extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 07:33:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Documentation updates

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1392 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-06-11 18:35:13 +00:00
parent d6a10e45e2
commit f60bffbc0f
11 changed files with 276 additions and 259 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Shorewall-docs2/FAQ.xml
View File

@ -17,7 +17,7 @@
</author>
</authorgroup>
<pubdate>2004-05-21</pubdate>
<pubdate>2004-06-11</pubdate>
<copyright>
<year>2001-2004</year>
@ -58,8 +58,9 @@
class="directory">/etc/shorewall</filename> and modify the copies.</para>
<para>Note that you must copy <filename class="directory">/usr/share/doc/shorewall/default-config/shorewall.conf</filename>
to <filename class="directory">/etc/shorewall</filename> even if you do
not modify it.</para>
and /usr/share/doc/shorewall/default-config/modules to <filename
class="directory">/etc/shorewall</filename> even if you do not modify
those files.</para>
</section>
</section>

364
Shorewall-docs2/IPSEC.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2004-05-04</pubdate>
<pubdate>2004-06-08</pubdate>
<copyright>
<year>2001-2004</year>
@ -29,20 +29,15 @@
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation
License</ulink></quote>.</para>
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
</legalnotice>
</articleinfo>
<warning>
<para>This documentation does not cover configuring IPSEC under the 2.6
Linux Kernel. David Hollis has provided i<ulink
url="http://lists.shorewall.net/pipermail/shorewall-users/2003-December/010417.html">nformation
about how to set up a simple tunnel under 2.6</ulink>. One important point
that is not made explicit in David's post is that the <emphasis
role="bold">vpn</emphasis> zone must be defined before the <emphasis
role="bold">net</emphasis> zone in
<filename>/etc/shorewall/zones</filename>.</para>
<para>This documentation is incomplete regarding using IPSEC and the 2.6
Kernel. Netfilter currently lacks full support for the 2.6 kernel&#39;s
implementation of IPSEC. Until that implementation is complete, only a
simple network-network tunnel is described for 2.6.</para>
</warning>
<section>
@ -56,8 +51,7 @@
<warning>
<para>IPSEC and Proxy ARP do not work unless you are running Shorewall
2.0.1 Beta 3 or later or unless you have installed the fix to Shorewall
2.0.0 available from the <ulink url="errata.htm">Errata
Page</ulink>.</para>
2.0.0 available from the <ulink url="errata.htm">Errata Page</ulink>.</para>
</warning>
<important>
@ -96,7 +90,8 @@ conn packetdefault
<graphic fileref="images/TwoNets1.png" />
<para>We want systems in the 192.168.1.0/24 sub-network to be able to
communicate with systems in the 10.0.0.0/8 network.</para>
communicate with systems in the 10.0.0.0/8 network. We assume that on both
systems A and B, eth0 is the internet interface.</para>
<para>To make this work, we need to do two things:</para>
@ -117,7 +112,7 @@ conn packetdefault
<para>In /etc/shorewall/tunnels on system A, we need the following</para>
<table>
<title>/etc/shorewall/tunnels system A</title>
<title>/etc/shorewall/tunnels - System A</title>
<tgroup cols="4">
<thead>
@ -149,7 +144,7 @@ conn packetdefault
<para>In /etc/shorewall/tunnels on system B, we would have:</para>
<table>
<title>/etc/shorewall/tunnels system B</title>
<title>/etc/shorewall/tunnels - System B</title>
<tgroup cols="4">
<thead>
@ -186,124 +181,158 @@ conn packetdefault
gateway.</para>
</note>
<example>
<title>VPN</title>
<para>You need to define a zone for the remote subnet or include it in
your local zone. In this example, we&#39;ll assume that you have created a
zone called <quote>vpn</quote> to represent the remote subnet. Note that
you should define the vpn zone before the net zone.</para>
<para>You need to define a zone for the remote subnet or include it in
your local zone. In this example, we'll assume that you have created a
zone called <quote>vpn</quote> to represent the remote subnet.</para>
