diff --git a/Shorewall-docs2/FAQ.xml b/Shorewall-docs2/FAQ.xml
index 53caeb45d..c93d4bd96 100644
--- a/Shorewall-docs2/FAQ.xml
+++ b/Shorewall-docs2/FAQ.xml
@@ -1784,7 +1784,8 @@ TOS=0x00 PREC=0x00 TTL=64 ID=26774 DF PROTO=TCP SPT=32797 DPT=80 WINDOW=5840 RES
- Add a zone for the modem in /etc/shorewall/zones:
+ Add a zone for the modem in
+ /etc/shorewall/zones:
#ZONE DISPLAY COMMENTS
modem ADSLModem Zone for modem
@@ -1793,7 +1794,8 @@ modem ADSLModem Zone for modem
Define the zone to be associated with eth0 (or whatever interface connects
- to your modem) in /etc/shorewall/interfaces:
+ to your modem) in
+ /etc/shorewall/interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
modem eth0 detect
@@ -1801,13 +1803,30 @@ modem eth0 detect
Allow web traffic to the modem in
- /etc/shorewall/rules:
+ /etc/shorewall/rules:
#ACTION SOURCE DEST PROTO DEST PORT(S)
ACCEPT fw modem tcp 80
ACCEPT loc modem tcp 80
+
+ Note that many of these ADSL/Cable Modems have no default
+ gateway or their default gateway is at a fixed IP address that is
+ different from the IP address you have assigned to your external
+ interface. In either case, you may have problems browsing the modem
+ from your local network even if you have the correct routes
+ established on your firewall. This is usually solved by masquerading
+ traffic from your local network to the modem.
+
+ /etc/shorewall/masq:
+
+ #INTERFACE SUBNET ADDRESS
+eth0 eth1 # eth1 = interface to local network
+
+ For an example of this when the ADSL/Cable modem is bridged, see
+ my configuration. In that case, I
+ masquerade using the IP address of my local interface!