mirror of https://github.com/tLDP/LDP
fix minor typos in IP-Masquerade-HOWTO.sgml
This commit is contained in:
parent
d2fb8f2b15
commit
21c27103e2
|
@ -1932,7 +1932,7 @@ of the kernel.
|
||||||
(H.323 protocol, specific issues with network games), etc. It should be
|
(H.323 protocol, specific issues with network games), etc. It should be
|
||||||
noted that the Patch-O-Matic patches used to come with the IPTABLES archive.
|
noted that the Patch-O-Matic patches used to come with the IPTABLES archive.
|
||||||
This is no longer the case and you have to download them (if any) seperately.
|
This is no longer the case and you have to download them (if any) seperately.
|
||||||
You can find the the various URLs for downloading IPTABLES, the
|
You can find the various URLs for downloading IPTABLES, the
|
||||||
Patch-o-matic system, etc. <XRef LinkEnd="kernel-2.4.x-Requirements">.
|
Patch-o-matic system, etc. <XRef LinkEnd="kernel-2.4.x-Requirements">.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
@ -3601,7 +3601,7 @@ for 2.2.x kernels in <XRef LinkEnd="rc.firewall-ipchains-stronger">, and
|
||||||
the Stronger IPFWADM ruleset for 2.0.x kernels in
|
the Stronger IPFWADM ruleset for 2.0.x kernels in
|
||||||
<XRef LinkEnd="rc.firewall-ipfwadm-stronger">. Please note that these
|
<XRef LinkEnd="rc.firewall-ipfwadm-stronger">. Please note that these
|
||||||
stronger firewall rulesets are more of a template than anything else.
|
stronger firewall rulesets are more of a template than anything else.
|
||||||
For truly secure firewall rulesets, check out the the requirements section
|
For truly secure firewall rulesets, check out the requirements section
|
||||||
of the HOWTO ( 2.4.x - <XRef LinkEnd="kernel-2.4.x-Requirements">, 2.2.x -
|
of the HOWTO ( 2.4.x - <XRef LinkEnd="kernel-2.4.x-Requirements">, 2.2.x -
|
||||||
<XRef LinkEnd="kernel-2.2.x-Requirements">, 2.0.x -
|
<XRef LinkEnd="kernel-2.2.x-Requirements">, 2.0.x -
|
||||||
<XRef LinkEnd="kernel-2.0.x-Requirements"> ).
|
<XRef LinkEnd="kernel-2.0.x-Requirements"> ).
|
||||||
|
@ -4169,7 +4169,7 @@ ruleset, the firewall isn't executed until the last stages of booting. The
