Bug 95265

Summary: Correction to handbook section 26.5.16 IPNAT Rules
Product: Documentation Reporter: FBSD mailing List <fbsd_user>
Component: Books & ArticlesAssignee: freebsd-doc (Nobody) <doc>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description FBSD mailing List 2006-04-03 14:30:14 UTC 
Add warning about usage of special aliases

Fix: 

Change the last sentance of the section from this:

The PUBLIC_ADDRESS can either be the external IP address or the special
keyword 0/32, which means to use the IP address assigned to IF.

To this:

The PUBLIC_ADDRESS can either be the external IP address or the special
alias 0/32, which means to use the public routable IP address assigned to IF.


And then add this.

These special aliases |0.32|, |0/0| and |0/32|, only work in IPNAT's map
and bimap rules. They do NOT work in IPF rules, or in IPNAT rdr rules.
Beware how and where you use these special aliases as incorrect usage
generates no errors.
Comment 1 chinsan freebsd_committer freebsd_triage 2006-09-27 08:00:47 UTC 
Responsible Changed
From-To: freebsd-doc->chinsan

I'll take it.
Comment 2 bob 2007-05-12 12:42:22 UTC 
I submitted this doc pr over a year ago. 
What is its current status?
When is it going to be included into the handbook???
Comment 3 chinsan freebsd_committer freebsd_triage 2007-05-20 08:51:45 UTC 
Responsible Changed
From-To: chinsan->freebsd-doc

Sorry, I am busy on work handover with my team's job. 

So I haven't much time to deal with this. 
Return this pr to the pool. 

Sorry... :(
Comment 4 Remko Lodder freebsd_committer freebsd_triage 2007-07-02 20:26:24 UTC 
State Changed
From-To: open->closed

I am sorry but this does not seem to be needed. If you review the ipnat 
section, it should be clear for you that only the information there 
reflects ipnat and not ipf (Which was already discussed prior to the 
ipnat section). In addittion, the external address does not neccessarily 
have to be a public routable address, for instance you can use a ppp 
connection over a private ip which gets natted later. Thanks for the 
submission anyway.