summaryrefslogtreecommitdiff
path: root/share/man
diff options
context:
space:
mode:
authorjasoni <jasoni@cvs.openbsd.org>2001-09-06 18:05:47 +0000
committerjasoni <jasoni@cvs.openbsd.org>2001-09-06 18:05:47 +0000
commit4a538e249bf00fca90b9036971f51198ce5f9294 (patch)
tree34f5a207a8c9566af8febfa8c6093274e12ddcaa /share/man
parent60e3409ed149bdefcb774fa1336bcbf86d8d7a50 (diff)
1:1 bidrectional NAT (binat); ok dhartmei@ and frantzen@
Diffstat (limited to 'share/man')
-rw-r--r--share/man/man5/nat.conf.515
1 files changed, 13 insertions, 2 deletions
diff --git a/share/man/man5/nat.conf.5 b/share/man/man5/nat.conf.5
index 7636855323b..ecfa1354bf9 100644
--- a/share/man/man5/nat.conf.5
+++ b/share/man/man5/nat.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: nat.conf.5,v 1.9 2001/08/22 17:42:24 beck Exp $
+.\" $OpenBSD: nat.conf.5,v 1.10 2001/09/06 18:05:46 jasoni Exp $
.\"
.\" Copyright (c) 2001 Ian Darwin. All rights reserved.
.\"
@@ -57,11 +57,14 @@ to another host and optionally a different port.
.Sh GRAMMAR
Syntax for filter rules in BNF:
.Bd -literal
-rule = nat_rule | rdr_rule
+rule = nat_rule | binat_rule | rdr_rule
nat_rule = "nat" "on" [ "!" ] ifname [ protospec ] "from" ipspec
"to" ipspec "->" address
+binat_rule = "binat" "on" ifname [ protospec ] "from" ipspec
+ "to" ipspec "->" address
+
rdr_rule = "rdr" "on" [ "!" ] ifname [ protospec ] "from" ipspec
"to" ipspec portspec "->" address portspec
@@ -126,6 +129,14 @@ fake internal 144.19.74.* network, and a routable external IP of 204.92.77.100:
nat on fxp1 from 144.19.74/24 to any -> 204.92.77.100
.Ed
.Pp
+In the example below, fxp0 is the outside interface; a 1:1
+bidirectional map is created between the private address 192.168.1.5
+and the routable external address 204.92.77.113. (Thus, incoming
+traffic to 204.92.77.113 is mapped to the internal address 192.168.1.5.)
+.Bd -literal
+binat on fxp0 from 192.168.1.5/32 to any -> 204.92.77.113
+.Ed
+.Pp
This longer example uses both a NAT and a redirection. Interface
kue0 is the outside interface, and its external address is 157.161.48.183.
Interface fxp0 is the inside interface, and we are running