From 52ac47c70bdaeb6d680a7ab0d025434761b4d780 Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 9 Jan 2004 21:32:20 +0000 Subject: [PATCH] Add more legacy FAQ numbers git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1072 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs/FAQ.xml | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/Shorewall-docs/FAQ.xml b/Shorewall-docs/FAQ.xml index 641e4ab03..b672c77a0 100644 --- a/Shorewall-docs/FAQ.xml +++ b/Shorewall-docs/FAQ.xml @@ -17,10 +17,10 @@ - 2003-12-31 + 2004-01-09 - 2001-2003 + 2001-2004 Thomas M. Eastep @@ -401,7 +401,9 @@ If you are running Shorewall 1.4.1 or Shorewall 1.4.1a, please upgrade to Shorewall 1.4.2 or later. - Otherwise: + Otherwise:In this configuration, all loc->loc + traffic will look to the server as if it came from the firewall rather + than from the original client! @@ -903,9 +905,9 @@ url="http://www.shorewall.net/pub/shorewall/parsefw/">http://www.shorewall.net/p
- All day long I get a steady flow of these DROP messages from - port 53 to some high numbered port. They get dropped, but what the - heck are they? + (FAQ 6c) All day long I get a steady flow of these DROP + messages from port 53 to some high numbered port. They get dropped, + but what the heck are they? Jan 8 15:50:48 norcomix kernel: Shorewall:net2all:DROP:IN=eth0 OUT= @@ -949,11 +951,11 @@ run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROP
- (FAQ 6c) Why is the MAC address in Shorewall log messages so + <title>(FAQ 6d) Why is the MAC address in Shorewall log messages so long? I thought MAC addresses were only 6 bytes in length. What is labeled as the MAC address in a Shorewall log message is - actually the Ethernet frame header. IT contains: + actually the Ethernet frame header. It contains: @@ -1520,8 +1522,8 @@ rmmod ipchains RH7.2.
- When I try to start Shorewall on RedHat I get a message - referring me to FAQ #8 + (FAQ 8a) When I try to start Shorewall on RedHat I get a + message referring me to FAQ #8 Answer: This is usually cured by the sequence of commands shown above in . @@ -1840,7 +1842,7 @@ Creating input Chains...
(FAQ 26a) When I try to use the <quote>-O</quote> option of nmap from the firewall system, I get <quote>operation not permitted</quote>. - How to I allow this option? + How do I allow this option? Add this command to your /etc/shorewall/start file: @@ -1875,7 +1877,10 @@ Creating input Chains... Revision History - 1.82003-12-31TEAdditions + 1.102004-01-09TEAdded + a couple of more legacy FAQ numbers.1.92004-01-08TECorrected + typo in FAQ 26a. Added warning to FAQ 2 regarding source address of + redirected requests.1.82003-12-31TEAdditions to FAQ 4.1.72003-12-30TERemove dead link from FAQ 1.1.62003.12-18TEAdd external link reference to FAQ 17.1.52003-12-16TEAdded