LDP
/
LDP
mirror of https://github.com/tLDP/LDP
0
1
Fork 0
Code Releases Activity

fix minor typos in IP-Masquerade-HOWTO.sgml

This commit is contained in:
Jason Leschnik 2016-10-24 19:47:27 +11:00
parent d2fb8f2b15
commit 21c27103e2
1 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
LDP/howto/docbook/IP-Masquerade-HOWTO.sgml
View File

@ -1932,7 +1932,7 @@ of the kernel.
(H.323 protocol, specific issues with network games), etc. It should be (H.323 protocol, specific issues with network games), etc. It should be
noted that the Patch-O-Matic patches used to come with the IPTABLES archive. noted that the Patch-O-Matic patches used to come with the IPTABLES archive.
This is no longer the case and you have to download them (if any) seperately. This is no longer the case and you have to download them (if any) seperately.
You can find the the various URLs for downloading IPTABLES, the You can find the various URLs for downloading IPTABLES, the
Patch-o-matic system, etc. <XRef LinkEnd="kernel-2.4.x-Requirements">. Patch-o-matic system, etc. <XRef LinkEnd="kernel-2.4.x-Requirements">.
</para> </para>
</listitem> </listitem>
@ -3601,7 +3601,7 @@ for 2.2.x kernels in <XRef LinkEnd="rc.firewall-ipchains-stronger">, and
the Stronger IPFWADM ruleset for 2.0.x kernels in the Stronger IPFWADM ruleset for 2.0.x kernels in
<XRef LinkEnd="rc.firewall-ipfwadm-stronger">. Please note that these <XRef LinkEnd="rc.firewall-ipfwadm-stronger">. Please note that these
stronger firewall rulesets are more of a template than anything else. stronger firewall rulesets are more of a template than anything else.
For truly secure firewall rulesets, check out the the requirements section For truly secure firewall rulesets, check out the requirements section
of the HOWTO ( 2.4.x - <XRef LinkEnd="kernel-2.4.x-Requirements">, 2.2.x - of the HOWTO ( 2.4.x - <XRef LinkEnd="kernel-2.4.x-Requirements">, 2.2.x -
<XRef LinkEnd="kernel-2.2.x-Requirements">, 2.0.x - <XRef LinkEnd="kernel-2.2.x-Requirements">, 2.0.x -
<XRef LinkEnd="kernel-2.0.x-Requirements"> ). <XRef LinkEnd="kernel-2.0.x-Requirements"> ).
@ -4169,7 +4169,7 @@ ruleset, the firewall isn't executed until the last stages of booting. The
preferred approach is to have the firewall loaded just after the networking preferred approach is to have the firewall loaded just after the networking
subsystem is loaded. For now, the HOWTO only covers how to do so using subsystem is loaded. For now, the HOWTO only covers how to do so using
/etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead /etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead
and and modify the inet2 startup script to load the and modify the inet2 startup script to load the
/etc/rc.d/rc.firewall-iptables file just after the network is up. If you /etc/rc.d/rc.firewall-iptables file just after the network is up. If you
want a more detailed guide and/or a stronger firewall ruleset, I recommend want a more detailed guide and/or a stronger firewall ruleset, I recommend
you check out Section 10 of TrinityOS found in the links section at you check out Section 10 of TrinityOS found in the links section at
@ -4395,7 +4395,7 @@ $MODPROBE ip_masq_raudio
# Supports the masquerading of Quake and QuakeWorld by default. This modules is # Supports the masquerading of Quake and QuakeWorld by default. This modules is
# for for multiple users behind the Linux MASQ server. If you are going to # for multiple users behind the Linux MASQ server. If you are going to
# play Quake I, II, and III, use the second example. # play Quake I, II, and III, use the second example.
# #
# NOTE: If you get ERRORs loading the QUAKE module, you are running an old # NOTE: If you get ERRORs loading the QUAKE module, you are running an old
@ -4720,7 +4720,7 @@ ruleset, the firewall isn't executed until the last stages of booting. The
preferred approach is to have the firewall loaded just after the networking preferred approach is to have the firewall loaded just after the networking
subsystem is loaded. For now, the HOWTO only covers how to do so using subsystem is loaded. For now, the HOWTO only covers how to do so using
/etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead /etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead
and and modify the inet2 startup script to load the and modify the inet2 startup script to load the
/etc/rc.d/rc.firewall-ipchains file just after the network is up. If you /etc/rc.d/rc.firewall-ipchains file just after the network is up. If you
want a more detailed guide and/or a stronger firewall ruleset, I recommend want a more detailed guide and/or a stronger firewall ruleset, I recommend
you check out Section 10 of TrinityOS found in the links section at you check out Section 10 of TrinityOS found in the links section at
@ -5214,7 +5214,7 @@ ruleset, the firewall isn't executed until the last stages of booting. The
preferred approach is to have the firewall loaded just after the networking preferred approach is to have the firewall loaded just after the networking
subsystem is loaded. For now, the HOWTO only covers how to do so using subsystem is loaded. For now, the HOWTO only covers how to do so using
/etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead /etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead
and and modify the inet2 startup script to load the and modify the inet2 startup script to load the
/etc/rc.d/rc.firewall-ipfwadm file just after the network is up. If you /etc/rc.d/rc.firewall-ipfwadm file just after the network is up. If you
want a more detailed guide and/or a stronger firewall ruleset, I recommend want a more detailed guide and/or a stronger firewall ruleset, I recommend
you check out Section 10 of TrinityOS found in the links section at you check out Section 10 of TrinityOS found in the links section at
