Add fw->nat masq rules to multi-ISP doc

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3215 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2006-01-03 01:21:10 +00:00 · 2006-01-03 01:21:10 +00:00 · 8232d950b8
commit 8232d950b8
parent ca96f6f8df
1 changed files with 10 additions and 2 deletions
--- a/Shorewall-docs2/MultiISP.xml
+++ b/Shorewall-docs2/MultiISP.xml
@ -49,7 +49,7 @@
      ethernet interfaces to two different ISPs as in the following
      diagram.</para>

-      <graphic fileref="images/TwoISPs.png" />
+      <graphic align="left" fileref="images/TwoISPs.png" />

      <itemizedlist>
        <listitem>
@ -265,7 +265,7 @@
                    have multiple internet connections, we recommend that you
                    specify 'balance' even if you don't need it. You can still
                    use entries in <filename>/etc/shorewall/tcrules</filename>
-                    to force traffic to one provider or another. </para>
+                    to force traffic to one provider or another.</para>
                  </important>
                </listitem>
              </varlistentry>
@ -414,6 +414,14 @@ net      eth1         detect          …</programlisting>
      <programlisting>#SOURCE    DESTINATION    POLICY     LIMIT:BURST
 net        net            DROP</programlisting>

+      <para>Regardless of whether you have masqueraded hosts or not, <emphasis
+      role="bold">YOU MUST ADD THESE TWO ENTRIES TO
+      <filename>/etc/shorewall/masq</filename></emphasis>:</para>
+
+      <programlisting>#INTERFACE       SUBNET            ADDRESS
+eth0             130.252.99.27     206.124.146.176
+eth1             206.124.146.176   130.252.99.27</programlisting>
+
      <para>If you have masqueraded hosts, be sure to update
      <filename>/etc/shorewall/masq</filename> to masquerade to both ISPs. For
      example, if you masquerade all hosts connected to <filename