More ROUTE updates

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2124 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-05-16 01:41:24 +00:00
parent f7960e11b9
commit fafecbe73c

View File

@ -171,7 +171,10 @@ REDIRECT loc 3128 tcp www - !206.124.146.
transparent proxy running in your local zone at 192.168.1.3 and
listening on port 3128. Your local interface is eth1. There may also be
a web server running on 192.168.1.3. It is assumed that web access is
already enabled from the local zone to the internet..</para>
already enabled from the local zone to the internet.</para>
<para>If you are running a Shorewall version earlier than 2.3.3 OR your
kernel and/or iptables do not have ROUTE target support then:</para>
<orderedlist>
<listitem>
@ -207,6 +210,27 @@ fi</command></programlisting>
<programlisting><command>run_and_save_command "/etc/shorewall/addroutes"</command></programlisting>
</listitem>
<listitem>
<para>In <filename>/etc/shorewall/start</filename> add:</para>
<programlisting><command>iptables -t mangle -A PREROUTING -i eth1 -s ! 192.168.1.3 -p tcp --dport 80 -j MARK --set-mark 202</command></programlisting>
</listitem>
</orderedlist>
<para>If you are running Shorewall 2.3.3 or later and your kernel and
iptables have ROUTE target support then add this entry to
/etc/shorewall/routes:</para>
<blockquote>
<programlisting>#SOURCE DEST PROTO PORT(S) SOURCE INTERFACE GATEWAY
# PORT(S)
eth1 0.0.0.0/0 tcp 80 - eth1 192.168.1.3</programlisting>
</blockquote>
<para>Regardless of your Shorewall version or your kernel and iptables
ROUTE target support, you need the following:</para>
<orderedlist>
<listitem>
<para>In
<filename><filename>/etc/shorewall/interfaces</filename></filename>:</para>
@ -234,12 +258,6 @@ loc loc ACCEPT</programlisting>
</orderedlist>
</listitem>
<listitem>
<para>In <filename>/etc/shorewall/start</filename> add:</para>
<programlisting><command>iptables -t mangle -A PREROUTING -i eth1 -s ! 192.168.1.3 -p tcp --dport 80 -j MARK --set-mark 202</command></programlisting>
</listitem>
<listitem>
<para>On 192.168.1.3, arrange for the following command to be
executed after networking has come up</para>
@ -263,6 +281,9 @@ chkconfig --level 35 iptables on</command></programlisting>
192.0.2.177. You want to run both a web server and Squid on that system.
Your DMZ interface is eth1 and your local interface is eth2.</para>
<para>If you are running a Shorewall version earlier than 2.3.3 OR your
kernel and/or iptables do not have ROUTE target support then:</para>
<orderedlist>
<listitem>
<para>On your firewall system, issue the following command</para>
@ -327,7 +348,22 @@ fi</command></programlisting>
</listitem>
</orderedlist>
</listitem>
</orderedlist>
<para>If you are running Shorewall 2.3.3 or later and your kernel and
iptables have ROUTE target support then add this entry to
/etc/shorewall/routes:</para>
<blockquote>
<programlisting>#SOURCE DEST PROTO PORT(S) SOURCE INTERFACE GATEWAY
# PORT(S)
eth2 0.0.0.0/0 tcp 80 - eth1 192.0.2.177</programlisting>
</blockquote>
<para>Regardless of your Shorewall version or your kernel and iptables
ROUTE target support, you need the following:</para>
<orderedlist>
<listitem>
<para>In <filename>/etc/shorewall/rules</filename>, you will
need:</para>