diff --git a/Shorewall-docs2/FAQ.xml b/Shorewall-docs2/FAQ.xml
index 3f05ec721..c44cff964 100644
--- a/Shorewall-docs2/FAQ.xml
+++ b/Shorewall-docs2/FAQ.xml
@@ -469,8 +469,7 @@
Example:
- Zone: dmz Interface: eth2 Subnet:
- 192.168.2.0/24
+ Zone: dmz Interface: eth2 Subnet: 192.168.2.0/24, Address 192.168.2.254
In /etc/shorewall/interfaces:
@@ -480,6 +479,16 @@
In /etc/shorewall/nat, be sure that you
have Yes
in the ALL INTERFACES column.
+
+ In /etc/shorewall/masq:
+
+ #INTERFACE SUBNET ADDRESS
+eth2 192.168.2.0/24 192.168.2.254
+
+ As in FAQ 2 above, all redirected traffic will appear to the
+ server to originate on the firewall (which is yet one more reason
+ that you should use DNS to correct this problem rather than applying
+ horrible IP hacks).
@@ -558,10 +567,9 @@
interface.
- Look here
- for a solution for MSN IM but be aware that there are significant
- security risks involved with this solution. Also check the Netfilter
- mailing list archives at Look here for a solution for MSN IM
+ but be aware that there are significant security risks involved with
+ this solution. Also check the Netfilter mailing list archives at http://www.netfilter.org.
@@ -2176,4 +2184,4 @@
Configuration... ...
-
\ No newline at end of file
+
diff --git a/Shorewall-docs2/IPSEC-2.6.xml b/Shorewall-docs2/IPSEC-2.6.xml
index 995c2de2e..8dcad7a6e 100644
--- a/Shorewall-docs2/IPSEC-2.6.xml
+++ b/Shorewall-docs2/IPSEC-2.6.xml
@@ -15,7 +15,7 @@
- 2005-02-28
+ 2005-05-02
2004
@@ -193,6 +193,10 @@
/etc/shorewall/ipsec can be used to match the zone to a particular (set
of) SA(s) used to encrypt and decrypt traffic to/from the zone and the
security policies that select which traffic to encrypt/decrypt.
+
+ For more information on IPSEC, Kernel 2.6 and Shorewall see my presentation on the subject given at LinuxFest NW
+ 2005.
@@ -809,4 +813,4 @@ all all REJECT info
different dialog boxes on Windows XP!!!
-
+
\ No newline at end of file
diff --git a/Shorewall-docs2/shorewall_prerequisites.xml b/Shorewall-docs2/shorewall_prerequisites.xml
index 555efbeb9..00d52c374 100644
--- a/Shorewall-docs2/shorewall_prerequisites.xml
+++ b/Shorewall-docs2/shorewall_prerequisites.xml
@@ -13,7 +13,7 @@
Eastep
- 2005-03-22
+ 2005-05-03
2001-2005
@@ -51,7 +51,7 @@
Iproute (ip
utility). The iproute package is
included with most distributions but may not be installed by default.
The official download site is http://developer.osdl.org/dev/iproute2/download/.
+ url="http://developer.osdl.org/dev/iproute2/download/">http://developer.osdl.org/dev/iproute2/download/.
diff --git a/Shorewall-docs2/support.xml b/Shorewall-docs2/support.xml
index 1b497f169..3e76de70c 100644
--- a/Shorewall-docs2/support.xml
+++ b/Shorewall-docs2/support.xml
@@ -15,7 +15,7 @@
- 2005-04-20
+ 2005-05-03
2001-2005
@@ -91,146 +91,134 @@
Problem Reporting Guidelines
-
+ Please refer to the following flowchart to guide you through the
+ problem reporting process.
+
+ ![]()
+
+
- When reporting a problem, ALWAYS include this information:
+ If your problem is that an error occurs when you try to
+ shorewall start
, then please:
-
-
- If your problem is that an error occurs when you try to
- shorewall start
, then
- please:
+
+ /sbin/shorewall trace start 2> /tmp/trace
-
- /sbin/shorewall trace start 2> /tmp/trace
+ Forward the /tmp/trace file as an
+ attachment (you may compress it if you like).
