Revision: 2868
http://ipcop.svn.sourceforge.net/ipcop/?rev=2868&view=rev
Author: eoberlander
Date: 2009-05-18 18:46:15 +0000 (Mon, 18 May 2009)
Log Message:
-----------
Remove Port Forwarding section, based on 1.4 documents, and add section for
IPTables.
Modified Paths:
--------------
IPCopDoc/trunk/en/admin/xml/firewall.xml
IPCopDoc/trunk/en/admin/xml/info.xml
Modified: IPCopDoc/trunk/en/admin/xml/firewall.xml
===================================================================
--- IPCopDoc/trunk/en/admin/xml/firewall.xml 2009-05-18 12:30:37 UTC (rev
2867)
+++ IPCopDoc/trunk/en/admin/xml/firewall.xml 2009-05-18 18:46:15 UTC (rev
2868)
@@ -24,12 +24,6 @@
</listitem>
<listitem>
<para>
- <link linkend="firewall-port-forwarding">
- <guimenuitem>Port Forwarding</guimenuitem></link>
- </para>
- </listitem>
- <listitem>
- <para>
<link linkend="firewall-blue-access">
<guimenuitem>Blue Access</guimenuitem></link>
(Connecting a Wireless Access Point to IPCop)
@@ -74,7 +68,7 @@
</itemizedlist>
</para>
- <sect2 id="firewall-firewall-traffic">
+ <sect2 id="firewall-traffic">
<title>
What traffic is allowed between Interfaces?
</title>
@@ -100,7 +94,7 @@
</para>
</sect2>
- <sect2 id="firewall-firewall-custom">
+ <sect2 id="firewall-custom">
<title>
User Customization
</title>
@@ -152,237 +146,6 @@
</para>
</sect2>
- <sect2 id="firewall-port-forwarding">
- <title>
- Port Forwarding Administrative Web Page
- </title>
- <para>
- This subsection allows you to configure the
- Port Forwarding settings for IPCop.
- This is 100% optional, so you may safely ignore
- this section if you do not wish to make use of
- this feature.
- </para>
- <sect3>
- <title>
- Port Forwarding Overview
- </title>
- <para>
- Firewalls prevent externally initiated requests
- from accessing the protected system.
- However, sometimes, this is too strict a situation.
- For example, if one is running a web server, then
- any requests to that web server by users outside
- the protected network will be blocked by default.
- This means that only other users on the same
- internal network can use the web server.
- This is not the normal situation for web servers.
- Most people
- <emphasis role="strong">want</emphasis> outsiders
- to be able to access the server.
- This is where Port Forwarding comes in.
- </para>
- <para>
- Port Forwarding is a service that allows limited
- access to the internal LANs from outside.
- When you set up your server, you can choose the
- receiving or <quote>listening</quote> ports on the
- internal network machines.
- This is done differently depending on which software
- is being used.
- Please refer to the documentation that came with
- your servers to set up the ports on those servers.
- </para>
- <para>
- Once those receiving ports are ready, you are ready
- to enter information into the AW on IPCop.
- The <guilabel>TCP/UDP</guilabel> drop down list
- allows you to choose which protocol this rule will
- follow.
- Most regular servers use TCP.
- Some game servers and chat servers use UDP.
- If the protocol is not specified in the server
- documentation, then it is usually TCP.
- <guilabel>Source port</guilabel> is the port to which
- the outsiders will connect.
- In most cases, this will be the standard port for the
- service being offered (80 for web servers,
- 20 for FTP servers, 25 for mail servers, etc.)
- If you wish, you may specify a range of ports to
- forward.
- To specify a range use the <quote>:</quote> character
- between two port numbers, lowest number first.
- <guilabel>Destination IP</guilabel> is the internal
- IP address of the server (for example, you may have
- your web server on 192.168.0.3).
- <guilabel>Destination Port</guilabel> is the port that
- you chose when you set up your server in the first
- paragraph.
- The <guilabel>SourceIP</guilabel> dropdown menu
- allows you to choose which Red IP this rule will
- affect.
- IPCop has the capability of handling more than one
- Red IP.
- If you only have one Red IP set up, then choose
- <guilabel>Default IP</guilabel>.
- </para>
- </sect3>
- <sect3>
- <title>
- Port Forwarding and External Access
- </title>
- <para>
- The Port Forwarding interface was re-written for version 1.3.0.
- It is quite different from earlier versions. However, please
- note that the port numbers used for a particular service have
- not changed, and you should still refer to these above.
- </para>
- <para>
- The External Access page has <emphasis
role="strong">NO</emphasis>
- affect on the GREEN or ORANGE networks. It is there to allow
- you to open ports to the IPCop box itself and not the GREEN
- or ORANGE networks.
- </para>
- <para>
- How do you open up external access then? It is combined into
- the Port Forward page - there is a field on the page labeled:
- </para>
- <para>
- 'Source IP, or network (blank for "ALL"):'
- </para>
- <para>
- This is the field that controls external access - if you leave
- it BLANK, your port forward will be open to
- <emphasis role="strong">ALL INTERNET ADDRESSES</emphasis>.
