From b09cc1d0bf86886effcbe0eeeea41f6749d89c15 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sun, 16 Oct 2005 21:04:17 +0000
Subject: [PATCH] Clarify rules required with Proxy ARP

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2895 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-docs2/ProxyARP.xml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/Shorewall-docs2/ProxyARP.xml b/Shorewall-docs2/ProxyARP.xml
index 1f16dc847..eef5afa55 100644
--- a/Shorewall-docs2/ProxyARP.xml
+++ b/Shorewall-docs2/ProxyARP.xml
@@ -15,7 +15,7 @@
       </author>
     </authorgroup>
 
-    <pubdate>2005-10-04</pubdate>
+    <pubdate>2005-10-16</pubdate>
 
     <copyright>
       <year>2001-2005</year>
@@ -133,6 +133,15 @@
     network associated with this address. This is the approach <ulink
     url="myfiles.htm">that I take with my DMZ</ulink>.</para>
 
+    <para>To permit internet hosts to connect to the local systems, you use
+    ACCEPT rules. For example, if you run a web server on 130.252.100.19 which
+    you have configured to be in the <emphasis role="bold">loc</emphasis> zone
+    then you would need this entry in /etc/shorewall/rules:</para>
+
+    <programlisting>#ACTION SOURCE          DEST                    PROTO   DEST
+#                                                       PORT
+ACCEPT  net             loc:130.252.100.19      tcp     80</programlisting>
+
     <warning>
       <para>Your distribution's network configuration GUI may not be capable
       of configuring a device in this way. It may complain about the duplicate