Date: Thu, 13 May 1999 19:25:45 +0300 (EEST) From: Ruslan Ermilov <ru@ucb.crimea.ua> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/11690: [32-CANDIDATE] /sbin/natd portrange documentation and bugfix Message-ID: <199905131625.TAA43127@relay.ucb.crimea.ua>
next in thread | raw e-mail | index | archive | help
>Number: 11690
>Category: bin
>Synopsis: [32-CANDIDATE] /sbin/natd portrange documentation and bugfix
>Confidential: no
>Severity: non-critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu May 13 09:30:00 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator: Ruslan Ermilov
>Release: FreeBSD 3.1-STABLE i386
>Organization:
United Commercial Bank
>Environment:
Both HEAD and RELENG_3
>Description:
1. Logic error in checking the condition
2. portrange feature is not documented in manpage
>How-To-Repeat:
Look at code.
>Fix:
Index: natd.8
===================================================================
RCS file: /usr/FreeBSD-CVS/src/sbin/natd/natd.8,v
retrieving revision 1.16.2.2
diff -u -r1.16.2.2 natd.8
--- natd.8 1999/05/04 12:12:01 1.16.2.2
+++ natd.8 1999/05/13 16:22:37
@@ -114,19 +114,31 @@
According to rfc 1918, unregistered source addresses are 10.0.0.0/8,
172.16.0.0/12 and 192.168.0.0/16.
-.It Fl redirect_port Ar proto targetIP:targetPORT [aliasIP:]aliasPORT [remoteIP[:remotePORT]]
-Redirect incoming connections arriving to given port to another host and port.
+.It Fl redirect_port Ar proto targetIP:targetPORT[-targetPORT] [aliasIP:]aliasPORT[-aliasPORT] [remoteIP[:remotePORT[-remotePORT]]]
+Redirect incoming connections arriving to given port(s) to another host
+and port(s).
Proto is either tcp or udp, targetIP is the desired target IP
-number, targetPORT is the desired target PORT number, aliasPORT
-is the requested PORT number and aliasIP is the aliasing address.
+number, targetPORT is the desired target PORT number or range, aliasPORT
+is the requested PORT number or range, and aliasIP is the aliasing address.
RemoteIP and remotePORT can be used to specify the connection
more accurately if necessary.
+The targetPORT range and aliasPORT range need not be the same numerically,
+but must have the same size.
+If remotePORT is not specified, it is assumed to be all ports.
+If remotePORT is specified, it must match the size of targetPORT, or be 0
+(all ports).
For example, the argument
.Ar tcp inside1:telnet 6666
means that tcp packets destined for port 6666 on this machine will
be sent to the telnet port on the inside1 machine.
+
+.Ar tcp inside2:2300-2399 3300-3399
+
+will redirect incoming connections on ports 3300-3399 to host
+inside2, ports 2300-2399.
+The mapping is 1:1 meaning port 3300 maps to 2300, 3301 maps to 2301, etc.
.It Fl redirect_address Ar localIP publicIP
Redirect traffic for public IP address to a machine on the local
Index: natd.c
===================================================================
RCS file: /usr/FreeBSD-CVS/src/sbin/natd/natd.c,v
retrieving revision 1.11.2.3
diff -u -r1.11.2.3 natd.c
--- natd.c 1999/03/30 10:18:00 1.11.2.3
+++ natd.c 1999/05/13 16:16:46
@@ -1380,7 +1380,7 @@
numLocalPorts = GETNUMPORTS(portRange);
/*
- * Extract public port and optinally address.
+ * Extract public port and optionally address.
*/
ptr = strtok (NULL, " \t");
if (!ptr)
@@ -1431,7 +1431,7 @@
errx (1, "redirect_port: port ranges must be equal in size");
/* Remote port range is allowed to be '0' which means all ports. */
- if (numRemotePorts != numLocalPorts && numRemotePorts != 1 && remotePort != 0)
+ if (numRemotePorts != numLocalPorts && !(numRemotePorts == 1 && remotePort == 0))
errx (1, "redirect_port: remote port must be 0 or equal to local port range in size");
for (i = 0 ; i < numPublicPorts ; ++i) {
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905131625.TAA43127>