<para><table><title>/etc/shorewall/zones - Systems A and B</title><tgroup
cols="3"><thead><row><entry align="center">ZONE</entry><entry
align="center">DISPLAY</entry><entry align="center">COMMENTS</entry></row></thead><tbody><row><entry>vpn</entry><entry>VPN</entry><entry>Remote
Subnet</entry></row><row><entry>net</entry><entry>Internet</entry><entry>The
big bad internet</entry></row></tbody></tgroup></table></para>
<para><table>
<title>/etc/shorewall/zones local</title>
<para><emphasis role="bold">If you are running kernel 2.4:</emphasis><blockquote><para>At
both systems, ipsec0 would be included in /etc/shorewall/interfaces as a
<quote>vpn</quote> interface:</para><para><table><title>/etc/shorewall/interfaces
- Systems A and B</title><tgroup cols="4"><thead><row><entry
align="center">ZONE</entry><entry align="center">INTERFACE</entry><entry
align="center">BROADCAST</entry><entry align="center">OPTIONS</entry></row></thead><tbody><row><entry>vpn</entry><entry>ipsec0</entry><entry></entry></row></tbody></tgroup></table></para></blockquote></para>
<tgroup cols="3">
<thead>
<row>
<entry align="center">ZONE</entry>
<para><emphasis role="bold">If you are running kernel 2.6:</emphasis></para>
<entry align="center">DISPLAY</entry>
<blockquote>
<para>Remember the assumption that both systems A and B have eth0 as
their internet interface.</para>
<entry align="center">COMMENTS</entry>
</row>
</thead>
<para>You must define the vpn zone using the /etc/shorewall/hosts file.</para>
<tbody>
<row>
<entry>vpn</entry>
<table>
<title>/etc/shorewall/hosts - System A</title>
<entry>VPN</entry>
<tgroup cols="3">
<thead>
<row>
<entry>ZONE</entry>
<entry>Remote Subnet</entry>
</row>
</tbody>
</tgroup>
</table></para>
<entry>HOSTS</entry>
<para>At both systems, ipsec0 would be included in
/etc/shorewall/interfaces as a <quote>vpn</quote> interface:</para>
<entry>OPTIONS</entry>
</row>
</thead>
<para><table>
<title>/etc/shorewall/interfaces system local &amp; remote</title>
<tbody>
<row>
<entry>vpn</entry>
<tgroup cols="4">
<thead>
<row>
<entry align="center">ZONE</entry>
<entry>eth0:10.0.0.0/8</entry>
<entry align="center">INTERFACE</entry>
<entry></entry>
</row>
</tbody>
</tgroup>
</table>
<entry align="center">BROADCAST</entry>
<table>
<title>/etc/shorewall/hosts - System B</title>
<entry align="center">OPTIONS</entry>
</row>
</thead>
<tgroup cols="3">
<thead>
<row>
<entry>ZONE</entry>
<tbody>
<row>
<entry>vpn</entry>
<entry>HOSTS</entry>
<entry>ipsec0</entry>
<entry>OPTIONS</entry>
</row>
</thead>
<entry></entry>
<tbody>
<row>
<entry>vpn</entry>
<entry></entry>
</row>
</tbody>
</tgroup>
</table></para>
<entry>eth0:192.168.1.0/24</entry>
<para>You will need to allow traffic between the <quote>vpn</quote> zone
and the <quote>loc</quote> zone -- if you simply want to admit all
traffic in both directions, you can use the policy file:</para>
<entry></entry>
</row>
</tbody>
</tgroup>
</table>
<para><table>
<title>/etc/shorewall/policy local &amp; remote</title>
<para>In addition, <emphasis role="bold">if you are using Masquerading
or SNAT</emphasis> on your firewalls, you need to elmiinate the remote
network from Masquerade/SNAT. These entries <emphasis role="bold">replace</emphasis>
your current masquerade/SNAT entries for the local networks.</para>
<tgroup cols="4">
<thead>
<row>
<entry align="center">SOURCE</entry>
<table>
<title>/etc/shorewall/masq - System A</title>
<entry align="center">DEST</entry>
<tgroup cols="3">
<thead>
<row>
<entry>INTERFACE</entry>
<entry align="center">POLICY</entry>
<entry>SUBNET</entry>
<entry align="center">LOG LEVEL</entry>
</row>
</thead>
<entry>ADDRESS</entry>
</row>
</thead>
<tbody>
<row>
<entry>loc</entry>
<tbody>
<row>
<entry>eth0:!10.0.0.0/8</entry>
<entry>vpn</entry>
<entry>192.168.1.0/24</entry>
<entry>ACCEPT</entry>
<entry>...</entry>
</row>
</tbody>
</tgroup>
</table>
<entry></entry>
</row>
<table>
<title>/etc/shorewall/masq System B</title>
<row>
<entry>vpn</entry>
<tgroup cols="3">
<thead>
<row>
<entry>INTERFACE</entry>
<entry>loc</entry>
