os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

In NAT section:

Browse source 
- Add missing option, literal tags
- Use of programlisting tags instead of <para><option></option></para>
  which is ugly and wrap lines when the browser size is not "correct"
- s/--/&mdash;
- Tag and capitalize properly hostnames
- Remove useless tags
- A little rewording for consistency.
This commit is contained in:
Marc Fonvieille 2003-11-19 18:20:12 +00:00
parent 7be836d156
commit efa65110f5
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=18924
1 changed files with 37 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

69
en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml
View file

@ -6142,7 +6142,7 @@ driftfile /var/db/ntp.drift</programlisting>
<para>FreeBSD's Network Address Translation daemon, commonly known as
&man.natd.8; is a daemon that accepts incoming raw IP packets,
changes the source to the local machine and re-injects these packets
back into the outgoing IP packet stream. natd does this by changing
back into the outgoing IP packet stream. &man.natd.8; does this by changing
the source IP address and port such that when data is received back,
it is able to determine the original location of the data and forward
it back to its original requester.</para>
@ -6165,7 +6165,7 @@ driftfile /var/db/ntp.drift</programlisting>
provide Internet access to several more over a LAN.</para>
<para>To do this, the FreeBSD machine on the Internet must act as a
gateway. This gateway machine must have two NICs--one for connecting
gateway. This gateway machine must have two NICs&mdash;one for connecting
to the Internet router, the other connecting to a LAN. All the
machines on the LAN are connected through a hub or switch.</para>
@ -6264,60 +6264,63 @@ natd_flags=""</programlisting>
assigned IP address numbers in the private network space as
defined by <ulink
url="ftp://ftp.isi.edu/in-notes/rfc1918.txt">RFC 1918</ulink>
and have a default gateway of the natd machine's internal IP
and have a default gateway of the <application>natd</application> machine's internal IP
address.</para>
<para>For example, client <hostid>a</hostid> and
<hostid>b</hostid> behind the LAN have IP addresses of <hostid
<para>For example, client <hostid>A</hostid> and
<hostid>B</hostid> behind the LAN have IP addresses of <hostid
role="ipaddr">192.168.0.2</hostid> and <hostid
role="ipaddr">192.168.0.3</hostid>, while the natd machine's
LAN interface has an IP address of <hostid
role="ipaddr">192.168.0.1</hostid>. Client <hostid>a</hostid>
and <hostid>b</hostid>'s default gateway must be set to that
of the natd machine, <hostid
role="ipaddr">192.168.0.1</hostid>. The natd machine's
role="ipaddr">192.168.0.1</hostid>. Client <hostid>A</hostid>
and <hostid>B</hostid>'s default gateway must be set to that
of the <application>natd</application> machine, <hostid
role="ipaddr">192.168.0.1</hostid>. The <application>natd</application> machine's
external, or Internet interface does not require any special
modification for natd to work.</para>
modification for &man.natd.8; to work.</para>
</sect2>
<sect2 id="network-natdport-redirection">
<title>Port Redirection</title>
<para>The drawback with natd is that the LAN clients are not accessible
<para>The drawback with &man.natd.8; is that the LAN clients are not accessible
from the Internet. Clients on the LAN can make outgoing connections to
the world but cannot receive incoming ones. This presents a problem
if trying to run Internet services on one of the LAN client machines.
A simple way around this is to redirect selected Internet ports on the
natd machine to a LAN client.
<application>natd</application> machine to a LAN client.
</para>
<para>For example, an IRC server runs on Client A, and a web server runs
on Client B. For this to work properly, connections received on ports
<para>For example, an IRC server runs on client <hostid>A</hostid>, and a web server runs
on client <hostid>B</hostid>. For this to work properly, connections received on ports
6667 (IRC) and 80 (web) must be redirected to the respective machines.
</para>
<para>The <command>-redirect_port</command> must be passed to
<para>The <option>-redirect_port</option> must be passed to
&man.natd.8; with the proper options. The syntax is as follows:</para>
<para><programlisting> -redirect_port proto targetIP:targetPORT[-targetPORT]
<programlisting> -redirect_port proto targetIP:targetPORT[-targetPORT]
[aliasIP:]aliasPORT[-aliasPORT]
[remoteIP[:remotePORT[-remotePORT]]]</programlisting></para>
[remoteIP[:remotePORT[-remotePORT]]]</programlisting>
<para>In the above example, the argument should be:</para>
<para>In the above example, the argument should be:
<programlisting> -redirect_port tcp 192.168.0.2:6667 6667
-redirect_port tcp 192.168.0.3:80 80</programlisting>
<para>
This will redirect the proper <emphasis>tcp</emphasis> ports to the
LAN client machines.
</para>
<para>The -redirect_port argument can be used to indicate port
<para>The <option>-redirect_port</option> argument can be used to indicate port
ranges over individual ports. For example, <replaceable>tcp
192.168.0.2:2000-3000 2000-3000</replaceable> would redirect
all connections received on ports 2000 to 3000 to ports 2000
to 3000 on Client A.</para>
to 3000 on client <hostid>A</hostid>.</para>
<para>These options can be used when directly running
&man.natd.8; or placed within the
<programlisting>natd_flags=""</programlisting> option in
<literal>natd_flags=""</literal> option in
<filename>/etc/rc.conf</filename>.</para>
<para>For further configuration options, consult &man.natd.8;</para>
@ -6335,16 +6338,17 @@ natd_flags=""</programlisting>
the specific LAN client. This is also known as static NAT.
For example, the IP addresses <hostid role="ipaddr">128.1.1.1</hostid>,
<hostid role="ipaddr">128.1.1.2</hostid>, and
<hostid role="ipaddr">128.1.1.3</hostid> belong to the natd gateway
<hostid role="ipaddr">128.1.1.3</hostid> belong to the <application>natd</application> gateway
machine. <hostid role="ipaddr">128.1.1.1</hostid> can be used
as the natd gateway machine's external IP address, while
as the <application>natd</application> gateway machine's external IP address, while
<hostid role="ipaddr">128.1.1.2</hostid> and
<hostid role="ipaddr">128.1.1.3</hostid> are forwarded back to LAN
clients A and B.</para>
clients <hostid>A</hostid> and <hostid>B</hostid>.</para>
<para>The <option>-redirect_address</option> syntax is as follows:</para>
<programlisting>-redirect_address localIP publicIP</programlisting>
<para>The -redirect_address syntax is as follows:</para>
<para><option> -redirect_address localIP publicIP</option>
</para>
<informaltable frame="none">
<tgroup cols="2">
@ -6362,15 +6366,16 @@ natd_flags=""</programlisting>
</informaltable>
<para>In the example, this argument would read:</para>
<para><option> -redirect_address 192.168.0.2 128.1.1.2
-redirect_address 192.168.0.3 128.1.1.3</option></para>
<para>Like -redirect_port, these arguments are also placed within
natd_flags of <filename>/etc/rc.conf</filename>. With address
<programlisting>-redirect_address 192.168.0.2 128.1.1.2
-redirect_address 192.168.0.3 128.1.1.3</programlisting>
<para>Like <option>-redirect_port</option>, these arguments are also placed within
the <literal>natd_flags=""</literal> option of <filename>/etc/rc.conf</filename>. With address
redirection, there is no need for port redirection since all data
received on a particular IP address is redirected.</para>
<para>The external IP addresses on the natd machine must be active and aliased
<para>The external IP addresses on the <application>natd</application> machine must be active and aliased
to the external interface. Look at &man.rc.conf.5; to do so.</para>
</sect2>