Update FAQ, PPTP and Tunnel docs to warn about POM PPTP and GRE Tunnels

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1351 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-05-22 16:15:58 +00:00
parent 70e2a0f386
commit e12cb03fca
3 changed files with 31 additions and 27 deletions

View File

@ -17,7 +17,7 @@
</author>
</authorgroup>
<pubdate>2004-05-18</pubdate>
<pubdate>2004-05-21</pubdate>
<copyright>
<year>2001-2004</year>
@ -520,29 +520,9 @@ eth2 192.168.2.0/24</programlisting>
<title>(FAQ 5) I&#39;ve installed Shorewall and now I can&#39;t ping
through the firewall</title>
<para><emphasis role="bold">Answer:</emphasis> If you want your firewall
to be totally open for <quote>ping</quote>,</para>
<orderedlist>
<listitem>
<para>Create <filename>/etc/shorewall/common</filename> if it
doesn&#39;t already exist.</para>
</listitem>
<listitem>
<para>Be sure that the first command in the file is <quote>.
<filename>/etc/shorewall/common.de</filename>f</quote></para>
</listitem>
<listitem>
<para>Add the following to <filename>/etc/shorewall/common</filename></para>
<programlisting><command>run_iptables -A icmpdef -p ICMP --icmp-type echo-request -j ACCEPT</command></programlisting>
</listitem>
</orderedlist>
<para>For a complete description of Shorewall <quote>ping</quote>
management, see <ulink url="ping.html">this page</ulink>.</para>
<para><emphasis role="bold">Answer:</emphasis> For a complete
description of Shorewall <quote>ping</quote> management, see <ulink
url="ping.html">this page</ulink>.</para>
</section>
<section id="faq15">
@ -1753,7 +1733,8 @@ iptables: Invalid argument
<appendix>
<title>Revision History</title>
<para><revhistory><revision><revnumber>1.25</revnumber><date>2004-05-18</date><authorinitials>TE</authorinitials><revremark>Empty
<para><revhistory><revision><revnumber>1.26</revnumber><date>2004-05-18</date><authorinitials>TE</authorinitials><revremark>Delete
obsolete ping information.</revremark></revision><revision><revnumber>1.25</revnumber><date>2004-05-18</date><authorinitials>TE</authorinitials><revremark>Empty
/etc/shorewall on Debian.</revremark></revision><revision><revnumber>1.25</revnumber><date>2004-05-08</date><authorinitials>TE</authorinitials><revremark>Update
for Shorewall 2.0.2</revremark></revision><revision><revnumber>1.24</revnumber><date>2004-04-25</date><authorinitials>TE</authorinitials><revremark>Add
MA Brown&#39;s notes on multi-ISP routing.</revremark></revision><revision><revnumber>1.23</revnumber><date>2004-04-22</date><authorinitials>TE</authorinitials><revremark>Refined

View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2003-02-22</pubdate>
<pubdate>2004-05-22</pubdate>
<copyright>
<year>2001</year>
@ -24,6 +24,8 @@
<year>2003</year>
<year>2004</year>
<holder>Thomas M. Eastep</holder>
</copyright>
@ -80,6 +82,12 @@
<programlisting>tunnel_type=gre</programlisting>
</example>
<warning>
<para>If you use the PPTP connection tracking modules from Netfilter
Patch-O-Matic (ip_conntrack_proto_gre ip_conntrack_pptp,
ip_nat_proto_gre and ip_nat_pptp) then you cannot use GRE tunnels.</para>
</warning>
<para>On each firewall, you will need to declare a zone to represent the
remote subnet. We&#39;ll assume that this zone is called <quote>vpn</quote>
and declare it in /etc/shorewall/zones on both systems as follows.</para>

View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2004-04-15</pubdate>
<pubdate>2004-05-22</pubdate>
<copyright>
<year>2001</year>
@ -39,6 +39,16 @@
</legalnotice>
<revhistory>
<revision>
<revnumber>1.3</revnumber>
<date>2004-05-22</date>
<authorinitials>TE</authorinitials>
<revremark>Warning about PPTP conntrack patch and GRE tunnels.</revremark>
</revision>
<revision>
<revnumber>1.2</revnumber>
@ -935,6 +945,11 @@ loadmodule ip_nat_proto_gre</programlisting>
<para>For LEAF/Bering users, the 2.4.20 kernel as already been patched as
described at the URL above and the three modules are included in the
Bering 1.2 modules tarball.</para>
<warning>
<para>Installing the above modules will prevent any GRE tunnels that you
have from working correctly.</para>
</warning>
</section>
<section id="ClientFW">