<entry>SUBNET</entry>
<entry>ACCEPT</entry>
<entry>ADDRESS</entry>
</row>
</thead>
<entry></entry>
</row>
</tbody>
</tgroup>
</table></para>
<tbody>
<row>
<entry>eth0:!192.168.1.0/24</entry>
<para>Once you have these entries in place, restart Shorewall (type
shorewall restart); you are now ready to configure the tunnel in <ulink
url="http://www.xs4all.nl/%7Efreeswan/">FreeS/WAN</ulink>.</para>
</example>
<entry>10.0.0.0/8</entry>
<entry>...</entry>
</row>
</tbody>
</tgroup>
</table>
</blockquote>
<para>You will need to allow traffic between the <quote>vpn</quote> zone
and the <quote>loc</quote> zone -- if you simply want to admit all traffic
in both directions, you can use the policy file:</para>
<para><table><title>/etc/shorewall/policy - Systems A and B</title><tgroup
cols="4"><thead><row><entry align="center">SOURCE</entry><entry
align="center">DEST</entry><entry align="center">POLICY</entry><entry
align="center">LOG LEVEL</entry></row></thead><tbody><row><entry>loc</entry><entry>vpn</entry><entry>ACCEPT</entry><entry></entry></row><row><entry>vpn</entry><entry>loc</entry><entry>ACCEPT</entry><entry></entry></row></tbody></tgroup></table></para>
<para>Once you have these entries in place, restart Shorewall (type
shorewall restart); you are now ready to configure the tunnel in <ulink
url="http://www.xs4all.nl/%7Efreeswan/">FreeS/WAN</ulink>.</para>
</section>
<section>
<title>VPN Hub</title>
<title>VPN Hub using Kernel 2.4</title>
<para>Shorewall can be used in a VPN Hub environment where multiple remote
networks are connected to a gateway running Shorewall. This environment is
@ -383,7 +412,7 @@ conn packetdefault
<para>In /etc/shorewall/tunnels on systems B and C, we would have:</para>
<table>
<title>/etc/shorewall/tunnels system B &amp; C</title>
<title>/etc/shorewall/tunnels system B &#38; C</title>
<tgroup cols="4">
<thead>
@ -460,7 +489,7 @@ conn packetdefault
<para>On systems B and C:</para>
<table>
<title>/etc/shorewall/zones system B &amp; C</title>
<title>/etc/shorewall/zones system B &#38; C</title>
<tgroup cols="3">
<thead>
@ -518,8 +547,7 @@ conn packetdefault
</tgroup>
</table>
<para>The /etc/shorewall/hosts file on system A defines the two VPN
zones:</para>
<para>The /etc/shorewall/hosts file on system A defines the two VPN zones:</para>
<table>
<title>/etc/shorewall/hosts system A</title>
@ -559,7 +587,7 @@ conn packetdefault
following in /etc/shorewall/interfaces:</para>
<table>
<title>/etc/shorewall/interfaces system B &amp; C</title>
<title>/etc/shorewall/interfaces system B &#38; C</title>
<tgroup cols="4">
<thead>
@ -660,7 +688,7 @@ conn packetdefault
policy file entries on all three gateways:</para>
<table>
<title>/etc/shorewall/policy system B &amp; C</title>
<title>/etc/shorewall/policy system B &#38; C</title>
<tgroup cols="4">
<thead>
@ -701,8 +729,7 @@ conn packetdefault
<para>Once you have the Shorewall entries added, restart Shorewall on each
gateway (type shorewall restart); you are now ready to configure the
tunnels in <ulink
url="http://www.xs4all.nl/%7Efreeswan/">FreeS/WAN</ulink>.</para>
tunnels in <ulink url="http://www.xs4all.nl/%7Efreeswan/">FreeS/WAN</ulink>.</para>
<note>
<para>to allow traffic between the networks attached to systems B and C,
@ -758,7 +785,7 @@ conn packetdefault
</section>
<section>
<title>Mobile System (Road Warrior)</title>
<title>Mobile System (Road Warrior) Using Kernel 2.4</title>
<para>Suppose that you have a laptop system (B) that you take with you
when you travel and you want to be able to establish a secure connection
@ -770,75 +797,27 @@ conn packetdefault
<title>Road Warrior VPN</title>
<para>You need to define a zone for the laptop or include it in your
local zone. In this example, we'll assume that you have created a zone
called <quote>vpn</quote> to represent the remote host.</para>
local zone. In this example, we&#39;ll assume that you have created a
zone called <quote>vpn</quote> to represent the remote host.</para>
<para><table>
<title>/etc/shorewall/zones local</title>
<tgroup cols="3">
<thead>
<row>
<entry align="center">ZONE</entry>
<entry align="center">DISPLAY</entry>
<entry align="center">COMMENTS</entry>
</row>
</thead>
<tbody>
<row>
<entry>vpn</entry>
<entry>VPN</entry>
<entry>Remote Subnet</entry>
</row>
</tbody>
</tgroup>
</table></para>
<para><table><title>/etc/shorewall/zones local</title><tgroup cols="3"><thead><row><entry
align="center">ZONE</entry><entry align="center">DISPLAY</entry><entry
align="center">COMMENTS</entry></row></thead><tbody><row><entry>vpn</entry><entry>VPN</entry><entry>Remote
Subnet</entry></row></tbody></tgroup></table></para>
<para>In this instance, the mobile system (B) has IP address 134.28.54.2
but that cannot be determined in advance. In the /etc/shorewall/tunnels
file on system A, the following entry should be made:</para>
<para><table>
<title>/etc/shorewall/tunnels system A</title>
<para><table><title>/etc/shorewall/tunnels system A</title><tgroup
cols="4"><thead><row><entry align="center">TYPE</entry><entry
align="center">ZONE</entry><entry align="center">GATEWAY</entry><entry
align="center">GATEWAY ZONE</entry></row></thead><tbody><row><entry>ipsec</entry><entry>net</entry><entry>0.0.0.0/0</entry><entry>vpn</entry></row></tbody></tgroup></table></para>
<tgroup cols="4">
<thead>
<row>
<entry align="center">TYPE</entry>
<entry align="center">ZONE</entry>
<entry align="center">GATEWAY</entry>
<entry align="center">GATEWAY ZONE</entry>
</row>
</thead>
<tbody>
<row>
<entry>ipsec</entry>
<entry>net</entry>
<entry>0.0.0.0/0</entry>
<entry>vpn</entry>
</row>
</tbody>
</tgroup>
</table></para>
<para><note>
<para>the GATEWAY ZONE column contains the name of the zone
corresponding to peer subnetworks. This indicates that the gateway
system itself comprises the peer subnetwork; in other words, the
remote gateway is a standalone system.</para>
</note></para>
<para><note><para>the GATEWAY ZONE column contains the name of the zone
corresponding to peer subnetworks. This indicates that the gateway
system itself comprises the peer subnetwork; in other words, the remote
gateway is a standalone system.</para></note></para>
<para>You will need to configure /etc/shorewall/interfaces and establish
your <quote>through the tunnel</quote> policy as shown under the first
@ -939,8 +918,7 @@ conn packetdefault
a different updown script that adds the remote station to the appropriate
zone when the connection comes up and that deletes the remote station when
the connection comes down. For example, when 134.28.54.2 connects for the
vpn2 zone the <quote>up</quote> part of the script will issue the
command:</para>
vpn2 zone the <quote>up</quote> part of the script will issue the command:</para>
<programlisting>/sbin/shorewall add ipsec0:134.28.54.2 vpn2</programlisting>
@ -957,45 +935,11 @@ conn packetdefault
<example>
<title>dyn=dynamic zone</title>
<para><informaltable>
<tgroup cols="7">
<thead>
<row>
<entry align="center">ACTION</entry>
<entry align="center">SOURCE</entry>
<entry align="center">DESTINATION</entry>
<entry align="center">PROTOCOL</entry>
<entry align="center">PORT(S)</entry>
<entry align="center">CLIENT PORT(S)</entry>
<entry align="center">ORIGINAL DESTINATION</entry>
</row>
</thead>
<tbody>
<row>
<entry>DNAT</entry>
<entry>z!dyn</entry>
<entry>loc:192.168.1.3</entry>
<entry>tcp</entry>
<entry>80</entry>
<entry></entry>
<entry></entry>
</row>
</tbody>
</tgroup>
</informaltable></para>
<para><informaltable><tgroup cols="7"><thead><row><entry
align="center">ACTION</entry><entry align="center">SOURCE</entry><entry
align="center">DESTINATION</entry><entry align="center">PROTOCOL</entry><entry
align="center">PORT(S)</entry><entry align="center">CLIENT PORT(S)</entry><entry
align="center">ORIGINAL DESTINATION</entry></row></thead><tbody><row><entry>DNAT</entry><entry>z!dyn</entry><entry>loc:192.168.1.3</entry><entry>tcp</entry><entry>80</entry><entry></entry><entry></entry></row></tbody></tgroup></informaltable></para>
<para>Dynamic changes to the zone <emphasis role="bold">dyn</emphasis>
will have no effect on the above rule.</para>

