Some doc updates

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-08-27 13:22:05 -07:00
parent 3aca90811c
commit 899bce13c3
2 changed files with 8 additions and 5 deletions

View File

@ -1601,9 +1601,12 @@ teastep@ursa:~$ </programlisting>The first number determines the maximum log
zones</command></quote> and look at the printed zone definitions) zones</command></quote> and look at the printed zone definitions)
or the chain is FORWARD and the destination IP isn't in any of or the chain is FORWARD and the destination IP isn't in any of
your defined zones. If the chain is FORWARD and the IN and OUT your defined zones. If the chain is FORWARD and the IN and OUT
interfaces are the same, then you probably need the <emphasis interfaces are the same or they match the same wildcard entry in
role="bold">routeback</emphasis> option on that interface in <ulink
<filename> <ulink url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces</ulink>,
then you probably need the <emphasis
role="bold">routeback</emphasis> option on that interface
in<filename> <ulink
url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces</ulink> url="manpages/shorewall-interfaces.html">/etc/shorewall/interfaces</ulink>
</filename>, you need the <emphasis </filename>, you need the <emphasis
role="bold">routeback</emphasis> option in the relevant entry in role="bold">routeback</emphasis> option in the relevant entry in

View File

@ -236,7 +236,7 @@ REDIRECT $FW 3128 tcp www - -
<para>Add this entry to your /etc/shorewall/providers file.</para> <para>Add this entry to your /etc/shorewall/providers file.</para>
<programlisting>#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS <programlisting>#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
Squid 1 202 - eth1 192.168.1.3 loose</programlisting> Squid 1 202 - eth1 192.168.1.3 loose,notrack</programlisting>
</listitem> </listitem>
<listitem> <listitem>
@ -259,7 +259,7 @@ loc eth1 detect <emphasis role="bold">routeback</emphasis>
<para>On 192.168.1.3, arrange for the following command to be <para>On 192.168.1.3, arrange for the following command to be
executed after networking has come up</para> executed after networking has come up</para>
<programlisting><command>iptables -t nat -A PREROUTING -i eth0 -d ! 192.168.1.3 -p tcp --dport 80 -j REDIRECT --to-ports 3128</command> </programlisting> <programlisting><command>iptables -t nat -A PREROUTING -i eth0 ! -d 192.168.1.3 -p tcp --dport 80 -j REDIRECT --to-ports 3128</command> </programlisting>
<para>If you are running RedHat on the server, you can simply <para>If you are running RedHat on the server, you can simply
execute the following commands after you have typed the iptables execute the following commands after you have typed the iptables