forked from extern/shorewall_code
Relocate interface identification tip
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5403 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
07308373de
commit
00548ee4eb
@ -329,15 +329,6 @@ all all REJECT info</programlisting>
|
|||||||
<acronym>ISDN</acronym>, your external interface will be <filename
|
<acronym>ISDN</acronym>, your external interface will be <filename
|
||||||
class="devicefile">ippp0</filename>.</para>
|
class="devicefile">ippp0</filename>.</para>
|
||||||
|
|
||||||
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
|
|
||||||
|
|
||||||
<para>The Shorewall one-interface sample configuration assumes that the
|
|
||||||
external interface is <filename class="devicefile">eth0</filename>. If
|
|
||||||
your configuration is different, you will have to modify the sample
|
|
||||||
<filename>/etc/shorewall/interfaces</filename> file accordingly. While you
|
|
||||||
are there, you may wish to review the list of options that are specified
|
|
||||||
for the interface. Some hints:</para>
|
|
||||||
|
|
||||||
<tip>
|
<tip>
|
||||||
<para>Be sure you know which interface is your external interface. Many
|
<para>Be sure you know which interface is your external interface. Many
|
||||||
hours have been spent floundering by users who have configured the wrong
|
hours have been spent floundering by users who have configured the wrong
|
||||||
@ -360,6 +351,15 @@ root@lists:~# </programlisting>
|
|||||||
the external interface.</para>
|
the external interface.</para>
|
||||||
</tip>
|
</tip>
|
||||||
|
|
||||||
|
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
|
||||||
|
|
||||||
|
<para>The Shorewall one-interface sample configuration assumes that the
|
||||||
|
external interface is <filename class="devicefile">eth0</filename>. If
|
||||||
|
your configuration is different, you will have to modify the sample
|
||||||
|
<filename>/etc/shorewall/interfaces</filename> file accordingly. While you
|
||||||
|
are there, you may wish to review the list of options that are specified
|
||||||
|
for the interface. Some hints:</para>
|
||||||
|
|
||||||
<tip>
|
<tip>
|
||||||
<para>If your external interface is <filename
|
<para>If your external interface is <filename
|
||||||
class="devicefile">ppp0</filename> or <filename
|
class="devicefile">ppp0</filename> or <filename
|
||||||
|
@ -382,6 +382,31 @@ $FW net ACCEPT</programlisting>
|
|||||||
external interface will be <filename
|
external interface will be <filename
|
||||||
class="devicefile">ippp0</filename>.</para>
|
class="devicefile">ippp0</filename>.</para>
|
||||||
|
|
||||||
|
<tip>
|
||||||
|
<para>Be sure you know which interface is your external interface. Many
|
||||||
|
hours have been spent floundering by users who have configured the wrong
|
||||||
|
interface. If you are unsure, then as root type "ip route ls" at the
|
||||||
|
command line. The device listed in the last (default) route should be
|
||||||
|
your external interface.</para>
|
||||||
|
|
||||||
|
<para>Example:</para>
|
||||||
|
|
||||||
|
<programlisting>root@lists:~# ip route ls
|
||||||
|
192.168.1.1 dev eth0 scope link
|
||||||
|
192.168.2.2 dev tun0 proto kernel scope link src 192.168.2.1
|
||||||
|
192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.254
|
||||||
|
10.13.10.0/24 dev tun1 scope link
|
||||||
|
192.168.2.0/24 via 192.168.2.2 dev tun0
|
||||||
|
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.254
|
||||||
|
206.124.146.0/24 dev eth0 proto kernel scope link src 206.124.146.176
|
||||||
|
10.10.10.0/24 dev tun1 scope link
|
||||||
|
default via 206.124.146.254 dev <emphasis role="bold">eth0</emphasis>
|
||||||
|
root@lists:~# </programlisting>
|
||||||
|
|
||||||
|
<para>In that example, <filename class="devicefile">eth0</filename> is
|
||||||
|
the external interface.</para>
|
||||||
|
</tip>
|
||||||
|
|
||||||
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
|
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
|
||||||
|
|
||||||
<para>I<emphasis role="bold">f your external interface is <filename
|
<para>I<emphasis role="bold">f your external interface is <filename
|
||||||
@ -429,31 +454,6 @@ $FW net ACCEPT</programlisting>
|
|||||||
are there, you may wish to review the list of options that are specified
|
are there, you may wish to review the list of options that are specified
|
||||||
for the interfaces. Some hints:</para>
|
for the interfaces. Some hints:</para>
|
||||||
|
|
||||||
<tip>
|
|
||||||
<para>Be sure you know which interface is your external interface. Many
|
|
||||||
hours have been spent floundering by users who have configured the wrong
|
|
||||||
interface. If you are unsure, then as root type "ip route ls" at the
|
|
||||||
command line. The device listed in the last (default) route should be
|
|
||||||
your external interface.</para>
|
|
||||||
|
|
||||||
<para>Example:</para>
|
|
||||||
|
|
||||||
<programlisting>root@lists:~# ip route ls
|
|
||||||
192.168.1.1 dev eth0 scope link
|
|
||||||
192.168.2.2 dev tun0 proto kernel scope link src 192.168.2.1
|
|
||||||
192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.254
|
|
||||||
10.13.10.0/24 dev tun1 scope link
|
|
||||||
192.168.2.0/24 via 192.168.2.2 dev tun0
|
|
||||||
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.254
|
|
||||||
206.124.146.0/24 dev eth0 proto kernel scope link src 206.124.146.176
|
|
||||||
10.10.10.0/24 dev tun1 scope link
|
|
||||||
default via 206.124.146.254 dev <emphasis role="bold">eth0</emphasis>
|
|
||||||
root@lists:~# </programlisting>
|
|
||||||
|
|
||||||
<para>In that example, <filename class="devicefile">eth0</filename> is
|
|
||||||
the external interface.</para>
|
|
||||||
</tip>
|
|
||||||
|
|
||||||
<tip>
|
<tip>
|
||||||
<para>If your external interface is <filename
|
<para>If your external interface is <filename
|
||||||
class="devicefile">ppp0</filename> or <filename
|
class="devicefile">ppp0</filename> or <filename
|
||||||
|
@ -354,6 +354,31 @@ $FW net ACCEPT</programlisting> The above policy will:
|
|||||||
<acronym>ISDN</acronym>, your external interface will be <filename
|
<acronym>ISDN</acronym>, your external interface will be <filename
|
||||||
class="devicefile">ippp0</filename>.</para>
|
class="devicefile">ippp0</filename>.</para>
|
||||||
|
|
||||||
|
<tip>
|
||||||
|
<para>Be sure you know which interface is your external interface. Many
|
||||||
|
hours have been spent floundering by users who have configured the wrong
|
||||||
|
interface. If you are unsure, then as root type "ip route ls" at the
|
||||||
|
command line. The device listed in the last (default) route should be
|
||||||
|
your external interface.</para>
|
||||||
|
|
||||||
|
<para>Example:</para>
|
||||||
|
|
||||||
|
<programlisting>root@lists:~# ip route ls
|
||||||
|
192.168.1.1 dev eth0 scope link
|
||||||
|
192.168.2.2 dev tun0 proto kernel scope link src 192.168.2.1
|
||||||
|
192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.254
|
||||||
|
10.13.10.0/24 dev tun1 scope link
|
||||||
|
192.168.2.0/24 via 192.168.2.2 dev tun0
|
||||||
|
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.254
|
||||||
|
206.124.146.0/24 dev eth0 proto kernel scope link src 206.124.146.176
|
||||||
|
10.10.10.0/24 dev tun1 scope link
|
||||||
|
default via 206.124.146.254 dev <emphasis role="bold">eth0</emphasis>
|
||||||
|
root@lists:~# </programlisting>
|
||||||
|
|
||||||
|
<para>In that example, <filename class="devicefile">eth0</filename> is
|
||||||
|
the external interface.</para>
|
||||||
|
</tip>
|
||||||
|
|
||||||
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
|
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
|
||||||
|
|
||||||
<para>I<emphasis role="bold">f your external interface is <filename
|
<para>I<emphasis role="bold">f your external interface is <filename
|
||||||
@ -388,29 +413,6 @@ $FW net ACCEPT</programlisting> The above policy will:
|
|||||||
class="directory">/etc/shorewall/</filename><filename>interfaces</filename>
|
class="directory">/etc/shorewall/</filename><filename>interfaces</filename>
|
||||||
file accordingly. While you are there, you may wish to review the list of
|
file accordingly. While you are there, you may wish to review the list of
|
||||||
options that are specified for the interfaces. Some hints:<tip>
|
options that are specified for the interfaces. Some hints:<tip>
|
||||||
<para>Be sure you know which interface is your external interface.
|
|
||||||
Many hours have been spent floundering by users who have configured
|
|
||||||
the wrong interface. If you are unsure, then as root type "ip route
|
|
||||||
ls" at the command line. The device listed in the last (default) route
|
|
||||||
should be your external interface.</para>
|
|
||||||
|
|
||||||
<para>Example:</para>
|
|
||||||
|
|
||||||
<programlisting>root@lists:~# ip route ls
|
|
||||||
192.168.1.1 dev eth0 scope link
|
|
||||||
192.168.2.2 dev tun0 proto kernel scope link src 192.168.2.1
|
|
||||||
192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.254
|
|
||||||
10.13.10.0/24 dev tun1 scope link
|
|
||||||
192.168.2.0/24 via 192.168.2.2 dev tun0
|
|
||||||
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.254
|
|
||||||
206.124.146.0/24 dev eth0 proto kernel scope link src 206.124.146.176
|
|
||||||
10.10.10.0/24 dev tun1 scope link
|
|
||||||
default via 206.124.146.254 dev <emphasis role="bold">eth0</emphasis>
|
|
||||||
root@lists:~# </programlisting>
|
|
||||||
|
|
||||||
<para>In that example, <filename class="devicefile">eth0</filename> is
|
|
||||||
the external interface.</para>
|
|
||||||
</tip><tip>
|
|
||||||
<para>If your external interface is <filename
|
<para>If your external interface is <filename
|
||||||
class="devicefile">ppp0</filename> or <filename
|
class="devicefile">ppp0</filename> or <filename
|
||||||
class="devicefile">ippp0</filename>, you can replace the
|
class="devicefile">ippp0</filename>, you can replace the
|
||||||
|
Loading…
Reference in New Issue
Block a user