78,7 @@
|
|||||||
|
|
||||||
<para>The standard RPM package from shorewall.net and the mirrors is
|
<para>The standard RPM package from shorewall.net and the mirrors is
|
||||||
known to work with <emphasis
|
known to work with <emphasis
|
||||||
role="bold"><trademark>SuSE</trademark></emphasis>, <emphasis
|
role="bold"><trademark>SUSE</trademark></emphasis>, <emphasis
|
||||||
role="bold"><trademark>Power PPC</trademark></emphasis>, <emphasis
|
role="bold"><trademark>Power PPC</trademark></emphasis>, <emphasis
|
||||||
role="bold"><trademark>Trustix</trademark></emphasis> and <emphasis
|
role="bold"><trademark>Trustix</trademark></emphasis> and <emphasis
|
||||||
role="bold"><trademark>TurboLinux</trademark></emphasis>. There is
|
role="bold"><trademark>TurboLinux</trademark></emphasis>. There is
|
||||||
@ -110,7 +110,7 @@
|
|||||||
</caution>
|
</caution>
|
||||||
|
|
||||||
<note>
|
<note>
|
||||||
<para>Some SuSE users have encountered a problem whereby rpm reports
|
<para>Some SUSE users have encountered a problem whereby rpm reports
|
||||||
a conflict with kernel <= 2.2 even though a 2.4 kernel is
|
a conflict with kernel <= 2.2 even though a 2.4 kernel is
|
||||||
installed. If this happens, simply use the --nodeps option to
|
installed. If this happens, simply use the --nodeps option to
|
||||||
rpm.</para>
|
rpm.</para>
|
||||||
@ -310,7 +310,7 @@
|
|||||||
<programlisting><command>rpm -Uvh <shorewall rpm file></command></programlisting>
|
<programlisting><command>rpm -Uvh <shorewall rpm file></command></programlisting>
|
||||||
|
|
||||||
<note>
|
<note>
|
||||||
<para>Some SuSE users have encountered a problem whereby rpm reports
|
<para>Some SUSE users have encountered a problem whereby rpm reports
|
||||||
a conflict with kernel <= 2.2 even though a 2.4 kernel is
|
a conflict with kernel <= 2.2 even though a 2.4 kernel is
|
||||||
installed. If this happens, simply use the --nodeps option to
|
installed. If this happens, simply use the --nodeps option to
|
||||||
rpm.</para>
|
rpm.</para>
|
||||||
|
@ -72,7 +72,7 @@
|
|||||||
the <ulink url="IPSEC.htm">Shorewall IPSEC documentation</ulink>
|
the <ulink url="IPSEC.htm">Shorewall IPSEC documentation</ulink>
|
||||||
(Shorewall support for IPSEC with unpatched 2.6 kernels is very limited).
|
(Shorewall support for IPSEC with unpatched 2.6 kernels is very limited).
|
||||||
For patched 2.6 kernels (including those supplied with
|
For patched 2.6 kernels (including those supplied with
|
||||||
<trademark>SuSE</trademark> 9.2) see the <ulink
|
<trademark>SUSE</trademark> 9.2) see the <ulink
|
||||||
url="IPSEC-2.6.html">Kernel 2.6 IPSEC documentation</ulink>.</para>
|
url="IPSEC-2.6.html">Kernel 2.6 IPSEC documentation</ulink>.</para>
|
||||||
</section>
|
</section>
|
||||||
</article>
|
</article>
|
@ -444,8 +444,8 @@ verb 3</programlisting>
|
|||||||
<graphic fileref="images/network3.png" />
|
<graphic fileref="images/network3.png" />
|
||||||
|
|
||||||
<para>The Wireless network is in the lower right of the diagram and
|
<para>The Wireless network is in the lower right of the diagram and
|
||||||
consists of two laptops: Eastepnc6000 (Dual Boot Windows XP - SP1, SuSE
|
consists of two laptops: Eastepnc6000 (Dual Boot Windows XP - SP1, SUSE
|
||||||
10.0) and Tipper (SuSE 10.0). We use OpenVPN to bridge those two laptops
|
10.0) and Tipper (SUSE 10.0). We use OpenVPN to bridge those two laptops
|
||||||
with the local LAN shown in the lower left hand corner. The laptops are
|
with the local LAN shown in the lower left hand corner. The laptops are
|
||||||
configured with addresses in the 192.168.3.0/24 network connected to the
|
configured with addresses in the 192.168.3.0/24 network connected to the
|
||||||
firewall's <filename class="devicefile">eth0</filename> interface which
