From 21c27103e2a598e01ed8c22b0dd03121c328afa4 Mon Sep 17 00:00:00 2001 From: Jason Leschnik Date: Mon, 24 Oct 2016 19:47:27 +1100 Subject: [PATCH] fix minor typos in IP-Masquerade-HOWTO.sgml --- LDP/howto/docbook/IP-Masquerade-HOWTO.sgml | 30 +++++++++++----------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/LDP/howto/docbook/IP-Masquerade-HOWTO.sgml b/LDP/howto/docbook/IP-Masquerade-HOWTO.sgml index b6e2d69c..7246da4a 100644 --- a/LDP/howto/docbook/IP-Masquerade-HOWTO.sgml +++ b/LDP/howto/docbook/IP-Masquerade-HOWTO.sgml @@ -1932,7 +1932,7 @@ of the kernel. (H.323 protocol, specific issues with network games), etc. It should be noted that the Patch-O-Matic patches used to come with the IPTABLES archive. This is no longer the case and you have to download them (if any) seperately. - You can find the the various URLs for downloading IPTABLES, the + You can find the various URLs for downloading IPTABLES, the Patch-o-matic system, etc. . @@ -3601,7 +3601,7 @@ for 2.2.x kernels in , and the Stronger IPFWADM ruleset for 2.0.x kernels in . Please note that these stronger firewall rulesets are more of a template than anything else. -For truly secure firewall rulesets, check out the the requirements section +For truly secure firewall rulesets, check out the requirements section of the HOWTO ( 2.4.x - , 2.2.x - , 2.0.x - ). @@ -4169,7 +4169,7 @@ ruleset, the firewall isn't executed until the last stages of booting. The preferred approach is to have the firewall loaded just after the networking subsystem is loaded. For now, the HOWTO only covers how to do so using /etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead -and and modify the inet2 startup script to load the +and modify the inet2 startup script to load the /etc/rc.d/rc.firewall-iptables file just after the network is up. If you want a more detailed guide and/or a stronger firewall ruleset, I recommend you check out Section 10 of TrinityOS found in the links section at @@ -4395,7 +4395,7 @@ $MODPROBE ip_masq_raudio # Supports the masquerading of Quake and QuakeWorld by default. This modules is -# for for multiple users behind the Linux MASQ server. If you are going to +# for multiple users behind the Linux MASQ server. If you are going to # play Quake I, II, and III, use the second example. # # NOTE: If you get ERRORs loading the QUAKE module, you are running an old @@ -4720,7 +4720,7 @@ ruleset, the firewall isn't executed until the last stages of booting. The preferred approach is to have the firewall loaded just after the networking subsystem is loaded. For now, the HOWTO only covers how to do so using /etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead -and and modify the inet2 startup script to load the +and modify the inet2 startup script to load the /etc/rc.d/rc.firewall-ipchains file just after the network is up. If you want a more detailed guide and/or a stronger firewall ruleset, I recommend you check out Section 10 of TrinityOS found in the links section at @@ -5214,7 +5214,7 @@ ruleset, the firewall isn't executed until the last stages of booting. The preferred approach is to have the firewall loaded just after the networking subsystem is loaded. For now, the HOWTO only covers how to do so using /etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead -and and modify the inet2 startup script to load the +and modify the inet2 startup script to load the /etc/rc.d/rc.firewall-ipfwadm file just after the network is up. If you want a more detailed guide and/or a stronger firewall ruleset, I recommend you check out Section 10 of TrinityOS found in the links section at @@ -5700,7 +5700,7 @@ the system. As an initial test, ping the Linux MASQ server to test the network connection: 'File/Run', type: ping 192.168.0.1(This is only an INTERNAL LAN connection -test, you you might not be able to ping the outside world +test, you might not be able to ping the outside world yet.) If you don't see any "replies" to your PINGs, please verify your network configuration. @@ -6678,7 +6678,7 @@ connectivity -Next, from the same internal MASQed computer, try pinging the the IP address of +Next, from the same internal MASQed computer, try pinging the IP address of the Linux MASQ server's INTERNAL interface (i.e. ping 192.168.0.1 ). This will verify that TCP/IP is correctly working on both the local and Linux MASQ machine. Almost ALL modern operating systems @@ -9412,7 +9412,7 @@ Using -I (input ) rules: Probably the fastest and most efficient method to block traffic but it only -stops the MASQed machines, and NOT the the firewall machine itself. Of course, +stops the MASQed machines, and NOT the firewall machine itself. Of course, you might want to allow that combination. @@ -9965,7 +9965,7 @@ $PORTFWIP variable: PORTFW FTP: If you have the "ip_conntrack_ftp" and "ip_nat_ftp" kernel modules loaded into kernel space (as already done in the rc.firewall-iptables script), the simple PREROUTING -command like the one shown above changed for for port "21" should do the +command like the one shown above changed for port "21" should do the trick. This is much easier than the configuration for the older IPCHAINS / IPFWADM tools for the 2.2.x / 2.0.x kernels! @@ -10285,7 +10285,7 @@ Masqueraded machine at IP address 192.168.0.10. port 80, that port can no longer be used by the Linux IP Masquerade server. To be more specific, if you have a WWW server already running on the MASQ server and then you port forward port 80 to an internal MASQed computer, ALL -internet users will see the WWW pages pages from the -INTERNAL- WWW server and +internet users will see the WWW pages, pages from the -INTERNAL- WWW server and not the pages on your IP MASQ server. This only performs a port forward to some other port, say 8080, to your internal MASQ machine. Though this will work, all Internet users will have to append :8080 @@ -12041,7 +12041,7 @@ nasty MTU problem: Change your MASQ server's Internet Link MTU - This solution will work for any Linux kernel version but is is NOT a + This solution will work for any Linux kernel version but is NOT a solution if you have a PPPoE connection for DSL or Cablemodem users. @@ -13588,7 +13588,7 @@ etc.). Fortunately, setting up this form of accounting is easy. Idea #3: Say you want to log all traffic going out onto the internet. You -can setup a firewall rule to accept port 80 traffic with with the SYN bit set +can setup a firewall rule to accept port 80 traffic with the SYN bit set and log it. Now mind you, this will create smaller log files than the idea above but you will only know the destination IP address and NOT the WWW pages viewed. @@ -15955,7 +15955,7 @@ added additional formatting. - 05/18/02: Added some extra # lines the commented section of the the + 05/18/02: Added some extra # lines the commented section of the rc.firewall-2.4-stronger ruleset to better serve Cut and Paste users. @@ -17009,7 +17009,7 @@ for the latter 2.2.x kernels. -Added a a possible solution for users that fail to get past MASQ test #5. +Added a possible solution for users that fail to get past MASQ test #5.