Update Installation and FAQ re Debian

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1831 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-docs2/FAQ.xml

@@ -17,7 +17,7 @@
       </author>
     </authorgroup>
 
-    <pubdate>2004-12-04</pubdate>
+    <pubdate>2004-12-12</pubdate>
 
     <copyright>
       <year>2001-2004</year>
@@ -51,6 +51,16 @@
       <title>(FAQ 37) I just installed Shorewall on Debian and the
       /etc/shorewall directory is empty!!!</title>
 
+      <important>
+        <para>Once you have installed the .deb package and before you attempt
+        to configure Shorewall, please heed the advice of Lorenzo Martignoni,
+        the Shorewall Debian Maintainer:</para>
+
+        <para><quote>For more information about Shorewall usage on Debian
+        system please look at /usr/share/doc/shorewall/README.Debian provided
+        by [the] shorewall Debian package.</quote></para>
+      </important>
+
       <para>If you install using the .deb, you will find that your <filename
       class="directory">/etc/shorewall</filename> directory is empty. This is
       intentional. The released configuration file skeletons may be found on
@@ -371,14 +381,6 @@ DNAT       loc           loc:192.168.1.5    tcp      www         -         $ETH0
         traffic through your firewall then:</para>
 
         <orderedlist>
-          <listitem>
-            <para>Set the Z-&gt;Z policy to ACCEPT.</para>
-          </listitem>
-
-          <listitem>
-            <para>Masquerade Z to itself.</para>
-          </listitem>
-
           <listitem>
             <para>Set the routeback option on the interface to Z.</para>
           </listitem>
@@ -386,12 +388,6 @@ DNAT       loc           loc:192.168.1.5    tcp      www         -         $ETH0
           <listitem>
             <para>Set the ALL INTERFACES column in the nat file to
             <quote>Yes</quote>.</para>
-
-            <warning>
-              <para>In this configuration, all Z-&gt;Z traffic will look to
-              the server as if it came from the firewall rather than from the
-              original client! I DO NOT RECOMMEND THIS SETUP.</para>
-            </warning>
           </listitem>
         </orderedlist>
 
@@ -403,17 +399,7 @@ DNAT       loc           loc:192.168.1.5    tcp      www         -         $ETH0
           <para>In <filename>/etc/shorewall/interfaces</filename>:</para>
 
           <programlisting>#ZONE    INTERFACE    BROADCAST       OPTIONS
-loc      eth2         192.168.2.255   <emphasis role="bold">routeback</emphasis></programlisting>
+dmz      eth2         192.168.2.255   <emphasis role="bold">routeback</emphasis></programlisting>
-
-          <para>In <filename>/etc/shorewall/policy</filename>:</para>
-
-          <programlisting>#SOURCE    DESTINATION    POLICY     LIMIT:BURST
-dmz        dmz            ACCEPT</programlisting>
-
-          <para>In <filename>/etc/shorewall/masq</filename>:</para>
-
-          <programlisting>#INTERFACE       SUBNET            ADDRESS
-eth2             192.168.2.0/24</programlisting>
 
           <para>In <filename>/etc/shorewall/na</filename>t, be sure that you
           have <quote>Yes</quote> in the ALL INTERFACES column.</para>
@@ -651,6 +637,11 @@ SPT=33120 DPT=5000 LEN=22</programlisting>
       <programlisting># TYPE                  ZONE    GATEWAY         GATEWAY
 #                                               ZONE
 generic:udp:5000        net     69.145.71.133</programlisting>
+
+      <caution>
+        <para>You must be running Shorewall 1.4.6 or later to apply this
+        solution.</para>
+      </caution>
     </section>
   </section>
 
@@ -2022,6 +2013,17 @@ Verifying Configuration...
     <title>Revision History</title>
 
     <para><revhistory>
+        <revision>
+          <revnumber>1.39</revnumber>
+
+          <date>2004-12-12</date>
+
+          <authorinitials>TE</authorinitials>
+
+          <revremark>Updated Debian information. Revised the answer to FAQ
+          2a.</revremark>
+        </revision>
+
         <revision>
           <revnumber>1.38</revnumber>
 

Shorewall-docs2/Install.xml

@@ -15,7 +15,7 @@
       </author>
     </authorgroup>
 
-    <pubdate>2004-10-31</pubdate>
+    <pubdate>2004-12-12</pubdate>
 
     <copyright>
       <year>2001</year>
@@ -40,34 +40,21 @@
     </legalnotice>
   </articleinfo>
 
-  <warning>
+  <important>
-    <para><emphasis role="bold">Note to Debian Users</emphasis></para>
+    <para>Before attempting installation, I strongly urge you to read and
+    print a copy of the <ulink url="shorewall_quickstart_guide.htm">Shorewall
+    QuickStart</ulink> Guide for the configuration that most closely matches
+    your own.</para>
+  </important>
 
