From owner-freebsd-doc@FreeBSD.ORG Sat Feb 5 12:40:24 2005 Return-Path: Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3BDB116A4CE for ; Sat, 5 Feb 2005 12:40:24 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E6C7F43D5D for ; Sat, 5 Feb 2005 12:40:23 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j15CeNnr071012 for ; Sat, 5 Feb 2005 12:40:23 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j15CeNJR071011; Sat, 5 Feb 2005 12:40:23 GMT (envelope-from gnats) Resent-Date: Sat, 5 Feb 2005 12:40:23 GMT Resent-Message-Id: <200502051240.j15CeNJR071011@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-doc@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Brad Davis Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ECA3016A4CE for ; Sat, 5 Feb 2005 12:31:14 +0000 (GMT) Received: from ender.liquidneon.com (ender.liquidneon.com [64.78.150.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6770D43D53 for ; Sat, 5 Feb 2005 12:31:14 +0000 (GMT) (envelope-from bdavis@house.so14k.com) Received: from localhost (localhost [127.0.0.1]) by ender.liquidneon.com (Postfix) with ESMTP id 275F84407 for ; Sat, 5 Feb 2005 05:31:13 -0700 (MST) Received: from ender.liquidneon.com ([127.0.0.1]) by localhost (ender.liquidneon.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16273-05 for ; Sat, 5 Feb 2005 05:31:12 -0700 (MST) Received: from mccaffrey.house.so14k.com (gw.house.so14k.com [216.87.87.128]) by ender.liquidneon.com (Postfix) with ESMTP id 13B1543C6 for ; Sat, 5 Feb 2005 05:31:12 -0700 (MST) Received: by mccaffrey.house.so14k.com (Postfix, from userid 1001) id C3D27F63; Sat, 5 Feb 2005 05:31:11 -0700 (MST) Message-Id: <20050205123111.C3D27F63@mccaffrey.house.so14k.com> Date: Sat, 5 Feb 2005 05:31:11 -0700 (MST) From: Brad Davis To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: docs/77131: Fix a error in the firewall section (0.32 -> 0/32) X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Brad Davis List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Feb 2005 12:40:24 -0000 >Number: 77131 >Category: docs >Synopsis: Fix a error in the firewall section (0.32 -> 0/32) >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Sat Feb 05 12:40:23 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Brad Davis >Release: FreeBSD 4.10-STABLE i386 >Organization: >Environment: System: FreeBSD mccaffrey.house.so14k.com 4.10-STABLE FreeBSD 4.10-STABLE #0: Fri May 28 08:02:41 MDT 2004 root@mccaffrey.house.so14k.com:/usr/obj/usr/src/sys/MCCAFFREY i386 >Description: 1. Fix an error that I introduced with this firewall chapter. See: http://lists.freebsd.org/pipermail/freebsd-doc/2005-February/007060.html http://www.obfuscation.org/ipf/ipf-howto.txt >How-To-Repeat: >Fix: --- doc-ori/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml Sat Feb 5 05:24:00 2005 +++ doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml Sat Feb 5 05:24:46 2005 @@ -1547,7 +1547,7 @@ role="ipaddr">192.168.1.0/24. The PUBLIC_ADDRESS can either - be the external IP address or the special keyword `0.32', + be the external IP address or the special keyword `0/32', which means to use the IP address assigned to IF. @@ -1567,7 +1567,7 @@ range specified to the left of the arrow symbol on the NAT rule. On a match the packet has its source IP address rewritten with the public IP address - obtained by the `0.32' keyword. NAT posts a + obtained by the `0/32' keyword. NAT posts a entry in its internal NAT table so when the packet returns from the public Internet it can be mapped back to its original private IP address and then passed to the @@ -1614,7 +1614,7 @@ with a tag ?--> A normal NAT rule would look like: - map dc0 192.168.1.0/24 -> 0.32 + map dc0 192.168.1.0/24 -> 0/32 In the above rule the packet's source port is unchanged as the packet passes through IPNAT. By @@ -1624,13 +1624,13 @@ IPNAT to modify the source port to be within that range: - map dc0 192.168.1.0/24 -> 0.32 portmap tcp/udp 20000:60000 + map dc0 192.168.1.0/24 -> 0/32 portmap tcp/udp 20000:60000 Additionally we can make things even easier by using the auto keyword to tell IPNAT to determine by itself which ports are available to use: - map dc0 192.168.1.0/24 -> 0.32 portmap tcp/udp auto + map dc0 192.168.1.0/24 -> 0/32 portmap tcp/udp auto >Release-Note: >Audit-Trail: >Unformatted: