FreeBSD Bugzilla – Attachment 222236 Details for
Bug 252973
Typo in IPFW in-kernel nat handbook paragraph
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
fix typo in ipfw doc
ipfw.patch (text/plain), 2.32 KB, created by
Alessandro Sagratini
on 2021-02-07 06:56:07 UTC
(
hide
)
Description:
fix typo in ipfw doc
Filename:
MIME Type:
Creator:
Alessandro Sagratini
Created:
2021-02-07 06:56:07 UTC
Size:
2.32 KB
patch
obsolete
>diff --git a/documentation/content/en/books/handbook/firewalls/_index.adoc b/documentation/content/en/books/handbook/firewalls/_index.adoc >index 871713bd60..65fb2fed25 100644 >--- a/documentation/content/en/books/handbook/firewalls/_index.adoc >+++ b/documentation/content/en/books/handbook/firewalls/_index.adoc >@@ -1223,7 +1223,7 @@ With in-kernel NAT it is necessary to disable TCP segmentation offloading (TSO) > net.inet.tcp.tso="0" > .... > >-A NAT instance will also be configured. It is possible to have multiple NAT instances each with their own configuration. For this example only one NAT instance is needed, NAT instance number 1. The configuration can take a few options such as: `if` which indicates the public interface, `same_ports` which takes care that alliased ports and local port numbers are mapped the same, `unreg_only` will result in only unregistered (private) address spaces to be processed by the NAT instance, and `reset` which will help to keep a functioning NAT instance even when the public IP address of the IPFW machine changes. For all possible options that can be passed to a single NAT instance configuration consult man:ipfw[8]. When configuring a stateful NATing firewall, it is neseccary to allow translated packets to be reinjected in the firewall for further processing. This can be achieved by disabling `one_pass` behavior at the start of the firewall script. >+A NAT instance will also be configured. It is possible to have multiple NAT instances each with their own configuration. For this example only one NAT instance is needed, NAT instance number 1. The configuration can take a few options such as: `if` which indicates the public interface, `same_ports` which takes care that alliased ports and local port numbers are mapped the same, `unreg_only` will result in only unregistered (private) address spaces to be processed by the NAT instance, and `reset` which will help to keep a functioning NAT instance even when the public IP address of the IPFW machine changes. For all possible options that can be passed to a single NAT instance configuration consult man:ipfw[8]. When configuring a stateful NATing firewall, it is necessary to allow translated packets to be reinjected in the firewall for further processing. This can be achieved by disabling `one_pass` behavior at the start of the firewall script. > > [.programlisting] > ....
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=222236">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 252973
: 222236