extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-03 03:59:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

minor changes

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3058 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
judas_iscariote 2005-11-23 04:17:34 +00:00
parent 5d4bee7fa5
commit 8fe069ec47
2 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Shorewall-docs2/CorpNetwork.xml
View File

@ -21,7 +21,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2005-09-13</pubdate> <pubdate>2005-11-23</pubdate>
<copyright> <copyright>
<year>2003</year> <year>2003</year>
@ -42,6 +42,11 @@
</legalnotice> </legalnotice>
</articleinfo> </articleinfo>
<warning>
<para><emphasis role="bold">This document has not been updated yet, to
reflect a correct configuration for Shorewall 3</emphasis>.</para>
</warning>
<section> <section>
<title>The Network</title> <title>The Network</title>

21
Shorewall-docs2/ProxyARP.xml
View File

@ -92,21 +92,21 @@
130.252.100.18 eth1 eth0 no yes 130.252.100.18 eth1 eth0 no yes
130.252.100.19 eth1 eth0 no yes </programlisting> 130.252.100.19 eth1 eth0 no yes </programlisting>
<para>Be sure that the internal systems (130.242.100.18 and 130.252.100.19 <para><emphasis role="bold">Be sure that the internal systems
in the above example) are not included in any specification in (130.242.100.18 and 130.252.100.19 in the above example) are not included
<filename>/etc/shorewall/masq</filename> or in any specification in <filename>/etc/shorewall/masq</filename> or
<filename>/etc/shorewall/nat</filename>.</para> <filename>/etc/shorewall/nat</filename>.</emphasis></para>
<note> <note>
<para>I've used an RFC1918 IP address for eth1 - that IP address is <para>I've used an RFC1918 IP address for eth1 - that IP address is
largely irrelevant (see below).</para> largely irrelevant (see below).</para>
</note> </note>
<para>The lower systems (130.252.100.18 and 130.252.100.19) should have <para>The lower systems (130.252.100.18 and 130.252.100.19) <emphasis
their subnet mask and default gateway configured exactly the same way that role="bold">should have their subnet mask and default gateway configured
the Firewall system's eth0 is configured. In other words, they should be exactly the same way that the Firewall system's eth0 is configured. In
configured just like they would be if they were parallel to the firewall other words, they should be configured just like they would be if they
rather than behind it.</para> were parallel to the firewall rather than behind it.</emphasis></para>
<warning> <warning>
<para>Do not add the Proxy ARP'ed address(es) (130.252.100.18 and <para>Do not add the Proxy ARP'ed address(es) (130.252.100.18 and
@ -191,7 +191,8 @@ iface eth1 inet static
<para>A word of warning is in order here. ISPs typically configure their <para>A word of warning is in order here. ISPs typically configure their
routers with a long ARP cache timeout. If you move a system from parallel routers with a long ARP cache timeout. If you move a system from parallel
to your firewall to behind your firewall with Proxy ARP, it will probably to your firewall to behind your firewall with Proxy ARP, it will probably
be HOURS before that system can communicate with the internet.</para> be <emphasis role="bold">HOURS</emphasis> before that system can
communicate with the internet.</para>
<para>If you sniff traffic on the firewall's external interface, you can <para>If you sniff traffic on the firewall's external interface, you can
see incoming traffic for the internal system(s) but the traffic is never see incoming traffic for the internal system(s) but the traffic is never