summaryrefslogtreecommitdiff
path: root/share/man/man5
diff options
context:
space:
mode:
authorDaniel Hartmeier <dhartmei@cvs.openbsd.org>2002-06-20 12:04:55 +0000
committerDaniel Hartmeier <dhartmei@cvs.openbsd.org>2002-06-20 12:04:55 +0000
commit3c6ffe0f21e5eb60492768f38348b24f0607167b (patch)
tree0c490f0ba88207e38d00bcad7d83964bd88e957c /share/man/man5
parent9a49b89c16b2d3e94e2169bf5567becd0068dee8 (diff)
Use 'inet' in translation rules where required, add example for proxy
port selection. From jolan at enteract dot com
Diffstat (limited to 'share/man/man5')
-rw-r--r--share/man/man5/pf.conf.523
1 files changed, 16 insertions, 7 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index 949293cef03..736344b3674 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -1,6 +1,6 @@
-.\" $OpenBSD: pf.conf.5,v 1.60 2002/06/20 06:43:58 mpech Exp $
+.\" $OpenBSD: pf.conf.5,v 1.61 2002/06/20 12:04:54 dhartmei Exp $
.\"
-.\" Copyright (c) 2001, Daniel Hartmeier
+.\" Copyright (c) 2002, Daniel Hartmeier
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -27,7 +27,7 @@
.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd June 14, 2002
+.Dd June 20, 2002
.Dt PF.CONF 5
.Os
.Sh NAME
@@ -876,8 +876,15 @@ listening for outbound ftp sessions captured to port 8081.
.Bd -literal
# NAT
# translate outgoing packets' source addresses (any protocol)
-# in my case, any address but the gateway's external address is mapped
-nat on kue0 from ! (kue0) to any -> (kue0)
+# in this case, any address but the gateway's external address is mapped
+nat on kue0 inet from ! (kue0) to any -> (kue0)
+
+# NAT PROXYING
+# map outgoing packets' source port to an assigned proxy port instead of
+# an arbitrary port
+# in this case, proxy outgoing isakmp with port 500 on the gateway
+nat on kue0 inet proto udp from any port = isakmp to any -> (kue0) \\
+ port 500
# BINAT
# translate outgoing packets' source address (any protocol)
@@ -888,8 +895,10 @@ binat on kue0 from 10.1.2.150 to any -> (kue0)
# RDR
# translate incoming packets' destination addresses
# as an example, redirect a TCP and UDP port to an internal machine
-rdr on kue0 proto tcp from any to (kue0) port 8080 -> 10.1.2.151 port 22
-rdr on kue0 proto udp from any to (kue0) port 8080 -> 10.1.2.151 port 53
+rdr on kue0 inet proto tcp from any to (kue0) port 8080 -> 10.1.2.151 \\
+ port 22
+rdr on kue0 inet proto udp from any to (kue0) port 8080 -> 10.1.2.151 \\
+ port 53
# RDR
# translate outgoing ftp control connections to send them to localhost