extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 15:43:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

More tweaks to Lenny->Squeeze article

Browse Source
This commit is contained in:
Tom Eastep 2009-09-14 06:53:25 -07:00
parent e814dc7b75
commit 9f102a1fba
1 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docs/LennyToSqueeze.xml
View File

@ -248,8 +248,9 @@
<term>IPSECFILE</term> <term>IPSECFILE</term>
<listitem> <listitem>
<para>If you have specified IPSECFILE=ipsec, then you will receive <para>If you have specified IPSECFILE=ipsec or IPSECFILE= or if
the following error:</para> you do not have a setting for IPSECFILE, then you will receive the
following error:</para>
<para><emphasis role="bold">ERROR: IPSECFILE=ipsec is not <para><emphasis role="bold">ERROR: IPSECFILE=ipsec is not
supported by Shorewall 4.4.x</emphasis></para> supported by Shorewall 4.4.x</emphasis></para>
@ -364,8 +365,8 @@ loc Local The local LAN</programlisting>
<para>then you are using the original zones file format that has been <para>then you are using the original zones file format that has been
deprecated since Shorewall 3.0.</para> deprecated since Shorewall 3.0.</para>
<para>You will need to convert to the new file which has the following <para>You will need to convert to the new file format which has the
headings:</para> following headings:</para>
<programlisting>#ZONE TYPE OPTIONS IN OUT <programlisting>#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS</programlisting> # OPTIONS OPTIONS</programlisting>
@ -380,7 +381,8 @@ loc Local The local LAN</programlisting>
fw firewall</programlisting> fw firewall</programlisting>
<para>The remainder of your zones will have type 'ipv4' unless they are <para>The remainder of your zones will have type 'ipv4' unless they are
mentioned in your /etc/shorewall/ipsec file (see below).</para> mentioned in your /etc/shorewall/ipsec file (see <link
linkend="ipsec">below</link>).</para>
<programlisting>#ZONE TYPE OPTIONS IN OUT <programlisting>#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS # OPTIONS OPTIONS
@ -389,7 +391,7 @@ net ipv4 # The big bad net
loc ipv4 # The local LAN</programlisting> loc ipv4 # The local LAN</programlisting>
</section> </section>
<section> <section id="ipsec">
<title>/etc/shorewall/ipsec</title> <title>/etc/shorewall/ipsec</title>
<para>This file is no longer used -- its specifications are now included <para>This file is no longer used -- its specifications are now included
@ -471,9 +473,9 @@ ipsec2 ipv4</programlisting>
specified, Shorewall must examine the main routing table during specified, Shorewall must examine the main routing table during
<command>shorewall start</command> and <command>shorewall <command>shorewall start</command> and <command>shorewall
restart</command> processing to determine those networks routed out of restart</command> processing to determine those networks routed out of
the named interface and add MASQUERADE/SNAT rules for traffic from those the named interface and then add MASQUERADE/SNAT rules for traffic from
networks. This requires that the named interface be up and configured those networks. This requires that the named interface be up and
when Shorewall starts or restarts.</para> configured when Shorewall starts or restarts.</para>
<para>This continues to be a frequent issue with VPN configurations <para>This continues to be a frequent issue with VPN configurations
where the named interface isn't configured during boot.</para> where the named interface isn't configured during boot.</para>