Update Local Squid example to use tcrules rather than /etc/shorewall/start

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8830 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2008-10-31 16:32:22 +00:00 · 2008-10-31 16:32:22 +00:00 · a3c94ab131
commit a3c94ab131
parent 8a3b419c11
2 changed files with 15 additions and 7 deletions
--- a/docs/Multiple_Zones.xml
+++ b/docs/Multiple_Zones.xml
@ -185,7 +185,10 @@

        <graphic fileref="images/MultiZone1A.png" />

-        <para>The advantage of this approach is that the zone
+        <para><note>
+            <para>The Router in the above diagram is assumed to NOT be doing
+            SNAT for the hosts in the 192.168.2.0/24 network.</para>
+          </note>The advantage of this approach is that the zone
        <quote>loc1</quote> can use CONTINUE policies such that if a
        connection request doesn't match a <quote>loc1</quote> rule, it will
        be matched against the <quote>loc</quote> rules. For example, if your
@ -233,7 +236,10 @@ loc1                loc                  NONE</programlisting>

        <graphic fileref="images/MultiZone1B.png" />

-        <para><filename>/etc/shorewall/zones</filename></para>
+        <para><note>
+            <para>The Router in the above diagram is assumed to NOT be doing
+            SNAT for the hosts in the 192.168.2.0/24 network.</para>
+          </note><filename>/etc/shorewall/zones</filename></para>

        <programlisting>#ZONE       TYPE      OPTIONS
 loc1        ipv4
--- a/docs/Shorewall_Squid_Usage.xml
+++ b/docs/Shorewall_Squid_Usage.xml
@ -18,7 +18,7 @@
    <pubdate><?dbtimestamp format="Y/m/d"?></pubdate>

    <copyright>
-      <year>2003-2007</year>
+      <year>2003-2008</year>

      <holder>Thomas M. Eastep</holder>
    </copyright>
@ -39,9 +39,9 @@
  Proxy or as a Manual Proxy.</para>

  <caution>
-    <para><emphasis role="bold">This article applies to Shorewall 3.0 and
+    <para><emphasis role="bold">This article applies to Shorewall 4.0 and
    later. If you are running a version of Shorewall earlier than Shorewall
-    3.0.0 then please see the documentation for that
+    4.0.0 then please see the documentation for that
    release.</emphasis></para>
  </caution>

@ -199,9 +199,11 @@ Squid   1       202     -               eth1            192.168.1.3     loose</p
        </listitem>

        <listitem>
-          <para>In <filename>/etc/shorewall/start</filename> add:</para>
+          <para>In <filename>/etc/shorewall/tcrules</filename> add:</para>

-          <programlisting><command>iptables -t mangle -A PREROUTING -i eth1 -s ! 192.168.1.3 -p tcp --dport 80 -j MARK --set-mark 202</command>         </programlisting>
+          <programlisting>#MARK    SOURCE              DEST        PROTO    DEST
+#                                                 PORT(S)
+202:P    eth1:!192.168.1.3   0.0.0.0/0   tcp      80</programlisting>
        </listitem>

        <listitem>