|
||||||
preferred approach is to have the firewall loaded just after the networking
|
preferred approach is to have the firewall loaded just after the networking
|
||||||
subsystem is loaded. For now, the HOWTO only covers how to do so using
|
subsystem is loaded. For now, the HOWTO only covers how to do so using
|
||||||
/etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead
|
/etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead
|
||||||
and and modify the inet2 startup script to load the
|
and modify the inet2 startup script to load the
|
||||||
/etc/rc.d/rc.firewall-iptables file just after the network is up. If you
|
/etc/rc.d/rc.firewall-iptables file just after the network is up. If you
|
||||||
want a more detailed guide and/or a stronger firewall ruleset, I recommend
|
want a more detailed guide and/or a stronger firewall ruleset, I recommend
|
||||||
you check out Section 10 of TrinityOS found in the links section at
|
you check out Section 10 of TrinityOS found in the links section at
|
||||||
|
@ -4395,7 +4395,7 @@ $MODPROBE ip_masq_raudio
|
||||||
|
|
||||||
|
|
||||||
# Supports the masquerading of Quake and QuakeWorld by default. This modules is
|
# Supports the masquerading of Quake and QuakeWorld by default. This modules is
|
||||||
# for for multiple users behind the Linux MASQ server. If you are going to
|
# for multiple users behind the Linux MASQ server. If you are going to
|
||||||
# play Quake I, II, and III, use the second example.
|
# play Quake I, II, and III, use the second example.
|
||||||
#
|
#
|
||||||
# NOTE: If you get ERRORs loading the QUAKE module, you are running an old
|
# NOTE: If you get ERRORs loading the QUAKE module, you are running an old
|
||||||
|
@ -4720,7 +4720,7 @@ ruleset, the firewall isn't executed until the last stages of booting. The
|
||||||
preferred approach is to have the firewall loaded just after the networking
|
preferred approach is to have the firewall loaded just after the networking
|
||||||
subsystem is loaded. For now, the HOWTO only covers how to do so using
|
subsystem is loaded. For now, the HOWTO only covers how to do so using
|
||||||
/etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead
|
/etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead
|
||||||
and and modify the inet2 startup script to load the
|
and modify the inet2 startup script to load the
|
||||||
/etc/rc.d/rc.firewall-ipchains file just after the network is up. If you
|
/etc/rc.d/rc.firewall-ipchains file just after the network is up. If you
|
||||||
want a more detailed guide and/or a stronger firewall ruleset, I recommend
|
want a more detailed guide and/or a stronger firewall ruleset, I recommend
|
||||||
you check out Section 10 of TrinityOS found in the links section at
|
you check out Section 10 of TrinityOS found in the links section at
|
||||||
|
@ -5214,7 +5214,7 @@ ruleset, the firewall isn't executed until the last stages of booting. The
|
||||||
preferred approach is to have the firewall loaded just after the networking
|
preferred approach is to have the firewall loaded just after the networking
|
||||||
subsystem is loaded. For now, the HOWTO only covers how to do so using
|
subsystem is loaded. For now, the HOWTO only covers how to do so using
|
||||||
/etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead
|
/etc/rc.d/rc.local but if you know what you're doing (it's easy), go ahead
|
||||||
and and modify the inet2 startup script to load the
|
and modify the inet2 startup script to load the
|
||||||
/etc/rc.d/rc.firewall-ipfwadm file just after the network is up. If you
|
/etc/rc.d/rc.firewall-ipfwadm file just after the network is up. If you
|
||||||
want a more detailed guide and/or a stronger firewall ruleset, I recommend
|
want a more detailed guide and/or a stronger firewall ruleset, I recommend
|
||||||
you check out Section 10 of TrinityOS found in the links section at
|
you check out Section 10 of TrinityOS found in the links section at
|
||||||
|
@ -5700,7 +5700,7 @@ the system.
|
||||||
<Literal>As an initial test, ping</Literal> the Linux MASQ server to test the
|
<Literal>As an initial test, ping</Literal> the Linux MASQ server to test the
|
||||||
network connection: <Emphasis role="strong">'File/Run'</Emphasis>, type:
|
network connection: <Emphasis role="strong">'File/Run'</Emphasis>, type:
|
||||||
<Literal>ping 192.168.0.1</Literal>(This is only an INTERNAL LAN connection
|
<Literal>ping 192.168.0.1</Literal>(This is only an INTERNAL LAN connection
|
||||||
test, you you might not be able to <Literal>ping</Literal> the outside world
|
test, you might not be able to <Literal>ping</Literal> the outside world
|
||||||
yet.) If you don't see any "replies" to your PINGs, please verify your network
|
yet.) If you don't see any "replies" to your PINGs, please verify your network
|
||||||
configuration.
|
configuration.
|
||||||
</para>
|
</para>
|
||||||
|
@ -6678,7 +6678,7 @@ connectivity</Emphasis>
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Next, from the same internal MASQed computer, try pinging the the IP address of
|
Next, from the same internal MASQed computer, try pinging the IP address of
|
||||||
the Linux MASQ server's INTERNAL interface (i.e. <Emphasis role="strong">ping
|
the Linux MASQ server's INTERNAL interface (i.e. <Emphasis role="strong">ping
|
||||||
192.168.0.1 </Emphasis>). This will verify that TCP/IP is correctly working
|
192.168.0.1 </Emphasis>). This will verify that TCP/IP is correctly working
|
||||||
on both the local and Linux MASQ machine. Almost ALL modern operating systems
|
on both the local and Linux MASQ machine. Almost ALL modern operating systems
|
||||||
|
@ -9412,7 +9412,7 @@ Using -I (input ) rules:
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Probably the fastest and most efficient method to block traffic but it only
|
Probably the fastest and most efficient method to block traffic but it only
|
||||||
stops the MASQed machines, and NOT the the firewall machine itself. Of course,
|
stops the MASQed machines, and NOT the firewall machine itself. Of course,
|
||||||
you might want to allow that combination.
