extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-03 03:59:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Resolve FAQ conflicts

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2095 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-05-09 14:53:06 +00:00
parent fa8ae95a22
commit ccbb2d6390
4 changed files with 110 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
Shorewall-docs2/FAQ.xml
View File

@ -469,8 +469,7 @@
<example>
<title>Example:</title>
<literallayout>Zone: dmz Interface: eth2 Subnet:
192.168.2.0/24</literallayout>
<literallayout>Zone: dmz Interface: eth2 Subnet: 192.168.2.0/24, Address 192.168.2.254</literallayout>
<para>In <filename>/etc/shorewall/interfaces</filename>:</para>
@ -480,6 +479,16 @@
<para>In <filename>/etc/shorewall/na</filename>t, be sure that you
have <quote>Yes</quote> in the ALL INTERFACES column.</para>
<para>In <filename>/etc/shorewall/masq</filename>:</para>
<programlisting>#INTERFACE SUBNET ADDRESS
eth2 192.168.2.0/24 192.168.2.254</programlisting>
<para>As in FAQ 2 above, all redirected traffic will appear to the
server to originate on the firewall (which is yet one more reason
that you should use DNS to correct this problem rather than applying
horrible IP hacks).</para>
</example>
</section>
@ -558,10 +567,9 @@
interface.</programlisting></para>
</blockquote>
<para>Look <ulink url="http://linux-igd.sourceforge.net">here</ulink>
for a solution for MSN IM but be aware that there are significant
security risks involved with this solution. Also check the Netfilter
mailing list archives at <ulink
<para>Look <ulink url="UPnP.html">here</ulink> for a solution for MSN IM
but be aware that there are significant security risks involved with
this solution. Also check the Netfilter mailing list archives at <ulink
url="http://www.netfilter.org">http://www.netfilter.org</ulink>.</para>
</section>
</section>

6
Shorewall-docs2/IPSEC-2.6.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2005-02-28</pubdate>
<pubdate>2005-05-02</pubdate>
<copyright>
<year>2004</year>
@ -193,6 +193,10 @@
/etc/shorewall/ipsec can be used to match the zone to a particular (set
of) SA(s) used to encrypt and decrypt traffic to/from the zone and the
security policies that select which traffic to encrypt/decrypt.</para>
<para>For more information on IPSEC, Kernel 2.6 and Shorewall see <ulink
url="LinuxFest.pdf">my presentation on the subject given at LinuxFest NW
2005</ulink>.</para>
</section>
<section>

4
Shorewall-docs2/shorewall_prerequisites.xml
View File

@ -13,7 +13,7 @@
<surname>Eastep</surname>
</author>
<pubdate>2005-03-22</pubdate>
<pubdate>2005-05-03</pubdate>
<copyright>
<year>2001-2005</year>
@ -51,7 +51,7 @@
<para>Iproute (<quote>ip</quote> utility). The iproute package is
included with most distributions but may not be installed by default.
The official download site is <ulink type="remote"
url="ftp://ftp.inr.ac.ru/ip-routing">http://developer.osdl.org/dev/iproute2/download/</ulink>.</para>
url="http://developer.osdl.org/dev/iproute2/download/">http://developer.osdl.org/dev/iproute2/download/</ulink>.</para>
</listitem>
<listitem>

