From 3be3c57e650abf4b31abc2799822ab388bc0c8f1 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 3 Feb 2014 08:07:53 -0800 Subject: [PATCH] Mention 'routeback' for vserver hosts entries. Signed-off-by: Tom Eastep --- docs/Vserver.xml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/Vserver.xml b/docs/Vserver.xml index 534b3a8aa..09345bfca 100644 --- a/docs/Vserver.xml +++ b/docs/Vserver.xml @@ -139,21 +139,23 @@ vpn ipv4 #OpenVPN clients /etc/shorewall/interfaces: #ZONE INTERFACE BROADCAST OPTIONS -net eth1 detect dhcp,optional,routefilter=0,logmartians,proxyarp=0,nosmurfs,upnp +net eth1 detect routeback,dhcp,optional,routefilter=0,logmartians,proxyarp=0,nosmurfs,upnp ... /etc/shorewall/hosts: #ZONE HOST(S) OPTIONS drct eth4:dynamic -dmz eth1:70.90.191.124/31 +dmz eth1:70.90.191.124/31 routeback While the IP addresses 70.90.191.124 and 70.90.191.125 are configured on eth1, the actual interface name is irrelevant so long as the interface is defined in shorewall-interfaces (5). Shorewall will consider all vserver zones to be associated with the - loopback interface (lo). + loopback interface (lo). Note that the + routeback option is required if the + vservers are to be able to communicate with each other. Once a vserver zone is defined, it can be used like any other zone type.