From ccbb2d6390f6f76fbdd65f01357c8e1ea1373f9e Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 9 May 2005 14:53:06 +0000 Subject: [PATCH] Resolve FAQ conflicts git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2095 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs2/FAQ.xml | 22 ++- Shorewall-docs2/IPSEC-2.6.xml | 8 +- Shorewall-docs2/shorewall_prerequisites.xml | 4 +- Shorewall-docs2/support.xml | 186 +++++++++----------- 4 files changed, 110 insertions(+), 110 deletions(-) diff --git a/Shorewall-docs2/FAQ.xml b/Shorewall-docs2/FAQ.xml index 3f05ec721..c44cff964 100644 --- a/Shorewall-docs2/FAQ.xml +++ b/Shorewall-docs2/FAQ.xml @@ -469,8 +469,7 @@ Example: - Zone: dmz Interface: eth2 Subnet: - 192.168.2.0/24 + Zone: dmz Interface: eth2 Subnet: 192.168.2.0/24, Address 192.168.2.254 In /etc/shorewall/interfaces: @@ -480,6 +479,16 @@ In /etc/shorewall/nat, be sure that you have Yes in the ALL INTERFACES column. + + In /etc/shorewall/masq: + + #INTERFACE SUBNET ADDRESS +eth2 192.168.2.0/24 192.168.2.254 + + As in FAQ 2 above, all redirected traffic will appear to the + server to originate on the firewall (which is yet one more reason + that you should use DNS to correct this problem rather than applying + horrible IP hacks). @@ -558,10 +567,9 @@ interface. - Look here - for a solution for MSN IM but be aware that there are significant - security risks involved with this solution. Also check the Netfilter - mailing list archives at Look here for a solution for MSN IM + but be aware that there are significant security risks involved with + this solution. Also check the Netfilter mailing list archives at http://www.netfilter.org. @@ -2176,4 +2184,4 @@ Configuration... ... - \ No newline at end of file + diff --git a/Shorewall-docs2/IPSEC-2.6.xml b/Shorewall-docs2/IPSEC-2.6.xml index 995c2de2e..8dcad7a6e 100644 --- a/Shorewall-docs2/IPSEC-2.6.xml +++ b/Shorewall-docs2/IPSEC-2.6.xml @@ -15,7 +15,7 @@ - 2005-02-28 + 2005-05-02 2004 @@ -193,6 +193,10 @@ /etc/shorewall/ipsec can be used to match the zone to a particular (set of) SA(s) used to encrypt and decrypt traffic to/from the zone and the security policies that select which traffic to encrypt/decrypt. + + For more information on IPSEC, Kernel 2.6 and Shorewall see my presentation on the subject given at LinuxFest NW + 2005.
@@ -809,4 +813,4 @@ all all REJECT info different dialog boxes on Windows XP!!!
- + \ No newline at end of file diff --git a/Shorewall-docs2/shorewall_prerequisites.xml b/Shorewall-docs2/shorewall_prerequisites.xml index 555efbeb9..00d52c374 100644 --- a/Shorewall-docs2/shorewall_prerequisites.xml +++ b/Shorewall-docs2/shorewall_prerequisites.xml @@ -13,7 +13,7 @@ Eastep - 2005-03-22 + 2005-05-03 2001-2005 @@ -51,7 +51,7 @@ Iproute (ip utility). The iproute package is included with most distributions but may not be installed by default. The official download site is http://developer.osdl.org/dev/iproute2/download/. + url="http://developer.osdl.org/dev/iproute2/download/">http://developer.osdl.org/dev/iproute2/download/. diff --git a/Shorewall-docs2/support.xml b/Shorewall-docs2/support.xml index 1b497f169..3e76de70c 100644 --- a/Shorewall-docs2/support.xml +++ b/Shorewall-docs2/support.xml @@ -15,7 +15,7 @@ - 2005-04-20 + 2005-05-03 2001-2005 @@ -91,146 +91,134 @@
Problem Reporting Guidelines - + Please refer to the following flowchart to guide you through the + problem reporting process. + + + + - When reporting a problem, ALWAYS include this information: + If your problem is that an error occurs when you try to + shorewall start, then please: - - - If your problem is that an error occurs when you try to - shorewall start, then - please: +
+ /sbin/shorewall trace start 2> /tmp/trace -
- /sbin/shorewall trace start 2> /tmp/trace + Forward the /tmp/trace file as an + attachment (you may compress it if you like). +
+ - Forward the /tmp/trace file as an - attachment (you may compress it if you like). -
