diff --git a/Shorewall-docs2/Multiple_Zones.xml b/Shorewall-docs2/Multiple_Zones.xml index 7c7ade943..c89968846 100644 --- a/Shorewall-docs2/Multiple_Zones.xml +++ b/Shorewall-docs2/Multiple_Zones.xml @@ -15,10 +15,10 @@ - 2004-03-15 + 2005-05-15 - 2003 + 2003-2005 Thomas M. Eastep @@ -29,17 +29,18 @@ 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled - GNU Free Documentation License. + GNU Free Documentation + License.
Introduction - While most configurations can be handled with each of the - firewall's network interfaces assigned to a single zone, there are - cases where you will want to divide the hosts accessed through an - interface between two or more zones. + While most configurations can be handled with each of the firewall's + network interfaces assigned to a single zone, there are cases where you + will want to divide the hosts accessed through an interface between two or + more zones. @@ -57,7 +58,8 @@ There are routers accessible through the interface and you want - to treat the networks accessed through that router as a separate zone. + to treat the networks accessed through that router as a separate + zone. @@ -83,8 +85,8 @@ These examples use the local zone but the same - technique works for any zone. Remember that Shorewall - doesn't have any conceptual knowledge of Internet, + technique works for any zone. Remember that Shorewall doesn't + have any conceptual knowledge of Internet, Local, or DMZ so all zones except the firewall itself ($FW) are the same as far as Shorewall is concerned. Also, the examples use private (RFC 1918) addresses but public IP addresses can @@ -119,7 +121,8 @@ The hosts in 192.168.1.0/24 know that the route to - 192.168.2.0/24 is through the router. + 192.168.2.0/24 is through the router. @@ -132,11 +135,11 @@ Will One Zone be Enough? If the firewalling requirements for the two local networks is the - same but the hosts in 192.168.1.0/24 don't know how to route to + same but the hosts in 192.168.1.0/24 don't know how to route to 192.168.2.0/24 then you need to configure the firewall slightly differently. This type of configuration is rather stupid from an IP networking point of view but it is sometimes necessary because you - simply don't want to have to reconfigure all of the hosts in + simply don't want to have to reconfigure all of the hosts in 192.168.1.0/24 to add a persistent route to 192.168.2.0/24. On the firewall: @@ -156,13 +159,32 @@ Restart Shorewall. + + If this still doesn't work at all or if it works for connections + in one direction but not for connections in the other direction + then: + + + + You must be running Shorewall version 2.0.16 or later; + and + + + + You need to set DROPINVALID=No in + /etc/shorewall/shorewall.conf. + +
I Need Separate Zones - If you need to make 192.168.2.0/24 into it's own zone, you can - do it one of two ways; Nested Zones or Parallel Zones. + If you need to make 192.168.2.0/24 into it's own zone, you can do + it one of two ways; Nested Zones or Parallel Zones. Again, it is likely + that you will need to be running Shorewall 2.0.16 or later and that you + will have to set DROPINVALID=No in + /etc/shorewall/shorewall.conf.
Nested Zones @@ -173,13 +195,13 @@ - The advantage of this approach is that the zone loc1 - can use CONTINUE policies such that if a connection request - doesn't match a loc1 rule, it will be matched - against the loc rules. For example, if your - loc1->net policy is CONTINUE then if a connection request from - loc1 to the internet doesn't match any rules for loc1->net - then it will be checked against the loc->net rules. + The advantage of this approach is that the zone + loc1 can use CONTINUE policies such that if a + connection request doesn't match a loc1 rule, it will + be matched against the loc rules. For example, if your + loc1->net policy is CONTINUE then if a connection request from loc1 + to the internet doesn't match any rules for loc1->net then it will + be checked against the loc->net rules. /etc/shorewall/zones @@ -201,9 +223,9 @@ loc eth1 192.168.1.255 #ZONE HOSTS loc1 eth1:192.168.2.0/24 - If you don't need Shorewall to set up infrastructure to - route traffic between loc and loc1, add - these two policies. + If you don't need Shorewall to set up infrastructure to route + traffic between loc and loc1, add these + two policies. /etc/shorewall/policy @@ -227,7 +249,7 @@ loc1 Local1 Hosts accessed Directly from Firewall loc2 Local2 Hosts accessed via the internal Router - Here it doesn't matter which zone is defined first. + Here it doesn't matter which zone is defined first. /etc/shorewall/interfaces @@ -241,7 +263,7 @@ loc2 Local2 Hosts accessed via the internal Router - You don't need Shorewall to set up infrastructure to route + You don't need Shorewall to set up infrastructure to route traffic between loc and loc1, so add these two policies: @@ -256,7 +278,7 @@ loc2 loc1 NONE Some Hosts have Special Firewalling Requirements There are cases where a subset of the addresses associated with an - interface need special handling. Here's an example. + interface need special handling. Here's an example. @@ -281,9 +303,9 @@ loc eth1 192.168.1.255 /etc/shorewall/hosts#ZONE HOSTS loc1 eth1:192.168.1.8/29 - You probably don't want Shorewall to set up infrastructure to - route traffic between loc and loc1 so you - should add these two policies. + You probably don't want Shorewall to set up infrastructure to route + traffic between loc and loc1 so you should + add these two policies. /etc/shorewall/policy @@ -295,16 +317,16 @@ loc1 loc NONE
One-armed Router - Nested zones may also be used to configure a one-armed - router (I don't call it a firewall because it is very - insecure. For example, if you connect to the internet via cable modem, - your next door neighbor has full access to your local systems as does - everyone else connected to the same cable modem head-end controller). Here - eth0 is configured with both a public IP address and an RFC 1918 address - (More on that topic may be found Nested zones may also be used to configure a + one-armed router (I don't call it a firewall + because it is very insecure. For example, if you connect to the internet + via cable modem, your next door neighbor has full access to your local + systems as does everyone else connected to the same cable modem head-end + controller). Here eth0 is configured with both a public IP address and an + RFC 1918 address (More on that topic may be found here). Hosts in the loc zone are configured with their default gateway set to - the Shorewall router's RFC1918 address. + the Shorewall router's RFC1918 address. @@ -333,10 +355,11 @@ loc eth0:192.168.1.0/24 maclist #INTERFACE SUBNET ADDRESS eth0:!192.168.1.0/24 192.168.1.0/24 - Note that the maclist option is specified in /etc/shorewall/interfaces. - This is to help protect your router from unauthorized access by your - friends and neighbors. Start without maclist then add it and configure - your /etc/shorewall/maclist + Note that the maclist option is specified in + /etc/shorewall/interfaces. This is to help protect + your router from unauthorized access by your friends and neighbors. Start + without maclist then add it and configure your /etc/shorewall/maclist file when everything else is working.
