From bc19a80ac4c320f4fe815f83d3d61b163b83657c Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 14 Aug 2010 07:14:52 -0700 Subject: [PATCH] Correct FAQ 2 for Shorewall-lite --- docs/FAQ.xml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/docs/FAQ.xml b/docs/FAQ.xml index 8692f6c4a..02f880f51 100644 --- a/docs/FAQ.xml +++ b/docs/FAQ.xml @@ -687,11 +687,9 @@ eth1:192.168.1.5 eth1 130.151.100.69That rule (and the second one in the previous bullet) only works of course if you have a static external IP address. If you have a dynamic IP address then include this in - /etc/shorewall/params (or your - <export directory>/init file if you are - using Shorewall Lite on the firewall system): + /etc/shorewall/params. - ETH0_IP=`find_first_interface_address eth0` + ETH0_IP=$(find_first_interface_address eth0) and make your DNAT rule: @@ -712,6 +710,14 @@ DNAT loc loc:192.168.1.5 tcp www - + + + If you run Shorewall-lite on your firewall, you must use the + following in the firewall's configuration directory + params file: + + ETH0_IP=$(ssh root@firewall "/sbin/shorewall-lite call find_first_interface_address eth0") + @@ -2139,7 +2145,7 @@ gateway:~# role="bold">Cleared, then a shorewall clear command was executed). Most likely, you have installed and configured the shorewall-init package and a - required interface has gone down. + required interface has gone down.