forked from extern/shorewall_code
fixed quotes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@940 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
mhnoyes
parent
06516f33b5
commit
8e9dc1fcc3
@ -32,8 +32,8 @@
|
|||||||
document under the terms of the GNU Free Documentation License, Version
|
document under the terms of the GNU Free Documentation License, Version
|
||||||
1.2 or any later version published by the Free Software Foundation; with
|
1.2 or any later version published by the Free Software Foundation; with
|
||||||
no Invariant Sections, with no Front-Cover, and with no Back-Cover
|
no Invariant Sections, with no Front-Cover, and with no Back-Cover
|
||||||
Texts. A copy of the license is included in the section entitled "<ulink
|
Texts. A copy of the license is included in the section entitled <quote><ulink
|
||||||
url="GnuCopyright.htm">GNU Free Documentation License</ulink>".</para>
|
url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
|
||||||
</legalnotice>
|
</legalnotice>
|
||||||
</articleinfo>
|
</articleinfo>
|
||||||
|
|
||||||
@ -61,7 +61,7 @@
|
|||||||
<para>We want systems in the 2002:100:333::/64 subnetwork to be able to
|
<para>We want systems in the 2002:100:333::/64 subnetwork to be able to
|
||||||
communicate with the systems in the 2002:488:999::/64 network. This is
|
communicate with the systems in the 2002:488:999::/64 network. This is
|
||||||
accomplished through use of the /etc/shorewall/tunnels file and the
|
accomplished through use of the /etc/shorewall/tunnels file and the
|
||||||
"ip" utility for network interface and routing configuration.</para>
|
<quote>ip</quote> utility for network interface and routing configuration.</para>
|
||||||
|
|
||||||
<para>Unlike GRE and IPIP tunneling, the /etc/shorewall/policy,
|
<para>Unlike GRE and IPIP tunneling, the /etc/shorewall/policy,
|
||||||
/etc/shorewall/interfaces and /etc/shorewall/zones files are not used.
|
/etc/shorewall/interfaces and /etc/shorewall/zones files are not used.
|
||||||
@ -153,4 +153,4 @@
|
|||||||
commands as listed above. The systems in both IPv6 subnetworks can now
|
commands as listed above. The systems in both IPv6 subnetworks can now
|
||||||
talk to each other using IPv6.</para>
|
talk to each other using IPv6.</para>
|
||||||
</section>
|
</section>
|
||||||
</article>
|
</article>
|
||||||
|
|||||||
@ -30,8 +30,8 @@
|
|||||||
document under the terms of the GNU Free Documentation License, Version
|
document under the terms of the GNU Free Documentation License, Version
|
||||||
1.2 or any later version published by the Free Software Foundation; with
|
1.2 or any later version published by the Free Software Foundation; with
|
||||||
no Invariant Sections, with no Front-Cover, and with no Back-Cover
|
no Invariant Sections, with no Front-Cover, and with no Back-Cover
|
||||||
Texts. A copy of the license is included in the section entitled "<ulink
|
Texts. A copy of the license is included in the section entitled <quote><ulink
|
||||||
url="GnuCopyright.htm">GNU Free Documentation License</ulink>".</para>
|
url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
|
||||||
</legalnotice>
|
</legalnotice>
|
||||||
</articleinfo>
|
</articleinfo>
|
||||||
|
|
||||||
@ -163,7 +163,7 @@
|
|||||||
connections, from the outside, these would fail and I could not
|
connections, from the outside, these would fail and I could not
|
||||||
understand why. Eventually, I changed the default route on the internal
|
understand why. Eventually, I changed the default route on the internal
|
||||||
system I was trying to access, to point to the new firewall and
|
system I was trying to access, to point to the new firewall and
|
||||||
"bingo", everything worked as expected. This oversight delayed
|
<quote>bingo</quote>, everything worked as expected. This oversight delayed
|
||||||
my deployment by a couple of days not to mention level of frustration it
|
my deployment by a couple of days not to mention level of frustration it
|
||||||
produced.</para>
|
produced.</para>
|
||||||
|
|
||||||
@ -171,11 +171,11 @@
|
|||||||
system in the DMZ. Initially I forgot to remove the entry for the eth2
|
system in the DMZ. Initially I forgot to remove the entry for the eth2
|
||||||
from the /etc/shorewall/masq file. Once my file settings were correct, I
|
from the /etc/shorewall/masq file. Once my file settings were correct, I
|
||||||
started verifying that the ARP caches on the firewall, as well as the
|
started verifying that the ARP caches on the firewall, as well as the
|
||||||
outside system "kaos", were showing the correct Ethernet MAC
|
outside system <quote>kaos</quote>, were showing the correct Ethernet MAC
|
||||||
address. However, in testing remote access, I could access the system in
|
address. However, in testing remote access, I could access the system in
|
||||||
the DMZ only from the firewall and LAN but not from the Internet. The
|
the DMZ only from the firewall and LAN but not from the Internet. The
|
||||||
message I received was "connection denied" on all protocols.
|
message I received was <quote>connection denied</quote> on all protocols.
|
||||||
What I did not realize was that a "helpful" administrator that
|
What I did not realize was that a <quote>helpful</quote> administrator that
|
||||||
had turned on an old system and assigned the same address as the one I
|
had turned on an old system and assigned the same address as the one I
|
||||||
was using for Proxyarp without notifying me. How did I work this out. I
|
was using for Proxyarp without notifying me. How did I work this out. I
|
||||||
shutdown the system in the DMZ, rebooted the router and flushed the ARP
|
shutdown the system in the DMZ, rebooted the router and flushed the ARP
|
||||||
@ -255,7 +255,7 @@
|
|||||||
# L O G G I N G
|
# L O G G I N G
|
||||||
##############################################################################
|
##############################################################################
|
||||||
LOGFILE=/var/log/messages
|
LOGFILE=/var/log/messages
|
||||||
LOGFORMAT="Shorewall:%s:%s:"
|
LOGFORMAT=<quote>Shorewall:%s:%s:</quote>
|
||||||
LOGRATE=
|
LOGRATE=
|
||||||
LOGBURST=
|
LOGBURST=
|
||||||
LOGUNCLEAN=info
|
LOGUNCLEAN=info
|
||||||
@ -519,7 +519,7 @@ qt service ipsec start</programlisting>
|
|||||||
# Shorewall 1.4 -- /etc/shorewall/stop
|
# Shorewall 1.4 -- /etc/shorewall/stop
|
||||||
#
|
#
|
||||||
# Add commands below that you want to be executed at the beginning of a
|
# Add commands below that you want to be executed at the beginning of a
|
||||||
# "shorewall stop" command.
|
# <quote>shorewall stop</quote> command.
|
||||||
#
|
#
|
||||||
qt service ipsec stop</programlisting>
|
qt service ipsec stop</programlisting>
|
||||||
</section>
|
</section>
|
||||||
@ -531,9 +531,9 @@ qt service ipsec stop</programlisting>
|
|||||||
# Shorewall 1.4 -- /etc/shorewall/init
|
# Shorewall 1.4 -- /etc/shorewall/init
|
||||||
#
|
#
|
||||||
# Add commands below that you want to be executed at the beginning of
|
# Add commands below that you want to be executed at the beginning of
|
||||||
# a "shorewall start" or "shorewall restart" command.
|
# a <quote>shorewall start</quote> or <quote>shorewall restart</quote> command.
|
||||||
#
|
#
|
||||||
qt service ipsec stop</programlisting>
|
qt service ipsec stop</programlisting>
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
</article>
|
</article>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user