\ No newline at end of file diff --git a/Shorewall-docs2/Shorewall_Squid_Usage.xml b/Shorewall-docs2/Shorewall_Squid_Usage.xml index 17d9d8531..d287993f5 100644 --- a/Shorewall-docs2/Shorewall_Squid_Usage.xml +++ b/Shorewall-docs2/Shorewall_Squid_Usage.xml @@ -15,7 +15,7 @@ - 2005-03-01 + 2005-05-16 2003-2005 @@ -174,7 +174,9 @@ REDIRECT loc 3128 tcp www - !206.124.146. already enabled from the local zone to the internet. If you are running a Shorewall version earlier than 2.3.3 OR your - kernel and/or iptables do not have ROUTE target support then: + kernel and/or iptables do not have ROUTE target + support then: @@ -218,17 +220,19 @@ fi If you are running Shorewall 2.3.3 or later and your kernel and - iptables have ROUTE target support then add this entry to + iptables have ROUTE + target support then add this entry to /etc/shorewall/routes:
- #SOURCE DEST PROTO PORT(S) SOURCE INTERFACE GATEWAY + #SOURCE DEST PROTO PORT(S) SOURCE TEST INTERFACE GATEWAY # PORT(S) -eth1 0.0.0.0/0 tcp 80 - eth1 192.168.1.3 +eth1 0.0.0.0/0 tcp 80 - - eth1 192.168.1.3
Regardless of your Shorewall version or your kernel and iptables - ROUTE target support, you need the following: + ROUTE target + support, you need the following: @@ -282,7 +286,9 @@ chkconfig --level 35 iptables on Your DMZ interface is eth1 and your local interface is eth2. If you are running a Shorewall version earlier than 2.3.3 OR your - kernel and/or iptables do not have ROUTE target support then: + kernel and/or iptables do not have ROUTE target + support then: @@ -351,17 +357,19 @@ fi If you are running Shorewall 2.3.3 or later and your kernel and - iptables have ROUTE target support then add this entry to + iptables have ROUTE + target support then add this entry to /etc/shorewall/routes:
- #SOURCE DEST PROTO PORT(S) SOURCE INTERFACE GATEWAY + #SOURCE DEST PROTO PORT(S) SOURCE TEST INTERFACE GATEWAY # PORT(S) -eth2 0.0.0.0/0 tcp 80 - eth1 192.0.2.177 +eth2 0.0.0.0/0 tcp 80 - - eth1 192.0.2.177
Regardless of your Shorewall version or your kernel and iptables - ROUTE target support, you need the following: + ROUTE target + support, you need the following: diff --git a/Shorewall-docs2/Shorewall_and_Routing.xml b/Shorewall-docs2/Shorewall_and_Routing.xml index f04032da2..30bca8b41 100644 --- a/Shorewall-docs2/Shorewall_and_Routing.xml +++ b/Shorewall-docs2/Shorewall_and_Routing.xml @@ -15,7 +15,7 @@ - 2005-05-15 + 2005-05-18 2005 @@ -178,7 +178,7 @@ configure your alternate routing table at boot time and that other than as described in the previous section, there is no connection between Shorewall and routing when using Shorewall versions - prior to 2.3.3. + prior to 2.3.3.
@@ -206,7 +206,194 @@
- Routing with Shorewall 2.3.3 and Later + Multiple Internet Connection Support in Shorewall 2.3.3 and + Later + + Beginning with Shorewall 2.3.3, support is included for multiple + internet connections. + +
+ Overview + + Let's assume that a firewall is connected via two separate + ethernet interfaces to two different ISP as in the following + diagram. + + + + eth0 connects to ISP1. The IP address of eth0 is + 206.124.146.176 and the ISP's gateway router has IP address + 206.124.146.254. + + + + eth1 connects to ISP 2. The IP address of eth1 is + 130.252.99.27 and the ISP's gateway router has IP address + 130.252.99.254. + + + + Each of these providers is described in an + entry in the file /etc/shorewall/providers. + + Entries in /etc/shorewall/providers can + specify that outgoing connections are to be load-balanced between the + two ISPs. Entries in /etc/shorewall/tcrules can be + used to direct particular outgoing connections to one ISP or the + other. + + Connections from the internet are automatically routed back out of + the correct interface and through the correct ISP gateway. This works + whether the connection is handled by the firewall itself or if it is + routed or port-forwarded to a system behind the firewall. + + Shorewall will set up the routing and will update the + /etc/iproute2/rt_tables to include the table names and number of the + tables that it adds. + + + This feature uses packet + marking to control the routing. As a consequence, there are + some restrictions concerning entries in /etc/shorewall/tcrules: + + + + Packet marking for traffic control purposes must be done in + the FORWARD table. + + + + You may not use the SAVE or RESTORE options. + + + + You man not use connection marking. + + + + + The /etc/shorewall/providers file can also be + used in other routing senarios. See the Squid documentation for an + example. +
+ +
+ /etc/shorewall/providers File + + Entries in this file have the following columns. As in all + Shorewall configuration files, enter "-" in a column if you don't want + to enter any value. + + + + /etc/shorewall/providers: + + + NAME + + + The provider name. Must begin with a letter and consist of + letters and digits. The provider name becomes the name of the + generated routing table for this provider. + + + + + NUMBER + + + A number between 1 and 252. This becomes the routing table + number for the generated table for this provider. + + + + + MARK + + + A mark value used in your /etc/shorewall/tcrules file to + direct packets to this provider. Shorewall will also mark + connections that have seen input from this provider with this + value and will restore the packet mark in the PREROUTING + CHAIN. + + + + + DUPLICATE + + + Gives the name and number of a routing table to duplicate. + May be 'main' or the name of a previously declared provider. For + most applications, you want to specify 'main' here. + + + + + INTERFACE + + + The name of the interface to the provider. + + + + + GATEWAY + + + The IP address of the provider's Gateway router. + + + + + OPTIONS + + + A comma-separated list from the following: + + + + track + + + If specified, connections FROM this interface are to + be tracked so that responses may be routed back out this + same interface. + + You want specify 'track' if internet hosts will be + connecting to local servers through this provider. + + + + + balance + + + The providers that have 'default' specified will get + outbound traffic load-balanced among them. + + + + + + + +
+ +
+ Example + + The configuration in the figure at the top of this section would + be specified as follows: + + #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS +ISP1 1 1 main eth0 206.124.146.254 track,balance +ISP2 2 2 main eth1 130.252.99.254 track,balance +
+
+ +
