Some documentation updates

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2380 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-docs2/FAQ.xml

@@ -17,7 +17,7 @@
       </author>
     </authorgroup>
 
-    <pubdate>2005-06-01</pubdate>
+    <pubdate>2005-07-19</pubdate>
 
     <copyright>
       <year>2001-2005</year>
@@ -1273,8 +1273,9 @@ LOGBURST=""</programlisting>
         <para>Anyone with two Internet connections MUST read and understand
         <ulink url="Shorewall_and_Routing.html">this article on Shorewall and
         Routing</ulink>. If you don't, you will be completely lost trying to
-        make this work. And that article should be all that you need if you
-        are running Shorewall 2.3.2 or later.</para>
+        make this work. And <emphasis role="bold">that article should be all
+        that you need if you are running Shorewall 2.3.2 or
+        later</emphasis>.</para>
       </important>
 
       <para>Setting this up in Shorewall is easy; setting up the routing is a
@@ -1304,6 +1305,11 @@ net        net            DROP</programlisting>
 eth0             eth2
 eth1             eth2</programlisting>
 
+      <para>Again, if you are running Shorewall 2.3.2 or later, please see
+      <ulink url="Shorewall_and_Routing.html">this article</ulink> for
+      instructions for setting up the routing. Otherwise, follow the
+      instructions that follow.</para>
+
       <para>There was an article in SysAdmin covering the topic of setting up
       routing for this configuration. It may be found at <ulink
       url="http://www.samag.com/documents/s=1824/sam0201h/">http://www.samag.com/documents/s=1824/sam0201h/</ulink>.</para>
@@ -1498,6 +1504,34 @@ ip route add 127.0.0.0/8 dev lo table T2</programlisting>
         </citetitle></para>
       </sidebar>
     </section>
+
+    <section id="faq49">
+      <title>(FAQ 49) When I start Shorewall, my routing table gets blown
+      away. Why does Shorewall do that?</title>
+
+      <para><emphasis role="bold">Answer</emphasis>: This is usually the
+      consequence of a one-to-one nat configuration blunder:</para>
+
+      <orderedlist>
+        <listitem>
+          <para>Specifying the primary IP address for an interface in the
+          EXTERNAL column of <filename>/etc/shorewall/nat</filename> even
+          though the documentation (and the comments in the file) warn you not
+          to do that.</para>
+        </listitem>
+
+        <listitem>
+          <para>Specifying ADD_IP_ALIASES=Yes and RETAIN_ALIASES=No in
+          /etc/shorewall/shorewall.conf.</para>
+        </listitem>
+      </orderedlist>
+
+      <para>This combination causes Shorewall to delete the primary IP address
+      from the network interface specified in the INTERFACE column which
+      usually causes all routes out of that interface to be deleted. The
+      solution is to <emphasis role="bold">not specify the primary IP address
+      of an interface in the EXTERNAL column</emphasis>.</para>
+    </section>
   </section>
 
   <section>

Shorewall-docs2/Install.xml

@@ -15,7 +15,7 @@
       </author>
     </authorgroup>
 
-    <pubdate>2005-05-13</pubdate>
+    <pubdate>2005-07-15</pubdate>
 
     <copyright>
       <year>2001</year>
@@ -284,6 +284,40 @@ INIT="rc.firewall"</programlisting>
     <filename>/etc/default/shorewall</filename>.</para>
   </section>
 
