From 899bce13c312bafc16b880100f0b257c47b2f08e Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 27 Aug 2012 13:22:05 -0700 Subject: [PATCH] Some doc updates Signed-off-by: Tom Eastep --- docs/FAQ.xml | 9 ++++++--- docs/Shorewall_Squid_Usage.xml | 4 ++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/docs/FAQ.xml b/docs/FAQ.xml index 83bbe0d9c..b2840a4c2 100644 --- a/docs/FAQ.xml +++ b/docs/FAQ.xml @@ -1601,9 +1601,12 @@ teastep@ursa:~$ The first number determines the maximum log zones and look at the printed zone definitions) or the chain is FORWARD and the destination IP isn't in any of your defined zones. If the chain is FORWARD and the IN and OUT - interfaces are the same, then you probably need the routeback option on that interface in - /etc/shorewall/interfaces, + then you probably need the routeback option on that interface + in /etc/shorewall/interfaces , you need the routeback option in the relevant entry in diff --git a/docs/Shorewall_Squid_Usage.xml b/docs/Shorewall_Squid_Usage.xml index feccfebc4..49f0daad2 100644 --- a/docs/Shorewall_Squid_Usage.xml +++ b/docs/Shorewall_Squid_Usage.xml @@ -236,7 +236,7 @@ REDIRECT $FW 3128 tcp www - - Add this entry to your /etc/shorewall/providers file. #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS -Squid 1 202 - eth1 192.168.1.3 loose +Squid 1 202 - eth1 192.168.1.3 loose,notrack @@ -259,7 +259,7 @@ loc eth1 detect routeback On 192.168.1.3, arrange for the following command to be executed after networking has come up - iptables -t nat -A PREROUTING -i eth0 -d ! 192.168.1.3 -p tcp --dport 80 -j REDIRECT --to-ports 3128 + iptables -t nat -A PREROUTING -i eth0 ! -d 192.168.1.3 -p tcp --dport 80 -j REDIRECT --to-ports 3128 If you are running RedHat on the server, you can simply execute the following commands after you have typed the iptables