diff --git a/docs/FAQ.xml b/docs/FAQ.xml
index 8692f6c4a..02f880f51 100644
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@@ -687,11 +687,9 @@ eth1:192.168.1.5 eth1 130.151.100.69That rule (and the second one in the previous bullet) only
works of course if you have a static external IP address. If you
have a dynamic IP address then include this in
- /etc/shorewall/params (or your
- <export directory>/init file if you are
- using Shorewall Lite on the firewall system):
+ /etc/shorewall/params.
- ETH0_IP=`find_first_interface_address eth0`
+ ETH0_IP=$(find_first_interface_address eth0)
and make your DNAT rule:
@@ -712,6 +710,14 @@ DNAT loc loc:192.168.1.5 tcp www -
+
+
+ If you run Shorewall-lite on your firewall, you must use the
+ following in the firewall's configuration directory
+ params file:
+
+ ETH0_IP=$(ssh root@firewall "/sbin/shorewall-lite call find_first_interface_address eth0")
+
@@ -2139,7 +2145,7 @@ gateway:~#
role="bold">Cleared, then a shorewall
clear command was executed). Most likely, you have installed
and configured the shorewall-init package and a
- required interface has gone down.
+ required interface has gone down.