diff --git a/docs/ECN.xml b/docs/ECN.xml index 069e3e25b..9d193fd1b 100644 --- a/docs/ECN.xml +++ b/docs/ECN.xml @@ -46,7 +46,7 @@ to hosts defined in the /etc/shorewall/ecn file. -
+
Explicit Congestion Notification (ECN) Explicit Congestion Notification (ECN) is described in RFC 3168 and @@ -90,11 +90,11 @@ - + Your external interface is eth0 and you want to disable ECN for tcp connections to 192.0.2.0/24: - +
/etc/shorewall/ecn diff --git a/docs/FAQ.xml b/docs/FAQ.xml index b0f129ce2..bc81bb194 100644 --- a/docs/FAQ.xml +++ b/docs/FAQ.xml @@ -43,10 +43,10 @@ release. -
+
Installing Shorewall -
+
Where do I find Step by Step Installation and Configuration Instructions? @@ -347,7 +347,7 @@ DNAT net fw:192.168.1.1:22 tcp 4104 you use a REDIRECT rule.
-
+
(FAQ 38) Where can I find more information about DNAT? Answer:Ian Allen has written a @@ -364,8 +364,8 @@ DNAT net fw:192.168.1.1:22 tcp 4104
-
- DNS and Port Forwarding/NAT +
+ DNS and Port Forwarding/NAT
(FAQ 2) I port forward www requests to www.mydomain.com (IP @@ -492,7 +492,7 @@ DNAT loc loc:192.168.1.5 tcp www - $ETH0 </listitem> </orderedlist> - <example> + <example id="Example1"> <title>Example: Zone: dmz, Interface: eth2, Subnet: 192.168.2.0/24, Address: 192.168.2.254 @@ -577,7 +577,7 @@ DNAT loc dmz:192.168.2.4 tcp 80 - $ETH0
-
+
Blacklisting
@@ -594,7 +594,7 @@ DNAT loc dmz:192.168.2.4 tcp 80 - $ETH0
-
+
Netmeeting/MSN
@@ -628,7 +628,7 @@ to debug/develop the newnat interface.
-
+
Open Ports
@@ -736,7 +736,7 @@ to debug/develop the newnat interface. nice integration of Shorewall and PortSentry.
-
+
(FAQ 4d) How do I use Shorewall with Snort-Inline? Answer:
-
+
Connection Problems
@@ -834,8 +834,8 @@ to debug/develop the newnat interface. documentation.
-
- (FAQ 63) I just upgraded my kernel to 2.6.20 and my + <section id="faq64"> + <title>(FAQ 64) I just upgraded my kernel to 2.6.20 and my bridge/firewall stopped working. What is wrong? Answer: In kernel 2.6.20, the @@ -855,7 +855,7 @@ to debug/develop the newnat interface.
-
+
Logging
@@ -974,8 +974,8 @@ DROP net fw udp 10619 - - Example + + Example MAC=00:04:4c:dc:e2:28:00:b0:8e:cf:3c:4c:08:00 @@ -1272,7 +1272,7 @@ DROP net fw udp 10619 - + Here is an example: Jun 27 15:37:56 gateway kernel: @@ -1460,7 +1460,7 @@ modprobe: Can't locate module iptable_raw
-
+
Routing
@@ -1501,7 +1501,7 @@ modprobe: Can't locate module iptable_raw
-
+
Starting and Stopping
@@ -1709,7 +1709,7 @@ iptables: Invalid argument
-
+
Multiple ISPs
@@ -1748,7 +1748,7 @@ iptables: Invalid argument
-
+
About Shorewall
@@ -1804,7 +1804,7 @@ iptables: Invalid argument /sbin/shorewall[-lite] version -
+
(FAQ 25a) How do I tell which version of Shorewall-perl and Shorewall-shell that I have intalled? @@ -1879,8 +1879,8 @@ iptables: Invalid argument
-
- (FAQ 64) How do I accomplish failover with Shorewall? +
+ (FAQ 65) How do I accomplish failover with Shorewall? Answer: This article @@ -1888,7 +1888,7 @@ iptables: Invalid argument
-
+
RFC 1918
@@ -1999,7 +1999,7 @@ eth0 eth1 # eth1 = interface to local netwo
-
+
Alias IP Addresses/Virtual Interfaces
@@ -2012,7 +2012,7 @@ eth0 eth1 # eth1 = interface to local netwo
-
+
Shorewall Lite
@@ -2133,7 +2133,7 @@ eth0 eth1 # eth1 = interface to local netwo
-
+
Miscellaneous
@@ -2156,7 +2156,7 @@ eth0 eth1 # eth1 = interface to local netwo net:<ip1>,<ip2>,... - + Example: ACCEPT net:192.0.2.16/28,192.0.2.44 fw tcp 22 diff --git a/docs/FTP.xml b/docs/FTP.xml index 535ae99fa..c9275b2c0 100644 --- a/docs/FTP.xml +++ b/docs/FTP.xml @@ -47,7 +47,7 @@ release. -
+
FTP Protocol FTP transfers involve two TCP connections. The first
-
+
Linux FTP connection-tracking Given the normal loc->net policy of ACCEPT, passive mode access @@ -205,7 +205,7 @@ ftp> to be loaded automatically by Shorewall. - + Example (Kernel 3.2.20) [root@lists etc]# lsmod @@ -290,7 +290,7 @@ xt_tcpudp 3328 0 /etc/shorewall/shorewall.conf to point to that directory.
-
+
FTP on Non-standard Ports @@ -313,7 +313,7 @@ xt_tcpudp 3328 0 order to use FTP on a non-standard port. - + if you run an FTP server that listens on port 49 or you need to access a server on the internet that listens on that port then you would have: @@ -391,7 +391,7 @@ DNAT ACTION = the preferred way to generate the rules described above. Here are a couple of examples. - + Server running behind a Masquerading Gateway Suppose that you run an FTP server on 192.168.1.5 in your local @@ -400,7 +400,7 @@ DNAT ACTION = #ACTION SOURCE DESTINATION PROTO PORT(S) SOURCE ORIGINAL # PORT(S) DESTINATION FTP/DNAT net loc:192.168.1.5 - + Allow your DMZ FTP access to the Internet #ACTION SOURCE DESTINATION PROTO PORT(S) SOURCE ORIGINAL diff --git a/docs/GenericTunnels.xml b/docs/GenericTunnels.xml index f82d59258..8c27305e7 100644 --- a/docs/GenericTunnels.xml +++ b/docs/GenericTunnels.xml @@ -45,7 +45,7 @@ can generally describe the tunneling software using generic tunnels. -
+
Bridging two Masqueraded Networks Suppose that we have the following situation: diff --git a/docs/GettingStarted.xml b/docs/GettingStarted.xml index 337113ff7..481bba0d1 100644 --- a/docs/GettingStarted.xml +++ b/docs/GettingStarted.xml @@ -34,7 +34,7 @@ -
+
Getting Started If you are new to Shorewall, please read these two articles diff --git a/docs/Install.xml b/docs/Install.xml index 5c15769cd..da57d8e7c 100644 --- a/docs/Install.xml +++ b/docs/Install.xml @@ -272,7 +272,7 @@ described in the Bering (or Bering uClibc) documentation.
-
+
Install the .deb @@ -307,7 +307,7 @@ Pin-Priority: 700Then /etc/default/shorewall.
-
+
General Notes about Upgrading Shorewall Most problems associated with upgrades come from two causes: @@ -594,7 +594,7 @@ tar -xzvf /mnt/package2.lrp contain all of the information you need.
-
+
Uninstall/Fallback See Fallback and diff --git a/docs/fallback.xml b/docs/fallback.xml index 8e8c25536..a92e98b75 100644 --- a/docs/fallback.xml +++ b/docs/fallback.xml @@ -34,7 +34,7 @@ -
+
Falling Back to the Previous Version of Shorewall using the Fallback Script @@ -62,7 +62,7 @@
-
+
Falling Back to the Previous Version of Shorewall using rpm If your previous version of Shorewall was installed using RPM, you @@ -72,7 +72,7 @@ 3.1.1-0 version of Shorewall).
-
+
Uninstalling Shorewall If you no longer wish to use Shorewall, you may remove it by: @@ -92,13 +92,13 @@ rpm -e shorewall.
-
+
Shorewall-shell and Shorewall-perl Shorewall-shell and Shoreall-perl have no configuration files and all of their released files are installed in a single directory. To fallback to a prior release of one of these products using the tarballs, - simple re-install the older version. + simple re-install the older version. To uninstal these products when they have been installed using the tarballs: