Minor edit

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@841 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-13 06:35:24 +00:00 · 2003-12-13 06:35:24 +00:00 · 3ad8861ddb
commit 3ad8861ddb
parent 78ca700912
1 changed files with 11 additions and 10 deletions
--- a/Shorewall-docs/Documentation.xml
+++ b/Shorewall-docs/Documentation.xml
@ -2572,16 +2572,17 @@ NET_OPTIONS=blacklist,norfc1918</programlisting>
      <title>You want to run wu-ftpd on 192.168.2.2 in your masqueraded DMZ.
      Your internet interface address is 155.186.235.151 and you want the FTP
      server to be accessible from the internet in addition to the local
-      192.168.1.0/24 and dmz 192.168.2.0/24 subnetworks. Note that since the
-      server is in the 192.168.2.0/24 subnetwork, we can assume that access to
-      the server from that subnet will not involve the firewall (<ulink
-      url="FAQ.htm#faq2">but see FAQ 2</ulink>). Note that unless you have
-      more than one external IP address, you can leave the ORIGINAL DEST
-      column blank in the first rule. You cannot leave it blank in the second
-      rule though because then <emphasis role="bold">all ftp connections</emphasis>
-      originating in the local subnet 192.168.1.0/24 would be sent to
-      192.168.2.2 <emphasis role="bold">regardless of the site that the user
-      was trying to connect to</emphasis>. That is clearly not what you want.</title>
+      192.168.1.0/24 and dmz 192.168.2.0/24 subnetworks.</title>
+
+      <para><note><para>since the server is in the 192.168.2.0/24 subnetwork,
+      we can assume that access to the server from that subnet will not
+      involve the firewall (<ulink url="FAQ.htm#faq2">but see FAQ 2</ulink>)</para></note><note><para>unless
+      you have more than one external IP address, you can leave the ORIGINAL
+      DEST column blank in the first rule. You cannot leave it blank in the
+      second rule though because then all ftp connections originating in the
+      local subnet 192.168.1.0/24 would be sent to 192.168.2.2 regardless of
+      the site that the user was trying to connect to. That is clearly not
+      what you want.</para></note></para>

      <informaltable>
        <tgroup cols="9">