+
+
- Forward the /tmp/trace file as an
- attachment (you may compress it if you like).
-
-
+
+ If you are unsure if Shorewall is starting successfully on not
+ then first note that if Shorewall starts successfully, the last
+ message it produces is "Shorewall Started":
-
- Otherwise, if you are unsure if Shorewall is starting
- successfully on not then first note that if Shorewall starts
- successfully, the last message it produces is "Shorewall
- Started":
-
-
- …
+
+ …
Activating Rules...
Shorewall Started
gateway:~#
-
+
- If you are seeing this message then Shorewall is starting
- successfully.
+ If you are seeing this message then Shorewall is starting
+ successfully.
- If you are still unsure if Shorewall is starting or not,
- enter the following command:
+ If you are still unsure if Shorewall is starting or not, enter
+ the following command:
-
- /sbin/shorewall show shorewall
-
+
+ /sbin/shorewall show shorewall
+
- If Shorewall has started successfully, you will see output
- similar to this:
+ If Shorewall has started successfully, you will see output
+ similar to this:
-
- Shorewall-2.2.3 Chain shorewall at gateway - Wed Apr 20 14:41:53 PDT 2005
+
+ Shorewall-2.2.3 Chain shorewall at gateway - Wed Apr 20 14:41:53 PDT 2005
Counters reset Sat Apr 16 17:35:06 PDT 2005
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
-
+
- If Shorewall has not started properly, you will see output
- similar to this:
+ If Shorewall has not started properly, you will see output
+ similar to this:
-
- Shorewall-2.2.3 Chain shorewall at gateway - Wed Apr 20 14:43:13 PDT 2005
+
+ Shorewall-2.2.3 Chain shorewall at gateway - Wed Apr 20 14:43:13 PDT 2005
Counters reset Sat Apr 16 17:35:06 PDT 2005
iptables: No chain/target/match by that name
-
+
+
- If you get this result after you have tried to start
- Shorewall, please produce a trace and forward it to the list as
- instructed above.
+
+ If your problem is that some set of connections to/from or through your firewall
+ isn't working (examples: local
+ systems can't access the internet, you can't send email through the
+ firewall, you can't surf the web from the firewall, etc.) then please
+ perform the following four steps:
+
+
+
+ If Shorewall isn't started then /sbin/shorewall
+ start. Otherwise /sbin/shorewall
+ reset.
- Otherwise, if your problem is that some set of connections to/from or through your
- firewall isn't working (examples:
- local systems can't access the internet, you can't send email
- through the firewall, you can't surf the web from the firewall,
- etc.) then please perform the following four steps:
-
-
-
- If Shorewall isn't started then /sbin/shorewall
- start. Otherwise /sbin/shorewall
- reset.
-
-
-
- Try making the connection that is failing.
-
-
-
- /sbin/shorewall status >
- /tmp/status.txt
-
-
-
- Post the /tmp/status.txt file as an
- attachment (you may compress it if you like).
-
-
+ Try making the connection that is failing.
- Otherwise please include the following
- information:
-
- the exact version of Shorewall you are running.
-
- /sbin/shorewall version
-
-
-
- the complete exact output of
-
- ip addr show
-
-
-
- the complete exact output of
-
- ip route show
-
-
+ /sbin/shorewall status >
+ /tmp/status.txt
- Please include the exact wording of any ping failure
- responses
+ Post the /tmp/status.txt file as an
+ attachment (you may compress it if you like).
- If you installed Shorewall using one
- of the QuickStart Guides, please indicate which one.
- If you did not use one of the QuickStart
- Guides, please say so.
+ Describe where you are trying to make the connection from
+ (IP address) and what host you are trying to connect to.
+
+
+
+
+
+ Otherwise please include the following information:
+
+
+
+ the exact version of Shorewall you are running.
+
+ /sbin/shorewall version
+
+
+
+ the complete exact output of
+
+ ip addr show
+
+
+
+ the complete exact output of
+
+ ip route show
+
+
Please remember we only know what is posted in your message. Do
not leave out any information that appears to be correct, or was