diff --git a/docs/IPSEC-2.6.xml b/docs/IPSEC-2.6.xml index 9e4e9e6a4..7a5ce6fdf 100644 --- a/docs/IPSEC-2.6.xml +++ b/docs/IPSEC-2.6.xml @@ -294,13 +294,15 @@ the following
- /etc/shorewall/tunnels — System A: + /etc/shorewall/tunnels — + System A: #TYPE ZONE GATEWAY GATEWAY ZONE ipsec net 134.28.54.2 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE - /etc/shorewall/tunnels — System B: + /etc/shorewall/tunnels — + System B: #TYPE ZONE GATEWAY GATEWAY ZONE ipsec net 206.162.148.9 @@ -320,8 +322,8 @@ ipsec net 206.162.148.9 zone called vpn to represent the remote subnet.
- /etc/shorewall/zones — Systems A and - B: + /etc/shorewall/zones — + Systems A and B: #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS @@ -340,13 +342,13 @@ net ipv4 from the HOSTS column.
- /etc/shorewall/hosts — System A + /etc/shorewall/hosts — System A #ZONE HOSTS OPTIONS vpn eth0:10.0.0.0/8,134.28.54.2 ipsec #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE - /etc/shorewall/hosts — System B + /etc/shorewall/hosts — System B #ZONE HOSTS OPTIONS vpn eth0:192.168.1.0/24,206.162.148.9 ipsec @@ -494,7 +496,7 @@ sec ipsec mode=tunnel mss=1400vpn to represent the remote host.
- /etc/shorewall/zones — System A + /etc/shorewall/zones — System A #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS @@ -524,7 +526,7 @@ ipsec net 0.0.0.0/0 vpn file:
- /etc/shorewall/hosts — System A: + /etc/shorewall/hosts — System A: #ZONE HOSTS OPTIONS vpn eth0:0.0.0.0/0 @@ -537,7 +539,7 @@ vpn eth0:0.0.0.0/0 On the laptop:
- /etc/shorewall/zones - System B: + /etc/shorewall/zones - System B: #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS @@ -546,13 +548,13 @@ net ipv4 loc ipv4 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE - /etc/shorewall/tunnels - System B: + /etc/shorewall/tunnels - System B: #TYPE ZONE GATEWAY GATEWAY ZONE ipsec net 206.162.148.9 vpn #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE - /etc/shorewall/hosts - System B: + /etc/shorewall/hosts - System B: #ZONE HOSTS OPTIONS vpn eth0:0.0.0.0/0 @@ -562,7 +564,7 @@ vpn eth0:0.0.0.0/0 On system A, here are the IPSEC files:
- /etc/racoon/racoon.conf - System A: + /etc/racoon/racoon.conf - System A: path certificate "/etc/certs" ; @@ -599,7 +601,7 @@ sainfo anonymous compression_algorithm deflate ; } - /etc/racoon/setkey.conf - System A: + /etc/racoon/setkey.conf - System A: flush; spdflush; @@ -725,7 +727,7 @@ spdadd 192.168.20.10/32 192.168.20.40/32 any -P out ipsec esp/transport/192.168. spdadd 192.168.20.40/32 192.168.20.10/32 any -P in ipsec esp/transport/192.168.20.40-192.168.20.10/require; - /etc/racoon/psk.txt: + /etc/racoon/psk.txt: 192.168.20.20 <key for 192.168.20.10<->192.168.20.20> 192.168.20.30 <key for 192.168.20.10<->192.168.20.30> @@ -744,20 +746,20 @@ spdadd 192.168.20.40/32 192.168.20.10/32 any -P in ipsec esp/transport/192.168. net eth0 detect routefilter,dhcp,tcpflags #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE - /etc/shorewall/tunnels: + /etc/shorewall/tunnels: #TYPE ZONE GATEWAY GATEWAY # ZONE ipsec:noah net 192.168.20.0/24 loc - /etc/shorewall/zones: + /etc/shorewall/zones: #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS loc ipsec mode=transport net ipv4 - /etc/shorewall/hosts: + /etc/shorewall/hosts: #ZONE HOST(S) OPTIONS loc eth0:192.168.20.0/24 diff --git a/docs/Shorewall_Squid_Usage.xml b/docs/Shorewall_Squid_Usage.xml index e55529947..7e989a378 100644 --- a/docs/Shorewall_Squid_Usage.xml +++ b/docs/Shorewall_Squid_Usage.xml @@ -61,8 +61,29 @@ In all cases, Squid should be configured to run as a - transparent proxy as described at http://www.tldp.org/HOWTO/TransparentProxy.html. + + The essence of this article is that you need the following in + your squid.conf: + + + + httpd_accel_host virtual + + + + httpd_accel_port 80 + + + + httpd_accel_with_proxy on + + + + httpd_accel_uses_host_header on + + @@ -249,4 +270,4 @@ ACCEPT loc $FW tcp 8080 ACCEPT $FW net tcp 80,443 - + \ No newline at end of file