- + + If you are unsure if Shorewall is starting successfully on not + then first note that if Shorewall starts successfully, the last + message it produces is "Shorewall Started": - - Otherwise, if you are unsure if Shorewall is starting - successfully on not then first note that if Shorewall starts - successfully, the last message it produces is "Shorewall - Started": - -
- … +
+ … Activating Rules... Shorewall Started gateway:~# -
+
- If you are seeing this message then Shorewall is starting - successfully. + If you are seeing this message then Shorewall is starting + successfully. - If you are still unsure if Shorewall is starting or not, - enter the following command: + If you are still unsure if Shorewall is starting or not, enter + the following command: -
- /sbin/shorewall show shorewall -
+
+ /sbin/shorewall show shorewall +
- If Shorewall has started successfully, you will see output - similar to this: + If Shorewall has started successfully, you will see output + similar to this: -
- Shorewall-2.2.3 Chain shorewall at gateway - Wed Apr 20 14:41:53 PDT 2005 +
+ Shorewall-2.2.3 Chain shorewall at gateway - Wed Apr 20 14:41:53 PDT 2005 Counters reset Sat Apr 16 17:35:06 PDT 2005 Chain shorewall (0 references) pkts bytes target prot opt in out source destination -
+
- If Shorewall has not started properly, you will see output - similar to this: + If Shorewall has not started properly, you will see output + similar to this: -
- Shorewall-2.2.3 Chain shorewall at gateway - Wed Apr 20 14:43:13 PDT 2005 +
+ Shorewall-2.2.3 Chain shorewall at gateway - Wed Apr 20 14:43:13 PDT 2005 Counters reset Sat Apr 16 17:35:06 PDT 2005 iptables: No chain/target/match by that name -
+
+ - If you get this result after you have tried to start - Shorewall, please produce a trace and forward it to the list as - instructed above. + + If your problem is that some set of connections to/from or through your firewall + isn't working (examples: local + systems can't access the internet, you can't send email through the + firewall, you can't surf the web from the firewall, etc.) then please + perform the following four steps: + + + + If Shorewall isn't started then /sbin/shorewall + start. Otherwise /sbin/shorewall + reset. - Otherwise, if your problem is that some set of connections to/from or through your - firewall isn't working (examples: - local systems can't access the internet, you can't send email - through the firewall, you can't surf the web from the firewall, - etc.) then please perform the following four steps: - - - - If Shorewall isn't started then /sbin/shorewall - start. Otherwise /sbin/shorewall - reset. - - - - Try making the connection that is failing. - - - - /sbin/shorewall status > - /tmp/status.txt - - - - Post the /tmp/status.txt file as an - attachment (you may compress it if you like). - - + Try making the connection that is failing. - Otherwise please include the following - information: - - the exact version of Shorewall you are running. - - /sbin/shorewall version - - - - the complete exact output of - - ip addr show - - - - the complete exact output of - - ip route show - - + /sbin/shorewall status > + /tmp/status.txt - Please include the exact wording of any ping failure - responses + Post the /tmp/status.txt file as an + attachment (you may compress it if you like). - If you installed Shorewall using one - of the QuickStart Guides, please indicate which one. - If you did not use one of the QuickStart - Guides, please say so. + Describe where you are trying to make the connection from + (IP address) and what host you are trying to connect to. + + + + + + Otherwise please include the following information: + + + + the exact version of Shorewall you are running. + + /sbin/shorewall version + + + + the complete exact output of + + ip addr show + + + + the complete exact output of + + ip route show + + Please remember we only know what is posted in your message. Do not leave out any information that appears to be correct, or was