forked from extern/shorewall_code
correct name is now "SUSE" instead of "SuSE",
(of course word replacement was automatized ) git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3060 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
bc9f5bd790
commit
68f7ce57a5
@ -871,7 +871,7 @@ LOGBURST=""</programlisting>
|
||||
</tip>
|
||||
|
||||
<tip>
|
||||
<para>Under SuSE, add <quote>-c 5</quote> to KLOGD_PARAMS in
|
||||
<para>Under SUSE, add <quote>-c 5</quote> to KLOGD_PARAMS in
|
||||
/etc/sysconfig/syslog to suppress info (log level 6) messages on the
|
||||
console.</para>
|
||||
</tip>
|
||||
|
@ -53,7 +53,7 @@
|
||||
iptables must include the Netfilter+ipsec patches and policy match
|
||||
support. The Netfilter patches are available from Netfilter
|
||||
Patch-O-Matic-NG and are also included in some commercial distributions
|
||||
(most notably <trademark>SuSE</trademark> 9.1 through 9.3).</para>
|
||||
(most notably <trademark>SUSE</trademark> 9.1 through 9.3).</para>
|
||||
</warning>
|
||||
|
||||
<important>
|
||||
@ -97,7 +97,7 @@
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>The ipsec-tools 0.5 rpm from SuSE 9.3.</para>
|
||||
<para>The ipsec-tools 0.5 rpm from SUSE 9.3.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</listitem>
|
||||
|
@ -52,7 +52,7 @@
|
||||
implementation of IPSEC. Until that implementation is complete, only a
|
||||
simple network-network tunnel is described for 2.6.</para>
|
||||
|
||||
<para>UPDATE: Some distributions such as <trademark>SuSE</trademark> are
|
||||
<para>UPDATE: Some distributions such as <trademark>SUSE</trademark> are
|
||||
now shipping Kernels and iptables with the IPSEC-Netfilter patches and
|
||||
policy match support. Check <ulink url="IPSEC-2.6.html">this
|
||||
article</ulink> for information concerning this support and
|
||||
|
@ -78,7 +78,7 @@
|
||||
|
||||
<para>The standard RPM package from shorewall.net and the mirrors is
|
||||
known to work with <emphasis
|
||||
role="bold"><trademark>SuSE</trademark></emphasis>, <emphasis
|
||||
role="bold"><trademark>SUSE</trademark></emphasis>, <emphasis
|
||||
role="bold"><trademark>Power PPC</trademark></emphasis>, <emphasis
|
||||
role="bold"><trademark>Trustix</trademark></emphasis> and <emphasis
|
||||
role="bold"><trademark>TurboLinux</trademark></emphasis>. There is
|
||||
@ -110,7 +110,7 @@
|
||||
</caution>
|
||||
|
||||
<note>
|
||||
<para>Some SuSE users have encountered a problem whereby rpm reports
|
||||
<para>Some SUSE users have encountered a problem whereby rpm reports
|
||||
a conflict with kernel <= 2.2 even though a 2.4 kernel is
|
||||
installed. If this happens, simply use the --nodeps option to
|
||||
rpm.</para>
|
||||
@ -310,7 +310,7 @@
|
||||
<programlisting><command>rpm -Uvh <shorewall rpm file></command></programlisting>
|
||||
|
||||
<note>
|
||||
<para>Some SuSE users have encountered a problem whereby rpm reports
|
||||
<para>Some SUSE users have encountered a problem whereby rpm reports
|
||||
a conflict with kernel <= 2.2 even though a 2.4 kernel is
|
||||
installed. If this happens, simply use the --nodeps option to
|
||||
rpm.</para>
|
||||
|
@ -72,7 +72,7 @@
|
||||
the <ulink url="IPSEC.htm">Shorewall IPSEC documentation</ulink>
|
||||
(Shorewall support for IPSEC with unpatched 2.6 kernels is very limited).
