Excellent idea, Lynn, and good first draft. I suggest a few edits. (I've
pulled them out, but left your doc at the end for reference.)
ONE:
> Use only one of these two, using both will mean the second syntax
> will not work at all ...ie, you can mix the two options in any way.
> Be sure that the one you are not using is commented with a "#" at
> the beginning of the line.
I don't understand what the "ie" part means here; it reads like it
contradicts what precedes it. I suggest the following (better style, but may
be substantively wrong, since I'm guessing about which of two
interpretations of "second syntax" in the original is correct):
Use only one of these two forms of entry. If you use both, only the one you
use first will have any effect. Whichever one appears second in the file
will be disregarded. Be sure that the one you are not using is "commented
out" with a "#" at the beginning of the line.
TWO:
> Note: you can use shorthand like "www" for port 80 or simply use
> the port number itself ("80" for example) instead.
Acceptable "shorthand" is undefined. I suggest this instead:
You can use either the actual port number itself (for example, "80"), or you
can use the symbolic name for the port that appears in the file
/etc/services (in the same example, "www").
THREE:
> As with Step 2, you can use one of these options of the other but not
> both. I suggest using the first option since all ports and addresses
> are implicitly stated and you can use different ports coming into the
> firewall and sent to the internal server.
I think you mean "explicitly stated", not "implicitly".
FOUR:
There are miscellaneous grammar and usage errors in the draft. I think I
caught them all here, but I may have missed some:
>A. There are four steps to port forwarding in Dachstein, they are as
>follows:
(Run-on sentence.)
A. There are four steps to port forwarding in Dachstein. They are as
follows:
> Use only one of these two, using both will mean the second syntax
> will not work at all
(Another run-on sentence. This one is fixed in number ONE above.)
>2) Edit /etc/network.conf to open the desired port to forward with one
> of these syntax's:
(Incorrect pluralization.)
2) Edit /etc/network.conf to open the desired port to forward with one
of these syntaxes:
> # Space seperated list: srcip/mask_dstport
(Spelling error.) "separated"
> As with Step 2, you can use one of these options of the other but not
> both.
(typo). "one of these options or the other". I would write it as "one or the
other of these options," [note the ending comma], but either one is correct.
>4) You are now finished with all the configuration, you should now
> the "lrcfg" menu system (if you are not using it already) and choose
> the backup option.
(Run-on sentence, and guessed-at omission in the second part of it.)
4) You are now finished with all the configuration. You should now start
the "lrcfg" menu system (if you are not using it already) and choose
the backup option.
At 06:57 PM 3/18/02 -0600, guitarlynn wrote:
>I suggest submitting a FAQ along these lines for port forwarding
>in Dachstein due to the excessive mailing list traffic on this
>subject lately.
>
>Thoughts???
>
>############# START OF FAQ ##########################
>
>Q. How do I port forward a service through my Dachstein firewall to
>the my internal network?
>
>A. There are four steps to port forwarding in Dachstein, they are as
>follows:
>
>1) Edit /etc/modules and uncomment the "ip_masq_portfw" module.
> Save the file and exit. You may need to download this module
> and copy it to /lib/modules on your running LEAF system if you
> are using the floppy version.
>
>2) Edit /etc/network.conf to open the desired port to forward with one
> of these syntax's:
> # TCP services open to outside world
> # Space seperated list: srcip/mask_dstport
> EXTERN_TCP_PORTS=0/0_www 0/0_1023"
>
> # -or-
>
> # Indexed list: "SrcAddr/Mask port [ DestAddr[/DestMask] ]"
> #EXTERN_TCP_PORT0="5.6.7.8 domain 1.1.1.12"
> EXTERN_TCP_PORT0="0/0 www"
>
> Use only one of these two, using both will mean the second syntax
> will not work at all ...ie, you can mix the two options in any way.
> Be sure that the one you are not using is commented with a "#" at
> the beginning of the line.
>
> Note: you can use shorthand like "www" for port 80 or simply use
> the port number itself ("80" for example) instead.
>
>3) While you're editing /etc/network.conf, you will also need to specify
> the port forwarding itself. You do this with:
>
>
> # Uncomment following for port-forwarded internal services.
> # The following is an example of what should be put here.
> # Tuples are as follows:
> # <protocol>_<local-ip>_<local-port>_<remote-ip>_<remote-port>
> INTERN_SERVERS="tcp_${EXTERN_IP}_www_192.168.1.1_www"
>
> #-or-#
>
> # These lines use the primary external IP address...if you need to
> # port-forward
> # an aliased IP address, use the INTERN_SERVERS setting above
> #INTERN_FTP_SERVER=192.168.1.1 # Internal FTP server to make available
> INTERN_WWW_SERVER=192.168.1.1 # Internal WWW server to make available
>
> As with Step 2, you can use one of these options of the other but not
> both. I suggest using the first option since all ports and addresses
> are implicitly stated and you can use different ports coming into the
> firewall and sent to the internal server. It also allows more
> flexibility for using non-standard ports. I personally use port 81
> for my external web-services, but use port 80 on the internal network.
> The first syntax allows for forwarding the external port 81 to the
> internal port 80 with a line like this:
>
> INTERN_SERVERS="tcp_${EXTERN_IP}_81_192.168.1.1_80"
>
> After you are finished with the configuration here, save the file and
> exit the editor.
>
>4) You are now finished with all the configuration, you should now
> the "lrcfg" menu system (if you are not using it already) and choose
> the backup option. You will need to backup the "etc" and "modules"
> packages. After both of the packages are backed up, exit the menu
> system and reboot the Dachstein machine. Your new port forwarding
> setup should now be operational.
>
>############### END OF FAQ ##############################
>
>
>I hope this would make this less compilicated for many users ;-)
--
------------------------------------"Never tell me the odds!"---
Ray Olszewski -- Han Solo
Palo Alto, CA [EMAIL PROTECTED]
----------------------------------------------------------------
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
