LDP
/
LDP
mirror of https://github.com/tLDP/LDP
0
1
Fork 0
Code Releases Activity

fix minor typos in IP-Masquerade-HOWTO.sgml

This commit is contained in:
Jason Leschnik 2016-10-24 19:47:27 +11:00
parent d2fb8f2b15
commit 21c27103e2
1 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
LDP/howto/docbook/IP-Masquerade-HOWTO.sgml
View File

@ -1932,7 +1932,7 @@ of the kernel.
(H.323 protocol, specific issues with network games), etc. It should be
noted that the Patch-O-Matic patches used to come with the IPTABLES archive.
This is no longer the case and you have to download them (if any) seperately.
You can find the the various URLs for downloading IPTABLES, the
You can find the various URLs for downloading IPTABLES, the
Patch-o-matic system, etc. <XRef LinkEnd="kernel-2.4.x-Requirements">.
</para>
</listitem>
@ -3601,7 +3601,7 @@ for 2.2.x kernels in <XRef LinkEnd="rc.firewall-ipchains-stronger">, and
the Stronger IPFWADM ruleset for 2.0.x kernels in
<XRef LinkEnd="rc.firewall-ipfwadm-stronger">. Please note that these
stronger firewall rulesets are more of a template than anything else.
For truly secure firewall rulesets, check out the the requirements section
For truly secure firewall rulesets, check out the requirements section
of the HOWTO ( 2.4.x - <XRef LinkEnd="kernel-2.4.x-Requirements">, 2.2.x -
<XRef LinkEnd="kernel-2.2.x-Requirements">, 2.0.x -
<XRef LinkEnd="kernel-2.0.x-Requirements"> ).
@ -4169,7 +4169,7 @@ ruleset, the firewall isn't executed until the last stages of booting. The
preferred approach is to have the firewall loaded just after the networking
subsystem is loaded. For now, the HOWTO only covers how to do so using
/etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead
and and modify the inet2 startup script to load the
and modify the inet2 startup script to load the
/etc/rc.d/rc.firewall-iptables file just after the network is up. If you
want a more detailed guide and/or a stronger firewall ruleset, I recommend
you check out Section 10 of TrinityOS found in the links section at
@ -4395,7 +4395,7 @@ $MODPROBE ip_masq_raudio
# Supports the masquerading of Quake and QuakeWorld by default. This modules is
# for for multiple users behind the Linux MASQ server. If you are going to
# for multiple users behind the Linux MASQ server. If you are going to
# play Quake I, II, and III, use the second example.
#
# NOTE: If you get ERRORs loading the QUAKE module, you are running an old
@ -4720,7 +4720,7 @@ ruleset, the firewall isn't executed until the last stages of booting. The
preferred approach is to have the firewall loaded just after the networking
subsystem is loaded. For now, the HOWTO only covers how to do so using
/etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead
and and modify the inet2 startup script to load the
and modify the inet2 startup script to load the
/etc/rc.d/rc.firewall-ipchains file just after the network is up. If you
want a more detailed guide and/or a stronger firewall ruleset, I recommend
you check out Section 10 of TrinityOS found in the links section at
@ -5214,7 +5214,7 @@ ruleset, the firewall isn't executed until the last stages of booting. The
preferred approach is to have the firewall loaded just after the networking
subsystem is loaded. For now, the HOWTO only covers how to do so using
/etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead
and and modify the inet2 startup script to load the
and modify the inet2 startup script to load the
/etc/rc.d/rc.firewall-ipfwadm file just after the network is up. If you
want a more detailed guide and/or a stronger firewall ruleset, I recommend
you check out Section 10 of TrinityOS found in the links section at
@ -5700,7 +5700,7 @@ the system.
<Literal>As an initial test, ping</Literal> the Linux MASQ server to test the
network connection: <Emphasis role="strong">'File/Run'</Emphasis>, type:
<Literal>ping 192.168.0.1</Literal>(This is only an INTERNAL LAN connection
test, you you might not be able to <Literal>ping</Literal> the outside world
test, you might not be able to <Literal>ping</Literal> the outside world
yet.) If you don't see any "replies" to your PINGs, please verify your network
configuration.
</para>
@ -6678,7 +6678,7 @@ connectivity</Emphasis>
</para>
<para>
Next, from the same internal MASQed computer, try pinging the the IP address of
Next, from the same internal MASQed computer, try pinging the IP address of
the Linux MASQ server's INTERNAL interface (i.e. <Emphasis role="strong">ping
192.168.0.1 </Emphasis>). This will verify that TCP/IP is correctly working
on both the local and Linux MASQ machine. Almost ALL modern operating systems
@ -9412,7 +9412,7 @@ Using -I (input ) rules:
<para>
Probably the fastest and most efficient method to block traffic but it only
stops the MASQed machines, and NOT the the firewall machine itself. Of course,
stops the MASQed machines, and NOT the firewall machine itself. Of course,
you might want to allow that combination.
</para>
@ -9965,7 +9965,7 @@ $PORTFWIP variable:
<Emphasis role="strong">PORTFW FTP: </Emphasis>If you have the
"ip_conntrack_ftp" and "ip_nat_ftp" kernel modules loaded into kernel space
(as already done in the rc.firewall-iptables script), the simple PREROUTING
command like the one shown above changed for for port "21" should do the
command like the one shown above changed for port "21" should do the
trick. This is much easier than the configuration for the older IPCHAINS /
IPFWADM tools for the 2.2.x / 2.0.x kernels!
</para>
@ -10285,7 +10285,7 @@ Masqueraded machine at IP address 192.168.0.10.
port 80, that port can no longer be used by the Linux IP Masquerade server.
To be more specific, if you have a WWW server already running on the MASQ
server and then you port forward port 80 to an internal MASQed computer, ALL
internet users will see the WWW pages pages from the -INTERNAL- WWW server and
internet users will see the WWW pages, pages from the -INTERNAL- WWW server and
not the pages on your IP MASQ server. This only performs a port forward to
some other port, say 8080, to your internal MASQ machine. Though this will
work, all Internet users will have to append <Emphasis role="strong">:8080
@ -12041,7 +12041,7 @@ nasty MTU problem:
Change your MASQ server's Internet Link MTU
</para>
<para>This solution will work for any Linux kernel version but is is NOT a
<para>This solution will work for any Linux kernel version but is NOT a
solution if you have a PPPoE connection for DSL or Cablemodem users.
</para>
@ -13588,7 +13588,7 @@ etc.). Fortunately, setting up this form of accounting is easy.
<listitem>
<para>
Idea #3: Say you want to log all traffic going out onto the internet. You
can setup a firewall rule to accept port 80 traffic with with the SYN bit set
can setup a firewall rule to accept port 80 traffic with the SYN bit set
and log it. Now mind you, this will create smaller log files than the idea
above but you will only know the destination IP address and NOT the WWW pages
viewed.
@ -15955,7 +15955,7 @@ added additional formatting.
<listitem>
<para>
05/18/02: Added some extra # lines the commented section of the the
05/18/02: Added some extra # lines the commented section of the
rc.firewall-2.4-stronger ruleset to better serve Cut and Paste users.
</para>
</listitem>
@ -17009,7 +17009,7 @@ for the latter 2.2.x kernels.
<listitem>
<para>
Added a a possible solution for users that fail to get past MASQ test #5.
Added a possible solution for users that fail to get past MASQ test #5.
</para>
</listitem>