Initial checkin. Document is incomplete, getting to it tonight.

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@936 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-docs/two-interface.xml

@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!-- $Id$ -->
+<article id="two-interface">
+	<articleinfo>
+		<title>Basic Two-Interface Firewall</title>
+		<author>
+      <firstname>Tom</firstname>
+      <surname>Eastep</surname>
+		</author>
+    <pubdate>2003&#047;12&#047;24</pubdate>
+		<copyright>
+			<year>2003</year>
+			<holder>Thomas M. Eastep</holder>
+		</copyright>
+		<legalnotice>
+			<para>
+			Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with	no Invariant Sections, with no Front-Cover, and with no Back-Cover	Texts. A copy of the license is included in the section entitled <quote><ulink url="copyright.htm" type="">GNU Free Documentation License</ulink></quote>.
+			</para>
+		</legalnotice>
+	</articleinfo>
+	<section>
+		<title>Introduction</title>
+		<para>
+		Setting up a Linux system as a firewall for a small network is a fairly straight-forward task if you understand the basics and follow the documentation.
+		</para>
+		<para>
+		This guide doesn't attempt to acquaint you with all of the features of Shorewall. It rather focuses on what is required to configure Shorewall in its most common configuration:
+		</para>
+		<itemizedlist mark="bullet" spacing="compact">
+			<listitem>
+				<para>
+				Linux system used as a firewall/router for a small local network.
+				</para>
+			</listitem>
+			<listitem>
+				<para>
+				<emphasis role="bold">Single public IP address.</emphasis> If you have more than one public IP address, this is not the guide you want -- see the <ulink url="shorewall_setup_guide.htm">Shorewall Setup Guide</ulink> instead.
+				</para>
+			</listitem>
+			<listitem>
+				<para>
+				Internet connection through cable modem, DSL, ISDN, Frame Relay, dial-up ...
+				</para>
+			</listitem>
+		</itemizedlist>
+		<para>
+		Here is a schematic of a typical installation:
+		</para>
+		<figure label="1">
+			<title>Common two interface firewall configuration</title>
+			<mediaobject>
+				<imageobject>
+					<imagedata fileref="images/basics.png" format="PNG" align="center" width="4in" />
+				</imageobject>
+			</mediaobject>
+		</figure>
+		<note>
+			<title>Shorewall and <trademark>Mandrake</trademark> 9.0&#043;</title>
+			<para>
+			If you are running Shorewall under <trademark>Mandrake</trademark> 9.0 or later, you can easily configure the above setup using the <trademark>Mandrake</trademark> <quote>Internet Connection Sharing</quote> applet. From the <emphasis><interface>Mandrake Control Center</interface></emphasis>, select <quote><guimenuitem>Network</guimenuitem> &#038; <guisubmenu>Internet</guisubmenu></quote> then <quote><interface>Connection Sharing</interface></quote>.
+			</para>
+			<para>
+			Note however, that the Shorewall configuration produced by <emphasis>Mandrake Internet Connection Sharing</emphasis> is strange and is apt to confuse you if you use the rest of this documentation (it has two local zones; <varname>loc</varname> and <varname>masq</varname> where <varname>loc</varname> is empty; this conflicts with this documentation which assumes a single local zone <varname>loc</varname>). We therefore recommend that once you have set up this sharing that you uninstall the <trademark>Mandrake</trademark> Shorewall RPM and install the one from the <ulink url="download.htm">download</ulink> page then follow the instructions in this Guide.
+			</para>
+		</note>
+		<para>
+		Shorewall requires that you have the <command>iproute</command>/<command>iproute2</command> package installed (on <trademark>RedHat</trademark>, the package is called <command>iproute</command>). You can tell if this package is installed by the presence of an <command>ip</command> program on your firewall system. As <literal>root</literal>, you can use the <command>which</command> command to check for this program:
+		<programlisting>
+[root@gateway root]# which ip
+/sbin/ip
+[root@gateway root]#
+		</programlisting>
+		I recommend that you first read through the guide to familiarize yourself with what's involved then go back through it again making your configuration changes.
+		</para>
+		<caution>
+			<para>
+			If you edit your configuration files on a <trademark>Windows</trademark> system, you must save them as <trademark>Unix</trademark> files if your editor supports that option or you must run them through <command>dos2unix</command> before trying to use them. Similarly, if you copy a configuration file from your <trademark>Windows</trademark> hard drive to a floppy disk, you must run <command>dos2unix</command> against the copy before using it with Shorewall.
+			<itemizedlist>
+				<listitem>
+					<para>
+						<ulink url="http://www.simtel.net/pub/pd/51438.html"><trademark>Windows</trademark> Version of <command>dos2unix</command></ulink>
+					</para>
+				</listitem>
+				<listitem>
+					<para>
+						<ulink url="http://www.megaloman.com/%7Ehany/software/hd2u/">Linux Version of <command>dos2unix</command></ulink>
+					</para>
+				</listitem>
+			</itemizedlist>
+			</para>
+		</caution>
+	</section>
+	<section>
+		<title>PPTP/ADSL</title>
+		<important>
+			<para>
+			If you have an <acronym>ADSL</acronym> Modem and you use <acronym>PPTP</acronym> to communicate with a server in that modem, you must make the changes recommended here in addition to those detailed below. <acronym>ADSL</acronym> with <acronym>PPTP</acronym> is most commonly found in Europe, notably in Austria.
+			</para>
+		</important>
+
+	</section>
+</article>