Update release notes and change log

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@418 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-25 00:15:55 +00:00 · 2003-01-25 00:15:55 +00:00 · 5642f7e1d4
commit 5642f7e1d4
parent 4964497aa3
2 changed files with 90 additions and 0 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -3,3 +3,11 @@ Changes since 1.3.13
 1. Fix 'shorewall add' bug.

 2. Add OLD_PING_HANDLING option
+
+3. Allow adding alias labels under ADD_IP_ALIASES=Yes.
+
+4. Allow adding alias labels under ADD_SNAT_ALIASES=Yes.
+
+5. Use the routing table to generate list of subnets to be masqueraded
+   when an interface name appears in the SUBNET column of
+   /etc/shorewall/masq.
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -12,4 +12,86 @@ New features include:
   'filterping' options in /etc/shorewall/interfaces will generate an
   error.

+2) It is now possible to direct Shorewall to create a "label" such as
+   "eth0:0" for IP addresses that it creates under ADD_IP_ALIASES=Yes
+   and ADD_SNAT_ALIASES=Yes. This is done by specifying the label
+   instead of just the interface name:

+   a) In the INTERFACE column of /etc/shorewall/masq
+   b) In the INTERFACE column of /etc/shorewall/nat
+
+3) When an interface name is entered in the SUBNET column of the
+   /etc/shorewall/masq file, Shorewall previously masqueraded traffic
+   from only the first subnet defined on that interface. It did not
+   masquerade traffic from:
+
+   a) The subnets associated with other addresses on the interface.
+   b) Subnets accessed through local routers.
+
+   Beginning with Shorewall 1.3.14, if you enter an interface name in
+   the SUBNET column, shorewall will use the firewall's routing table
+   to construct the masquerading/SNAT rules.
+
+   Example 1 -- This is how it works in 1.3.14.
+   
+   [root@gateway test]# cat /etc/shorewall/masq
+   #INTERFACE              SUBNET                  ADDRESS
+   eth0                    eth2                    206.124.146.176
+   #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
+   [root@gateway test]# ip route show dev eth2
+   192.168.1.0/24  scope link
+   192.168.10.0/24  proto kernel  scope link  src 192.168.10.254
+   [root@gateway test]#             ADDRESS
+   eth0                    eth2                    206.124.146.176
+   #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
+   [root@gateway test]# ip route show dev eth2
+   192.168.1.0/24  scope link
+   192.168.10.0/24  proto kernel  scope link  src 192.168.10.254
+   [root@gateway test]# shorewall start
+   ...
+   Masqueraded Subnets and Hosts:
+       To 0.0.0.0/0 from 192.168.1.0/24 through eth0 using 206.124.146.176
+       To 0.0.0.0/0 from 192.168.10.0/24 through eth0 using 206.124.146.176
+   Processing /etc/shorewall/tos...
+
+   When upgrading to Shorewall 1.3.14, if you have multiple local
+   subnets connected to an interface that is specified in the SUBNET
+   column of an /etc/shorewall/masq entry, your /etc/shorewall/masq
+   file will need changing. In most cases, you will simply be able to
+   remove redundant entries. In some cases though, you might want to change
+   from using the interface name to listing specific subnetworks if the
+   change described above will cause masquerading to occur on
+   subnetworks that you don't wish to masquerade.
+
+   Example 2 -- Suppose that your current config is as follows:
+   
+   [root@gateway test]# cat /etc/shorewall/masq
+   #INTERFACE              SUBNET                  ADDRESS
+   eth0                    eth2                    206.124.146.176
+   eth0			   192.168.10.0/24	   206.124.146.176
+   #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
+   [root@gateway test]# ip route show dev eth2
+   192.168.1.0/24  scope link
+   192.168.10.0/24  proto kernel  scope link  src 192.168.10.254
+   [root@gateway test]#
+
+   In this case, the second entry in /etc/shorewall/masq is no longer
+   required.
+
+   Example 3 -- What if your current configuration is like this?
+
+   [root@gateway test]# cat /etc/shorewall/masq
+   #INTERFACE              SUBNET                  ADDRESS
+   eth0                    eth2                    206.124.146.176
+   #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
+   [root@gateway test]# ip route show dev eth2
+   192.168.1.0/24  scope link
+   192.168.10.0/24  proto kernel  scope link  src 192.168.10.254
+   [root@gateway test]#
+
+   In this case, you would want to change the entry in
+   /etc/shorewall/masq to:
+
+   #INTERFACE              SUBNET                  ADDRESS
+   eth0                    192.168.1.0/24          206.124.146.176
+   #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE