holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Minor edit

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@841 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
mhnoyes 2003-12-13 06:35:24 +00:00
parent 78ca700912
commit 3ad8861ddb
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Shorewall-docs/Documentation.xml
View File

@ -2572,16 +2572,17 @@ NET_OPTIONS=blacklist,norfc1918</programlisting>
<title>You want to run wu-ftpd on 192.168.2.2 in your masqueraded DMZ. <title>You want to run wu-ftpd on 192.168.2.2 in your masqueraded DMZ.
Your internet interface address is 155.186.235.151 and you want the FTP Your internet interface address is 155.186.235.151 and you want the FTP
server to be accessible from the internet in addition to the local server to be accessible from the internet in addition to the local
192.168.1.0/24 and dmz 192.168.2.0/24 subnetworks. Note that since the 192.168.1.0/24 and dmz 192.168.2.0/24 subnetworks.</title>
server is in the 192.168.2.0/24 subnetwork, we can assume that access to
the server from that subnet will not involve the firewall (<ulink <para><note><para>since the server is in the 192.168.2.0/24 subnetwork,
url="FAQ.htm#faq2">but see FAQ 2</ulink>). Note that unless you have we can assume that access to the server from that subnet will not
more than one external IP address, you can leave the ORIGINAL DEST involve the firewall (<ulink url="FAQ.htm#faq2">but see FAQ 2</ulink>)</para></note><note><para>unless
column blank in the first rule. You cannot leave it blank in the second you have more than one external IP address, you can leave the ORIGINAL
rule though because then <emphasis role="bold">all ftp connections</emphasis> DEST column blank in the first rule. You cannot leave it blank in the
originating in the local subnet 192.168.1.0/24 would be sent to second rule though because then all ftp connections originating in the
192.168.2.2 <emphasis role="bold">regardless of the site that the user local subnet 192.168.1.0/24 would be sent to 192.168.2.2 regardless of
was trying to connect to</emphasis>. That is clearly not what you want.</title> the site that the user was trying to connect to. That is clearly not
what you want.</para></note></para>
<informaltable> <informaltable>
<tgroup cols="9"> <tgroup cols="9">