Handbook/Firewalls: correct the network devices in the NAT example

PR:		232042
Submitted by:	Samy Mahmoudi <samy dot mahmoudi at gmail dot com>
Reviewed by:	bcr
Approved by:	bcr
Differential Revision:	https://reviews.freebsd.org/D25652

en_US.ISO8859-1/books/handbook/firewalls/chapter.xml

@@ -630,8 +630,8 @@ pass proto udp to any port $udp_services keep state</programlisting>
 	  running <application>PF</application> to act as a gateway
 	  for at least one other machine.  The gateway needs at least
 	  two network interfaces, each connected to a separate
-	  network.  In this example, <filename>xl1</filename> is
+	  network.  In this example, <filename>xl0</filename> is
-	  connected to the Internet and <filename>xl0</filename> is
+	  connected to the Internet and <filename>xl1</filename> is
 	  connected to the internal network.</para>
 
 	<para>First, enable the gateway to let the machine
@@ -657,9 +657,9 @@ pass proto udp to any port $udp_services keep state</programlisting>
 
 	<para>Next, create the <application>PF</application> rules to
 	  allow the gateway to pass traffic.  While the following rule
-	  allows stateful traffic to pass from the Internet  to hosts
+	  allows stateful traffic from hosts of the internal network
-	  on the network, the <literal>to</literal> keyword does not
+	  to pass to the gateway, the <literal>to</literal> keyword
-	  guarantee passage all the way from source to
+	  does not guarantee passage all the way from source to
 	  destination:</para>
 
 	<programlisting>pass in on xl1 from xl1:network to xl0:network port $ports keep state</programlisting>