|
you might want to allow that combination.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
|
@ -9965,7 +9965,7 @@ $PORTFWIP variable:
|
||||||
<Emphasis role="strong">PORTFW FTP: </Emphasis>If you have the
|
<Emphasis role="strong">PORTFW FTP: </Emphasis>If you have the
|
||||||
"ip_conntrack_ftp" and "ip_nat_ftp" kernel modules loaded into kernel space
|
"ip_conntrack_ftp" and "ip_nat_ftp" kernel modules loaded into kernel space
|
||||||
(as already done in the rc.firewall-iptables script), the simple PREROUTING
|
(as already done in the rc.firewall-iptables script), the simple PREROUTING
|
||||||
command like the one shown above changed for for port "21" should do the
|
command like the one shown above changed for port "21" should do the
|
||||||
trick. This is much easier than the configuration for the older IPCHAINS /
|
trick. This is much easier than the configuration for the older IPCHAINS /
|
||||||
IPFWADM tools for the 2.2.x / 2.0.x kernels!
|
IPFWADM tools for the 2.2.x / 2.0.x kernels!
|
||||||
</para>
|
</para>
|
||||||
|
@ -10285,7 +10285,7 @@ Masqueraded machine at IP address 192.168.0.10.
|
||||||
port 80, that port can no longer be used by the Linux IP Masquerade server.
|
port 80, that port can no longer be used by the Linux IP Masquerade server.
|
||||||
To be more specific, if you have a WWW server already running on the MASQ
|
To be more specific, if you have a WWW server already running on the MASQ
|
||||||
server and then you port forward port 80 to an internal MASQed computer, ALL
|
server and then you port forward port 80 to an internal MASQed computer, ALL
|
||||||
internet users will see the WWW pages pages from the -INTERNAL- WWW server and
|
internet users will see the WWW pages, pages from the -INTERNAL- WWW server and
|
||||||
not the pages on your IP MASQ server. This only performs a port forward to
|
not the pages on your IP MASQ server. This only performs a port forward to
|
||||||
some other port, say 8080, to your internal MASQ machine. Though this will
|
some other port, say 8080, to your internal MASQ machine. Though this will
|
||||||
work, all Internet users will have to append <Emphasis role="strong">:8080
|
work, all Internet users will have to append <Emphasis role="strong">:8080
|
||||||
|
@ -12041,7 +12041,7 @@ nasty MTU problem:
|
||||||
Change your MASQ server's Internet Link MTU
|
Change your MASQ server's Internet Link MTU
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>This solution will work for any Linux kernel version but is is NOT a
|
<para>This solution will work for any Linux kernel version but is NOT a
|
||||||
solution if you have a PPPoE connection for DSL or Cablemodem users.
|
solution if you have a PPPoE connection for DSL or Cablemodem users.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
|
@ -13588,7 +13588,7 @@ etc.). Fortunately, setting up this form of accounting is easy.
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Idea #3: Say you want to log all traffic going out onto the internet. You
|
Idea #3: Say you want to log all traffic going out onto the internet. You
|
||||||
can setup a firewall rule to accept port 80 traffic with with the SYN bit set
|
can setup a firewall rule to accept port 80 traffic with the SYN bit set
|
||||||
and log it. Now mind you, this will create smaller log files than the idea
|
and log it. Now mind you, this will create smaller log files than the idea
|
||||||
above but you will only know the destination IP address and NOT the WWW pages
|
above but you will only know the destination IP address and NOT the WWW pages
|
||||||
viewed.
|
viewed.
|
||||||
|
@ -15955,7 +15955,7 @@ added additional formatting.
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
05/18/02: Added some extra # lines the commented section of the the
|
05/18/02: Added some extra # lines the commented section of the
|
||||||
rc.firewall-2.4-stronger ruleset to better serve Cut and Paste users.
|
rc.firewall-2.4-stronger ruleset to better serve Cut and Paste users.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
@ -17009,7 +17009,7 @@ for the latter 2.2.x kernels.
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Added a a possible solution for users that fail to get past MASQ test #5.
|
Added a possible solution for users that fail to get past MASQ test #5.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue