holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix broken links

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-09-19 08:14:26 -07:00
parent a389aa01a8
commit 56cb029ef4
3 changed files with 75 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
docs/standalone.xml
View File

@ -102,7 +102,7 @@
Shorewall. <itemizedlist>
<listitem>
<para><ulink
url="http://www.simtel.net/pub/pd/51438.html"><trademark>Windows</trademark>
url="http://www.sourceforge.net/projects/dos2unix"><trademark>Windows</trademark>
Version of <command>dos2unix</command></ulink></para>
</listitem>
@ -119,18 +119,19 @@
<title>Conventions</title>
<para>Points at which configuration changes are recommended are flagged
with <inlinegraphic fileref="images/BD21298_.gif" format="GIF"/>.</para>
with <inlinegraphic fileref="images/BD21298_.gif"
format="GIF" />.</para>
<para>Configuration notes that are unique to Debian and it's derivatives
are marked with <inlinegraphic fileref="images/openlogo-nd-25.png"
format="GIF"/>.</para>
format="GIF" />.</para>
</section>
</section>
<section id="PPTP">
<title>PPTP/ADSL</title>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>If you have an <acronym>ADSL</acronym> Modem and you use
<acronym>PPTP</acronym> to communicate with a server in that modem, you
@ -143,7 +144,7 @@
<section id="Concepts">
<title>Shorewall Concepts</title>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>The configuration files for Shorewall are contained in the directory
<filename class="directory">/etc/shorewall</filename> -- for simple
@ -176,7 +177,7 @@
</listitem>
<listitem>
<para><graphic align="left" fileref="images/openlogo-nd-25.png"/>If
<para><graphic align="left" fileref="images/openlogo-nd-25.png" />If
you installed using a Shorewall 4.x .deb, the samples are in <emphasis
role="bold"><filename
class="directory">/usr/share/doc/shorewall/examples/one-interface</filename>..</emphasis>
@ -351,7 +352,7 @@ root@lists:~# </programlisting>
the external interface.</para>
</caution>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>The Shorewall one-interface sample configuration assumes that the
external interface is <filename class="devicefile">eth0</filename>. If
@ -459,7 +460,7 @@ root@lists:~# </programlisting>
</listitem>
</itemizedlist>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>If you are running a distribution that logs Netfilter messages to a
log other than <filename>/var/log/messages</filename>, then modify the
@ -499,7 +500,7 @@ root@lists:~# </programlisting>
<filename>/usr/share/shorewall/modules</filename> then copy the file to
<filename>/etc/shorewall</filename> and modify the copy.</para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>Modify the setting of LOAD_HELPER_ONLY as necessary.</para>
</section>
@ -563,7 +564,7 @@ ACCEPT net $FW tcp 143</programlisting></para>
SSH(ACCEPT) net $FW </programlisting>
</important>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>At this point, edit <filename>/etc/shorewall/rules</filename> to add
other connections as desired.</para>
@ -572,7 +573,7 @@ SSH(ACCEPT) net $FW </programlisting>
<section id="Starting">
<title>Starting and Stopping Your Firewall</title>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>The <ulink url="Install.htm">installation procedure</ulink>
configures your system to start Shorewall at system boot but startup is
@ -580,7 +581,7 @@ SSH(ACCEPT) net $FW </programlisting>
configuration is complete. Once you have completed configuration of your
firewall, you must edit /etc/shorewall/shorewall.conf and set
STARTUP_ENABLED=Yes.<graphic align="left"
fileref="images/openlogo-nd-25.png"/></para>
fileref="images/openlogo-nd-25.png" /></para>
<important>
<para>Users of the .deb package must edit
@ -690,7 +691,7 @@ SSH(ACCEPT) net $FW </programlisting>
<programlisting><command>systemctl disable iptables.service</command></programlisting>
<para><inlinegraphic fileref="images/BD21298_.gif"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" /></para>
<para>At this point, disable your existing firewall service.</para>
</section>

58
docs/three-interface.xml
View File

@ -90,7 +90,7 @@
<mediaobject>
<imageobject>
<imagedata align="center" fileref="images/dmz1.png" format="PNG"/>
<imagedata align="center" fileref="images/dmz1.png" format="PNG" />
</imageobject>
</mediaobject>
</figure>
@ -130,8 +130,9 @@
<itemizedlist>
<listitem>
<para><ulink url="http://www.simtel.net/pub/pd/51438.html">Windows
Version of dos2unix</ulink></para>
<para><ulink
url="http://www.sourceforge.net/projects/dos2unix">Windows Version
of dos2unix</ulink></para>
</listitem>
<listitem>
@ -147,18 +148,19 @@
<title>Conventions</title>
<para>Points at which configuration changes are recommended are flagged
with <inlinegraphic fileref="images/BD21298_.gif" format="GIF"/>.</para>
with <inlinegraphic fileref="images/BD21298_.gif"
format="GIF" />.</para>
<para>Configuration notes that are unique to Debian and it's derivatives
are marked with <inlinegraphic fileref="images/openlogo-nd-25.png"
format="GIF"/>.</para>
format="GIF" />.</para>
</section>
</section>
<section id="PPTP">
<title>PPTP/ADSL</title>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>If you have an ADSL Modem and you use PPTP to communicate with a
server in that modem, you must make the <ulink
@ -174,7 +176,7 @@
<filename>/etc/shorewall</filename> -- for simple setups, you will only
need to deal with a few of these as described in this guide.</para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>After you have installed Shorewall, locate the three-interface
Sample configuration:</para>
@ -209,7 +211,7 @@
</listitem>
<listitem>
<para><graphic align="left" fileref="images/openlogo-nd-25.png"/>If
<para><graphic align="left" fileref="images/openlogo-nd-25.png" />If
you installed using a Shorewall 4.x .deb, the samples are in <emphasis
role="bold"><filename
class="directory">/usr/share/doc/shorewall/examples/three-interfaces</filename></emphasis>.
@ -362,7 +364,7 @@ $FW loc ACCEPT</programlisting>
<emphasis>net</emphasis> zone even though connections are not allowed from
the <emphasis>loc</emphasis> zone to the firewall itself.</para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>At this point, edit your <filename>/etc/shorewall/policy</filename>
file and make any changes that you wish.</para>
@ -376,7 +378,7 @@ $FW loc ACCEPT</programlisting>
<mediaobject>
<imageobject>
<imagedata align="center" fileref="images/dmz1.png" format="PNG"/>
<imagedata align="center" fileref="images/dmz1.png" format="PNG" />
</imageobject>
</mediaobject>
</figure>
@ -420,7 +422,7 @@ root@lists:~# </programlisting>
the external interface.</para>
</caution>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>I<emphasis role="bold">f your external interface is <filename
class="devicefile">ppp0</filename> or <filename
@ -462,7 +464,7 @@ root@lists:~# </programlisting>
exactly one default route via your ISP's Router.</para>
</caution>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>The Shorewall three-interface sample configuration assumes that the
external interface is <filename class="devicefile">eth0</filename>, the
@ -527,7 +529,7 @@ root@lists:~# </programlisting>
<title>Example sub-network</title>
<tgroup cols="2">
<colspec align="left"/>
<colspec align="left" />
<tbody>
<row>
@ -572,7 +574,7 @@ root@lists:~# </programlisting>
directly. To communicate with systems outside of the subnetwork, systems
send packets through a gateway (router).</para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>Your local computers (Local Computers 1 &amp; 2) should be
configured with their default gateway set to the IP address of the
@ -595,7 +597,7 @@ root@lists:~# </programlisting>
<mediaobject>
<imageobject>
<imagedata fileref="images/dmz2.png"/>
<imagedata fileref="images/dmz2.png" />
</imageobject>
<caption><para>The default gateway for the DMZ computers would be
@ -651,7 +653,7 @@ root@lists:~# </programlisting>
class="directory">/etc/shorewall/</filename><filename>masq</filename>
file.</para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>If your external firewall interface is <filename
class="devicefile">eth0</filename> then you do not need to modify the file
@ -664,7 +666,7 @@ root@lists:~# </programlisting>
modify the SOURCE column to list just your local interface (10.10.10.0/24
in the above example).</para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>If your external IP is static, you can enter it in the third column
in the <filename
@ -672,7 +674,7 @@ root@lists:~# </programlisting>
entry if you like although your firewall will work fine if you leave that
column empty. Entering your static IP in column 3 makes processing
outgoing packets a little more efficient.<graphic align="left"
fileref="images/openlogo-nd-25.png"/></para>
fileref="images/openlogo-nd-25.png" /></para>
<para><emphasis role="bold">If you are using the Debian package, please
check your <filename>shorewall.conf</filename> file to ensure that the
@ -735,7 +737,7 @@ root@lists:~# </programlisting>
</listitem>
</itemizedlist>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>If you are running a distribution that logs netfilter messages to a
log other than <filename>/var/log/messages</filename>, then modify the
@ -775,7 +777,7 @@ root@lists:~# </programlisting>
<filename>/usr/share/shorewall/modules</filename> then copy the file to
<filename>/etc/shorewall</filename> and modify the copy.</para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>Modify the setting of LOAD_HELPER_ONLY as necessary.</para>
</section>
@ -885,7 +887,7 @@ DNAT loc dmz:10.10.11.2 tcp 80 - $ETH0_IP</pr
</itemizedlist></para>
</example>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>At this point, add the DNAT and ACCEPT rules for your
servers.</para>
@ -923,7 +925,7 @@ DNAT loc dmz:10.10.11.2 tcp 80 - $ETH0_IP</pr
<listitem>
<para><inlinegraphic fileref="images/BD21298_.gif"
format="GIF"/></para>
format="GIF" /></para>
<para>You can configure a <emphasis>Caching Name Server</emphasis>
on your firewall or in your DMZ. <trademark>Red Hat</trademark> has
@ -1025,7 +1027,7 @@ ACCEPT net $FW udp 53 </programlisting>
SSH(ACCEPT) net $FW</programlisting></para>
</important>
<para><inlinegraphic fileref="images/leaflogo.gif" format="GIF"/> Bering
<para><inlinegraphic fileref="images/leaflogo.gif" format="GIF" /> Bering
users will want to add the following two rules to be compatible with
Jacques's Shorewall configuration: <programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
ACCEPT loc $FW udp 53
@ -1038,7 +1040,7 @@ ACCEPT net $FW tcp 80 </programlisting><it
<para>Entry 2 allows the <quote>weblet</quote> to work.</para>
</listitem>
</itemizedlist><inlinegraphic fileref="images/BD21298_.gif"
format="GIF"/></para>
format="GIF" /></para>
<para>Now modify <filename>/etc/shorewall/rules</filename> to add or
remove other connections as required.</para>
@ -1103,7 +1105,7 @@ ACCEPT net $FW tcp 80 </programlisting><it
<section id="Starting">
<title>Starting and Stopping Your Firewall</title>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>The <ulink url="Install.htm">installation procedure</ulink>
configures your system to start Shorewall at system boot but startup is
@ -1112,7 +1114,7 @@ ACCEPT net $FW tcp 80 </programlisting><it
firewall, you can enable Shorewall startup by editing
<filename>/etc/shorewall/shorewall.conf</filename> and setting
STARTUP_ENABLED=Yes.<graphic align="left"
fileref="images/openlogo-nd-25.png"/><important>
fileref="images/openlogo-nd-25.png" /><important>
<para>Users of the <filename>.deb</filename> package must edit
<filename>/etc/default/shorewall</filename> and set
<varname>startup=1</varname>.</para>
@ -1133,7 +1135,7 @@ ACCEPT net $FW tcp 80 </programlisting><it
Shorewall from your Netfilter configuration, use <command>shorewall
clear</command>.</para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>The three-interface sample assumes that you want to enable routing
to/from <filename class="devicefile">eth1</filename> (your local network)
@ -1220,7 +1222,7 @@ ACCEPT net $FW tcp 80 </programlisting><it
<programlisting><command>systemctl disable iptables.service</command></programlisting>
<para><inlinegraphic fileref="images/BD21298_.gif"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" /></para>
<para>At this point, disable your existing firewall service.</para>
</section>

61
docs/two-interface.xml
View File

@ -74,7 +74,7 @@
<mediaobject>
<imageobject>
<imagedata align="center" fileref="images/basics.png" format="PNG"/>
<imagedata align="center" fileref="images/basics.png" format="PNG" />
</imageobject>
</mediaobject>
</figure> <caution>
@ -88,7 +88,7 @@
Shorewall. <itemizedlist>
<listitem>
<para><ulink
url="http://www.simtel.net/pub/pd/51438.html"><trademark>Windows</trademark>
url="http://www.sourceforge.net/projects/dos2unix"><trademark>Windows</trademark>
Version of <command>dos2unix</command></ulink></para>
</listitem>
@ -121,18 +121,19 @@
<title>Conventions</title>
<para>Points at which configuration changes are recommended are flagged
with <inlinegraphic fileref="images/BD21298_.gif" format="GIF"/>.</para>
with <inlinegraphic fileref="images/BD21298_.gif"
format="GIF" />.</para>