7
Shorewall-docs2/Install.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2004-06-02</pubdate>
<pubdate>2004-06-11</pubdate>
<copyright>
<year>2001</year>
@ -50,8 +50,9 @@
class="directory">/etc/shorewall</filename> and modify the copies.</para>
<para>Note that you must copy <filename class="directory">/usr/share/doc/shorewall/default-config/shorewall.conf</filename>
to <filename class="directory">/etc/shorewall</filename> even if you do
not modify it.</para>
and /usr/share/doc/shorewall/default-config/modules to <filename
class="directory">/etc/shorewall</filename> even if you do not modify
those files.</para>
</warning>
<section id="Install_RPM">

26
Shorewall-docs2/Shorewall_Doesnt.xml
View File

@ -5,7 +5,7 @@
<!--$Id$-->
<articleinfo>
<title>Some Things that Shorewall Cannot Do</title>
<title>Some Things that Shorewall Does Not Do</title>
<author>
<firstname>Tom</firstname>
@ -13,7 +13,7 @@
<surname>Eastep</surname>
</author>
<pubdate>2004-03-18</pubdate>
<pubdate>2004-06-08</pubdate>
<copyright>
<year>2003</year>
@ -34,7 +34,7 @@
</articleinfo>
<section>
<title>Shorewall Cannot:</title>
<title>Shorewall Does not:</title>
<itemizedlist>
<listitem>
@ -43,8 +43,8 @@
</listitem>
<listitem>
<para>Be used with an Operating System other than Linux (version
&#62;= 2.4.0)</para>
<para>Work with an Operating System other than Linux (version &#62;=
2.4.0)</para>
</listitem>
<listitem>
@ -64,6 +64,22 @@
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Set up Routing (except to support <ulink url="ProxyARP.htm">Proxy
ARP</ulink>)</para>
</listitem>
<listitem>
<para>Do Traffic Shaping/Bandwidth Management (although it provides
<ulink url="traffic_shaping.htm">hooks to interface to Traffic
Control/Bandwidth Management solutions</ulink>)</para>
</listitem>
<listitem>
<para>Configure/manage Network Devices (your Distribution includes
tools for that).</para>
</listitem>
</itemizedlist>
</section>

61
Shorewall-docs2/bridge.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2004-04-12</pubdate>
<pubdate>2004-06-11</pubdate>
<copyright>
<year>2004</year>
@ -235,6 +235,65 @@ BRIDGE=br0
ONBOOT=yes</programlisting></para>
</blockquote>
<para>Florin Grad at <trademark>Mandrake</trademark> provides this script
for configuring a bridge:</para>
<blockquote>
<programlisting>#!/bin/sh
# chkconfig: 2345 05 89
# description: Layer 2 Bridge
#
[ -f /etc/sysconfig/bridge ] &#38;&#38; . /etc/sysconfig/bridge
PATH=$PATH:/sbin:/usr/sbin:/usr/local/sbin
do_stop() {
echo &#34;Stopping Bridge&#34;
for i in $INTERFACES $BRIDGE_INTERFACE ; do
ip link set $i down
done
brctl delbr $BRIDGE_INTERFACE
}
do_start() {
echo &#34;Starting Bridge&#34;
for i in $INTERFACES ; do
ip link set $i up
done
brctl addbr br0
for i in $INTERFACES ; do
ip link set $i up
brctl addif br0 $i
done
ifup $BRIDGE_INTERFACE
}
case &#34;$1&#34; in
start)
do_start
;;
stop)
do_stop
;;
restart)
do_stop
sleep 1
do_start
;;
*)
echo &#34;Usage: $0 {start|stop|restart}&#34;
exit 1
esac
exit 0</programlisting>
<para>The <filename>/etc/sysconfig/bridge</filename>:</para>
<programlisting>BRIDGE_INTERFACE=br0 #The name of your Bridge
INTERFACES=&#34;eth0 eth1&#34; #The physical interfaces to be bridged</programlisting>
</blockquote>
<para>Users who successfully configure bridges on other distributions,
with static or dynamic IP addresses, are encouraged to send <ulink
url="mailto:webmaster@shorewall.net">me</ulink> their configuration so I

