.\" $OpenBSD: ipnat.5,v 1.6 1998/09/15 09:57:29 pattonme Exp $ .TH IPNAT 5 .SH NAME ipnat \- IP NAT file format .SH DESCRIPTION The format for files accepted by ipnat is described by the following grammar: .LP .nf ipmap :: = mapit ifname ipmask "->" ipmask [ mapport ] . mapit ::= "map" | "rdr" . ipmask ::= ip "/" bits | ip "/" mask | ip "netmask" mask . mapport ::= "portmap" tcpudp portnumber ":" portnumber . tcpudp ::= "tcp" | "udp" | "tcp/udp" . portnumber ::= number { numbers } . ifname ::= 'A' - 'Z' { 'A' - 'Z' } numbers . numbers ::= '0' | '1' | '2' | '3' | '4' | '5' | '6' | '7' | '8' | '9' . .fi .PP For standard NAT functionality, a rule should start with \fBmap\fP and then proceeds to specify the interface for which outgoing packets will have their source address rewritten. .PP Packets which will be rewritten can only be selected by matching the original source address. A netmask must be specified with the IP address. .PP The address selected for replacing the original is chosen from an IP#/netmask pair. A netmask of all 1's indicating a hostname is valid. A netmask of 31 1's (255.255.255.254) is considered invalid as there is no space for allocating host IP#'s after consideration for broadcast and network addresses. .PP When remapping TCP and UDP packets, it is also possible to change the source port number. Either TCP or UDP or both can be selected by each rule, with a range of port numbers to remap into given as \fBport-number:port-number\fP. .SH Examples .PP To change IP numbers used internally from network 10 into an ISP provided 8 bit subnet at 209.1.2.0 through the ppp0 interface, the following would be used: .LP .nf map ppp0 10.0.0.0/8 -> 209.1.2.0/24 .fi .PP The obvious problem here is we're trying to squeeze over 16,000,000 IP addresses into a 254 address space. To increase the scope, remapping for TCP and/or UDP, port remapping can be used; .LP .nf map ppp0 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000 .fi .PP which falls only 527,566 `addresses' short of the space available in network 10. If we were to combine these rules, they would need to be specified as follows: .LP .nf map ppp0 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000 map ppp0 10.0.0.0/8 -> 209.1.2.0/24 .fi .PP so that all TCP/UDP packets were port mapped and only other protocols, such as ICMP, only have their IP# changed. .SH FILES /etc/services .br /etc/hosts .br /dev/ipnat .SH SEE ALSO ipf(1), ipftest(1), ipnat(1), ipf(4), ipl(4), ipnat(4), ipf(5), ipfstat(8), ipmon(8) .br http://coombs.anu.edu.au/ipfilter/