diff --git a/Shorewall-docs2/MultiISP.xml b/Shorewall-docs2/MultiISP.xml
index 7f5c5dc9b..ef337e45d 100644
--- a/Shorewall-docs2/MultiISP.xml
+++ b/Shorewall-docs2/MultiISP.xml
@@ -15,7 +15,7 @@
- 2006-01-02
+ 2006-02-062005
@@ -212,7 +212,7 @@
be tracked so that responses may be routed back out this
same interface.
- You want specify 'track' if internet hosts will be
+ You want to specify 'track' if internet hosts will be
connecting to local servers through this provider. Any time
that you specify 'track', you will also want to specify
'balance' (see below).
diff --git a/Shorewall-docs2/Xen.xml b/Shorewall-docs2/Xen.xml
index a28efc9fa..efc752a6e 100644
--- a/Shorewall-docs2/Xen.xml
+++ b/Shorewall-docs2/Xen.xml
@@ -15,7 +15,7 @@
- 2006-01-01
+ 2006-02-022006
@@ -110,6 +110,17 @@
run at shorewall.net.
+
+ /etc/shorewall/shorewall.conf
+
+ Because Xen uses normal Linux bridging, you must enable bridge
+ support in shorewall.conf
+
+
+ BRIDGING=Yes
+
+
+
/etc/shorewall/zones
@@ -119,8 +130,8 @@
xenbr0:vif0.0. In this case, I
call this second zone ursa (which is
the name given to the virtual system running in Domain 0); that zone
- corresponds roughly to what is shown as the Extended Domain 0
- above.
+ corresponds to Domain 0 as seen from the outside in the diagram above
+ (see more below).
# OPTIONS OPTIONS
@@ -216,10 +227,17 @@ Ping/ACCEPT dmz ursaHere, 192.168.0.0/22 comprises my local network.
- From the point of view of Shorewall, the zone diagram is as shown
- in the following diagram.
+ From the point of view of Shorewall, the zone diagram
+ is as shown in the following diagram.
+
+ Note that the ursa zone subsumes
+ the fw zone because the ursa zone is defined to be all systems that
+ interface to xenbr0's vif0.0 port — it is the rules governing traffic
+ to/from the ursa zone that protect the
+ firewall in this configuration.