4
Shorewall-docs2/myfiles.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2004-04-27</pubdate>
<pubdate>2004-06-07</pubdate>
<copyright>
<year>2001-2004</year>
@ -110,7 +110,7 @@
<para>The single system in the DMZ (address 206.124.146.177) runs postfix,
Courier IMAP (imaps and pop3), DNS, a Web server (Apache) and an FTP
server (Pure-ftpd) under RedHat 9.0. The system also runs fetchmail to
server (Pure-ftpd) under Fedora Core 2. The system also runs fetchmail to
fetch our email from our old and current ISPs. That server is managed
through Proxy ARP.</para>

40
Shorewall-docs2/shorewall_features.xml
View File

@ -13,7 +13,7 @@
<surname>Eastep</surname>
</author>
<pubdate>2004-05-07</pubdate>
<pubdate>2004-06-08</pubdate>
<copyright>
<year>2001-2004</year>
@ -27,8 +27,7 @@
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation
License</ulink></quote>.</para>
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
</legalnotice>
</articleinfo>
@ -37,7 +36,7 @@
<itemizedlist>
<listitem>
<para>Uses Netfilter's connection tracking facilities for stateful
<para>Uses Netfilter&#39;s connection tracking facilities for stateful
packet filtering.</para>
</listitem>
@ -57,8 +56,7 @@
<listitem>
<para>Allows you to partition the network into <ulink
url="Documentation.htm#Zones">zones</ulink> and gives you complete
control over the connections permitted between each pair of
zones.</para>
control over the connections permitted between each pair of zones.</para>
</listitem>
<listitem>
@ -80,8 +78,7 @@
<listitem>
<para>A <emphasis role="bold">GUI</emphasis> is available via Webmin
1.060 and later (<ulink
url="http://www.webmin.com">http://www.webmin.com</ulink>)</para>
1.060 and later (<ulink url="http://www.webmin.com">http://www.webmin.com</ulink>)</para>
</listitem>
<listitem>
@ -92,18 +89,15 @@
<listitem>
<para><emphasis role="bold">Flexible address management/routing
support</emphasis> (and you can use all types in the same
firewall):</para>
support</emphasis> (and you can use all types in the same firewall):</para>
<itemizedlist>
<listitem>
<para><ulink
url="Documentation.htm#Masq">Masquerading/SNAT</ulink>.</para>
<para><ulink url="Documentation.htm#Masq">Masquerading/SNAT</ulink>.</para>
</listitem>
<listitem>
<para><ulink url="FAQ.htm#faq1">Port Forwarding
(DNAT)</ulink>.</para>
<para><ulink url="FAQ.htm#faq1">Port Forwarding (DNAT)</ulink>.</para>
</listitem>
<listitem>
@ -157,16 +151,16 @@
</listitem>
<listitem>
<para><ulink url="PPTP.htm">PPTP</ulink> clients and
Servers.</para>
<para><ulink url="PPTP.htm">PPTP</ulink> clients and Servers.</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Support for <ulink url="traffic_shaping.htm"><emphasis
role="bold">Traffic</emphasis> Control/<emphasis
role="bold">Shaping</emphasis></ulink> integration.</para>
role="bold">Traffic</emphasis> Control/<emphasis role="bold">Shaping</emphasis></ulink>
integration (although Shorewall itself contains no Traffic/Bandwidth
control facilities).</para>
</listitem>
<listitem>
@ -183,7 +177,7 @@
<listitem>
<para>Includes automated <ulink url="Install.htm">install,
upgrade, fallback and uninstall facilities</ulink> for users who
can't use or choose not to use the RPM or Debian packages.</para>
can&#39;t use or choose not to use the RPM or Debian packages.</para>
</listitem>
<listitem>
@ -196,8 +190,7 @@
<listitem>
<para><ulink url="MAC_Validation.html">Media Access Control (<emphasis
role="bold">MAC</emphasis>) Address <emphasis
role="bold">Verification</emphasis></ulink>.</para>
role="bold">MAC</emphasis>) Address <emphasis role="bold">Verification</emphasis></ulink>.</para>
</listitem>
<listitem>
@ -206,9 +199,8 @@
</listitem>
<listitem>
<para><ulink url="bridge.html"><emphasis
role="bold">Bridge</emphasis>/Firewall support</ulink> (requires a 2.6
kernel or a patched 2.4 kernel).</para>
<para><ulink url="bridge.html"><emphasis role="bold">Bridge</emphasis>/Firewall
support</ulink> (requires a 2.6 kernel or a patched 2.4 kernel).</para>
</listitem>
</itemizedlist>
</section>