-    <para>If you install using the .deb, you will find that your <filename
+  <important>
-    class="directory">/etc/shorewall</filename> directory is empty. This is
+    <para>Before upgrading, be sure to review the <ulink
-    intentional. The released configuration file skeletons may be found on
+    url="upgrade_issues.htm">Upgrade Issues</ulink>.</para>
-    your system in the directory <filename
+  </important>
-    class="directory">/usr/share/doc/shorewall/default-config</filename>.
-    Simply copy the files you need from that directory to <filename
-    class="directory">/etc/shorewall</filename> and modify the copies.</para>
-
-    <para>Note that you must copy <filename
-    class="directory">/usr/share/doc/shorewall/default-config/shorewall.conf</filename>
-    and /usr/share/doc/shorewall/default-config/modules to <filename
-    class="directory">/etc/shorewall</filename> even if you do not modify
-    those files.</para>
-  </warning>
 
   <section id="Install_RPM">
     <title>Install using RPM</title>
 
-    <important>
-      <para>Before attempting installation, I strongly urge you to read and
-      print a copy of the <ulink
-      url="shorewall_quickstart_guide.htm">Shorewall QuickStart</ulink> Guide
-      for the configuration that most closely matches your own.</para>
-    </important>
-
     <para>To install Shorewall using the RPM:</para>
 
     <orderedlist>
@@ -134,13 +121,6 @@
   <section id="Install_Tarball">
     <title>Install using tarball</title>
 
-    <important>
-      <para>Before attempting installation, I strongly urge you to read and
-      print a copy of the <ulink
-      url="shorewall_quickstart_guide.htm">Shorewall QuickStart</ulink> Guide
-      for the configuration that most closely matches your own.</para>
-    </important>
-
     <para>To install Shorewall using the tarball and install script:</para>
 
     <orderedlist>
@@ -226,13 +206,6 @@ INIT="rc.firewall"</programlisting>
   <section id="LRP">
     <title>Install the .lrp</title>
 
-    <important>
-      <para>Before attempting installation, I strongly urge you to read and
-      print a copy of the <ulink
-      url="shorewall_quickstart_guide.htm">Shorewall QuickStart</ulink> Guide
-      for the configuration that most closely matches your own.</para>
-    </important>
-
     <para>To install my version of Shorewall on a fresh Bering disk, simply
     replace the <quote>shorwall.lrp</quote> file on the image with the file
     that you downloaded. See the <ulink url="two-interface.htm">two-interface
@@ -240,14 +213,37 @@ INIT="rc.firewall"</programlisting>
     required.</para>
   </section>
 
-  <section id="Upgrade_RPM">
+  <section>
-    <title>Upgrade using RPM</title>
+    <title>Install the .deb</title>
 
     <important>
-      <para>Before upgrading, be sure to review the <ulink
+      <para>Once you have installed the .deb package and before you attempt to
-      url="upgrade_issues.htm">Upgrade Issues</ulink>.</para>
+      configure Shorewall, please heed the advice of Lorenzo Martignoni, the
+      Shorewall Debian Maintainer:</para>
+
+      <para><quote>For more information about Shorewall usage on Debian system
+      please look at /usr/share/doc/shorewall/README.Debian provided by [the]
+      shorewall Debian package.</quote></para>
     </important>
 
+    <para>The easiest way to install Shorewall on Debian, is to use
+    apt-get:</para>
+
+    <para><command>apt-get install shorewall</command></para>
+
+    <para>To ensure that you are installing the latest version of Shorewall,
+    please modify your <filename>/etc/apt/sources.list</filename> file as
+    described <ulink
+    url="http://idea.sec.dico.unimi.it/%7Elorenzo/index.html#Debian">here</ulink>.</para>
+
+    <para>Once you have completed configuring Shorewall, you can enable
+    startup at boot time by setting startup=1 in
+    <filename>/etc/default/shorewall</filename>.</para>
+  </section>
+
+  <section id="Upgrade_RPM">
+    <title>Upgrade using RPM</title>
+
     <para>If you already have the Shorewall RPM installed and are upgrading to
     a new version:</para>
 
@@ -310,11 +306,6 @@ INIT="rc.firewall"</programlisting>
   <section id="Upgrade_Tarball">
     <title>Upgrade using tarball</title>
 
-    <important>
-      <para>Before upgrading, be sure to review the <ulink
-      url="upgrade_issues.htm">Upgrade Issues</ulink>.</para>
-    </important>
-
     <para>If you already have Shorewall installed and are upgrading to a new
     version using the tarball:</para>
 
@@ -393,11 +384,6 @@ INIT="rc.firewall"</programlisting>
   <section id="LRP_Upgrade">
     <title>Upgrade the .lrp</title>
 
-    <important>
-      <para>Before upgrading, be sure to review the <ulink
-      url="upgrade_issues.htm">Upgrade Issues</ulink>.</para>
-    </important>
-
     <para>The following was contributed by Charles Steinkuehler on the Leaf
     mailing list:</para>