Minor vserver doc update

2010-07-02 13:34:21 -07:00 · 2010-07-02 13:34:21 -07:00 · c8274f0538
commit c8274f0538
parent 63154367ad
2 changed files with 29 additions and 4 deletions
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@ -1682,14 +1682,13 @@ sub generate_loopback_rules1( $$$$ ) {
 	    
 	for my $typeref ( values %{$dest_hosts_ref} ) {
 	    for my $hostref ( @{$typeref->{'%vserver%'}} ) {
-		my $ipsec_match = match_ipsec_out $z2 , $hostref;
 		my $exclusion   = dest_exclusion( $hostref->{exclusions}, $chain); 

 		for my $net ( @{$hostref->{hosts}} ) {
 		    add_jump( $chainref, 
 			      $exclusion ,
 			      0,
-			      join('', $match, $ipsec_match,, match_dest_net( $net ) ) ) 
+			      join('', $match, match_dest_net( $net ) ) ) 
 		}
 	    }
 	}
--- a/docs/Vserver.xml
+++ b/docs/Vserver.xml
@ -53,8 +53,9 @@

      <listitem>
        <para>Their contents must be defined using the <ulink
-        url="manpages/shorewall-hosts.html">shorewall-hosts </ulink>(5)
-        file.</para>
+        url="manpages/shorewall-hosts.html">shorewall-hosts </ulink>(5) file.
+        The <emphasis role="bold">ipsec</emphasis> option may not be
+        specified.</para>
      </listitem>

      <listitem>
@ -82,6 +83,31 @@
        applications. Such connections will appear to come from the $FW zone
        rather than the intended Vserver zone.</para>
      </listitem>
+
+      <listitem>
+        <para>While you can define the vservers to be associated with the
+        network interface where their IP addresses are added at vserver
+        startup time, Shorewall internally associates all vservers with the
+        loopback interface (<emphasis role="bold">lo</emphasis>). Here's an
+        example of how that association can show up:</para>
+
+        <programlisting>gateway:~# shorewall show zones
+Shorewall 4.4.11-Beta2 Zones at gateway - Fri Jul  2 12:26:30 PDT 2010
+
+fw (firewall)
+drct (ipv4)
+   eth4:+drct_eth4
+loc (ipv4)
+   eth4:0.0.0.0/0
+net (ipv4)
+   eth1:0.0.0.0/0
+vpn (ipv4)
+   tun+:0.0.0.0/0
+dmz (<emphasis role="bold">vserver</emphasis>)
+   <emphasis role="bold">lo</emphasis>:70.90.191.124/31
+
+gateway:~#</programlisting>
+      </listitem>
    </itemizedlist>
  </section>