Correct Bizarre formatting problem with Multi-ISP doc

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3216 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-23 16:13:18 +01:00 · 2006-01-03 15:56:46 +00:00 · 2006-01-03 15:56:46 +00:00 · e749a66c83
commit e749a66c83
parent 8232d950b8
3 changed files with 37 additions and 24 deletions
--- a/Shorewall-docs2/MultiISP.xml
+++ b/Shorewall-docs2/MultiISP.xml
@ -49,7 +49,7 @@
      ethernet interfaces to two different ISPs as in the following
      diagram.</para>

-      <graphic align="left" fileref="images/TwoISPs.png" />
+      <graphic align="center" fileref="images/TwoISPs.png" valign="middle" />

      <itemizedlist>
        <listitem>
--- a/Shorewall-docs2/Xen.xml
+++ b/Shorewall-docs2/Xen.xml
@ -53,9 +53,14 @@
    boot time by using the <command>xendomains</command> service.</para>

    <para>Xen virtualizes a network interface named <filename
-    class="devicefile">eth0</filename> in each domain. In domain 0, Xen also
-    creates a bridge (<filename class="devicefile">xenbr0</filename>) and a
-    number of virtual interfaces as shown in the following diagram.</para>
+    class="devicefile">eth0</filename><footnote>
+        <para>This assumes the default Xen configuration created by
+        <command>xend </command>and assumes that the host system has a single
+        ethernet interface named <filename
+        class="devicefile">eth0</filename>.</para>
+      </footnote> in each domain. In domain 0, Xen also creates a bridge
+    (<filename class="devicefile">xenbr0</filename>) and a number of virtual
+    interfaces as shown in the following diagram.</para>

    <graphic align="center" fileref="images/Xen1.png" />

@ -90,9 +95,9 @@
    <para>As I state in the answer to <ulink url="FAQ.htm#faq2">Shorewall FAQ
    2</ulink>, I object to running servers in a local zone because if the
    server becomes compromised then there is no protection between that
-    compromised server and the other local systems. Xen allows you to safely
-    run Internet-accessible servers in your local zone by creating a firewall
-    in (the Extended) Domain 0 to isolate the server(s) from the other local
+    compromised server and the other local systems. Xen allows me to safely
+    run Internet-accessible servers in my local zone by creating a firewall in
+    (the Extended) Domain 0 to isolate the server(s) from the other local
    systems (including Domain 0).</para>

    <para>Here is an example. In this example, we will assume that the system
@ -100,15 +105,22 @@
    only have to worry about protecting the local lan from the systems running
    in domains other than domain 0.</para>

+    <note>
+      <para>This is the real <ulink url="myfiles.htm">configuration which I
+      run at shorewall.net</ulink>.</para>
+    </note>
+
    <section>
      <title>/etc/shorewall/zones</title>

      <para>One thing strange about configuring Shorewall in this environment
      is that Domain 0 is defined as two different zones. It is defined as the
      firewall zone and it is also defined as "all systems connected to
-      <filename class="devicefile">xenbr0:vif0.0</filename>. In this case, we
-      call this second zone <emphasis role="bold">ursa</emphasis>; that zone
-      corresponds roughly to what is shown as Extended Domain 0 above.</para>
+      <filename class="devicefile">xenbr0:vif0.0</filename>. In this case, I
+      call this second zone <emphasis role="bold">ursa</emphasis> (which is
+      the name given to the virtual system running in Domain 0); that zone
+      corresponds roughly to what is shown as the Extended Domain 0
+      above.</para>

      <blockquote>
        <programlisting>#                                       OPTIONS                 OPTIONS
@ -143,7 +155,9 @@ net     eth0            detect          dhcp
      zone <emphasis role="bold">net</emphasis>.<blockquote>
          <programlisting>#ZONE   HOST(S)                                 OPTIONS
 ursa    xenbr0:vif0.0
-dmz     xenbr0:vif+
+dmz     xenbr0:vif+<footnote>
+              <para>There is a bug in Shorewall versions prior to 3.0.4 that treats all bridge ports as if they had routeback specified. I recommend that you run a Shorewall verison &gt; 3.0.3 if you run Xen.</para>
+            </footnote>
 net     xenbr0:peth0
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE</programlisting>
        </blockquote></para>
@ -200,8 +214,7 @@ Ping/ACCEPT     dmz                net
 Ping/ACCEPT     dmz                ursa</programlisting>
      </blockquote>

-      <para>In this example, 192.168.0.0/22 comprises the local
-      network.</para>
+      <para>Here, 192.168.0.0/22 comprises my local network.</para>

      <para>From the point of view of Shorewall, the zone diagram is as shown
      in the following diagram.</para>