Date: Fri, 3 Nov 2006 15:44:15 GMT From: Paolo Pisati <piso@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 109127 for review Message-ID: <200611031544.kA3FiFsX015362@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=109127 Change 109127 by piso@piso_newluxor on 2006/11/03 15:44:01 Cleanup, delete unnecessary stuff, some mdoc fixes. Affected files ... .. //depot/projects/soc2005/libalias/sbin/ipfw/ipfw.8#8 edit Differences ... ==== //depot/projects/soc2005/libalias/sbin/ipfw/ipfw.8#8 (text+ko) ==== @@ -2035,95 +2035,53 @@ If no socket is bound to the destination port, or if the divert module is not loaded, or if the kernel was not compiled with divert socket support, the packets are dropped. -.Sh IPFW NAT -To support nat operations inside ipfw, the syntax was extended with a -new action: nat. -Then, to configure/handle nat instances the following syntax was -added (trying to follow closely pipe|queue options): +.Sh NETWORK ADDRESS TRANSLATION (NAT) +The nat configuration command is the following: .Bd -ragged -offset indent .Bk -words .Cm nat .Ar nat_number .Cm config -.Ar options +.Ar nat-configuration .Ek .Ed .Pp -where -.Ar options -is one or more mandatory fields that can assume the -following values: +. +The following parameters can be configured: .Bl -tag -width indent .It Cm ip Ar ip_address -Define an ip address to use for aliasing +Define an ip address to use for aliasing. .It Cm if Ar nic Use ip addres of NIC for aliasing, dynamically changing -it if NIC's ip address change +it if NIC's ip address change. .It Cm log -Enable logging on this nat instance +Enable logging on this nat instance. .It Cm deny_in -Deny any incoming connection from outside world +Deny any incoming connection from outside world. .It Cm same_ports Try to leave the alias port numbers unchanged from -the actual local port numbers +the actual local port numbers. .It Cm unreg_only Traffic on the local network not originating from an -unregistered address spaces will be ignored +unregistered address spaces will be ignored. .It Cm reset -Reset table of the packet aliasing engine on address change +Reset table of the packet aliasing engine on address change. .It Cm reverse -Reverse the way libalias handles aliasing +Reverse the way libalias handles aliasing. .It Cm proxy_only -Obey transparent proxy rules only, packet aliasing is not performed +Obey transparent proxy rules only, packet aliasing is not performed. .El .Pp -For more information about aliasing modes, take a look -at libalias( +For more information about aliasing modes, refer to .Xr libalias 3 -). -.Pp -Other commands to manipulate nats are: -.Bd -ragged -offset indent -.Bk -words -.Cm nat -.Ar nat_number -.Cm show -.Cm config -.Ek -.Ed -.Pp -to see nat configuration of -.Ar nat_number . -.Pp -.Bd -ragged -offset indent -.Bk -words -.Cm nat -.Ar nat_number -.Cm show -.Ek -.Ed -.Pp -to see the logs of -.Ar nat_number -(if any) -.Pp -In these two previous examples -.Ar nat_number -could be a single number to see the configuration of that -instance (i.e. 123, a range of numbers (i.e 333-555) to see the -configurations all the instances in that range or nothing, to see all -the configured instances. -.Pp See Section .Sx EXAMPLES -for some examples on how to use nat. +for some examples about nat usage. .Sh REDIRECT AND LSNAT SUPPORT IN IPFW -Redirect and LSNAT support follow closely the syntax used in natd: refer to natd's man page -for syntax details. -The only difference between natd's redirect and ipfw redirect is: -instead of redirect_[addr|port|prot] i chose redir_[addr|port|proto]. -.Pp +Redirect and LSNAT support follow closely the syntax used in +.Xr natd 8 +. See Section .Sx EXAMPLES for some examples on how to do redirect and lsnat.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611031544.kA3FiFsX015362>