7
Shorewall-docs2/shorewall_setup_guide.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2004-05-18</pubdate>
<pubdate>2004-06-11</pubdate>
<copyright>
<year>2001-2004</year>
@ -105,8 +105,9 @@
Simply copy the files you need from that directory to <filename
class="directory">/etc/shorewall</filename> and modify the copies.</para><para>Note
that you must copy <filename class="directory">/usr/share/doc/shorewall/default-config/shorewall.conf</filename>
to <filename class="directory">/etc/shorewall</filename> even if you do
not modify it.</para></warning></para>
and /usr/share/doc/shorewall/default-config/modules to <filename
class="directory">/etc/shorewall</filename> even if you do not modify
those files.</para></warning></para>
<para>As each file is introduced, I suggest that you look through the
actual file on your system -- each file contains detailed configuration

7
Shorewall-docs2/standalone.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2004-05-18</pubdate>
<pubdate>2004-06-11</pubdate>
<copyright>
<year>2002-2004</year>
@ -144,8 +144,9 @@
class="directory">/etc/shorewall</filename> and modify the copies.</para>
<para>Note that you must copy <filename class="directory">/usr/share/doc/shorewall/default-config/shorewall.conf</filename>
to <filename class="directory">/etc/shorewall</filename> even if you do
not modify it.</para>
and /usr/share/doc/shorewall/default-config/modules to <filename
class="directory">/etc/shorewall</filename> even if you do not modify
those files.</para>
</warning>
<para>As each file is introduced, I suggest that you look through the

5
Shorewall-docs2/three-interface.xml
View File

@ -15,7 +15,7 @@
</author>
</authorgroup>
<pubdate>2004-05-18</pubdate>
<pubdate>2004-06-11</pubdate>
<copyright>
<year>2002-2004</year>
@ -166,7 +166,8 @@
Simply copy the files you need from that directory to <filename
class="directory">/etc/shorewall</filename> and modify the copies.</para><para>Note
that you must copy <filename class="directory">/usr/share/doc/shorewall/default-config/shorewall.conf</filename>
to /etc/shorewall even if you do not modify it.</para></warning></para>
and /usr/share/doc/shorewall/default-config/modules to /etc/shorewall even
if you do not modify those files.</para></warning></para>
<para>After you have installed Shorewall, download the three-interface
sample, un-tar it (<command>tar <option>-zxvf</option>

7
Shorewall-docs2/two-interface.xml
View File

@ -12,7 +12,7 @@
<surname>Eastep</surname>
</author>
<pubdate>2003-05-18</pubdate>
<pubdate>2003-06-11</pubdate>
<copyright>
<year>2002</year>
@ -154,8 +154,9 @@
Simply copy the files you need from that directory to <filename
class="directory">/etc/shorewall</filename> and modify the copies.</para><para>Note
that you must copy <filename class="directory">/usr/share/doc/shorewall/default-config/shorewall.conf</filename>
to <filename class="directory">/etc/shorewall</filename> even if you do
not modify it.</para></warning></para>
and /usr/share/doc/shorewall/default-config/modules to <filename
class="directory">/etc/shorewall</filename> even if you do not modify
those files.</para></warning></para>
<para><tip><para>After you have <ulink url="Install.htm">installed
Shorewall</ulink>, download the <ulink