diff options
| -rw-r--r-- | sbin/pfctl/parse.y | 4 | ||||
| -rw-r--r-- | share/man/man5/nat.conf.5 | 15 |
2 files changed, 15 insertions, 4 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 3d3a1b0632a..e7f01d07eb7 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.29 2001/09/06 18:05:46 jasoni Exp $ */ +/* $OpenBSD: parse.y,v 1.30 2001/09/06 22:37:08 jasoni Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -551,7 +551,7 @@ natrule : NAT interface proto FROM ipspec TO ipspec ARROW address } ; -binatrule : BINAT interface proto FROM ipspec TO ipspec ARROW address +binatrule : BINAT interface proto FROM address TO ipspec ARROW address { struct pf_binat binat; diff --git a/share/man/man5/nat.conf.5 b/share/man/man5/nat.conf.5 index ecfa1354bf9..67526ed07ff 100644 --- a/share/man/man5/nat.conf.5 +++ b/share/man/man5/nat.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: nat.conf.5,v 1.10 2001/09/06 18:05:46 jasoni Exp $ +.\" $OpenBSD: nat.conf.5,v 1.11 2001/09/06 22:37:08 jasoni Exp $ .\" .\" Copyright (c) 2001 Ian Darwin. All rights reserved. .\" @@ -50,6 +50,11 @@ These netblocks are: 192.168.0.0 - 192.168.255.255 (i.e., 192.168/16) .Ed .Pp +A +.Em binat +rule specifies a bidirectional map between an external IP address and an +an internal IP address. +.Pp An .Em rdr rule specifies an incoming connection to be redirected @@ -62,7 +67,7 @@ rule = nat_rule | binat_rule | rdr_rule nat_rule = "nat" "on" [ "!" ] ifname [ protospec ] "from" ipspec "to" ipspec "->" address -binat_rule = "binat" "on" ifname [ protospec ] "from" ipspec +binat_rule = "binat" "on" ifname [ protospec ] "from" address "to" ipspec "->" address rdr_rule = "rdr" "on" [ "!" ] ifname [ protospec ] "from" ipspec @@ -149,6 +154,12 @@ listening for outbound ftp sessions captured to port 8081. # nat on kue0 from ! 157.161.48.183 to any -> 157.161.48.183 +# BINAT +# translate outgoing packets' source address (any protocol) +# translate incoming packets' destination address to an internal machine +# (bidirectional) +binat on kue0 from 10.1.2.150 to any -> 157.161.48.184 + # RDR # translate incoming packets' destination addresses # as an example, redirect a TCP and UDP port to an internal machine |