186
Shorewall-docs2/support.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2005-04-20</pubdate>
<pubdate>2005-05-03</pubdate>
<copyright>
<year>2001-2005</year>
@ -91,146 +91,134 @@
<section id="Guidelines">
<title>Problem Reporting Guidelines</title>
<itemizedlist>
<para>Please refer to the following flowchart to guide you through the
problem reporting process.</para>
<graphic align="center" fileref="images/Troubleshoot.png" />
<orderedlist>
<listitem>
<para>When reporting a problem, <emphasis
role="bold">ALWAYS</emphasis> include this information:</para>
<para>If your problem is that an <emphasis
role="bold">error</emphasis> occurs when you try to
<quote><command>shorewall start</command></quote>, then please:</para>
<itemizedlist>
<listitem>
<para>If your problem is that an <emphasis
role="bold">error</emphasis> occurs when you try to
<quote><command>shorewall start</command></quote>, then
please:</para>
<blockquote>
<programlisting><command>/sbin/shorewall trace start 2&gt; /tmp/trace</command></programlisting>
<blockquote>
<programlisting><command>/sbin/shorewall trace start 2&gt; /tmp/trace</command></programlisting>
<para>Forward the <filename>/tmp/trace</filename> file as an
attachment (you may compress it if you like).</para>
</blockquote>
</listitem>
<para>Forward the <filename>/tmp/trace</filename> file as an
attachment (you may compress it if you like).</para>
</blockquote>
</listitem>
<listitem>
<para>If you are unsure if Shorewall is starting successfully on not
then first note that if Shorewall starts successfully, the last
message it produces is "Shorewall Started":</para>
<listitem>
<para>Otherwise, if you are unsure if Shorewall is starting
successfully on not then first note that if Shorewall starts
successfully, the last message it produces is "Shorewall
Started":</para>
<blockquote>
<programlisting>
<blockquote>
<programlisting>
Activating Rules...
<emphasis role="bold">Shorewall Started</emphasis>
gateway:~#</programlisting>
</blockquote>
</blockquote>
<para>If you are seeing this message then Shorewall is starting
successfully.</para>
<para>If you are seeing this message then Shorewall is starting
successfully.</para>
<para>If you are still unsure if Shorewall is starting or not,
enter the following command:</para>
<para>If you are still unsure if Shorewall is starting or not, enter
the following command:</para>
<blockquote>
<programlisting><command>/sbin/shorewall show shorewall</command></programlisting>
</blockquote>
<blockquote>
<programlisting><command>/sbin/shorewall show shorewall</command></programlisting>
</blockquote>
<para>If Shorewall has started successfully, you will see output
similar to this:</para>
<para>If Shorewall has started successfully, you will see output
similar to this:</para>
<blockquote>
<programlisting>Shorewall-2.2.3 Chain shorewall at gateway - Wed Apr 20 14:41:53 PDT 2005
<blockquote>
<programlisting>Shorewall-2.2.3 Chain shorewall at gateway - Wed Apr 20 14:41:53 PDT 2005
Counters reset Sat Apr 16 17:35:06 PDT 2005
<emphasis role="bold">Chain shorewall (0 references)
pkts bytes target prot opt in out source destination</emphasis></programlisting>
</blockquote>
</blockquote>
<para>If Shorewall has not started properly, you will see output
similar to this:</para>
<para>If Shorewall has not started properly, you will see output
similar to this:</para>
<blockquote>
<programlisting>Shorewall-2.2.3 Chain shorewall at gateway - Wed Apr 20 14:43:13 PDT 2005
<blockquote>
<programlisting>Shorewall-2.2.3 Chain shorewall at gateway - Wed Apr 20 14:43:13 PDT 2005
Counters reset Sat Apr 16 17:35:06 PDT 2005
<emphasis role="bold">iptables: No chain/target/match by that name</emphasis>
</programlisting>
</blockquote>
</blockquote>
</listitem>
<para>If you get this result after you have tried to start
Shorewall, please produce a trace and forward it to the list as
instructed above.</para>
<listitem>
<para>If your problem is that some set of <emphasis
role="bold">connection</emphasis>s to/from or through your firewall
<emphasis role="bold">isn't working</emphasis> (examples: local
systems can't access the internet, you can't send email through the
firewall, you can't surf the web from the firewall, etc.) then please
perform the following four steps:</para>
<orderedlist>
<listitem>
<para>If Shorewall isn't started then <command>/sbin/shorewall
start</command>. Otherwise <command>/sbin/shorewall
reset</command>.</para>
</listitem>
<listitem>
<para>Otherwise, if your problem is that some set of <emphasis
role="bold">connection</emphasis>s to/from or through your
firewall <emphasis role="bold">isn't working</emphasis> (examples:
local systems can't access the internet, you can't send email
through the firewall, you can't surf the web from the firewall,
etc.) then please perform the following four steps:</para>
<orderedlist>
<listitem>
<para>If Shorewall isn't started then <command>/sbin/shorewall
start</command>. Otherwise <command>/sbin/shorewall
reset</command>.</para>
</listitem>
<listitem>
<para>Try making the connection that is failing.</para>
</listitem>
<listitem>
<para><command>/sbin/shorewall status &gt;
/tmp/status.txt</command></para>
</listitem>
<listitem>
<para>Post the <filename>/tmp/status.txt</filename> file as an
attachment (you may compress it if you like).</para>
</listitem>
</orderedlist>
<para>Try making the connection that is failing.</para>
</listitem>
<listitem>
<para>Otherwise please include the following
information:<itemizedlist>
<listitem>
<para>the exact version of Shorewall you are running.</para>
<programlisting><emphasis role="bold">/sbin/shorewall version</emphasis></programlisting>
</listitem>
<listitem>
<para>the complete exact output of</para>
<programlisting><command>ip addr show</command></programlisting>
</listitem>
<listitem>
<para>the complete exact output of</para>
<programlisting><command>ip route show</command></programlisting>
</listitem>
</itemizedlist></para>
<para><command>/sbin/shorewall status &gt;
/tmp/status.txt</command></para>
</listitem>
<listitem>
<para>Please include the exact wording of any ping failure
responses</para>
<para>Post the <filename>/tmp/status.txt</filename> file as an
attachment (you may compress it if you like).</para>
</listitem>
<listitem>
<para><emphasis role="bold">If you installed Shorewall using one
of the QuickStart Guides, please indicate which one</emphasis>.
<emphasis role="bold">If you did not use one of the QuickStart
Guides, please say so</emphasis>.</para>
<para>Describe where you are trying to make the connection from
(IP address) and what host you are trying to connect to.</para>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para>Otherwise please include the following information:</para>
<itemizedlist>
<listitem>
<para>the exact version of Shorewall you are running.</para>
<programlisting><emphasis role="bold">/sbin/shorewall version</emphasis></programlisting>
</listitem>
<listitem>
<para>the complete exact output of</para>
<programlisting><command>ip addr show</command></programlisting>
</listitem>
<listitem>
<para>the complete exact output of</para>
<programlisting><command>ip route show</command></programlisting>
</listitem>
</itemizedlist>
</listitem>
</orderedlist>
<itemizedlist>
<listitem>
<para>Please remember we only know what is posted in your message. Do
not leave out any information that appears to be correct, or was