<para>Configuration notes that are unique to Debian and it's derivatives
are marked with <inlinegraphic fileref="images/openlogo-nd-25.png"
format="GIF"/>.</para>
format="GIF" />.</para>
</section>
</section>
<section id="PPTP">
<title>PPTP/ADSL</title>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>If you have an <acronym>ADSL</acronym> Modem and you use
<acronym>PPTP</acronym> to communicate with a server in that modem, you
@ -145,7 +146,7 @@
<section id="Concepts">
<title>Shorewall Concepts</title>
<para/>
<para></para>
<para>The configuration files for Shorewall are contained in the directory
<filename class="directory">/etc/shorewall</filename> -- for simple
@ -153,7 +154,7 @@
this guide.</para>
<para><inlinegraphic fileref="images/BD21298_.gif"
format="GIF"/><important>
format="GIF" /><important>
<para>After you have <ulink url="Install.htm">installed
Shorewall</ulink>, locate the two-interfaces samples:</para>
@ -189,7 +190,7 @@
<listitem>
<para><graphic align="left"
fileref="images/openlogo-nd-25.png"/>If you installed using a
fileref="images/openlogo-nd-25.png" />If you installed using a
Shorewall 4.x .deb, the samples are in <emphasis
role="bold"><filename
class="directory">/usr/share/doc/shorewall-common/examples/two-interfaces</filename>.</emphasis>
@ -336,7 +337,7 @@ $FW net ACCEPT</programlisting> The above policy will:
loc $FW ACCEPT
$FW loc ACCEPT</programlisting>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>At this point, edit your <filename
class="directory">/etc/shorewall/</filename><filename>policy</filename>
@ -348,7 +349,7 @@ $FW loc ACCEPT</programlisting>
<mediaobject>
<imageobject>
<imagedata align="center" fileref="images/basics.png" format="PNG"/>
<imagedata align="center" fileref="images/basics.png" format="PNG" />
</imageobject>
</mediaobject>
@ -392,7 +393,7 @@ root@lists:~# </programlisting>
the external interface.</para>
</caution>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>I<emphasis role="bold">f your external interface is <filename
class="devicefile">ppp0</filename> or <filename
@ -420,7 +421,7 @@ root@lists:~# </programlisting>
internal interface.</emphasis> Your firewall should have exactly one
default route via your ISP's Router.</para>
</warning> <inlinegraphic fileref="images/BD21298_.gif"
format="GIF"/></para>
format="GIF" /></para>
<para>The Shorewall two-interface sample configuration assumes that the
external interface is <filename class="devicefile">eth0</filename> and the
@ -532,7 +533,7 @@ root@lists:~# </programlisting>
directly. To communicate with systems outside of the subnetwork, systems
send packets through a gateway (router).</para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>Your local computers (computer 1 and computer 2 in the above
diagram) should be configured with their default gateway to be the
@ -549,7 +550,7 @@ root@lists:~# </programlisting>
<para id="Diagram">The remainder of this guide will assume that you have
configured your network as shown here: <mediaobject>
<imageobject>
<imagedata align="center" fileref="images/basics1.png" format="PNG"/>
<imagedata align="center" fileref="images/basics1.png" format="PNG" />
</imageobject>
</mediaobject> The default gateway for computer's 1 &amp; 2 would be
<systemitem class="ipaddress">10.10.10.254</systemitem>. <warning>
@ -606,7 +607,7 @@ root@lists:~# </programlisting>
<acronym>IP</acronym> is dynamic and <acronym>SNAT</acronym> if the
<acronym>IP</acronym> is static.</para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>If your external firewall interface is <filename
class="devicefile">eth0</filename>, you do not need to modify the file
@ -615,7 +616,7 @@ root@lists:~# </programlisting>
class="directory">/etc/shorewall/</filename><filename>masq</filename> and
change the first column to the name of your external interface.</para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>If your external <acronym>IP</acronym> is static, you can enter it
in the third column in the <filename
@ -625,7 +626,7 @@ root@lists:~# </programlisting>
column 3 (SNAT) makes the processing of outgoing packets a little more
efficient.</para>
<graphic align="left" fileref="images/openlogo-nd-25.png"/>
<graphic align="left" fileref="images/openlogo-nd-25.png" />
<para>I<emphasis role="bold">f you are using the Debian package, please
check your <filename>shorewall.conf</filename> file to ensure that the
@ -688,7 +689,7 @@ root@lists:~# </programlisting>