@ -5700,7 +5700,7 @@ the system.
<Literal>As an initial test, ping</Literal> the Linux MASQ server to test the <Literal>As an initial test, ping</Literal> the Linux MASQ server to test the
network connection: <Emphasis role="strong">'File/Run'</Emphasis>, type: network connection: <Emphasis role="strong">'File/Run'</Emphasis>, type:
<Literal>ping 192.168.0.1</Literal>(This is only an INTERNAL LAN connection <Literal>ping 192.168.0.1</Literal>(This is only an INTERNAL LAN connection
test, you you might not be able to <Literal>ping</Literal> the outside world test, you might not be able to <Literal>ping</Literal> the outside world
yet.) If you don't see any "replies" to your PINGs, please verify your network yet.) If you don't see any "replies" to your PINGs, please verify your network
configuration. configuration.
</para> </para>
@ -6678,7 +6678,7 @@ connectivity</Emphasis>
</para> </para>
<para> <para>
Next, from the same internal MASQed computer, try pinging the the IP address of Next, from the same internal MASQed computer, try pinging the IP address of
the Linux MASQ server's INTERNAL interface (i.e. <Emphasis role="strong">ping the Linux MASQ server's INTERNAL interface (i.e. <Emphasis role="strong">ping
192.168.0.1 </Emphasis>). This will verify that TCP/IP is correctly working 192.168.0.1 </Emphasis>). This will verify that TCP/IP is correctly working
on both the local and Linux MASQ machine. Almost ALL modern operating systems on both the local and Linux MASQ machine. Almost ALL modern operating systems
@ -9412,7 +9412,7 @@ Using -I (input ) rules:
<para> <para>
Probably the fastest and most efficient method to block traffic but it only Probably the fastest and most efficient method to block traffic but it only
stops the MASQed machines, and NOT the the firewall machine itself. Of course, stops the MASQed machines, and NOT the firewall machine itself. Of course,
you might want to allow that combination. you might want to allow that combination.
</para> </para>
@ -9965,7 +9965,7 @@ $PORTFWIP variable:
<Emphasis role="strong">PORTFW FTP: </Emphasis>If you have the <Emphasis role="strong">PORTFW FTP: </Emphasis>If you have the
"ip_conntrack_ftp" and "ip_nat_ftp" kernel modules loaded into kernel space "ip_conntrack_ftp" and "ip_nat_ftp" kernel modules loaded into kernel space
(as already done in the rc.firewall-iptables script), the simple PREROUTING (as already done in the rc.firewall-iptables script), the simple PREROUTING
command like the one shown above changed for for port "21" should do the command like the one shown above changed for port "21" should do the
trick. This is much easier than the configuration for the older IPCHAINS / trick. This is much easier than the configuration for the older IPCHAINS /
IPFWADM tools for the 2.2.x / 2.0.x kernels! IPFWADM tools for the 2.2.x / 2.0.x kernels!
</para> </para>
@ -10285,7 +10285,7 @@ Masqueraded machine at IP address 192.168.0.10.
port 80, that port can no longer be used by the Linux IP Masquerade server. port 80, that port can no longer be used by the Linux IP Masquerade server.
To be more specific, if you have a WWW server already running on the MASQ To be more specific, if you have a WWW server already running on the MASQ
server and then you port forward port 80 to an internal MASQed computer, ALL server and then you port forward port 80 to an internal MASQed computer, ALL
internet users will see the WWW pages pages from the -INTERNAL- WWW server and internet users will see the WWW pages, pages from the -INTERNAL- WWW server and
not the pages on your IP MASQ server. This only performs a port forward to not the pages on your IP MASQ server. This only performs a port forward to
some other port, say 8080, to your internal MASQ machine. Though this will some other port, say 8080, to your internal MASQ machine. Though this will
work, all Internet users will have to append <Emphasis role="strong">:8080 work, all Internet users will have to append <Emphasis role="strong">:8080
@ -12041,7 +12041,7 @@ nasty MTU problem:
Change your MASQ server's Internet Link MTU Change your MASQ server's Internet Link MTU
</para> </para>
<para>This solution will work for any Linux kernel version but is is NOT a <para>This solution will work for any Linux kernel version but is NOT a
solution if you have a PPPoE connection for DSL or Cablemodem users. solution if you have a PPPoE connection for DSL or Cablemodem users.
</para> </para>
@ -13588,7 +13588,7 @@ etc.). Fortunately, setting up this form of accounting is easy.
<listitem> <listitem>
<para> <para>
Idea #3: Say you want to log all traffic going out onto the internet. You Idea #3: Say you want to log all traffic going out onto the internet. You
can setup a firewall rule to accept port 80 traffic with with the SYN bit set can setup a firewall rule to accept port 80 traffic with the SYN bit set
and log it. Now mind you, this will create smaller log files than the idea and log it. Now mind you, this will create smaller log files than the idea
above but you will only know the destination IP address and NOT the WWW pages above but you will only know the destination IP address and NOT the WWW pages
viewed. viewed.
@ -15955,7 +15955,7 @@ added additional formatting.
<listitem> <listitem>
<para> <para>
05/18/02: Added some extra # lines the commented section of the the 05/18/02: Added some extra # lines the commented section of the
rc.firewall-2.4-stronger ruleset to better serve Cut and Paste users. rc.firewall-2.4-stronger ruleset to better serve Cut and Paste users.
</para> </para>
</listitem> </listitem>
@ -17009,7 +17009,7 @@ for the latter 2.2.x kernels.
<listitem> <listitem>
<para> <para>
Added a a possible solution for users that fail to get past MASQ test #5. Added a possible solution for users that fail to get past MASQ test #5.
</para> </para>
</listitem> </listitem>