From owner-p4-projects@FreeBSD.ORG Fri Nov 3 15:44:16 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 1C3C116A415; Fri, 3 Nov 2006 15:44:16 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE17316A407 for ; Fri, 3 Nov 2006 15:44:15 +0000 (UTC) (envelope-from piso@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9AED743D45 for ; Fri, 3 Nov 2006 15:44:15 +0000 (GMT) (envelope-from piso@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id kA3FiFdC015366 for ; Fri, 3 Nov 2006 15:44:15 GMT (envelope-from piso@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id kA3FiFsX015362 for perforce@freebsd.org; Fri, 3 Nov 2006 15:44:15 GMT (envelope-from piso@freebsd.org) Date: Fri, 3 Nov 2006 15:44:15 GMT Message-Id: <200611031544.kA3FiFsX015362@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to piso@freebsd.org using -f From: Paolo Pisati To: Perforce Change Reviews Cc: Subject: PERFORCE change 109127 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Nov 2006 15:44:16 -0000 http://perforce.freebsd.org/chv.cgi?CH=109127 Change 109127 by piso@piso_newluxor on 2006/11/03 15:44:01 Cleanup, delete unnecessary stuff, some mdoc fixes. Affected files ... .. //depot/projects/soc2005/libalias/sbin/ipfw/ipfw.8#8 edit Differences ... ==== //depot/projects/soc2005/libalias/sbin/ipfw/ipfw.8#8 (text+ko) ==== @@ -2035,95 +2035,53 @@ If no socket is bound to the destination port, or if the divert module is not loaded, or if the kernel was not compiled with divert socket support, the packets are dropped. -.Sh IPFW NAT -To support nat operations inside ipfw, the syntax was extended with a -new action: nat. -Then, to configure/handle nat instances the following syntax was -added (trying to follow closely pipe|queue options): +.Sh NETWORK ADDRESS TRANSLATION (NAT) +The nat configuration command is the following: .Bd -ragged -offset indent .Bk -words .Cm nat .Ar nat_number .Cm config -.Ar options +.Ar nat-configuration .Ek .Ed .Pp -where -.Ar options -is one or more mandatory fields that can assume the -following values: +. +The following parameters can be configured: .Bl -tag -width indent .It Cm ip Ar ip_address -Define an ip address to use for aliasing +Define an ip address to use for aliasing. .It Cm if Ar nic Use ip addres of NIC for aliasing, dynamically changing -it if NIC's ip address change +it if NIC's ip address change. .It Cm log -Enable logging on this nat instance +Enable logging on this nat instance. .It Cm deny_in -Deny any incoming connection from outside world +Deny any incoming connection from outside world. .It Cm same_ports Try to leave the alias port numbers unchanged from -the actual local port numbers +the actual local port numbers. .It Cm unreg_only Traffic on the local network not originating from an -unregistered address spaces will be ignored +unregistered address spaces will be ignored. .It Cm reset -Reset table of the packet aliasing engine on address change +Reset table of the packet aliasing engine on address change. .It Cm reverse -Reverse the way libalias handles aliasing +Reverse the way libalias handles aliasing. .It Cm proxy_only -Obey transparent proxy rules only, packet aliasing is not performed +Obey transparent proxy rules only, packet aliasing is not performed. .El .Pp -For more information about aliasing modes, take a look -at libalias( +For more information about aliasing modes, refer to .Xr libalias 3 -). -.Pp -Other commands to manipulate nats are: -.Bd -ragged -offset indent -.Bk -words -.Cm nat -.Ar nat_number -.Cm show -.Cm config -.Ek -.Ed -.Pp -to see nat configuration of -.Ar nat_number . -.Pp -.Bd -ragged -offset indent -.Bk -words -.Cm nat -.Ar nat_number -.Cm show -.Ek -.Ed -.Pp -to see the logs of -.Ar nat_number -(if any) -.Pp -In these two previous examples -.Ar nat_number -could be a single number to see the configuration of that -instance (i.e. 123, a range of numbers (i.e 333-555) to see the -configurations all the instances in that range or nothing, to see all -the configured instances. -.Pp See Section .Sx EXAMPLES -for some examples on how to use nat. +for some examples about nat usage. .Sh REDIRECT AND LSNAT SUPPORT IN IPFW -Redirect and LSNAT support follow closely the syntax used in natd: refer to natd's man page -for syntax details. -The only difference between natd's redirect and ipfw redirect is: -instead of redirect_[addr|port|prot] i chose redir_[addr|port|proto]. -.Pp +Redirect and LSNAT support follow closely the syntax used in +.Xr natd 8 +. See Section .Sx EXAMPLES for some examples on how to do redirect and lsnat.