|
||||
For patched 2.6 kernels (including those supplied with
|
||||
<trademark>SuSE</trademark> 9.2) see the <ulink
|
||||
<trademark>SUSE</trademark> 9.2) see the <ulink
|
||||
url="IPSEC-2.6.html">Kernel 2.6 IPSEC documentation</ulink>.</para>
|
||||
</section>
|
||||
</article>
|
@ -444,8 +444,8 @@ verb 3</programlisting>
|
||||
<graphic fileref="images/network3.png" />
|
||||
|
||||
<para>The Wireless network is in the lower right of the diagram and
|
||||
consists of two laptops: Eastepnc6000 (Dual Boot Windows XP - SP1, SuSE
|
||||
10.0) and Tipper (SuSE 10.0). We use OpenVPN to bridge those two laptops
|
||||
consists of two laptops: Eastepnc6000 (Dual Boot Windows XP - SP1, SUSE
|
||||
10.0) and Tipper (SUSE 10.0). We use OpenVPN to bridge those two laptops
|
||||
with the local LAN shown in the lower left hand corner. The laptops are
|
||||
configured with addresses in the 192.168.3.0/24 network connected to the
|
||||
firewall's <filename class="devicefile">eth0</filename> interface which
|
||||
@ -613,7 +613,7 @@ verb 3</programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Eastepnc6000 (SuSE10.0) Configuration</title>
|
||||
<title>Eastepnc6000 (SUSE10.0) Configuration</title>
|
||||
|
||||
<para>The configuration is the same as shown above only with "/Program
|
||||
Files/OpenVPN" replaced with "/etc/openvpn" (I love OpenVPN).</para>
|
||||
|
@ -157,8 +157,8 @@ ACCEPT net loc:130.252.100.19 tcp 80</programlisting>
|
||||
gateway:~#</programlisting>
|
||||
|
||||
<para>Note in particular that there is no broadcast address. Here is an
|
||||
<filename>ifcfg-eth-id-00:a0:cc:d1:db:12</filename> file from SuSE that
|
||||
produces this result (Note: SuSE ties the configuration file to the card
|
||||
<filename>ifcfg-eth-id-00:a0:cc:d1:db:12</filename> file from SUSE that
|
||||
produces this result (Note: SUSE ties the configuration file to the card
|
||||
by embedding the card's MAC address in the file name):</para>
|
||||
|
||||
<programlisting>BOOTPROTO='static'
|
||||
|
@ -63,7 +63,7 @@
|
||||
|
||||
<tip>
|
||||
<para>There are ftwall init scripts for use with
|
||||
<trademark>SuSE</trademark> and <trademark>Debian</trademark> Linux at
|
||||
<trademark>SUSE</trademark> and <trademark>Debian</trademark> Linux at
|
||||
<ulink
|
||||
url="http://shorewall.net/pub/shorewall/contrib/ftwall">http://shorewall.net/pub/shorewall/contrib/ftwall</ulink>.</para>
|
||||
</tip>
|
||||
|
@ -212,7 +212,7 @@ iface br0 inet static
|
||||
|
||||
<para>The bridge may have its IP address assigned via DHCP. Here's an
|
||||
example of an /etc/sysconfig/network/ifcfg-br0 file from a
|
||||
<trademark>SuSE</trademark> system:</para>
|
||||
<trademark>SUSE</trademark> system:</para>
|
||||
|
||||
<blockquote>
|
||||
<programlisting>BOOTPROTO='dhcp'
|
||||
@ -232,7 +232,7 @@ BOOTPROTO=dhcp
|
||||
ONBOOT=yes</programlisting>
|
||||
</blockquote>
|
||||
|
||||
<para>On both the SuSE and Mandrake systems, a separate script is required
|
||||
<para>On both the SUSE and Mandrake systems, a separate script is required
|
||||
to configure the bridge itself.</para>
|
||||
|
||||
<para>Here are scripts that I used on a <trademark>Suse</trademark> 9.1
|
||||
|
@ -611,7 +611,7 @@ DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
|
||||
behavior in which the identity of network interfaces varies from boot to
|
||||
boot (what is <filename class="devicefile">eth0</filename> after one boot
|
||||
may be <filename class="devicefile">eth1</filename> after the next).
