holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Update FAQ, PPTP and Tunnel docs to warn about POM PPTP and GRE Tunnels

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1351 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-05-22 16:15:58 +00:00
parent 70e2a0f386
commit e12cb03fca
3 changed files with 31 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
Shorewall-docs2/FAQ.xml
View File

@ -17,7 +17,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2004-05-18</pubdate> <pubdate>2004-05-21</pubdate>
<copyright> <copyright>
<year>2001-2004</year> <year>2001-2004</year>
@ -520,29 +520,9 @@ eth2 192.168.2.0/24</programlisting>
<title>(FAQ 5) I&#39;ve installed Shorewall and now I can&#39;t ping <title>(FAQ 5) I&#39;ve installed Shorewall and now I can&#39;t ping
through the firewall</title> through the firewall</title>
<para><emphasis role="bold">Answer:</emphasis> If you want your firewall <para><emphasis role="bold">Answer:</emphasis> For a complete
to be totally open for <quote>ping</quote>,</para> description of Shorewall <quote>ping</quote> management, see <ulink
url="ping.html">this page</ulink>.</para>
<orderedlist>
<listitem>
<para>Create <filename>/etc/shorewall/common</filename> if it
doesn&#39;t already exist.</para>
</listitem>
<listitem>
<para>Be sure that the first command in the file is <quote>.
<filename>/etc/shorewall/common.de</filename>f</quote></para>
</listitem>
<listitem>
<para>Add the following to <filename>/etc/shorewall/common</filename></para>
<programlisting><command>run_iptables -A icmpdef -p ICMP --icmp-type echo-request -j ACCEPT</command></programlisting>
</listitem>
</orderedlist>
<para>For a complete description of Shorewall <quote>ping</quote>
management, see <ulink url="ping.html">this page</ulink>.</para>
</section> </section>
<section id="faq15"> <section id="faq15">
@ -1753,7 +1733,8 @@ iptables: Invalid argument
<appendix> <appendix>
<title>Revision History</title> <title>Revision History</title>
<para><revhistory><revision><revnumber>1.25</revnumber><date>2004-05-18</date><authorinitials>TE</authorinitials><revremark>Empty <para><revhistory><revision><revnumber>1.26</revnumber><date>2004-05-18</date><authorinitials>TE</authorinitials><revremark>Delete
obsolete ping information.</revremark></revision><revision><revnumber>1.25</revnumber><date>2004-05-18</date><authorinitials>TE</authorinitials><revremark>Empty
/etc/shorewall on Debian.</revremark></revision><revision><revnumber>1.25</revnumber><date>2004-05-08</date><authorinitials>TE</authorinitials><revremark>Update /etc/shorewall on Debian.</revremark></revision><revision><revnumber>1.25</revnumber><date>2004-05-08</date><authorinitials>TE</authorinitials><revremark>Update
for Shorewall 2.0.2</revremark></revision><revision><revnumber>1.24</revnumber><date>2004-04-25</date><authorinitials>TE</authorinitials><revremark>Add for Shorewall 2.0.2</revremark></revision><revision><revnumber>1.24</revnumber><date>2004-04-25</date><authorinitials>TE</authorinitials><revremark>Add
MA Brown&#39;s notes on multi-ISP routing.</revremark></revision><revision><revnumber>1.23</revnumber><date>2004-04-22</date><authorinitials>TE</authorinitials><revremark>Refined MA Brown&#39;s notes on multi-ISP routing.</revremark></revision><revision><revnumber>1.23</revnumber><date>2004-04-22</date><authorinitials>TE</authorinitials><revremark>Refined

10
Shorewall-docs2/IPIP.xml
View File

@ -15,7 +15,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2003-02-22</pubdate> <pubdate>2004-05-22</pubdate>
<copyright> <copyright>
<year>2001</year> <year>2001</year>
@ -24,6 +24,8 @@
<year>2003</year> <year>2003</year>
<year>2004</year>
<holder>Thomas M. Eastep</holder> <holder>Thomas M. Eastep</holder>
</copyright> </copyright>
@ -80,6 +82,12 @@
<programlisting>tunnel_type=gre</programlisting> <programlisting>tunnel_type=gre</programlisting>
</example> </example>
<warning>
<para>If you use the PPTP connection tracking modules from Netfilter
Patch-O-Matic (ip_conntrack_proto_gre ip_conntrack_pptp,
ip_nat_proto_gre and ip_nat_pptp) then you cannot use GRE tunnels.</para>
</warning>
<para>On each firewall, you will need to declare a zone to represent the <para>On each firewall, you will need to declare a zone to represent the
remote subnet. We&#39;ll assume that this zone is called <quote>vpn</quote> remote subnet. We&#39;ll assume that this zone is called <quote>vpn</quote>
and declare it in /etc/shorewall/zones on both systems as follows.</para> and declare it in /etc/shorewall/zones on both systems as follows.</para>

17
Shorewall-docs2/PPTP.xml
View File

@ -15,7 +15,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2004-04-15</pubdate> <pubdate>2004-05-22</pubdate>
<copyright> <copyright>
<year>2001</year> <year>2001</year>
@ -39,6 +39,16 @@
</legalnotice> </legalnotice>
<revhistory> <revhistory>
<revision>
<revnumber>1.3</revnumber>
<date>2004-05-22</date>
<authorinitials>TE</authorinitials>
<revremark>Warning about PPTP conntrack patch and GRE tunnels.</revremark>
</revision>
<revision> <revision>
<revnumber>1.2</revnumber> <revnumber>1.2</revnumber>
@ -935,6 +945,11 @@ loadmodule ip_nat_proto_gre</programlisting>
<para>For LEAF/Bering users, the 2.4.20 kernel as already been patched as <para>For LEAF/Bering users, the 2.4.20 kernel as already been patched as
described at the URL above and the three modules are included in the described at the URL above and the three modules are included in the
Bering 1.2 modules tarball.</para> Bering 1.2 modules tarball.</para>
<warning>
<para>Installing the above modules will prevent any GRE tunnels that you
have from working correctly.</para>
</warning>
</section> </section>
<section id="ClientFW"> <section id="ClientFW">