Update FAQ, PPTP and Tunnel docs to warn about POM PPTP and GRE Tunnels

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1351 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-22 07:33:43 +01:00 · 2004-05-22 16:15:58 +00:00 · 2004-05-22 16:15:58 +00:00 · e12cb03fca
commit e12cb03fca
parent 70e2a0f386
3 changed files with 31 additions and 27 deletions
--- a/Shorewall-docs2/FAQ.xml
+++ b/Shorewall-docs2/FAQ.xml
@ -17,7 +17,7 @@
      </author>
    </authorgroup>

-    <pubdate>2004-05-18</pubdate>
+    <pubdate>2004-05-21</pubdate>

    <copyright>
      <year>2001-2004</year>
@ -520,29 +520,9 @@ eth2             192.168.2.0/24</programlisting>
      <title>(FAQ 5) I&#39;ve installed Shorewall and now I can&#39;t ping
      through the firewall</title>

-      <para><emphasis role="bold">Answer:</emphasis> If you want your firewall
-      to be totally open for <quote>ping</quote>,</para>
-
-      <orderedlist>
-        <listitem>
-          <para>Create <filename>/etc/shorewall/common</filename> if it
-          doesn&#39;t already exist.</para>
-        </listitem>
-
-        <listitem>
-          <para>Be sure that the first command in the file is <quote>.
-          <filename>/etc/shorewall/common.de</filename>f</quote></para>
-        </listitem>
-
-        <listitem>
-          <para>Add the following to <filename>/etc/shorewall/common</filename></para>
-
-          <programlisting><command>run_iptables -A icmpdef -p ICMP --icmp-type echo-request -j ACCEPT</command></programlisting>
-        </listitem>
-      </orderedlist>
-
-      <para>For a complete description of Shorewall <quote>ping</quote>
-      management, see <ulink url="ping.html">this page</ulink>.</para>
+      <para><emphasis role="bold">Answer:</emphasis> For a complete
+      description of Shorewall <quote>ping</quote> management, see <ulink
+      url="ping.html">this page</ulink>.</para>
    </section>

    <section id="faq15">
@ -1753,7 +1733,8 @@ iptables: Invalid argument
  <appendix>
    <title>Revision History</title>

-    <para><revhistory><revision><revnumber>1.25</revnumber><date>2004-05-18</date><authorinitials>TE</authorinitials><revremark>Empty
+    <para><revhistory><revision><revnumber>1.26</revnumber><date>2004-05-18</date><authorinitials>TE</authorinitials><revremark>Delete
+    obsolete ping information.</revremark></revision><revision><revnumber>1.25</revnumber><date>2004-05-18</date><authorinitials>TE</authorinitials><revremark>Empty
    /etc/shorewall on Debian.</revremark></revision><revision><revnumber>1.25</revnumber><date>2004-05-08</date><authorinitials>TE</authorinitials><revremark>Update
    for Shorewall 2.0.2</revremark></revision><revision><revnumber>1.24</revnumber><date>2004-04-25</date><authorinitials>TE</authorinitials><revremark>Add
    MA Brown&#39;s notes on multi-ISP routing.</revremark></revision><revision><revnumber>1.23</revnumber><date>2004-04-22</date><authorinitials>TE</authorinitials><revremark>Refined
--- a/Shorewall-docs2/IPIP.xml
+++ b/Shorewall-docs2/IPIP.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>

-    <pubdate>2003-02-22</pubdate>
+    <pubdate>2004-05-22</pubdate>

    <copyright>
      <year>2001</year>
@ -24,6 +24,8 @@

      <year>2003</year>

+      <year>2004</year>
+
      <holder>Thomas M. Eastep</holder>
    </copyright>

@ -80,6 +82,12 @@
      <programlisting>tunnel_type=gre</programlisting>
    </example>

+    <warning>
+      <para>If you use the PPTP connection tracking modules from Netfilter
+      Patch-O-Matic (ip_conntrack_proto_gre ip_conntrack_pptp,
+      ip_nat_proto_gre and ip_nat_pptp) then you cannot use GRE tunnels.</para>
+    </warning>
+
    <para>On each firewall, you will need to declare a zone to represent the
    remote subnet. We&#39;ll assume that this zone is called <quote>vpn</quote>
    and declare it in /etc/shorewall/zones on both systems as follows.</para>
--- a/Shorewall-docs2/PPTP.xml
+++ b/Shorewall-docs2/PPTP.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>

-    <pubdate>2004-04-15</pubdate>
+    <pubdate>2004-05-22</pubdate>

    <copyright>
      <year>2001</year>
@ -39,6 +39,16 @@
    </legalnotice>

    <revhistory>
+      <revision>
+        <revnumber>1.3</revnumber>
+
+        <date>2004-05-22</date>
+
+        <authorinitials>TE</authorinitials>
+
+        <revremark>Warning about PPTP conntrack patch and GRE tunnels.</revremark>
+      </revision>
+
      <revision>
        <revnumber>1.2</revnumber>

@ -935,6 +945,11 @@ loadmodule ip_nat_proto_gre</programlisting>
    <para>For LEAF/Bering users, the 2.4.20 kernel as already been patched as
    described at the URL above and the three modules are included in the
    Bering 1.2 modules tarball.</para>
+
+    <warning>
+      <para>Installing the above modules will prevent any GRE tunnels that you
+      have from working correctly.</para>
+    </warning>
  </section>

  <section id="ClientFW">