|
||||
<trademark>SuSE</trademark> users, for example, can take the following
|
||||
<trademark>SUSE</trademark> users, for example, can take the following
|
||||
approach:</para>
|
||||
|
||||
<programlisting>wookie:~ # lspci
|
||||
|
@ -69,20 +69,20 @@
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>I use one-to-one NAT for <emphasis>"Ursa"</emphasis> (my
|
||||
personal system that run SuSE 10.0) - Internal address 192.168.1.5 and
|
||||
personal system that run SUSE 10.0) - Internal address 192.168.1.5 and
|
||||
external address 206.124.146.178.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>I use one-to-one NAT for <emphasis>"Eastepnc6000</emphasis>" (My
|
||||
work system -- Windows XP SP1/SuSE 10.0). Internal address 192.168.1.6
|
||||
work system -- Windows XP SP1/SUSE 10.0). Internal address 192.168.1.6
|
||||
and external address 206.124.146.180.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>I use SNAT through 206.124.146.179 for my Wife's Windows XP
|
||||
system <quote><emphasis>Tarry</emphasis></quote>, my <firstterm>crash
|
||||
and burn</firstterm> system "<emphasis>Wookie</emphasis>", our SuSE
|
||||
and burn</firstterm> system "<emphasis>Wookie</emphasis>", our SUSE
|
||||
10.0 laptop <quote><emphasis>Tipper</emphasis></quote> which connects
|
||||
through the Wireless Access Point (wap) via a Wireless Bridge (wet),
|
||||
and my work laptop (<emphasis>eastepnc6000</emphasis>) when it is not
|
||||
@ -465,7 +465,7 @@ DROP Wifi net:16.0.0.0/8
|
||||
DROP loc:!192.168.0.0/22 fw # Silently drop traffic with an HP source IP from my XP box
|
||||
ACCEPT loc fw tcp ssh,time,631,8080
|
||||
ACCEPT loc fw udp 161,ntp,631
|
||||
DROP loc fw tcp 3185 #SuSE Meta pppd
|
||||
DROP loc fw tcp 3185 #SUSE Meta pppd
|
||||
Ping/ACCEPT loc fw
|
||||
###############################################################################################################################################################################
|
||||
# Roadwarriors to Firewall
|
||||
|
@ -52,7 +52,7 @@
|
||||
<attribution>ES, Phoenix AZ, USA</attribution>
|
||||
|
||||
<para><emphasis>I have fought with IPtables for untold hours. First I
|
||||
tried the SuSE firewall, which worked for 80% of what I needed. Then
|
||||
tried the SUSE firewall, which worked for 80% of what I needed. Then
|
||||
gShield, which also worked for 80%. Then I set out to write my own
|
||||
IPtables parser in shell and awk, which was a lot of fun but never got
|
||||
me past the <quote>hey, cool</quote> stage. Then I discovered Shorewall.
|
||||
@ -141,7 +141,7 @@
|
||||
<attribution>SM, Germany</attribution>
|
||||
|
||||
<para><emphasis>one time more to report, that your great shorewall in
|
||||
the latest release 1.2.9 is working fine for me with SuSE Linux 7.3! I
|
||||
the latest release 1.2.9 is working fine for me with SUSE Linux 7.3! I
|
||||
now have 7 machines up and running with shorewall on several versions -
|
||||
starting with 1.2.2 up to the new 1.2.9 and I never have encountered any
|
||||
problems!</emphasis></para>
|
||||
|
Loading…
Reference in New Issue
Block a user