sbin/ipnat/ipnat.1


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

.\"      $OpenBSD: ipnat.1,v 1.12 1998/03/22 05:31:08 johns Exp $
.\"
.\" Manual page, using -mandoc macros
.\"
.Dd
.Dt IPNAT 1
.Os
.Sh NAME
.Nm ipnat
.Nd user interface to the NAT
.Sh SYNOPSIS
.Nm ipnat
.Op Fl lnrsvCF
.Fl f Ar filename
.Sh DESCRIPTION
.Nm ipnat
opens the filename given (treating "-" as stdin) and parses the
file for a  set of rules which are to be added or remove from the IP NAT.
.Pp
Each rule processed by 
.Nm ipnat
is added to the kernels internal lists if there are no parsing problems.
Rules are added to the end of the internal lists, matching the order in
which they appear when given to 
.Nm ipnat .
.Sh OPTIONS
.Bl -tag -width -Cs
.It Fl C
delete all entries in the current NAT listing (NAT rules)
.It Fl F
delete all active entries in the current NAT table (currently active
NAT mappings)
.It Fl l
Show the list of current NAT table entry mappings.
.It Fl n
This flag (no-change) prevents 
.Nm ipf
from actually making any ioctl
calls or doing anything which would alter the currently running kernel.
.It Fl s
Retrieve and display NAT statistics
.It Fl r
Remove matching NAT rules rather than add them to the internal lists
.It Fl v
Turn verbose mode on.  Displays information relating to rule processing.
.El
.Sh EXAMPLES
To use 
.Nm ipnat
with a dynamic ppp connection one can enable the address translation
in the 
.Pa /etc/ppp/ip-up 
script:
.Bd -literal
/sbin/ipnat -CF -f /etc/ipnat.rules
/sbin/ipf -E
.Ed
.Pp
To translate addresses from the internal 192.168.1.0/8 network
.Pa /etc/ipnat.rules 
should look like this:
.Bd -literal
map ppp0 192.168.1.0/8 -> 0/32 portmap tcp/udp 10000:20000
map ppp0 192.168.1.0/8 -> 0/32
.Ed
.Sh FILES
.Pa /usr/share/ipf
-- sample configuration files.
.Sh SEE ALSO
.Xr ipfstat 1 , 
.Xr ipftest 1 , 
.Xr ipf 1 , 
.Xr ipnat 4 , 
.Xr ipnat 5 .