+ Experimental Routing with Shorewall 2.3.3 and Later Beginning with Shorewall 2.2.3, Shorewall is integrated with the ROUTE target extension available from Netfilter Patch-O-Matic-NG ( As of this writing, I know of no distribution that is shipping a kernel or iptables with the ROUTE target patch included. This means that - you must patch and build your own kernel and iptables. + you must patch and build your own kernel and iptables in order to be + able to use the feature described in this section. This code remains experimental since there is no + intent by the Netfilter team to ever submit the ROUTE target patch for + inclusion in the official kernels from kernel.org. See Shorewall FAQ 42 for @@ -224,7 +415,13 @@ determination. Routing with Shorewall is specified through entries in - /etc/shorewall/routes. Columns in this file are as follows: + /etc/shorewall/routes. Note that entries in the /etc/shorewall/routes file + override the routing specified in your routing tables. These rules + generate Netfilter rules in the mangle tables FORWARD chain or OUTPUT + chain depending whether the packets are being routed through the firewall + or originate on the firewall itself (see figure above). + + Columns in this file are as follows: @@ -330,7 +527,58 @@ Optional) Source port(s). If omitted, any source port is acceptable. Specified as a comma-separated list of port names, port - numbers or port ranges. + numbers or port ranges. + + + + + TEST + + + Defines a test on the existing packet or connection mark. The + rule will match only if the test returns true. Tests have the + format + +
+ [!]<value>[/<mask>][:C] +
+ + where: + + + + ! + + + Inverts the test (not equal) + + + + + <value> + + + Value of the packet or connection mark. + + + + + <mask> + + + A mask to be applied to the mark before testing + + + + + :C + + + Designates a connection mark. If omitted, the packet + mark's value is tested + + + @@ -355,8 +603,8 @@ The idea here is that traffic that matches the SOURCE, DEST, PROTO, - PORT(S) and SOURCE PORT(S) columns is routed out of the INTERFACE through - the optional GATEWAY. + PORT(S), SOURCE PORT(S) and TEST columns is routed out of the INTERFACE + through the optional GATEWAY.
Example: @@ -366,17 +614,12 @@ your DMZ. You would use the following entry in /etc/shorewall/routes: - #SOURCE DEST PROTO PORT(S) SOURCE INTERFACE GATEWAY + #SOURCE DEST PROTO PORT(S) SOURCE TEST INTERFACE GATEWAY # PORT(S) -eth1 0.0.0.0/0 tcp 80 - eth1 192.168.3.22 +eth1 0.0.0.0/0 tcp 80 - - eth1 192.168.3.22 This entry specifies that "traffic coming in through eth1 to TCP port 80 is to be routed out of eth1 to gateway 192.168.3.22".
- - Note that entries in the /etc/shorewall/routes file override the - routing specified in your routing tables. These rules generate Netfilter - rules in the mangle tables FORWARD chain or OUTPUT chain (see figure - above).
\ No newline at end of file diff --git a/Shorewall-docs2/UPnP.xml b/Shorewall-docs2/UPnP.xml index afd1c513c..614233b8c 100644 --- a/Shorewall-docs2/UPnP.xml +++ b/Shorewall-docs2/UPnP.xml @@ -15,7 +15,7 @@ - 2005-05-07 + 2005-05-16 2005 @@ -39,7 +39,7 @@ In Shorewall 2.2.4, support was added for UPnP (Universal Plug and Play) using linux-igd (http://linux-idg.sourceforge.net). + url="http://linux-igd.sourceforge.net">http://linux-igd.sourceforge.net). UPnP is required by a number of popular applications including MSN IM. @@ -83,7 +83,7 @@
- linux-idg Configuration + linux-igd Configuration In /etc/upnpd.conf, you will want: @@ -128,7 +128,7 @@ allowinUPnP loc fw forwardUPnP net loc You must also ensure that you have a route to 224.0.0.0/4 on your - internal (local) interface as described in the linux-idg + internal (local) interface as described in the linux-igd documentation.
\ No newline at end of file diff --git a/Shorewall-docs2/images/TwoISPs.png b/Shorewall-docs2/images/TwoISPs.png new file mode 100755 index 000000000..81cfef70d Binary files /dev/null and b/Shorewall-docs2/images/TwoISPs.png differ diff --git a/Shorewall-docs2/images/TwoISPs.vdx b/Shorewall-docs2/images/TwoISPs.vdx new file mode 100755 index 000000000..1404fe664 --- /dev/null +++ b/Shorewall-docs2/images/TwoISPs.vdx @@ -0,0 +1,442 @@ + +TEastepHewlett-Packard738201805738201805 +AQAAAIwAAAAAAAAAAAAAAF0AAABIAAAAAAAAAAAAAACYCQAAagcAACBFTUYAAAEAKFIAAAMAAAABA +AAADwAAAGwAAAAAAAAAAAUAAAAEAABSAQAADgEAAAAAAAAAAAAAAAAAAFAoBQCwHgQAVgBJAFMASQ +BPAAAARAByAGEAdwBpAG4AZwAAAAAAAABMAAAAiFEAAAAAAAAAAAAAXQAAAEgAAAAAAAAAAAAAAF4 +AAABJAAAAIADMAAAAAAAAAAAAAACAPwAAAAAAAAAAAACAPwAAAAAAAAAA////AAAAAABkAAAAKAAA +AIwAAAD8UAAAKAAAAF4AAABJAAAAAQAYAAAAAAD8UAAAAAAAAAAAAAAAAAAAAAAAAP/////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +////////////////////////////////////////////////////////wAA////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////AAD//////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////8AAP////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +/////////////////////////////////////wAA///////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////AAD/////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +////////////////////////8AAP///////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +//////////////////wAA//////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +////////////AAD////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +/////8AAP//////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +/////////////// +/////////////////////////////////////////////////////////////wAA///////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////AAD/////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +////////////////////////////////////////////////8AAP///////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////wAA//////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////AAAA////AAAA////AAAA////AAAA////AAAA////////////////////// +//19fXl5eX////////////////////AAAA////AAAA////AAAA////AAAA/////////////////// +///////////////////////////////////////////////////////////////////////////// +////////////////////////////////////AAD////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +////////////////////////8AAAD///8AAAD////////////////////////////v7+9wcHAMFyc ++UGE4ODj39/f///////////////////////8AAAD///////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +/////////////////////////////8AAP//////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +//////////////////////wAAAP///////////////////////////5eXlx8gIFlwhc3k56jN6wcR +H9/f3////////////////////wAAAP/////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////wAA/////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +////////////////////////////////////////////39/fCxAXwNbZzeTnzeTnrtHrCRIf39/f/ +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +/////////////////AAD///////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////X1 +9e/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+np6cNEhaaq62QoKKVpqiJoK8HDRenp6e/v7+/v7 ++/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7/39/f//////////////////////////// +///////////////////////////////////////////////////////////////////////////// +//////////8AAP/////////////////////////////////////////////////////////////// +////////////////////////////////////////////////////////////////////wgICEBAQE +BAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQDg4OAUGCDM5OiYrKyswMS42OgIFCDg4OEBAQEBAQEBAQEB +AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQCAgIIeHh/////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +////wAA////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////AAAA/////////// +/////////////////////////39/fERcezeTnzeTnzeTnyOHoDRUe39/f//////////////////// +////////////////////////////f39/f39////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////AA +D//////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////8AAAD///////////////// +///////////////////f398SGB7N5OfF3+iLstYyRVo1Njf39/f////////////////////////// +/////////////// +//////9/f39/f3/////////////////////////////////////////////////////////////// +/////////////////////////////////////////////////////8AAP//////////////////// +///////////////////////////////////////////////////////////////////////////// +//////////////////////////////////wAAAP///////////////////////////////////+fn +5wwRF2SDoylJcwsTH5+fn//////////////////////////////////////////////////////// +39/f39/f///////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////wAA/////////////////////////// +///////////////////////////////////////////////////////////////////////////// +////////////////////////////AAAA////////////////////////////////////////z8/PU +FBQh4eH9/f3////////////////////////////////////////////////////////////f39/f3 +9//////////////////////////////////////////////////////////////////////////// +/////////////////////////////////////////AAD///////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +/////////////////////8AAAD/////////////////////////////////////////////////// +////////////////////////////////////////////////////////////////9/f39/f3///// +///////////////////////////////////////////////////////////////////////////// +//////////////////////////////////8AAP/////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////wAAAP///////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////39/f39/f/////////// +///////////////////////////////////////////////////////////////////////////// +////////////////////////////wAA////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +/////////AAAA//////////////////////////////////////////////////////////////// +////////////////////////////////////////////////////f39/f39////////////////// +///////////////////////////////////////////////////////////////////////////// +//////////////////////AAD//////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +//8AAAD////////////////////////////////////////////////////////////////////// +/////////////////////////////////////////////9/f39/f3//////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////8AAP////////////////////////////////////////////////////////// +/////////////////////////////////////////////////////////////////////////wAAA +P//////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////39/f39/f////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +/////////wAA///////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////AAAA////// +///////////////////////////////////////////////////////////////////////////// +/////////////////////////////////f39/f39///////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///AAD/////////////////////////////////////////////////////////////////////// +////////////////////////////////////////////////////////////8AAAD//////////// +///////////////////////////////////////////////////////////////////////////// +//////////////////////////9/f39/f3/////////////////////////////////////////// +/////////////////////////////////////////////////////////////////////////8AAP +///////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////wAAANHR0VBQUN/f3/////// +///////////////////////////////////////////////////////////////////////////// +////////////////////39/f3BwcDg4OFlZWejo6Pb29v7+/v//////////////////////////// +///////////////////////////////////////////////////////////////////wAA/////// +///////////////////////////////////////////////////////////////////////////// +////////////////////////////////////////bW1tPz8/AgICAwMDAAAAJycnaWlp0tLS7Ozs/ +/////////////// +////////////////////////////////////////////////////////////////////m5ubIiIiB +gYGAQEBAwMDJCQkHx8fhISE2tra9fX1////////////////////////////////////////////// +//////////////////////////////////////////////AAD//////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////v7+8XFxcJCQkDAwMAAAAAAAAAAAC5ubl6enofHx+SkpL29vb////////////////// +/////////////////////////////////////////////////////////9NTU0EBAQDAwMAAAAAAA +AUFBRhYWG1tbVjY2MvLy/S0tL//////////////////////////////////////////////////// +///////////////////////////////////////8AAP////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +////yMjIwYLBgBKAC9CLz09PXR0dAgICNjY2MjIyKysrBgYGO/v7///////////////////////// +///////////////////////////////////////////////3R0dAMDAwBMABtvGzY2Njc3NzAwMJi +YmNbW1r29vU5OTpqamv///////////wAAAP///wAAAP///wAAAP///wAAAP///wAAAP////////// +/////////////////////////////////wAA///////////////////////////////////////// +///////////////////AAAA////AAAA////AAAA////AAAA////AAAA////////////qKioDg4OBh +AGBo8GA5kDH2IfMTExODg4xcXF/v7+8fHxxcXFAAAA/f39/////////////////////////////// +/////////////////////////////////4ODgFxcXBQUFBHkEBJcEA5ADAAIAGBgYs7Oz+/v79/f3 +5OTkV1dXnp6e///////////////////////////////////////////////////////////////// +///////////////////////////AAD/////////////////////////////////////////////// +////////////////////////////////8AAAD///////////////////////8FBQUDAwMQSRABlwE +WkBZ+rn48PDz09PT09PT09PT5+fna2toAAAD///////////////////////////////////////// +//////////////////////////9DQ0MBAQEGBgYClQISkBKDu4NVVVVoaGjz8/Pz8/Pz8/Pr6+s2N +janp6f///////////////////////////8AAAD/////////////////////////////////////// +////////////////////8AAP///////////////////////////////////////////////////// +//////////////////////wAAAP///////////////////////////wEBAQICAhkeGWaeZvDw8PDw +8AAAAPDw8PDw8Onp6Xx8fCAgIK+vr//////////////////////////////////////////////// +////////////////////ysrKwMDAwMDA0teS+jt6PDw8Hh4eHh4ePDw8Ojo6IuLiyAgII+Pj///// +///////////////////////wAAAP///wAAAP///////////////////////////////////////// +//////////////wAA//////////////////////////////////////////////////////////// +////////////AAAA////AAAA////////////////////////AwMDBQUFcnJy7e3t7e3t7e3tAAAA7 +e3tkZGRICAgf39/9/f3////////////////////////////////////////////////////////// +//////////////Pz8/AQEBRkZG5ubm7Ozs7OzsdnZ2dnZ2pqamKCgocHBw7+/v/////////////// +/////////////////////AAAA////AAAA//////////////////////////////////////////// +////////AAD////////////////////////////////////////////////////////////////// +/////////////////////////////////////////9UVFQhISGlpaXp6enp6enp6ekAAAAvLy9oaG +jn5+f//////////////////////////////////////////////////////////////////////// +////////g4OBBQUE+Pj65ubno6Ojo6OhcXFwbGxtQUFDf39////////////////////////////// +//8AAAD///8AAAD///8AAAD///8AAAD///8AAAD////////////////////////////////////// +/8AAP///////////////////////////////////////////////////////////////wAAAP///w +AAAP///wAAAP///wAAAP///wAAAP///////////9/f31BQUDc3N52dnUZGRgAAAM/Pz////////// +///////////////////////////////////////////////////////////////////////////// +/////////7+/vzg4OFVVVVVVVRwcHGNjY//////////////////////////////////////////// +////////////////////////////////////////////////////////////////////////wAA// +///////////////////////////////////////////////////////////////////////////// +/////////////////////////////////////////x8fHWFhYt7e3AAAA//////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////p6enp6enf39/f39/////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////AAD//////// +///////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////8AAAD////////////////////////// +///////////////////////////////////////////////////////////////////////////// +////////////9/f39/f3///////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////8AAP////////////// +///////////////////////////////////////////////////////////////////////////// +/////////////// +/////////////////////////wAAAP/////////////////////////////////////////////// +////////////////////////////////////////////////////////////////////39/f39/f/ +///////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////wAA//////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////AAAA////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////f39/f39//////// +///////////////////////////////////////////////////////////////////////////// +////////////////////////////////AAD////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +////////////8AAAD//////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////9/f39/f3////////////// +///////////////////////////////////////////////////////////////////////////// +/////////////////////////8AAP//////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +//////wAAAP////////////////////////////////////////////////////////////////// +/////////////////////////////////////////////////39/f39/f//////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////wAA/////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +AAAA///////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////f39/f39/////////////////////////// +///////////////////////////////////////////////////////////////////////////// +/////////////AAD///////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////8wMDAAA +AAAAAAAAAAAAAAQEBDv7+//////////////////////////////////////////////////////// +////////////////////+fn58AAAAAAAAAAAAAAACvr6///////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +//////8AAP/////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////yAgIN/f3////////////////////9/f37e3t39/f39/f7e3t8fHx////////////////// +//////////////39/f39/f/////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +wAA////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////x8fHaGh +oDAwMOjo6aGhov7+/////n5+fICAgICAgSEhIf39/f39/SEhIODg4GBgYaGhoj4+Pf39/QEBAQEBA +eHh4j4+Pd3d3f39////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////AAD/// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////+Pj484ODiXl5e5ubm/ +v7+Xl5dAQEAQEBBgYGDf39/////////////////////////n5+eXl5dwcHB/f3+/v7+/v7+Hh4dwc +HANDQ1AQED/////////////////////////////////////////////////////////////////// +////////////////////////////////////////////////////////////////8AAP///////// +///////////////////////////////////////////////////////////////////////////// +/////////////////////////////////////////////////5+fn1BQUP/////////////////// +////+/v7/////////////////////////////////////////////////////////////////f394 +ODg2BgYL+/v7+/v9fX1////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////wAA//////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////5+fnSEhIn5+f////////////////////////// +//////////////////////////////////////////////////////////////////////////j4+ +PQEBAQEBAKCgoUFBQ9/f3//////////////////////////////////////////////////////// +////////////////////////////////////////////////////AAD////////////////////// +/////////////// +///////////////////////////////////////////////////////////////////////////// +/////////////9oaGgYGBhwcHD39/f/////////////////////////////////////////////// +////////////////////////////////////////////////////////////////////+fn59YWFj +///////////////////////////////////////////////////////////////////////////// +//////////////////////////////8AAP/////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///5eXl2BgYP///////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////f39wgICP////// +///////////////////////////////////////////////////////////////////////////// +////////////////////////wAA////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////h4e +HcHBw////////////////////////////////////////////////////AAAA////AAAA////AAAA +////AAAA////////////////////////////////////////////5+fncHBwf39////////////// +///////////////////////////////////////////////////////////////////////////// +//////////////////AAD//////////////////////////////////////////////////////// +////////////////////////////////////////////////////////////////////39/dYWFgo +KCh4eHj39/f///////////////////////////////////////////8AAAD///8AAAD///8AAAD// +/////////////////////////////////////////////8wMDA4ODj/////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////8AAP////////////////////////////////////////////////////////////// +/////////////////////////////////////////////////////////////////////1BQUDg4O +O/v7///////////////////////////////////////////////////////////////////////// +///////////////////////////////////////+/v72BgYHh4eP///////////////////////// +///////////////////////////////////////////////////////////////////////////// +/////wAA///////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////19fXICAg////////// +///////////////////////////////////////////////////////////////////////////// +/////////////////////////////////////r6+vSEhI//////////////////////////////// +////////////////////////////////////////////////////////////////////////////A +AD/////////////////////////////////////////////////////////////////////////// +/////////////////////////////////////////////////////39/c4ODiHh4e/v7+/v7/39/f +///////////////////////////////////////////////////////////////////////////// +///////////////Pz8+/v7+/v79wcHA4ODjf39/////////////////////////////////////// +/////////////////////////////////////////////////////////////////////8AAP//// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////f393h4eEBAQDg4OFhYWP////// +/////////////////8fHx/f39////////////////////////////////8/Pz//////////////// +////5+fnzAwMEBAQEBAQI+Pj+/v7///////////////////////////////////////////////// +///////////////////////////////////////////////////////////////wAA/////////// +///////////////////////////////////////////////////////////////////////////// +////////////////////////////////////////////////////////////UFBQWFhYv7+////// +///v7+/cHBwODg4QEBA19fX////////////////////5+fnaGhoMDAwKCgocHBwf39/eHh4KCgoYG +Bg/////////////////////////////////////////////////////////////////////////// +/////////////////////////////////////////////////////////AAD///////////////// +///////////////////////////////////////////////////////////////////////////// +/////////////////////////////////////////////////////////+np6dAQEAAAAAAAABAQE +CPj4/////Hx8coKCgoKChQUFB/f39wcHA4ODgYGBiXl5f////X19ePj49/f3+Hh4fX19f//////// +///////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////8AAP/////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +//////////9fX16+vr39/f4+Pj8fHx/////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +/////////////// +/////////////////////////////wAA///////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////AAD/////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +////////////////8AAP///////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +//////////wAA//////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +////AAD////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////////////////8AA +P//////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +////////////////////////////////////////////////////////////////////wAA////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +//////////////////////////////////////////////////////////////AAD//////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////8AAP////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////////////// +/////////////////////////////////////////////////wAADgAAABQAAAAAAAAAEAAAABQAA +AA=TC0104981210332005-05-18T13:21:242005-05-18T14:10:302005-05-18T13:29:142005-05-18T13:21:249295340000011100.010102000201010100000000010000100.500000000000000000000000000000000000103310000032320088000010.50.500001201100000000000000000000000010000.1250.1250.250.250.3750.3750.1250.1250.666666666666670.66666666666667000000.250.250.250.25111100001170000000000000400010.1666666666666667000000000000-11033000-1.2001000-10011100.010002000201000100000000010000000.500000-1.2000000-10011100.0100020002010001000000000111100.055555555555555550.055555555555555550.055555555555555550.05555555555555555100.5001110042302000201000100000000010.055555555555555550.0555555555555555500200.500010000000000000010331111000000000000440010.125000000000000-1103311110.010102000201111410000000001400010.1666666666666667000000000000-1103311100.055555555555555550.055555555555555550.055555555555555550.05555555555555555120.5000.0033333333333333340102000201111410000000001400010.1111111111111111000000000000-1103311110.01010200020#ffffff#c0c0c01#dddddd10000000001400010.1666666666666667000000000000-1103311110.01#ffffff10200020#ffffff#dddddd1#eaeaea10000000001400010.1666666666666667000000000000-1103311110.01#ffffff10200020#ffffff#9696961#eaeaea10000000001400010.1666666666666667000000000000-1103311110.01010200020#dddddd11#dddddd10000000001400010.1666666666666667000000000000-1103311110.01#a78450102000201#c9ba961#dddddd10000000001400010.1666666666666667000000000000-1103311110.01#ffffff10200020#ffffff#e1d8c11#dddddd10000000001400010.1666666666666667000000000000-1103311110.01#ffffff10200020#ffffff#b6a06d1#dddddd10000000001400010.1666666666666667000000000000-1103311110.01#81723d10200020#dcd2b8#8e74371#dddddd10000000001400010.1666666666666667000000000000-1103311110.01#37377310200020#c6d1e3#4e8ec21#dddddd10000000001400010.1666666666666667000000000000-1103311110.01#ffffff10200020#c6d1e3#8baede1#dddddd10000000001400010.1666666666666667000000000000-1103311110.01#ffffff10200020#c6d1e3#6363b11#dddddd10000000001400010.1666666666666667000000000000-1103311110.01#2e2e5a10200020#a9a9d3#4343891#dddddd10000000001400010.1666666666666667000000000000-1103311110.01#dddddd10200020#efefef#ffffff1#dddddd100000000014#dddddd0010.1666666666666667000000000000-1103311110.01#ffffff10200020#fafafa11#dddddd100000000014#dddddd0010.1666666666666667000000000000-1103311110.01#dddddd1020002015#ffffff1#dddddd100000000014#c0c0c00010.1666666666666667000000000000-1103311110.01#dddddd10200020#ffffff#dddddd1#dddddd100000000014#c0c0c00010.1666666666666667000000000000-1103311110.010102000200#ffffff11410000000001400010.1666666666666667000000000000-1103311110.01010200020#000000#ffffff114100000000014#ffffff0010.1666666666666667000000000000-1103311100.055555555555555550.055555555555555550.055555555555555550.05555555555555555100.500400010.1111111111111111000000000000-11033000-1.2001000-10011100.00333333333333333401020002011100.0033333333333333340102000200.055555555555555550.055555555555555550.055555555555555550.05555555555555555100.500400010.1111111111111111000000000000-11033000-1.2001000-10000100.027777777777777780.027777777777777780.027777777777777780.02777777777777778100.500400010.1111111111111111000000000000-11033000-1.2001000-10011100.055555555555555550.055555555555555550.055555555555555550.055555555555555551150.500400010.1111111111111111000000000000-11033000-1.2001000-10011100.0033333333333333340102000200.055555555555555550.055555555555555550.055555555555555550.05555555555555555120.500400010.1111111111111111000000000000-11033000-1.2001000-1001110151101000000000111100.00333333333333333401020002014151010000000001400010.1111111111111111000000000000-11033000-1.2001000-100111018151010000000001111020141010000000001111031510100000000010.00333333333333333431020012011101#8a8aff310100000000010.0033333333333333340002000201110151810100000000010.00166666666666666701020002011100.01110200020#ffffff#96969631#eaeaea10000000001000-1.2001000-1001110#ffffff#dddddd30#eaeaea10000000001000-1.2001000-1001110#ffffff#c0c0c032#dddddd100000000010.01010200020000-1.2001000-10011100.0208333333333333301020002011110.01010200020000-1.2001000-10011100.0016666666666666670102000201940010000000.125-0.12501400010.16666666666666670000000000000103311100.043333333333333010200020400010.22222222222222000000000000-110330000001033118.50.125-0.12511200000100110000000000010010000.1250.1250.250.250.3750.3750.1250.1250.666666666666670.66666666666667000000.250.250.250.2511110000217Co&lor Schemes...000000Network2552000000025520000000255200000002552000000025520000000Connector2550110011Connector05.48752.10.62510.31250.5000000000#e7e4cd#ff660032010000000001000000000001Firewall0000103310.3125-0.15555555555555550.11111111111111110.31111111111111110.055555555555555550.1555555555555555000.31250.500000.54166666666666670.3730.16666666666666670.7460.083333333333333370.3730000#e7e4cd#ff660031#eaeaea100000000010.31250.8260.6250.34800000000000060.31250.1740000#e7e4cd#ff660030#eaeaea100000000010.22916666666666670.4540.45833333333333340.9080.22916666666666670.4540000#e7e4cd#ff660032#dddddd100000000010.31250.4660.54166666666666650.8360.27083333333333330.41800000.01#e7e4cd10200020#e7e4cd#ff6600260100000000010.31250.50.62510.31250.500003.94.161.41.120.70.56000000000000000000009Router0000103310.7-0.15555555555555550.11111111111111110.31111111111111110.055555555555555550.1555555555555555000.7-0.15555555555555550.7-0.1555555555555555271Reposition