|
firewall's <filename class="devicefile">eth0</filename> interface which
|
||||||
@ -613,7 +613,7 @@ verb 3</programlisting>
|
|||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Eastepnc6000 (SuSE10.0) Configuration</title>
|
<title>Eastepnc6000 (SUSE10.0) Configuration</title>
|
||||||
|
|
||||||
<para>The configuration is the same as shown above only with "/Program
|
<para>The configuration is the same as shown above only with "/Program
|
||||||
Files/OpenVPN" replaced with "/etc/openvpn" (I love OpenVPN).</para>
|
Files/OpenVPN" replaced with "/etc/openvpn" (I love OpenVPN).</para>
|
||||||
|
@ -157,8 +157,8 @@ ACCEPT net loc:130.252.100.19 tcp 80</programlisting>
|
|||||||
gateway:~#</programlisting>
|
gateway:~#</programlisting>
|
||||||
|
|
||||||
<para>Note in particular that there is no broadcast address. Here is an
|
<para>Note in particular that there is no broadcast address. Here is an
|
||||||
<filename>ifcfg-eth-id-00:a0:cc:d1:db:12</filename> file from SuSE that
|
<filename>ifcfg-eth-id-00:a0:cc:d1:db:12</filename> file from SUSE that
|
||||||
produces this result (Note: SuSE ties the configuration file to the card
|
produces this result (Note: SUSE ties the configuration file to the card
|
||||||
by embedding the card's MAC address in the file name):</para>
|
by embedding the card's MAC address in the file name):</para>
|
||||||
|
|
||||||
<programlisting>BOOTPROTO='static'
|
<programlisting>BOOTPROTO='static'
|
||||||
|
@ -63,7 +63,7 @@
|
|||||||
|
|
||||||
<tip>
|
<tip>
|
||||||
<para>There are ftwall init scripts for use with
|
<para>There are ftwall init scripts for use with
|
||||||
<trademark>SuSE</trademark> and <trademark>Debian</trademark> Linux at
|
<trademark>SUSE</trademark> and <trademark>Debian</trademark> Linux at
|
||||||
<ulink
|
<ulink
|
||||||
url="http://shorewall.net/pub/shorewall/contrib/ftwall">http://shorewall.net/pub/shorewall/contrib/ftwall</ulink>.</para>
|
url="http://shorewall.net/pub/shorewall/contrib/ftwall">http://shorewall.net/pub/shorewall/contrib/ftwall</ulink>.</para>
|
||||||
</tip>
|
</tip>
|
||||||
|
@ -212,7 +212,7 @@ iface br0 inet static
|
|||||||
|
|
||||||
<para>The bridge may have its IP address assigned via DHCP. Here's an
|
<para>The bridge may have its IP address assigned via DHCP. Here's an
|
||||||
example of an /etc/sysconfig/network/ifcfg-br0 file from a
|
example of an /etc/sysconfig/network/ifcfg-br0 file from a
|
||||||
<trademark>SuSE</trademark> system:</para>
|
<trademark>SUSE</trademark> system:</para>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<programlisting>BOOTPROTO='dhcp'
|
<programlisting>BOOTPROTO='dhcp'
|
||||||
@ -232,7 +232,7 @@ BOOTPROTO=dhcp
|
|||||||
ONBOOT=yes</programlisting>
|
ONBOOT=yes</programlisting>
|
||||||
</blockquote>
|
</blockquote>
|
||||||
|
|
||||||
<para>On both the SuSE and Mandrake systems, a separate script is required
|
<para>On both the SUSE and Mandrake systems, a separate script is required
|
||||||
to configure the bridge itself.</para>
|
to configure the bridge itself.</para>
|
||||||
|
|
||||||
<para>Here are scripts that I used on a <trademark>Suse</trademark> 9.1
|
<para>Here are scripts that I used on a <trademark>Suse</trademark> 9.1
|
||||||
|
@ -611,7 +611,7 @@ DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
|
|||||||
behavior in which the identity of network interfaces varies from boot to
|
behavior in which the identity of network interfaces varies from boot to
|
||||||
boot (what is <filename class="devicefile">eth0</filename> after one boot
|
boot (what is <filename class="devicefile">eth0</filename> after one boot
|
||||||
may be <filename class="devicefile">eth1</filename> after the next).
|
may be <filename class="devicefile">eth1</filename> after the next).
|
||||||
<trademark>SuSE</trademark> users, for example, can take the following
|
<trademark>SUSE</trademark> users, for example, can take the following
|
||||||
approach:</para>
|
approach:</para>
|
||||||
|
|
||||||
<programlisting>wookie:~ # lspci
|
<programlisting>wookie:~ # lspci
|
||||||
|
@ -69,20 +69,20 @@
|
|||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>I use one-to-one NAT for <emphasis>"Ursa"</emphasis> (my
|
<para>I use one-to-one NAT for <emphasis>"Ursa"</emphasis> (my
|
||||||
personal system that run SuSE 10.0) - Internal address 192.168.1.5 and
|
personal system that run SUSE 10.0) - Internal address 192.168.1.5 and
|
||||||
external address 206.124.146.178.</para>
|
external address 206.124.146.178.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>I use one-to-one NAT for <emphasis>"Eastepnc6000</emphasis>" (My
|
<para>I use one-to-one NAT for <emphasis>"Eastepnc6000</emphasis>" (My
|
||||||
work system -- Windows XP SP1/SuSE 10.0). Internal address 192.168.1.6
|
work system -- Windows XP SP1/SUSE 10.0). Internal address 192.168.1.6
|
||||||
and external address 206.124.146.180.</para>
|
and external address 206.124.146.180.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>I use SNAT through 206.124.146.179 for my Wife's Windows XP
|
<para>I use SNAT through 206.124.146.179 for my Wife's Windows XP
|
||||||
system <quote><emphasis>Tarry</emphasis></quote>, my <firstterm>crash
|
system <quote><emphasis>Tarry</emphasis></quote>, my <firstterm>crash
|
||||||
and burn</firstterm> system "<emphasis>Wookie</emphasis>", our SuSE
|
and burn</firstterm> system "<emphasis>Wookie</emphasis>", our SUSE
|
||||||
10.0 laptop <quote><emphasis>Tipper</emphasis></quote> which connects
|
10.0 laptop <quote><emphasis>Tipper</emphasis></quote> which connects
|
||||||
through the Wireless Access Point (wap) via a Wireless Bridge (wet),
|
through the Wireless Access Point (wap) via a Wireless Bridge (wet),
|
||||||
and my work laptop (<emphasis>eastepnc6000</emphasis>) when it is not
|
and my work laptop (<emphasis>eastepnc6000</emphasis>) when it is not
|
||||||
@ -465,7 +465,7 @@ DROP Wifi net:16.0.0.0/8
|
|||||||
DROP loc:!192.168.0.0/22 fw # Silently drop traffic with an HP source IP from my XP box
|
DROP loc:!192.168.0.0/22 fw # Silently drop traffic with an HP source IP from my XP box
|
||||||
ACCEPT loc fw tcp ssh,time,631,8080
|
ACCEPT loc fw tcp ssh,time,631,8080
|
||||||
ACCEPT loc fw udp 161,ntp,631
|
ACCEPT loc fw udp 161,ntp,631
|
||||||
DROP loc fw tcp 3185 #SuSE Meta pppd
|
DROP loc fw tcp 3185 #SUSE Meta pppd
|
||||||
Ping/ACCEPT loc fw
|
Ping/ACCEPT loc fw
|
||||||
###############################################################################################################################################################################
|
###############################################################################################################################################################################
|
||||||
# Roadwarriors to Firewall
|
# Roadwarriors to Firewall
|
||||||
|
@ -52,7 +52,7 @@
|
|||||||
<attribution>ES, Phoenix AZ, USA</attribution>
|
<attribution>ES, Phoenix AZ, USA</attribution>
|
||||||
|
|
||||||
<para><emphasis>I have fought with IPtables for untold hours. First I
|
<para><emphasis>I have fought with IPtables for untold hours. First I
|
||||||
tried the SuSE firewall, which worked for 80% of what I needed. Then
|
tried the SUSE firewall, which worked for 80% of what I needed. Then
|
||||||
gShield, which also worked for 80%. Then I set out to write my own
|
gShield, which also worked for 80%. Then I set out to write my own
|
||||||
IPtables parser in shell and awk, which was a lot of fun but never got
|
IPtables parser in shell and awk, which was a lot of fun but never got
|
||||||
me past the <quote>hey, cool</quote> stage. Then I discovered Shorewall.
|
me past the <quote>hey, cool</quote> stage. Then I discovered Shorewall.
|
||||||
@ -141,7 +141,7 @@
|
|||||||
<attribution>SM, Germany</attribution>
|
<attribution>SM, Germany</attribution>
|
||||||
|
|
||||||
<para><emphasis>one time more to report, that your great shorewall in
|
<para><emphasis>one time more to report, that your great shorewall in
|
||||||
the latest release 1.2.9 is working fine for me with SuSE Linux 7.3! I
|
the latest release 1.2.9 is working fine for me with SUSE Linux 7.3! I
|
||||||
now have 7 machines up and running with shorewall on several versions -
|
now have 7 machines up and running with shorewall on several versions -
|
||||||
starting with 1.2.2 up to the new 1.2.9 and I never have encountered any
|
starting with 1.2.2 up to the new 1.2.9 and I never have encountered any
|
||||||
problems!</emphasis></para>
|
problems!</emphasis></para>
|
||||||
|
Loading…
Reference in New Issue
Block a user