summaryrefslogtreecommitdiff
path: root/share/man
diff options
context:
space:
mode:
authorjasoni <jasoni@cvs.openbsd.org>2001-09-06 22:37:09 +0000
committerjasoni <jasoni@cvs.openbsd.org>2001-09-06 22:37:09 +0000
commit2a35041d61cd954d3bbb5956fa433e4652d69ded (patch)
tree65e5c6631ae023ef6de17731e3743f0c6f1bc24f /share/man
parent17945dac450b77bcb3affef1f2c4224391f9dfa7 (diff)
- you can only binat between hosts
- add binat example and description
Diffstat (limited to 'share/man')
-rw-r--r--share/man/man5/nat.conf.515
1 files changed, 13 insertions, 2 deletions
diff --git a/share/man/man5/nat.conf.5 b/share/man/man5/nat.conf.5
index ecfa1354bf9..67526ed07ff 100644
--- a/share/man/man5/nat.conf.5
+++ b/share/man/man5/nat.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: nat.conf.5,v 1.10 2001/09/06 18:05:46 jasoni Exp $
+.\" $OpenBSD: nat.conf.5,v 1.11 2001/09/06 22:37:08 jasoni Exp $
.\"
.\" Copyright (c) 2001 Ian Darwin. All rights reserved.
.\"
@@ -50,6 +50,11 @@ These netblocks are:
192.168.0.0 - 192.168.255.255 (i.e., 192.168/16)
.Ed
.Pp
+A
+.Em binat
+rule specifies a bidirectional map between an external IP address and an
+an internal IP address.
+.Pp
An
.Em rdr
rule specifies an incoming connection to be redirected
@@ -62,7 +67,7 @@ rule = nat_rule | binat_rule | rdr_rule
nat_rule = "nat" "on" [ "!" ] ifname [ protospec ] "from" ipspec
"to" ipspec "->" address
-binat_rule = "binat" "on" ifname [ protospec ] "from" ipspec
+binat_rule = "binat" "on" ifname [ protospec ] "from" address
"to" ipspec "->" address
rdr_rule = "rdr" "on" [ "!" ] ifname [ protospec ] "from" ipspec
@@ -149,6 +154,12 @@ listening for outbound ftp sessions captured to port 8081.
#
nat on kue0 from ! 157.161.48.183 to any -> 157.161.48.183
+# BINAT
+# translate outgoing packets' source address (any protocol)
+# translate incoming packets' destination address to an internal machine
+# (bidirectional)
+binat on kue0 from 10.1.2.150 to any -> 157.161.48.184
+
# RDR
# translate incoming packets' destination addresses
# as an example, redirect a TCP and UDP port to an internal machine