Text0.70.5600001.2323095577425760.218750.59795244881848460.43750.29897622440924230.21875000001000.33541666666666700.59791666666666670.306250.5104166666666670.08750000000000008-1.0323299490408411.0065146579804560.4666666666666670.43750.55416666666666710.3937501000.33541666666666700.70.72537768828478911.40.77875537656957810.70.3893776882847890000000000.52080.210.40320.72333333333333310.11760.36610602185485910.2046612394510127-0.0010813142074236211.0557481202690220.933333333333332901.40.25760.46216984915065260.778755376569578100.52081.1666666666666670.29680.4666666666666670.59360.23333333333333350.296800000000000.44333333333333350.24640.44333333333333340.29120.46666666666666710.30240.46666666666666690.593600.336000.46666666666666930.42840.93333333333332780.85680.46666666666666390.42840000000000.56559999999999940.02333333333332790.54880.02333333333332790.5040.20999999999999450.40320.72333333333332780.11760.3661060218548540.2046612394510127-0.0025292241546406061.0557462983659710.933333333333327800.93333333333332780.3360.72333333333332780.45360.20999999999999460.73920.3661060218548540.5406612394510127-0.0019628642392290221.05574718503021800.856800.56559999999999940.70000000000000150.561.41.120.69999999999999870.56000000000000000000001000010331100000.856800.56559999999999930.023333333333330540.54880.023333333333330540.5040.20999999999999720.40320.72333333333333050.11760.36610602185485670.2046612394510127-0.0025776493730500951.0557462121769390.933333333333330501.3766666666666640.24641.3766666666666640.29121.40.30241.40.59360.46666666666666381.1200.85680.11666666666666670.70396709381282140.10585697472258940.1535341876256430.052928487361294710.076767093812821490000000000.054311413309752750.105856974722589500.10585697472258950.097133873803979700.153534187625642400.054311413309752750.46666666666666930.38080.93333333333332780.60480.46666666666666390.30240000000000.565599999999999400.51304725088402980.20999999999999450.40320.72333333333332780.11760.3661060218548540.2046612394510128-0.0025292241546414951.0557462983659710.933333333333327800.93333333333332780.084000000000000060.72333333333332780.20160.20999999999999460.48720.3661060218548540.2886612394510128-0.0019628642392311231.05574718503021900.604800.56559999999999940.40615522780034640.47500771718918670.047777524325901420.13126825126123660.023888762162950710.0656341256306183100000.01#00990010200020#3399660101000000000110000.047777524325901420.131268251261236600.10992599183649820.00222497030846322300.46555580900743190.43992067199853840.047777524325901420.14064134399707650.023888762162950710.0703206719985382700000.01#00990010200020#3399660101000000000110000.047777524325901420.140641343997076500.11777515951918630.00222497030846322300.5250.41843412563061830.047777524325901420.14246825126123650.023888762162950710.0712341256306182300000.01#00990010200020#3399660101000000000110000.047777524325901420.142468251261236500.11930503891558670.00222497030846322300.3150.55172497807727670.047777524325901420.11784995615455350.023888762162950710.0589249780772767400000.01#00990010200020#3399660101000000000110000.047777524325901420.117849956154553500.098689311343044050.00222497030846322300.36166666666666670.50998031110229840.047777524325901420.12396062220459650.023888762162950710.0619803111022982400000.01#00990010200020#3399660101000000000110000.047777524325901420.123960622204596500.1038064742508960.00222497030846322307.54.141.41.120.70.56000000000000000000001Router0000103310.7-0.15555555555555550.11111111111111110.31111111111111110.055555555555555550.1555555555555555000.7-0.15555555555555550.7-0.1555555555555555271Reposition Text0.70.5600001.2323095577425760.218750.59795244881848460.43750.29897622440924230.21875000001000.33541666666666700.59791666666666670.306250.5104166666666670.08750000000000008-1.0323299490408411.0065146579804560.4666666666666670.43750.55416666666666710.3937501000.33541666666666700.70.72537768828478911.40.77875537656957810.70.3893776882847890000000000.52080.210.40320.72333333333333310.11760.36610602185485910.2046612394510127-0.0010813142074236211.0557481202690220.933333333333332901.40.25760.46216984915065260.778755376569578100.52081.1666666666666670.29680.4666666666666670.59360.23333333333333350.296800000000000.44333333333333350.24640.44333333333333340.29120.46666666666666710.30240.46666666666666690.593600.336000.46666666666666930.42840.93333333333332780.85680.46666666666666390.42840000000000.56559999999999940.02333333333332790.54880.02333333333332790.5040.20999999999999450.40320.72333333333332780.11760.3661060218548540.2046612394510127-0.0025292241546406061.0557462983659710.933333333333327800.93333333333332780.3360.72333333333332780.45360.20999999999999460.73920.3661060218548540.5406612394510127-0.0019628642392290221.05574718503021800.856800.56559999999999940.70000000000000150.561.41.120.69999999999999870.560000100000.856800.56559999999999930.023333333333330540.54880.023333333333330540.5040.20999999999999720.40320.72333333333333050.11760.36610602185485670.2046612394510127-0.0025776493730500951.0557462121769390.933333333333330501.3766666666666640.24641.3766666666666640.29121.40.30241.40.59360.46666666666666381.1200.85680.11666666666666670.70396709381282140.10585697472258940.1535341876256430.052928487361294710.076767093812821490000000000.054311413309752750.105856974722589500.10585697472258950.097133873803979700.153534187625642400.054311413309752750.46666666666666930.38080.93333333333332780.60480.46666666666666390.30240000000000.565599999999999400.51304725088402980.20999999999999450.40320.72333333333332780.11760.3661060218548540.2046612394510128-0.0025292241546414951.0557462983659710.933333333333327800.93333333333332780.084000000000000060.72333333333332780.20160.20999999999999460.48720.3661060218548540.2886612394510128-0.0019628642392311231.05574718503021900.604800.56559999999999940.40615522780034640.47500771718918670.047777524325901420.13126825126123660.023888762162950710.0656341256306183100000.01#00990010200020#3399660101000000000110000.047777524325901420.131268251261236600.10992599183649820.00222497030846322300.46555580900743190.43992067199853840.047777524325901420.14064134399707650.023888762162950710.0703206719985382700000.01#00990010200020#3399660101000000000110000.047777524325901420.140641343997076500.11777515951918630.00222497030846322300.5250.41843412563061830.047777524325901420.14246825126123650.023888762162950710.0712341256306182300000.01#00990010200020#3399660101000000000110000.047777524325901420.142468251261236500.11930503891558670.00222497030846322300.3150.55172497807727670.047777524325901420.11784995615455350.023888762162950710.0589249780772767400000.01#00990010200020#3399660101000000000110000.047777524325901420.117849956154553500.098689311343044050.00222497030846322300.36166666666666670.50998031110229840.047777524325901420.12396062220459650.023888762162950710.0619803111022982400000.01#00990010200020#3399660101000000000110000.047777524325901420.123960622204596500.1038064742508960.00222497030846322305.7527559055117996.573228346456714.09448818897641.65354330708662.04724409448820.826771653543310000000000000000000010000103310.789826771653540.0826771653543310100003.33004724409450.197929133858270000Internet +4.197669291338574.994566929133866-0.5953385826771385-1.669133858267732-0.2976692913385692-0.83456692913386600004.4953385826771395.8291338582677313.94.16500000000100220222010010331-0.5953385826771385-0.53689763779529680.55555555555555560.24444444444444440.27777777777777780.12222222222222220-0.5953385826771385-0.5368976377952968-0.5953385826771385-0.5368976377952968500Reposition Text1000000-0.2701771653543315-0.5953385826771385-0.2701771653543315-0.5953385826771385-1.6691338582677327.2677795275590495.0421929133858350.4644409448819005-1.8043858267716690.2322204724409502-0.902192913385834400007.0355590551180995.9443858267716697.54.145000000001002202220100103310.4644409448819005-0.66997244094488420.55555555555555560.24444444444444440.27777777777777780.122222222222222200.4644409448819005-0.66997244094488420.4644409448819005-0.6699724409448842500Reposition Text1000000-0.38542913385826960.4644409448819005-0.38542913385826960.4644409448819005-1.8043858267716694.693752.9074336295642341.5875-1.6148672591284690.7937499999999993-0.807433629564234600003.93.7148672591284695.48752.15000000001002202220100103310-1.6011836295642340.55555555555555560.24444444444444440.27777777777777780.122222222222222200000004000000000-1.6011836295642340-1.601183629564234500Reposition Text1000000-1.6148672591284691.5875-1.6148672591284696.493753.12-2.0125-2.04-1.00625-1.0200007.54.145.48752.15000000001002202220100103310-2.026250.55555555555555560.24444444444444440.27777777777777780.122222222222222200-2.026250-2.02625500Reposition Text1000000-2.04-2.0125-2.042.34.31.41.40.70.7000000000400010.1666666666666667000000000000-110330000001.401.41.401.400ISP 1 Gateway Router +IP 206.124.146.254 +9.34.21.41.40.70.7000000000400010.1666666666666667000000000000-110330000001.401.41.401.400ISP 2 Gateway Router +IP 130.252.99.254 +4.31.61.40.60.70.3000000000400010.1666666666666667000000000000-110330000001.401.40.600.600eth0 +206.124.146.176 +6.71.6142857142857141.20.60.60.3000000000400010.1666666666666667000000000000-110330000001.201.20.600.600eth1 +130.252.99.27 +1101192953400.5100101102103104 \ No newline at end of file diff --git a/Shorewall-docs2/starting_and_stopping_shorewall.xml b/Shorewall-docs2/starting_and_stopping_shorewall.xml index 1be38f2c9..fbaa5b0e4 100644 --- a/Shorewall-docs2/starting_and_stopping_shorewall.xml +++ b/Shorewall-docs2/starting_and_stopping_shorewall.xml @@ -15,7 +15,7 @@ - 2005-04-13 + 2005-05-15 2004 @@ -48,7 +48,45 @@ to interact with Shorewall. Normally the root user's PATH includes /sbin and the program can be run from a shell prompt by simply typing shorewall followed by a - command. To see a list of supported commands, use the + command. + + + In some releases of KDE, the default configuration of the + konsole program is brain dead with + respect to the "Root Console". It executes the command "su" where it + should execute "su -"; the latter will cause a login shell to be + created which will in turn set PATH properly. You can correct this + problem as follows: + + + + Click on "Settings" on the toolbar and select "Configure + Konsole" + + + + Select the "Session" tab. + + + + Click on "Root Console" + + + + Change the Execute command from "su" to "su -" + + + + Click on "Save Session" + + + + Click on "Ok" + + + + + To see a list of supported commands, use the help command: shorewall help @@ -61,10 +99,11 @@ /etc/shorewall — The default directory - where Shorewall looks for configuration files. See the section - entitled Alternate Configuration - Directories for information about how you can direct Shorewall - to look in other directories. + where Shorewall looks for configuration files. See the sections + entitled Additional Configuration + Directories and Alternate + Configuration Directories for information about how you can + direct Shorewall to look in other directories. @@ -237,7 +276,7 @@ is much faster than starting Shorewall using the normal mechanism of reading the configuration files and running iptables dozens or even hundreds of times. - /etc/init.d/shorewall + By default, /etc/init.d/shorewall (/etc/rc.d/firewall.rc) uses the -f option when it is processing a request to start Shorewall. @@ -271,16 +310,52 @@ shell prompt to remove these files). -
- Alternate Configuration Directories +
+ Additional Configuration Directories - As explained above, Shorewall normally looks for configuration files - in the directory /etc/shorewall. - The shorewall start, shorewall - restart, shorewall check, and - shorewall try commands allow you to specify a different - directory for Shorewall to check before looking in /etc/shorewall. + The CONFIG_PATH setting in + /etc/shorewall/shorewall.conf determines where + Shorewall looks for configuration files. The default setting is + CONFIG_PATH=/etc/shorewall:/usr/share/shorewall which means that + /etc/shorewall is searched first + and if the file is not found then /usr/share/shorewall is searched. You can + change the value of CONFIG_PATH to cause additional directories to be + searched but CONFIG_PATH should always include both + /etc/shorewall and /usr/share/shorewall. + + When an alternate configuration directory is specified as described + in the next section, that directory + is searched before those directories listed in + CONFIG_PATH. + + Example - Search /etc/shorewall, /etc/shorewall/actiondir and /usr/share/shorewall in that order: + + CONFIG_PATH=/etc/shorewall:/etc/shorewall/actiondir:/usr/share/shorewall + + The above is the setting that I use and it allows me to place all of + my user-defined 'action.' files in /etc/shorewall/actiondir. +
+ +
+ Alternate Configuration Directories + + As explained above, Shorewall + normally looks for configuration files in the directories specified by the + CONFIG_PATH option in /etc/shorewall/shorewall.conf. The + shorewall start, shorewall restart, + shorewall check, and shorewall try + commands allow you to specify an additional directory for + Shorewall to check before looking in the directories listed in + CONFIG_PATH. Shorewall versions before Shorewall 2.2.0: