|
Lines 355-361
Link Here
|
| 355 |
packets for the computers in the LAN or want to do NAT, you have to |
355 |
packets for the computers in the LAN or want to do NAT, you have to |
| 356 |
enable the following option as well:</para> |
356 |
enable the following option as well:</para> |
| 357 |
|
357 |
|
| 358 |
<programlisting>gateway_enable="YES" # Enable as Lan gateway</programlisting> |
358 |
<programlisting>gateway_enable="YES" # Enable as LAN gateway</programlisting> |
| 359 |
|
359 |
|
| 360 |
</sect2> |
360 |
</sect2> |
| 361 |
</sect1> |
361 |
</sect1> |
|
Lines 511-517
Link Here
|
| 511 |
reserved private IP address ranges, then you need to add the |
511 |
reserved private IP address ranges, then you need to add the |
| 512 |
following to enable <acronym>NAT</acronym> functionality:</para> |
512 |
following to enable <acronym>NAT</acronym> functionality:</para> |
| 513 |
|
513 |
|
| 514 |
<programlisting>gateway_enable="YES" # Enable as Lan gateway |
514 |
<programlisting>gateway_enable="YES" # Enable as LAN gateway |
| 515 |
ipnat_enable="YES" # Start ipnat function |
515 |
ipnat_enable="YES" # Start ipnat function |
| 516 |
ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat</programlisting> |
516 |
ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat</programlisting> |
| 517 |
|
517 |
|
|
Lines 1718-1724
Link Here
|
| 1718 |
wins. <acronym>NAT</acronym> tests each of its rules against |
1718 |
wins. <acronym>NAT</acronym> tests each of its rules against |
| 1719 |
the packets interface name and source IP address. When a |
1719 |
the packets interface name and source IP address. When a |
| 1720 |
packets interface name matches a <acronym>NAT</acronym> rule |
1720 |
packets interface name matches a <acronym>NAT</acronym> rule |
| 1721 |
then the [source IP address, i.e. private Lan IP address] of |
1721 |
then the [source IP address, i.e. private LAN IP address] of |
| 1722 |
the packet is checked to see if it falls within the IP address |
1722 |
the packet is checked to see if it falls within the IP address |
| 1723 |
range specified to the left of the arrow symbol on the |
1723 |
range specified to the left of the arrow symbol on the |
| 1724 |
<acronym>NAT</acronym> rule. On a match the packet has its |
1724 |
<acronym>NAT</acronym> rule. On a match the packet has its |
|
Lines 2876-2882
Link Here
|
| 2876 |
of the location of rule numbers 100 101, 450, 500, and 510. |
2876 |
of the location of rule numbers 100 101, 450, 500, and 510. |
| 2877 |
These rules control the translation of the outbound and |
2877 |
These rules control the translation of the outbound and |
| 2878 |
inbound packets so their entries in the keep-state dynamic |
2878 |
inbound packets so their entries in the keep-state dynamic |
| 2879 |
table always register the private Lan IP address. Next |
2879 |
table always register the private LAN IP address. Next |
| 2880 |
notice that all the allow and deny rules specified the |
2880 |
notice that all the allow and deny rules specified the |
| 2881 |
direction the packet is going (IE outbound or inbound) and |
2881 |
direction the packet is going (IE outbound or inbound) and |
| 2882 |
the interface. Also notice that all the start outbound |
2882 |
the interface. Also notice that all the start outbound |
|
Lines 2891-2897
Link Here
|
| 2891 |
dynamic table yet. The packet finally comes to rule 125 a |
2891 |
dynamic table yet. The packet finally comes to rule 125 a |
| 2892 |
matches. It is outbound through the NIC facing the public |
2892 |
matches. It is outbound through the NIC facing the public |
| 2893 |
Internet. The packet still has it's source IP address as a |
2893 |
Internet. The packet still has it's source IP address as a |
| 2894 |
private Lan IP address. On the match to this rule, two |
2894 |
private LAN IP address. On the match to this rule, two |
| 2895 |
actions take place. The keep-state option will post this rule |
2895 |
actions take place. The keep-state option will post this rule |
| 2896 |
into the keep-state dynamic rules table and the specified |
2896 |
into the keep-state dynamic rules table and the specified |
| 2897 |
action is executed. The action is part of the info posted to |
2897 |
action is executed. The action is part of the info posted to |
|
Lines 2900-2906
Link Here
|
| 2900 |
this, this is very important. This packet makes its way to |
2900 |
this, this is very important. This packet makes its way to |
| 2901 |
the destination and returns and enters the top of the rule |
2901 |
the destination and returns and enters the top of the rule |
| 2902 |
set. This time it does match rule 100 and has it destination |
2902 |
set. This time it does match rule 100 and has it destination |
| 2903 |
IP address mapped back to its corresponding Lan IP address. |
2903 |
IP address mapped back to its corresponding LAN IP address. |
| 2904 |
It then is processed by the check-state rule, it's found in |
2904 |
It then is processed by the check-state rule, it's found in |
| 2905 |
the table as an existing session conversation and released |
2905 |
the table as an existing session conversation and released |
| 2906 |
to the LAN. It goes to the LAN PC that sent it and a new |
2906 |
to the LAN. It goes to the LAN PC that sent it and a new |