diff --git a/docs/Multiple_Zones.xml b/docs/Multiple_Zones.xml
index b3b6c79d6..e582a6806 100644
--- a/docs/Multiple_Zones.xml
+++ b/docs/Multiple_Zones.xml
@@ -185,7 +185,10 @@
![]()
- The advantage of this approach is that the zone
+
+ The Router in the above diagram is assumed to NOT be doing
+ SNAT for the hosts in the 192.168.2.0/24 network.
+ The advantage of this approach is that the zone
loc1
can use CONTINUE policies such that if a
connection request doesn't match a loc1
rule, it will
be matched against the loc
rules. For example, if your
@@ -233,7 +236,10 @@ loc1 loc NONE
![]()
- /etc/shorewall/zones
+
+ The Router in the above diagram is assumed to NOT be doing
+ SNAT for the hosts in the 192.168.2.0/24 network.
+ /etc/shorewall/zones
#ZONE TYPE OPTIONS
loc1 ipv4
diff --git a/docs/Shorewall_Squid_Usage.xml b/docs/Shorewall_Squid_Usage.xml
index 0a8f4339a..3543f3e2a 100644
--- a/docs/Shorewall_Squid_Usage.xml
+++ b/docs/Shorewall_Squid_Usage.xml
@@ -18,7 +18,7 @@
- 2003-2007
+ 2003-2008
Thomas M. Eastep
@@ -39,9 +39,9 @@
Proxy or as a Manual Proxy.
- This article applies to Shorewall 3.0 and
+ This article applies to Shorewall 4.0 and
later. If you are running a version of Shorewall earlier than Shorewall
- 3.0.0 then please see the documentation for that
+ 4.0.0 then please see the documentation for that
release.
@@ -199,9 +199,11 @@ Squid 1 202 - eth1 192.168.1.3 loose
- In /etc/shorewall/start add:
+ In /etc/shorewall/tcrules add:
- iptables -t mangle -A PREROUTING -i eth1 -s ! 192.168.1.3 -p tcp --dport 80 -j MARK --set-mark 202
+ #MARK SOURCE DEST PROTO DEST
+# PORT(S)
+202:P eth1:!192.168.1.3 0.0.0.0/0 tcp 80