|
Lines 1547-1553
Link Here
|
| 1547 |
role="ipaddr">192.168.1.0/24</hostid>.</para> |
1547 |
role="ipaddr">192.168.1.0/24</hostid>.</para> |
| 1548 |
|
1548 |
|
| 1549 |
<para>The <replaceable>PUBLIC_ADDRESS</replaceable> can either |
1549 |
<para>The <replaceable>PUBLIC_ADDRESS</replaceable> can either |
| 1550 |
be the external IP address or the special keyword `0.32', |
1550 |
be the external IP address or the special keyword `0/32', |
| 1551 |
which means to use the IP address assigned to |
1551 |
which means to use the IP address assigned to |
| 1552 |
<replaceable>IF</replaceable>.</para> |
1552 |
<replaceable>IF</replaceable>.</para> |
| 1553 |
</sect2> |
1553 |
</sect2> |
|
Lines 1567-1573
Link Here
|
| 1567 |
range specified to the left of the arrow symbol on the |
1567 |
range specified to the left of the arrow symbol on the |
| 1568 |
<acronym>NAT</acronym> rule. On a match the packet has its |
1568 |
<acronym>NAT</acronym> rule. On a match the packet has its |
| 1569 |
source IP address rewritten with the public IP address |
1569 |
source IP address rewritten with the public IP address |
| 1570 |
obtained by the `0.32' keyword. <acronym>NAT</acronym> posts a |
1570 |
obtained by the `0/32' keyword. <acronym>NAT</acronym> posts a |
| 1571 |
entry in its internal <acronym>NAT</acronym> table so when the |
1571 |
entry in its internal <acronym>NAT</acronym> table so when the |
| 1572 |
packet returns from the public Internet it can be mapped back |
1572 |
packet returns from the public Internet it can be mapped back |
| 1573 |
to its original private IP address and then passed to the |
1573 |
to its original private IP address and then passed to the |
|
Lines 1614-1620
Link Here
|
| 1614 |
with a <programlisting> tag ?--> |
1614 |
with a <programlisting> tag ?--> |
| 1615 |
<para>A normal NAT rule would look like:</para> |
1615 |
<para>A normal NAT rule would look like:</para> |
| 1616 |
|
1616 |
|
| 1617 |
<programlisting>map dc0 192.168.1.0/24 -> 0.32</programlisting> |
1617 |
<programlisting>map dc0 192.168.1.0/24 -> 0/32</programlisting> |
| 1618 |
|
1618 |
|
| 1619 |
<para>In the above rule the packet's source port is unchanged |
1619 |
<para>In the above rule the packet's source port is unchanged |
| 1620 |
as the packet passes through IP<acronym>NAT</acronym>. By |
1620 |
as the packet passes through IP<acronym>NAT</acronym>. By |
|
Lines 1624-1636
Link Here
|
| 1624 |
IP<acronym>NAT</acronym> to modify the source port to be |
1624 |
IP<acronym>NAT</acronym> to modify the source port to be |
| 1625 |
within that range:</para> |
1625 |
within that range:</para> |
| 1626 |
|
1626 |
|
| 1627 |
<programlisting>map dc0 192.168.1.0/24 -> 0.32 portmap tcp/udp 20000:60000</programlisting> |
1627 |
<programlisting>map dc0 192.168.1.0/24 -> 0/32 portmap tcp/udp 20000:60000</programlisting> |
| 1628 |
|
1628 |
|
| 1629 |
<para>Additionally we can make things even easier by using the |
1629 |
<para>Additionally we can make things even easier by using the |
| 1630 |
<literal>auto</literal> keyword to tell IP<acronym>NAT</acronym> to determine |
1630 |
<literal>auto</literal> keyword to tell IP<acronym>NAT</acronym> to determine |
| 1631 |
by itself which ports are available to use:</para> |
1631 |
by itself which ports are available to use:</para> |
| 1632 |
|
1632 |
|
| 1633 |
<programlisting>map dc0 192.168.1.0/24 -> 0.32 portmap tcp/udp auto</programlisting> |
1633 |
<programlisting>map dc0 192.168.1.0/24 -> 0/32 portmap tcp/udp auto</programlisting> |
| 1634 |
</sect3> |
1634 |
</sect3> |
| 1635 |
|
1635 |
|
| 1636 |
<sect3> |
1636 |
<sect3> |