+  <section>
+    <title>General Notes about Upgrading Shorewall</title>
+
+    <para>Most problems associated with upgrades come from two causes:</para>
+
+    <itemizedlist>
+      <listitem>
+        <para>The user didn't read and follow the migration considerations in
+        the release notes (these are also reproduced in the <ulink
+        url="upgrade_issues.htm">Shorewall Upgrade Issues</ulink>.</para>
+      </listitem>
+
+      <listitem>
+        <para>The user mis-handled the
+        <filename>/etc/shorewall/shorewall.conf</filename> file during
+        upgrade. Shorewall is designed to allow the default behavior of the
+        product to evolve over time. To make this possible, the design assumes
+        that <emphasis role="bold">you will not replace your current
+        shorewall.conf</emphasis> <emphasis role="bold">file during
+        upgrades</emphasis>. It is recommended that after you first install
+        Shorewall that you modify
+        <filename>/etc/shorewall/shorewall.conf</filename> so as to prevent
+        your package manager from overwriting it during subsequent upgrades
+        (since the addition of STARTUP_ENABLED, such modification is assured
+        since you must manually change the setting of that option). If you
+        feel absolutely compelled to have the latest comments and options in
+        your shorewall.conf then you must proceed carefully. You should
+        determine which new options have been added and you must reset their
+        value (e.g. OPTION=""); otherwise, you will get different behavior
+        from what you expect.</para>
+      </listitem>
+    </itemizedlist>
+  </section>
+
   <section id="Upgrade_RPM">
     <title>Upgrade using RPM</title>
 

Shorewall-docs2/errata.xml

@@ -116,7 +116,6 @@
 
     <section>
       <title>Shorewall 2.0.17</title>
-
       <itemizedlist>
         <listitem>
           <para>Users specifying TCP_FLAGS_LOG_LEVEL=ULOG will find that
@@ -531,4 +530,4 @@ c2fe0acc7f056acb56d089cf8dafa39a &nbsp;shorwall-2.0.10.lrp</programlisting>
       kernels.</para>
     </note>
   </section>
-</article>
+</article>

Shorewall-docs2/standalone.xml

@@ -15,10 +15,10 @@
       </author>
     </authorgroup>
 
-    <pubdate>2004-10-27</pubdate>
+    <pubdate>2005-07-12</pubdate>
 
     <copyright>
-      <year>2002-2004</year>
+      <year>2002-2005</year>
 
       <holder>Thomas M. Eastep</holder>
     </copyright>
@@ -293,14 +293,10 @@ all            all                REJECT   info</programlisting>
     </tip>
 
     <tip>
-      <para>If you specify <emphasis>norfc1918</emphasis> for your external
+      <para>If you specify <emphasis>nobogons</emphasis> for your external
       interface, you will want to check the <ulink url="errata.htm">Shorewall
       Errata</ulink> periodically for updates to the
-      <filename>/usr/share/shorewall/rfc1918 file</filename>. Alternatively,
-      you can copy <filename>/usr/share/shorewall/rfc1918</filename> to
-      <filename>/etc/shorewall/rfc1918</filename> then <ulink
-      url="myfiles.htm#RFC1918">strip down your
-      <filename>/etc/shorewall/rfc1918</filename> file as I do</ulink>.</para>
+      <filename>/usr/share/shorewall/bogons file</filename>.</para>
     </tip>
   </section>
 
@@ -457,6 +453,16 @@ AllowSSH  net       fw            </programlisting>
     <title>Revision History</title>
 
     <para><revhistory>
+        <revision>
+          <revnumber>1.8</revnumber>
+
+          <date>2005-07-12</date>
+
+          <authorinitials>TE</authorinitials>
+
+          <revremark>Change reference to rfc1918 to bogons.</revremark>
+        </revision>
+
         <revision>
           <revnumber>1.7</revnumber>
 

Shorewall-docs2/support.xml

@@ -15,7 +15,7 @@
       </author>
     </authorgroup>
 
-    <pubdate>2005-07-08</pubdate>
+    <pubdate>2005-07-19</pubdate>
 
     <copyright>
       <year>2001-2005</year>
@@ -367,6 +367,9 @@ Counters reset Sat Apr 16 17:35:06 PDT 2005
     list</ulink>. <emphasis role="bold">IMPORTANT</emphasis>: You must
     subscribe to the list before you will be able to post to it (see link
     below).</para>
+
+    <para>For <emphasis role="bold">quick questions</emphasis>, there is also
+    a #shorewall channel at irc.freenode.net.</para>
   </section>
 
   <section>