diff options
author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-06-20 12:04:55 +0000 |
---|---|---|
committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-06-20 12:04:55 +0000 |
commit | 3c6ffe0f21e5eb60492768f38348b24f0607167b (patch) | |
tree | 0c490f0ba88207e38d00bcad7d83964bd88e957c /share/man/man5 | |
parent | 9a49b89c16b2d3e94e2169bf5567becd0068dee8 (diff) |
Use 'inet' in translation rules where required, add example for proxy
port selection. From jolan at enteract dot com
Diffstat (limited to 'share/man/man5')
-rw-r--r-- | share/man/man5/pf.conf.5 | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 949293cef03..736344b3674 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,6 +1,6 @@ -.\" $OpenBSD: pf.conf.5,v 1.60 2002/06/20 06:43:58 mpech Exp $ +.\" $OpenBSD: pf.conf.5,v 1.61 2002/06/20 12:04:54 dhartmei Exp $ .\" -.\" Copyright (c) 2001, Daniel Hartmeier +.\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -27,7 +27,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd June 14, 2002 +.Dd June 20, 2002 .Dt PF.CONF 5 .Os .Sh NAME @@ -876,8 +876,15 @@ listening for outbound ftp sessions captured to port 8081. .Bd -literal # NAT # translate outgoing packets' source addresses (any protocol) -# in my case, any address but the gateway's external address is mapped -nat on kue0 from ! (kue0) to any -> (kue0) +# in this case, any address but the gateway's external address is mapped +nat on kue0 inet from ! (kue0) to any -> (kue0) + +# NAT PROXYING +# map outgoing packets' source port to an assigned proxy port instead of +# an arbitrary port +# in this case, proxy outgoing isakmp with port 500 on the gateway +nat on kue0 inet proto udp from any port = isakmp to any -> (kue0) \\ + port 500 # BINAT # translate outgoing packets' source address (any protocol) @@ -888,8 +895,10 @@ binat on kue0 from 10.1.2.150 to any -> (kue0) # RDR # translate incoming packets' destination addresses # as an example, redirect a TCP and UDP port to an internal machine -rdr on kue0 proto tcp from any to (kue0) port 8080 -> 10.1.2.151 port 22 -rdr on kue0 proto udp from any to (kue0) port 8080 -> 10.1.2.151 port 53 +rdr on kue0 inet proto tcp from any to (kue0) port 8080 -> 10.1.2.151 \\ + port 22 +rdr on kue0 inet proto udp from any to (kue0) port 8080 -> 10.1.2.151 \\ + port 53 # RDR # translate outgoing ftp control connections to send them to localhost |