mirror of https://github.com/tLDP/LDP
fix minor typos in IP-Masquerade-HOWTO.sgml
This commit is contained in:
parent
d2fb8f2b15
commit
21c27103e2
|
@ -1932,7 +1932,7 @@ of the kernel.
|
|||
(H.323 protocol, specific issues with network games), etc. It should be
|
||||
noted that the Patch-O-Matic patches used to come with the IPTABLES archive.
|
||||
This is no longer the case and you have to download them (if any) seperately.
|
||||
You can find the the various URLs for downloading IPTABLES, the
|
||||
You can find the various URLs for downloading IPTABLES, the
|
||||
Patch-o-matic system, etc. <XRef LinkEnd="kernel-2.4.x-Requirements">.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -3601,7 +3601,7 @@ for 2.2.x kernels in <XRef LinkEnd="rc.firewall-ipchains-stronger">, and
|
|||
the Stronger IPFWADM ruleset for 2.0.x kernels in
|
||||
<XRef LinkEnd="rc.firewall-ipfwadm-stronger">. Please note that these
|
||||
stronger firewall rulesets are more of a template than anything else.
|
||||
For truly secure firewall rulesets, check out the the requirements section
|
||||
For truly secure firewall rulesets, check out the requirements section
|
||||
of the HOWTO ( 2.4.x - <XRef LinkEnd="kernel-2.4.x-Requirements">, 2.2.x -
|
||||
<XRef LinkEnd="kernel-2.2.x-Requirements">, 2.0.x -
|
||||
<XRef LinkEnd="kernel-2.0.x-Requirements"> ).
|
||||
|
@ -4169,7 +4169,7 @@ ruleset, the firewall isn't executed until the last stages of booting. The
|
|||
preferred approach is to have the firewall loaded just after the networking
|
||||
subsystem is loaded. For now, the HOWTO only covers how to do so using
|
||||
/etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead
|
||||
and and modify the inet2 startup script to load the
|
||||
and modify the inet2 startup script to load the
|
||||
/etc/rc.d/rc.firewall-iptables file just after the network is up. If you
|
||||
want a more detailed guide and/or a stronger firewall ruleset, I recommend
|
||||
you check out Section 10 of TrinityOS found in the links section at
|
||||
|
@ -4395,7 +4395,7 @@ $MODPROBE ip_masq_raudio
|
|||
|
||||
|
||||
# Supports the masquerading of Quake and QuakeWorld by default. This modules is
|
||||
# for for multiple users behind the Linux MASQ server. If you are going to
|
||||
# for multiple users behind the Linux MASQ server. If you are going to
|
||||
# play Quake I, II, and III, use the second example.
|
||||
#
|
||||
# NOTE: If you get ERRORs loading the QUAKE module, you are running an old
|
||||
|
@ -4720,7 +4720,7 @@ ruleset, the firewall isn't executed until the last stages of booting. The
|
|||
preferred approach is to have the firewall loaded just after the networking
|
||||
subsystem is loaded. For now, the HOWTO only covers how to do so using
|
||||
/etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead
|
||||
and and modify the inet2 startup script to load the
|
||||
and modify the inet2 startup script to load the
|
||||
/etc/rc.d/rc.firewall-ipchains file just after the network is up. If you
|
||||
want a more detailed guide and/or a stronger firewall ruleset, I recommend
|
||||
you check out Section 10 of TrinityOS found in the links section at
|
||||
|
@ -5214,7 +5214,7 @@ ruleset, the firewall isn't executed until the last stages of booting. The
|
|||
preferred approach is to have the firewall loaded just after the networking
|
||||
subsystem is loaded. For now, the HOWTO only covers how to do so using
|
||||
/etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead
|
||||
and and modify the inet2 startup script to load the
|
||||
and modify the inet2 startup script to load the
|
||||
/etc/rc.d/rc.firewall-ipfwadm file just after the network is up. If you
|
||||
want a more detailed guide and/or a stronger firewall ruleset, I recommend
|
||||
you check out Section 10 of TrinityOS found in the links section at
|
||||
|
@ -5700,7 +5700,7 @@ the system.
|
|||
<Literal>As an initial test, ping</Literal> the Linux MASQ server to test the
|
||||
network connection: <Emphasis role="strong">'File/Run'</Emphasis>, type:
|
||||
<Literal>ping 192.168.0.1</Literal>(This is only an INTERNAL LAN connection
|
||||
test, you you might not be able to <Literal>ping</Literal> the outside world
|
||||
test, you might not be able to <Literal>ping</Literal> the outside world
|
||||
yet.) If you don't see any "replies" to your PINGs, please verify your network
|
||||
configuration.
|
||||
</para>
|
||||
|
@ -6678,7 +6678,7 @@ connectivity</Emphasis>
|
|||
</para>
|
||||
|
||||
<para>
|
||||
Next, from the same internal MASQed computer, try pinging the the IP address of
|
||||
Next, from the same internal MASQed computer, try pinging the IP address of
|
||||
the Linux MASQ server's INTERNAL interface (i.e. <Emphasis role="strong">ping
|
||||
192.168.0.1 </Emphasis>). This will verify that TCP/IP is correctly working
|
||||
on both the local and Linux MASQ machine. Almost ALL modern operating systems
|
||||
|
@ -9412,7 +9412,7 @@ Using -I (input ) rules:
|
|||
|
||||
<para>
|
||||
Probably the fastest and most efficient method to block traffic but it only
|
||||
stops the MASQed machines, and NOT the the firewall machine itself. Of course,
|
||||
stops the MASQed machines, and NOT the firewall machine itself. Of course,
|
||||
you might want to allow that combination.
|
||||
</para>
|
||||
|
||||
|
@ -9965,7 +9965,7 @@ $PORTFWIP variable:
|
|||
<Emphasis role="strong">PORTFW FTP: </Emphasis>If you have the
|
||||
"ip_conntrack_ftp" and "ip_nat_ftp" kernel modules loaded into kernel space
|
||||
(as already done in the rc.firewall-iptables script), the simple PREROUTING
|
||||
command like the one shown above changed for for port "21" should do the
|
||||
command like the one shown above changed for port "21" should do the
|
||||
trick. This is much easier than the configuration for the older IPCHAINS /
|
||||
IPFWADM tools for the 2.2.x / 2.0.x kernels!
|
||||
</para>
|
||||
|
@ -10285,7 +10285,7 @@ Masqueraded machine at IP address 192.168.0.10.
|
|||
port 80, that port can no longer be used by the Linux IP Masquerade server.
|
||||
To be more specific, if you have a WWW server already running on the MASQ
|
||||
server and then you port forward port 80 to an internal MASQed computer, ALL
|
||||
internet users will see the WWW pages pages from the -INTERNAL- WWW server and
|
||||
internet users will see the WWW pages, pages from the -INTERNAL- WWW server and
|
||||
not the pages on your IP MASQ server. This only performs a port forward to
|
||||
some other port, say 8080, to your internal MASQ machine. Though this will
|
||||
work, all Internet users will have to append <Emphasis role="strong">:8080
|
||||
|
@ -12041,7 +12041,7 @@ nasty MTU problem:
|
|||
Change your MASQ server's Internet Link MTU
|
||||
</para>
|
||||
|
||||
<para>This solution will work for any Linux kernel version but is is NOT a
|
||||
<para>This solution will work for any Linux kernel version but is NOT a
|
||||
solution if you have a PPPoE connection for DSL or Cablemodem users.
|
||||
</para>
|
||||
|
||||
|
@ -13588,7 +13588,7 @@ etc.). Fortunately, setting up this form of accounting is easy.
|
|||
<listitem>
|
||||
<para>
|
||||
Idea #3: Say you want to log all traffic going out onto the internet. You
|
||||
can setup a firewall rule to accept port 80 traffic with with the SYN bit set
|
||||
can setup a firewall rule to accept port 80 traffic with the SYN bit set
|
||||
and log it. Now mind you, this will create smaller log files than the idea
|
||||
above but you will only know the destination IP address and NOT the WWW pages
|
||||
viewed.
|
||||
|
@ -15955,7 +15955,7 @@ added additional formatting.
|
|||
|
||||
<listitem>
|
||||
<para>
|
||||
05/18/02: Added some extra # lines the commented section of the the
|
||||
05/18/02: Added some extra # lines the commented section of the
|
||||
rc.firewall-2.4-stronger ruleset to better serve Cut and Paste users.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -17009,7 +17009,7 @@ for the latter 2.2.x kernels.
|
|||
|
||||
<listitem>
|
||||
<para>
|
||||
Added a a possible solution for users that fail to get past MASQ test #5.
|
||||
Added a possible solution for users that fail to get past MASQ test #5.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
|
|
Loading…
Reference in New Issue