mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 14:20:40 +01:00
Correct some Dom references
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4648 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
847e443961
commit
c6e795c2b0
@ -255,20 +255,20 @@ disk = [ 'phy:hda3,hda3,w' ]</programlisting>
|
|||||||
|
|
||||||
<graphic align="center" fileref="images/Xen4a.png" />
|
<graphic align="center" fileref="images/Xen4a.png" />
|
||||||
|
|
||||||
<para>The zones correspond to the Shorewall zones in the firewall Dom0
|
<para>The zones correspond to the Shorewall zones in the Dom0
|
||||||
configuration.</para>
|
configuration.</para>
|
||||||
|
|
||||||
<caution>
|
<caution>
|
||||||
<para>Under some circumstances, UDP and/or TCP communication from a
|
<para>Under some circumstances, UDP and/or TCP communication from a
|
||||||
domU won't work for no obvious reason. That happened with the
|
domU won't work for no obvious reason. That happened with the
|
||||||
<emphasis role="bold">lists</emphasis> domain in my setup. Looking at
|
<emphasis role="bold">lists</emphasis> domain in my setup. Looking at
|
||||||
the IP traffic with <command>tcpdump -nvvi eth1</command> in the
|
the IP traffic with <command>tcpdump -nvvi eth1</command> in dom0
|
||||||
<emphasis role="bold">firewall</emphasis> domU showed that UDP packets
|
showed that UDP packets from the <emphasis
|
||||||
from the <emphasis role="bold">lists</emphasis> domU had incorrect
|
role="bold">lists</emphasis> domU had incorrect checksums. That
|
||||||
checksums. That problem was corrected by arranging for the following
|
problem was corrected by arranging for the following command to be
|
||||||
command to be executed in the <emphasis role="bold">lists</emphasis>
|
executed in the <emphasis role="bold">lists</emphasis> domain when its
|
||||||
domain when its <filename class="devicefile">eth0</filename> device
|
<filename class="devicefile">eth0</filename> device was brought
|
||||||
was brought up:</para>
|
up:</para>
|
||||||
|
|
||||||
<para><command>ethtool -K eth0 tx off</command></para>
|
<para><command>ethtool -K eth0 tx off</command></para>
|
||||||
|
|
||||||
@ -296,16 +296,16 @@ fi</programlisting>
|
|||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="Firewall">
|
<section id="Firewall">
|
||||||
<title>Firewall Dom0 Configuration</title>
|
<title>Dom0 Shorewall Configuration</title>
|
||||||
|
|
||||||
<para>In the firewall Dom0, I run a conventional three-interface
|
<para>In Dom0, I run a conventional three-interface firewall with Proxy
|
||||||
firewall with Proxy ARP DMZ -- it is very similar to the firewall
|
ARP DMZ -- it is very similar to the firewall described in the <ulink
|
||||||
described in the <ulink url="shorewall_setup_guide.htm">Shorewall Setup
|
url="shorewall_setup_guide.htm">Shorewall Setup Guide</ulink> with the
|
||||||
Guide</ulink> with the exception that I've added a fourth interface for
|
exception that I've added a fourth interface for our wireless network.
|
||||||
our wireless network. The firewall runs a routed <ulink
|
The firewall runs a routed <ulink url="OPENVPN.html">OpenVPN
|
||||||
url="OPENVPN.html">OpenVPN server</ulink> to provide roadwarrior access
|
server</ulink> to provide roadwarrior access for our two laptops and a
|
||||||
for our two laptops and a bridged OpenVPN server for the wireless
|
bridged OpenVPN server for the wireless network in our home. Here is the
|
||||||
network in our home. Here is the firewall's view of the network:</para>
|
firewall's view of the network:</para>
|
||||||
|
|
||||||
<graphic align="center" fileref="images/network4a.png" />
|
<graphic align="center" fileref="images/network4a.png" />
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user