Shorewall 1.3.7b

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@221 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

STABLE/documentation/IPIP.htm

@@ -42,7 +42,25 @@ parameter to the type of tunnel that you want to create.</p>
 <blockquote>
 <p align="left">tunnel_type=gre</p>
 </blockquote>
-<p align="left">On system A, the 10.0.0.0/8 will comprise the <b>gw</b> zone. In
+<p align="left">On each firewall, you will need to declare a zone to represent 
+the remote subnet. We'll assume that this zone is called 'vpn' and declare it in 
+/etc/shorewall/zones on both systems as follows.</p>
+<blockquote>
+    <table border="2" cellpadding="2" style="border-collapse: collapse">
+               <tr>
+              <td><strong>ZONE</strong></td>
+              <td><strong>DISPLAY</strong></td>
+              <td><strong>COMMENTS</strong></td>
+          </tr>
+          <tr>
+              <td>vpn</td>
+              <td>VPN</td>
+              <td>Remote Subnet</td>
+          </tr>
+                   
+    </table>
+ </blockquote>
+<p align="left">On system A, the 10.0.0.0/8 will comprise the <b>vpn</b> zone. In
 /etc/shorewall/interfaces:</p>
 <blockquote>
   <table border="2" cellpadding="2" style="border-collapse: collapse">
@@ -53,7 +71,7 @@ parameter to the type of tunnel that you want to create.</p>
       <td><b>OPTIONS</b></td>
     </tr>
     <tr>
-      <td>gw</td>
+      <td>vpn</td>
       <td>tosysb</td>
       <td>10.255.255.255</td>
       <td>&nbsp;</td>
@@ -88,7 +106,7 @@ encapsulation protocol (4) will be accepted to/from the remote gateway.</p>
   gateway=134.28.54.2<br>
   subnet=10.0.0.0/8</p>
 </blockquote>
-<p>Similarly, On system B the 192.168.1.0/24 subnet will comprise the <b>gw</b>
+<p>Similarly, On system B the 192.168.1.0/24 subnet will comprise the <b>vpn</b>
 zone. In /etc/shorewall/interfaces:</p>
 <blockquote>
   <table border="2" cellpadding="2" style="border-collapse: collapse">
@@ -99,7 +117,7 @@ zone. In /etc/shorewall/interfaces:</p>
       <td><b>OPTIONS</b></td>
     </tr>
     <tr>
-      <td>gw</td>
+      <td>vpn</td>
       <td>tosysa</td>
       <td>192.168.1.255</td>
       <td>&nbsp;</td>
@@ -135,7 +153,7 @@ zone. In /etc/shorewall/interfaces:</p>
 <p>You can rename the modified tunnel scripts if you like; be sure that they are
 secured so that root can execute them.  </p>
                 
-      <p align="Left"> You will need to allow traffic between the &quot;gw&quot; zone and 
+      <p align="Left"> You will need to allow traffic between the &quot;vpn&quot; zone and 
       the &quot;loc&quot; zone on both systems -- if you simply want to admit all traffic 
       in both directions, you can use the policy file:</p>
                 
@@ -150,13 +168,13 @@ secured so that root can execute them.  </p>
           </tr>
           <tr>
               <td>loc</td>
-              <td>gw</td>
+              <td>vpn</td>
               <td>ACCEPT</td>
           <td>&nbsp;</td>
           </tr>
                    
           <tr>
-              <td>gw</td>
+              <td>vpn</td>
               <td>loc</td>
               <td>ACCEPT</td>
           <td>&nbsp;</td>
@@ -168,7 +186,7 @@ secured so that root can execute them.  </p>
 run the modified tunnel script with the &quot;start&quot; argument on each
 system. The systems in the two masqueraded subnetworks can now talk to each
 other</p>
-<p><font size="2">Updated 5/18/2002 - <a href="support.htm">Tom
+<p><font size="2">Updated 8/22/2002 - <a href="support.htm">Tom
 Eastep</a> </font></p>
 <p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> 
 <EFBFBD> <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></p>