</listitem>
</itemizedlist>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>If you are running a distribution that logs netfilter messages to a
log other than <filename>/var/log/messages</filename>, then modify the
@ -728,7 +729,7 @@ root@lists:~# </programlisting>
<filename>/usr/share/shorewall/modules</filename> then copy the file to
<filename>/etc/shorewall</filename> and modify the copy.</para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>Modify the setting of LOAD_HELPER_ONLY as necessary.</para>
</section>
@ -826,7 +827,7 @@ FTP(DNAT) net loc:10.10.10.1</programlisting> For
DNAT net loc:10.10.10.2:80 tcp 5000</programlisting>
</listitem>
</itemizedlist> <inlinegraphic fileref="images/BD21298_.gif"
format="GIF"/></para>
format="GIF" /></para>
<para>At this point, modify <filename
class="directory">/etc/shorewall/</filename><filename>rules</filename> to
@ -874,7 +875,7 @@ DNAT net loc:10.10.10.2:80 tcp 5000</programlisting>
</listitem>
<listitem>
<para><anchor id="cachingdns"/> You can configure a
<para><anchor id="cachingdns" /> You can configure a
<emphasis>Caching Name Server</emphasis> on your firewall.
<trademark>Red Hat</trademark> has an <acronym>RPM</acronym> for a
caching name server (the <acronym>RPM</acronym> also requires the
@ -953,11 +954,11 @@ Web(ACCEPT) loc $FW </programlisting>Those two rules would of
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
SSH(ACCEPT) net $FW</programlisting>
</important> <inlinegraphic fileref="images/leaflogo.gif"
format="GIF"/>Bering users will want to add the following two rules to be
format="GIF" />Bering users will want to add the following two rules to be
compatible with Jacques's Shorewall configuration.<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
ACCEPT loc $FW udp 53 #Allow DNS Cache to work
ACCEPT loc $FW tcp 80 #Allow Weblet to work</programlisting>
<inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>Now edit your <filename
class="directory">/etc/shorewall/</filename><filename>rules</filename>
@ -1023,7 +1024,7 @@ ACCEPT loc $FW tcp 80 #Allow Weblet to work</progra
<section id="Starting">
<title>Starting and Stopping Your Firewall</title>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>The <ulink url="Install.htm">installation procedure</ulink>
configures your system to start Shorewall at system boot but startup is
@ -1031,7 +1032,7 @@ ACCEPT loc $FW tcp 80 #Allow Weblet to work</progra
configuration is complete. Once you have completed configuration of your
firewall, you must edit /etc/shorewall/shorewall.conf and set
STARTUP_ENABLED=Yes.<graphic align="left"
fileref="images/openlogo-nd-25.png"/><important>
fileref="images/openlogo-nd-25.png" /><important>
<para>Users of the .deb package must edit <filename
class="directory">/etc/default/</filename><filename>shorewall</filename>
and set <varname>startup=1</varname>.</para>
@ -1051,7 +1052,7 @@ ACCEPT loc $FW tcp 80 #Allow Weblet to work</progra
of Shorewall from your Netfilter configuration, use
<quote><command>shorewall clear</command></quote>.</para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>The two-interface sample assumes that you want to enable routing
to/from <filename class="devicefile">eth1</filename> (the local network)
@ -1137,7 +1138,7 @@ ACCEPT loc $FW tcp 80 #Allow Weblet to work</progra
<programlisting><command>systemctl disable iptables.service</command></programlisting>
<para><inlinegraphic fileref="images/BD21298_.gif"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" /></para>
<para>At this point, disable your existing firewall service.</para>
</section>
@ -1181,9 +1182,9 @@ ACCEPT loc $FW tcp 80 #Allow Weblet to work</progra
</caution></para>
<para>Your new network will look similar to what is shown in the following
figure.<graphic align="center" fileref="images/basics2.png"/></para>
figure.<graphic align="center" fileref="images/basics2.png" /></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>The first thing to note is that the computers in your wireless
network will be in a different subnet from those on your wired local LAN.
@ -1196,7 +1197,7 @@ ACCEPT loc $FW tcp 80 #Allow Weblet to work</progra
traffic may flow freely between the local wired network and the wireless
network.</para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF" /></para>
<para>There are only two changes that need to be made to the Shorewall
configuration:</para>