diff --git a/Shorewall-docs/6to4.xml b/Shorewall-docs/6to4.xml
index dd47448f6..c6a8e601c 100644
--- a/Shorewall-docs/6to4.xml
+++ b/Shorewall-docs/6to4.xml
@@ -32,8 +32,8 @@
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
- Texts. A copy of the license is included in the section entitled GNU Free Documentation License
.
+ Texts. A copy of the license is included in the section entitled
+ GNU Free Documentation License
.
@@ -153,4 +153,4 @@
commands as listed above. The systems in both IPv6 subnetworks can now
talk to each other using IPv6.
-
+
\ No newline at end of file
diff --git a/Shorewall-docs/CorpNetwork.xml b/Shorewall-docs/CorpNetwork.xml
index 7ac3d7f61..e2cf69d13 100644
--- a/Shorewall-docs/CorpNetwork.xml
+++ b/Shorewall-docs/CorpNetwork.xml
@@ -30,8 +30,8 @@
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
- Texts. A copy of the license is included in the section entitled GNU Free Documentation License
.
+ Texts. A copy of the license is included in the section entitled
+ GNU Free Documentation License
.
@@ -163,26 +163,27 @@
connections, from the outside, these would fail and I could not
understand why. Eventually, I changed the default route on the internal
system I was trying to access, to point to the new firewall and
- bingo
, everything worked as expected. This oversight delayed
- my deployment by a couple of days not to mention level of frustration it
- produced.
+ bingo
, everything worked as expected. This oversight
+ delayed my deployment by a couple of days not to mention level of
+ frustration it produced.
Another problem that I encountered was in setting up the Proxyarp
system in the DMZ. Initially I forgot to remove the entry for the eth2
from the /etc/shorewall/masq file. Once my file settings were correct, I
started verifying that the ARP caches on the firewall, as well as the
- outside system kaos
, were showing the correct Ethernet MAC
- address. However, in testing remote access, I could access the system in
- the DMZ only from the firewall and LAN but not from the Internet. The
- message I received was connection denied
on all protocols.
- What I did not realize was that a helpful
administrator that
- had turned on an old system and assigned the same address as the one I
- was using for Proxyarp without notifying me. How did I work this out. I
- shutdown the system in the DMZ, rebooted the router and flushed the ARP
- cache on the firewall and kaos. Then, from kaos, I started pinging that
- IP address and checked the updated ARP cache and lo-and-behold a
- different MAC address showed up. High levels of frustration etc., etc.
- The administrator will not be doing that again! :-)
+ outside system kaos
, were showing the correct Ethernet
+ MAC address. However, in testing remote access, I could access the
+ system in the DMZ only from the firewall and LAN but not from the
+ Internet. The message I received was connection denied
on
+ all protocols. What I did not realize was that a helpful
+ administrator that had turned on an old system and assigned the same
+ address as the one I was using for Proxyarp without notifying me. How
+ did I work this out. I shutdown the system in the DMZ, rebooted the
+ router and flushed the ARP cache on the firewall and kaos. Then, from
+ kaos, I started pinging that IP address and checked the updated ARP
+ cache and lo-and-behold a different MAC address showed up. High levels
+ of frustration etc., etc. The administrator will not be doing that
+ again! :-)
@@ -536,4 +537,4 @@ qt service ipsec stop
qt service ipsec stop
-
+
\ No newline at end of file