- Alternatively if you put an address or network in there, it
will
- be restricted to that network or Internet address.
- </para>
- <para>
- <figure id="v140.firewall.001">
- <title>Port Forwarding Settings</title>
- <mediaobject>
- <imageobject role="fo">
- <imagedata fileref="&imagepath;portfwd.&imageext;"
format="PNG" contentwidth="14cm"/>
- </imageobject>
- <imageobject role="html">
- <imagedata fileref="&imagepath;portfwd.&imageext;"
format="PNG" align="center"/>
- </imageobject>
- <textobject>
- <phrase>Port Forwarding Web Page</phrase>
- </textobject>
- </mediaobject>
- </figure>
- </para>
- <para>
- You can have more than one external address - after you have
- created the port forward entry, it will appear in the table.
- If you wish to add another external address, click the Red
- Pencil with the Plus sign next to the entry, the entry screen
- at the top of the page will change (it will load values from
- the port forward) and allow you to enter an external IP
- address or network.
- </para>
- <para>
- When added you will now notice that there is a new entry under
- the port forward in the table.
- </para>
- <para>
- Other things to note:
- </para>
- <itemizedlist>
- <listitem>
- <para>
- We support the GRE protocol.
- </para>
- </listitem>
- <listitem>
- <para>
- You can have port ranges and wildcards. Valid wildcards
- are:
- </para>
- </listitem>
- <listitem>
- <para>
- * which translates to 1-65535
- </para>
- </listitem>
- <listitem>
- <para>
- 85-* which translates into 85-65535
- </para>
- </listitem>
- <listitem>
- <para>
- *-500 which translates into 1-500
- </para>
- </listitem>
- </itemizedlist>
- <para>
- Valid characters to separate a port range are
- <quote>:</quote> or
- <quote>-</quote>.
- Note that - will be modified to
- a <quote>:</quote> even though it will be
- displayed as a <quote>-</quote> on the screen.
- </para>
- <para>
- You only need to enter the first source port, the destination
- will be filled in for you.
- </para>
- <para>
- You can edit a record by clicking on the Yellow Pencil icon in
the
- Action column, and until you hit the update button,
- nothing changes and nothing is lost.
- </para>
- <para>
- When you are editing a record, you will see the record
- highlighted in yellow.
- </para>
- <para>
- To delete a record, click on the Trash Can icon on
- the right hand side of the Action column.
- </para>
- <para>
- Ports ranges cannot overlap each other.
- </para>
- <para>
- Individual ports cannot be placed in the middle of a range i.e.
- if you have 2000-3000 already set up and then try to forward
- port 2500, it will give you an error. You cannot forward the
- same port to several machines.
- </para>
- <para>
- Reserved ports - on the main Red Address (DEFAULT IP) some
- ports are reserved for IPCop to do its business, they are 67,
- 68, 81, 222, and 445.
- </para>
- <para>
- When you edit a port forward, there will be an extra check
- box labeled 'Override external access to ALL'. This
is used
- as a quick and dirty way to open a port to ALL Internet
- addresses for testing or whatever your reasons. This was a
- user request.
- </para>
- <para>
- If you have a port forward with multiple external accesses,
- when you delete all of the external accesses, the port
- becomes open to ALL addresses, be careful of this one.
- </para>
- <para>
- There is a Shortcut to enable or disable a port forward or
- external access - click on the <quote>Enabled</quote> icon
- (the checkbox in the Action column) for the particular
- entry you want to enable or disable.
- The icon changes to an empty box when a rule is
- disabled. Click on the checkbox to enable it again.
- <emphasis role="strong">Note:</emphasis> when you disable
- the port forward, all associated external accesses are
disabled,
- and when you enable the port forward, all associated external
- accesses are enabled.
- </para>
- </sect3>
- </sect2>
-
<sect2 id="firewall-blue-access">
<title>
Blue Access Administrative Web Page
Modified: IPCopDoc/trunk/en/admin/xml/info.xml
===================================================================
--- IPCopDoc/trunk/en/admin/xml/info.xml 2009-05-18 12:30:37 UTC (rev
2867)
+++ IPCopDoc/trunk/en/admin/xml/info.xml 2009-05-18 18:46:15 UTC (rev
2868)
@@ -59,6 +59,13 @@
<link
linkend="status-connections"><guimenuitem>Connections</guimenuitem></link>
</para>
</listitem>
+
+ <listitem>
+ <para>
+ <link
linkend="status-iptables"><guimenuitem>IPTables</guimenuitem></link>
+ </para>
+ </listitem>
+
</itemizedlist>
</para>
@@ -719,4 +726,12 @@
</screenshot>
</para>
</sect2>
+
+ <sect2 id="status-iptables">
+ <title>IPTables Output</title>
+ <para>
+ Content to be written...
+ </para>
+ </sect2>
+
</sect1>
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables
unlimited royalty-free distribution of the report engine
for externally facing server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Ipcop-svn mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
