Menu
▾
▴
Re: [Shorewall-devel] Idea: permit /etc/shorewall/masq to contain zones, as well as interfaces
|
From: Tom E. <te...@sh...> - 2005-01-25 16:37:40
|
Tom Eastep wrote: > Paul Gear wrote: > >>Richard Neill wrote: >> >> >>>... >>> >>>It seems a bit odd - Shorewall's paradigm seemed to me to be about >>>routing traffic from one zone to another, rather than from one >>>interface to another. I wondered where exactly the packets would go, >>>if they had two alternative destinations. >> >> >>Shorewall doesn't control where your packets go - routing does. All >>shorewall is doing is saying, "For packets that are going from A to B, >>masquerade them." It doesn't control the fact that they go from A to B. >> >> >>>... >>>Thanks. Sorry, I didn't have net access at the time I was setting it >>>up, and was relying only on the comments in the /etc/shorewall/masq file. >>>Perhaps this is an example worthy of inclusion? >> >> >>Install the shorewall documentation - it includes the FAQ. >> >> >>>... >>>Perhaps it might be worth adding a sentence like the following (but >>>better written!) into /etc/shorewall/masq, to prevent against this >>>sort of confusion: >>> >>>--------- >>># Example 6: >>># >>># You want all traffic from the local zone to be masqueraded >>># and sent out to the net zone. In this case, it is necessary >>># to specify interfaces rather than zones, but it is OK to >>># have more than one destination. Eg eth1 is the internal network; >>># eth0 and/or ppp0 are connected to the Internet. For example, >>># a DSL internet connection with a dialup system for backup. >>># >>># eth0 eth1 >>># ppp0 eth1 >>># >> >> >>I think that would be a useful addition regardless, since it's a typical >>situation. Of course, that means it needs to be maintained like >>documentation, which brings its own problems, right Tom? :-) > > > And this is covered completely in the Quickstart Guides -- sounds like > the OP failed to find those also. I haven't a clue how people find and > install Shorewall but miss the documentation -- the download page is > plastered with links to the docs. The INSTALL file in the .rpm and .tgz > contains links to the docs. Is someone running around the world writing > the download URL on men's room walls????? They must be writing the > address of the mailing list too, because people seem to be able to find > THAT also without being able to find the documentation. > I shouldn't write email responses before my first coffee. The case that the OP is talking about is NOT covered in the Quickstart Guides. I'll consider adding it to the docs at least, after 2.2.0 is out. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key |
