extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-21 02:08:48 +02:00
Code Issues Packages Projects Releases Wiki Activity

More 2.4.0 doc updates

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2167 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-05-23 22:29:52 +00:00
parent b0cf1dc06d
commit fb487f5b54
2 changed files with 58 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
Shorewall-docs2/Shorewall_and_Routing.xml
View File

@ -361,12 +361,9 @@
<glossdef> <glossdef>
<para>The IP address of the provider's Gateway router.</para> <para>The IP address of the provider's Gateway router.</para>
<para>Users with point-to-point dynamic connections such as <para>You can enter <emphasis role="bold">detect</emphasis> here
PPPoE, PPPoA or PPTP can enter <emphasis and Shorewall will attempt to automatically determine the
role="bold">detect</emphasis> here and Shorewall will gateway IP address.</para>
automatically determine the gateway IP address. You must of
course configure your ppp service to restart Shorewall when you
connect or when the gateway IP address changes.</para>
</glossdef> </glossdef>
</glossentry> </glossentry>
@ -435,9 +432,12 @@
<listitem> <listitem>
<para>If you specify <emphasis role="bold">balance</emphasis>, then <para>If you specify <emphasis role="bold">balance</emphasis>, then
Shorewall will replace the 'default' route in the 'main' routing Shorewall will replace the 'default' route with weight 100 in the
table with a load-balancing route among those gateways where 'main' routing table with a load-balancing route among those
<emphasis role="bold">balance</emphasis> was specified.</para> gateways where <emphasis role="bold">balance</emphasis> was
specified. So if you configure default routes, be sure that their
weight is less than 100 or the route added by Shorewall will not be
used.</para>
</listitem> </listitem>
</orderedlist> </orderedlist>
@ -472,6 +472,14 @@
usually be done by <command>/etc/init.d/network restart</command> or usually be done by <command>/etc/init.d/network restart</command> or
<command>/etc/init.d/networking restart</command>. Check your <command>/etc/init.d/networking restart</command>. Check your
distribution's networking documentation.</para> distribution's networking documentation.</para>
<para>You can mitigate the effect of the Shorewall-generated changes
to your routing table by specifying a <emphasis>metric</emphasis> for
each default route that you configure. Shorewall will generate a
load-balancing default route (assuming that <emphasis
role="bold">balance</emphasis> has been specified for some of the
providers) that does not include a metric and that will therefore not
replace any existing route that has a non-zero metric.</para>
</warning> </warning>
</section> </section>
@ -543,11 +551,12 @@ eth1 eth2 130.252.99.27</programlisting>
determination.</para> determination.</para>
<para>Routing with Shorewall is specified through entries in <para>Routing with Shorewall is specified through entries in
/etc/shorewall/routes. Note that entries in the /etc/shorewall/routes file <filename>/etc/shorewall/routes</filename>. Note that entries in the
override the routing specified in your routing tables. These rules <filename>/etc/shorewall/routes</filename> file override the routing
generate Netfilter rules in the mangle tables FORWARD chain or OUTPUT specified in your routing tables. These rules generate Netfilter rules in
chain depending whether the packets are being routed through the firewall the mangle tables FORWARD chain or OUTPUT chain depending whether the
or originate on the firewall itself (see figure above).</para> packets are being routed through the firewall or originate on the firewall
itself (see the flow diagram at the top of this article).</para>
<para>Columns in this file are as follows:</para> <para>Columns in this file are as follows:</para>

36
Shorewall-docs2/starting_and_stopping_shorewall.xml
View File

@ -15,7 +15,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2005-05-15</pubdate> <pubdate>2005-05-23</pubdate>
<copyright> <copyright>
<year>2004</year> <year>2004</year>
@ -780,6 +780,40 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>safe-restart (Shorewall version 2.4.0 and later)</term>
<listitem>
<para><command>shorewall [ -q ] safe-restart [ &lt;filename&gt;
]</command></para>
<para>Only allowed if Shorewall is running. The current
configuration is saved in
<filename>/var/lib/shorewall/safe-restart</filename> (see the
<command>save</command> command below). You will then be prompted
asking if you want to accept the new configuration or not. If you
answer "n" or if you fail to answer within 60 seconds (such as when
your new configuration has disabled communication with your
terminal), the configuration is restored from the saved
configuration.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>safe-start (Shorewall version 2.4.0 and later)</term>
<listitem>
<para><command>shorewall [ -q ] safe-start [ &lt;filename&gt;
]</command></para>
<para>Shorewall is started normally. You will then be prompted
asking if everything went all right. If you answer "n" or if you
fail to answer within 60 seconds (such as when your new
configuration has disabled communication with your terminal), a
<command>shorewall clear</command> is performed for you.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term>save</term> <term>save</term>