mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-08 08:44:05 +01:00
Update FAQ, PPTP and Tunnel docs to warn about POM PPTP and GRE Tunnels
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1351 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
70e2a0f386
commit
e12cb03fca
@ -17,7 +17,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2004-05-18</pubdate>
|
||||
<pubdate>2004-05-21</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001-2004</year>
|
||||
@ -520,29 +520,9 @@ eth2 192.168.2.0/24</programlisting>
|
||||
<title>(FAQ 5) I've installed Shorewall and now I can't ping
|
||||
through the firewall</title>
|
||||
|
||||
<para><emphasis role="bold">Answer:</emphasis> If you want your firewall
|
||||
to be totally open for <quote>ping</quote>,</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>Create <filename>/etc/shorewall/common</filename> if it
|
||||
doesn't already exist.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Be sure that the first command in the file is <quote>.
|
||||
<filename>/etc/shorewall/common.de</filename>f</quote></para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Add the following to <filename>/etc/shorewall/common</filename></para>
|
||||
|
||||
<programlisting><command>run_iptables -A icmpdef -p ICMP --icmp-type echo-request -j ACCEPT</command></programlisting>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>For a complete description of Shorewall <quote>ping</quote>
|
||||
management, see <ulink url="ping.html">this page</ulink>.</para>
|
||||
<para><emphasis role="bold">Answer:</emphasis> For a complete
|
||||
description of Shorewall <quote>ping</quote> management, see <ulink
|
||||
url="ping.html">this page</ulink>.</para>
|
||||
</section>
|
||||
|
||||
<section id="faq15">
|
||||
@ -1753,7 +1733,8 @@ iptables: Invalid argument
|
||||
<appendix>
|
||||
<title>Revision History</title>
|
||||
|
||||
<para><revhistory><revision><revnumber>1.25</revnumber><date>2004-05-18</date><authorinitials>TE</authorinitials><revremark>Empty
|
||||
<para><revhistory><revision><revnumber>1.26</revnumber><date>2004-05-18</date><authorinitials>TE</authorinitials><revremark>Delete
|
||||
obsolete ping information.</revremark></revision><revision><revnumber>1.25</revnumber><date>2004-05-18</date><authorinitials>TE</authorinitials><revremark>Empty
|
||||
/etc/shorewall on Debian.</revremark></revision><revision><revnumber>1.25</revnumber><date>2004-05-08</date><authorinitials>TE</authorinitials><revremark>Update
|
||||
for Shorewall 2.0.2</revremark></revision><revision><revnumber>1.24</revnumber><date>2004-04-25</date><authorinitials>TE</authorinitials><revremark>Add
|
||||
MA Brown's notes on multi-ISP routing.</revremark></revision><revision><revnumber>1.23</revnumber><date>2004-04-22</date><authorinitials>TE</authorinitials><revremark>Refined
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2003-02-22</pubdate>
|
||||
<pubdate>2004-05-22</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001</year>
|
||||
@ -24,6 +24,8 @@
|
||||
|
||||
<year>2003</year>
|
||||
|
||||
<year>2004</year>
|
||||
|
||||
<holder>Thomas M. Eastep</holder>
|
||||
</copyright>
|
||||
|
||||
@ -80,6 +82,12 @@
|
||||
<programlisting>tunnel_type=gre</programlisting>
|
||||
</example>
|
||||
|
||||
<warning>
|
||||
<para>If you use the PPTP connection tracking modules from Netfilter
|
||||
Patch-O-Matic (ip_conntrack_proto_gre ip_conntrack_pptp,
|
||||
ip_nat_proto_gre and ip_nat_pptp) then you cannot use GRE tunnels.</para>
|
||||
</warning>
|
||||
|
||||
<para>On each firewall, you will need to declare a zone to represent the
|
||||
remote subnet. We'll assume that this zone is called <quote>vpn</quote>
|
||||
and declare it in /etc/shorewall/zones on both systems as follows.</para>
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2004-04-15</pubdate>
|
||||
<pubdate>2004-05-22</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001</year>
|
||||
@ -39,6 +39,16 @@
|
||||
</legalnotice>
|
||||
|
||||
<revhistory>
|
||||
<revision>
|
||||
<revnumber>1.3</revnumber>
|
||||
|
||||
<date>2004-05-22</date>
|
||||
|
||||
<authorinitials>TE</authorinitials>
|
||||
|
||||
<revremark>Warning about PPTP conntrack patch and GRE tunnels.</revremark>
|
||||
</revision>
|
||||
|
||||
<revision>
|
||||
<revnumber>1.2</revnumber>
|
||||
|
||||
@ -935,6 +945,11 @@ loadmodule ip_nat_proto_gre</programlisting>
|
||||
<para>For LEAF/Bering users, the 2.4.20 kernel as already been patched as
|
||||
described at the URL above and the three modules are included in the
|
||||
Bering 1.2 modules tarball.</para>
|
||||
|
||||
<warning>
|
||||
<para>Installing the above modules will prevent any GRE tunnels that you
|
||||
have from working correctly.</para>
|
||||
</warning>
|
||||
</section>
|
||||
|
||||
<section id="ClientFW">
|
||||
|
||||
Loading…
Reference in New Issue
Block a user