Some doc updates

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-12-19 12:50:57 +01:00 · 2012-08-27 13:22:05 -07:00 · 2012-08-27 13:22:05 -07:00 · 899bce13c3
commit 899bce13c3
parent 3aca90811c
2 changed files with 8 additions and 5 deletions
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@ -1601,9 +1601,12 @@ teastep@ursa:~$ </programlisting>The first number determines the maximum log
            zones</command></quote> and look at the printed zone definitions)
            or the chain is FORWARD and the destination IP isn't in any of
            your defined zones. If the chain is FORWARD and the IN and OUT
-            interfaces are the same, then you probably need the <emphasis
-            role="bold">routeback</emphasis> option on that interface in
-            <filename> <ulink
+            interfaces are the same or they match the same wildcard entry in
+            <ulink
+            url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces</ulink>,
+            then you probably need the <emphasis
+            role="bold">routeback</emphasis> option on that interface
+            in<filename> <ulink
            url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces</ulink>
            </filename>, you need the <emphasis
            role="bold">routeback</emphasis> option in the relevant entry in
--- a/docs/Shorewall_Squid_Usage.xml
+++ b/docs/Shorewall_Squid_Usage.xml
@ -236,7 +236,7 @@ REDIRECT  $FW        3128     tcp      www              -          -
          <para>Add this entry to your /etc/shorewall/providers file.</para>

          <programlisting>#NAME   NUMBER  MARK    DUPLICATE       INTERFACE       GATEWAY         OPTIONS
-Squid   1       202     -               eth1            192.168.1.3     loose</programlisting>
+Squid   1       202     -               eth1            192.168.1.3     loose,notrack</programlisting>
        </listitem>

        <listitem>
@ -259,7 +259,7 @@ loc     eth1         detect       <emphasis role="bold">routeback</emphasis>
          <para>On 192.168.1.3, arrange for the following command to be
          executed after networking has come up</para>

-          <programlisting><command>iptables -t nat -A PREROUTING -i eth0 -d ! 192.168.1.3 -p tcp --dport 80 -j REDIRECT --to-ports 3128</command>          </programlisting>
+          <programlisting><command>iptables -t nat -A PREROUTING -i eth0 ! -d 192.168.1.3 -p tcp --dport 80 -j REDIRECT --to-ports 3128</command>          </programlisting>

          <para>If you are running RedHat on the server, you can simply
          execute the following commands after you have typed the iptables