extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 07:33:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Minor update to MultiISP doc

Browse Source
This commit is contained in:
Tom Eastep 2009-08-29 09:05:14 -07:00
parent 1ef00c547b
commit 84fab0ebda
1 changed files with 25 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
docs/MultiISP.xml
View File

@ -235,9 +235,22 @@
<listitem> <listitem>
<para>Use mark values &gt; 255 for provider marks in this <para>Use mark values &gt; 255 for provider marks in this
column. These mark values must be a multiple of 256 in the column. </para>
range 256-65280 (hex equivalent 0x100 - 0xFF00 with the
low-order 8 bits being zero).</para> <itemizedlist>
<listitem>
<para>These mark values must be a multiple of 256 in the
range 256-65280 (hex equivalent 0x100 - 0xFF00 with the
low-order 8 bits being zero); or</para>
</listitem>
<listitem>
<para>Set WIDE_TC_MARKS=Yes in <ulink
url="manpages/shorewall.conf.html">shorewall.conf
</ulink>(5) and use mark values in the range 0x10000 -
0xFF0000 with the low-order 16 bits being zero.</para>
</listitem>
</itemizedlist>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
@ -265,10 +278,10 @@
<listitem> <listitem>
<para>The name of the interface to the provider. Where multiple <para>The name of the interface to the provider. Where multiple
providers share the same interface (which is not recommended), you providers share the same interface, you must follow the name of
must follow the name of the interface by a colon (":") and the IP the interface by a colon (":") and the IP address assigned by this
address assigned by this provider (e.g., eth0:206.124.146.176). provider (e.g., eth0:206.124.146.176). See <link
See <link linkend="Shared">below</link> for additional linkend="Shared">below</link> for additional
considerations.</para> considerations.</para>
<para>The interface must have been previously defined in <ulink <para>The interface must have been previously defined in <ulink
@ -618,8 +631,9 @@
<listitem> <listitem>
<para>Once routing determines where the packet is to go, the <para>Once routing determines where the packet is to go, the
firewall (Shorewall) determines if the packet is allowed to go firewall (Shorewall) determines if the packet is allowed to go there
there.</para> and controls rewriting of the SOURCE IP address
(SNAT/MASQUERADE).</para>
</listitem> </listitem>
</orderedlist> </orderedlist>
@ -655,7 +669,7 @@ eth1 0.0.0.0/0 130.252.99.27</programlisting>
internal subnetwork.</para> internal subnetwork.</para>
<para>If you have multiple IP addresses on one of your interfaces, you <para>If you have multiple IP addresses on one of your interfaces, you
can use a similar technique -- simple exclude the smallest network that can use a similar technique -- simplY exclude the smallest network that
contains all of those addresses from being masqueraded.</para> contains all of those addresses from being masqueraded.</para>
<warning> <warning>
@ -1351,7 +1365,7 @@ fi</programlisting></para>
creates a secondary configuration file creates a secondary configuration file
(<filename>/etc/lsm/shorewall.conf</filename>) that contains the link (<filename>/etc/lsm/shorewall.conf</filename>) that contains the link
configurations. That file is included by configurations. That file is included by
<filename>/etc/lsm/lsm.conf</filename>.</para> <filename>/etc/lsm/lsm.conf</filename>.B</para>
<para>Below are my relevant configuration files.</para> <para>Below are my relevant configuration files.</para>