Clarify rules required with Proxy ARP

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2895 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-25 09:03:30 +01:00 · 2005-10-16 21:04:17 +00:00 · 2005-10-16 21:04:17 +00:00 · b09cc1d0bf
commit b09cc1d0bf
parent a4dc2b8af9
1 changed files with 10 additions and 1 deletions
--- a/Shorewall-docs2/ProxyARP.xml
+++ b/Shorewall-docs2/ProxyARP.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>

-    <pubdate>2005-10-04</pubdate>
+    <pubdate>2005-10-16</pubdate>

    <copyright>
      <year>2001-2005</year>
@ -133,6 +133,15 @@
    network associated with this address. This is the approach <ulink
    url="myfiles.htm">that I take with my DMZ</ulink>.</para>

+    <para>To permit internet hosts to connect to the local systems, you use
+    ACCEPT rules. For example, if you run a web server on 130.252.100.19 which
+    you have configured to be in the <emphasis role="bold">loc</emphasis> zone
+    then you would need this entry in /etc/shorewall/rules:</para>
+
+    <programlisting>#ACTION SOURCE          DEST                    PROTO   DEST
+#                                                       PORT
+ACCEPT  net             loc:130.252.100.19      tcp     80</programlisting>
+
    <warning>
      <para>Your distribution's network configuration GUI may not be capable
      of configuring a device in this way. It may complain about the duplicate