In NAT section:
- Add missing option, literal tags - Use of programlisting tags instead of <para><option></option></para> which is ugly and wrap lines when the browser size is not "correct" - s/--/— - Tag and capitalize properly hostnames - Remove useless tags - A little rewording for consistency.
This commit is contained in:
Marc Fonvieille
parent
7be836d156
commit
efa65110f5
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=18924
1 changed files with 37 additions and 32 deletions
|
|
@ -6142,7 +6142,7 @@ driftfile /var/db/ntp.drift</programlisting>
|
||||||
<para>FreeBSD's Network Address Translation daemon, commonly known as
|
<para>FreeBSD's Network Address Translation daemon, commonly known as
|
||||||
&man.natd.8; is a daemon that accepts incoming raw IP packets,
|
&man.natd.8; is a daemon that accepts incoming raw IP packets,
|
||||||
changes the source to the local machine and re-injects these packets
|
changes the source to the local machine and re-injects these packets
|
||||||
back into the outgoing IP packet stream. natd does this by changing
|
back into the outgoing IP packet stream. &man.natd.8; does this by changing
|
||||||
the source IP address and port such that when data is received back,
|
the source IP address and port such that when data is received back,
|
||||||
it is able to determine the original location of the data and forward
|
it is able to determine the original location of the data and forward
|
||||||
it back to its original requester.</para>
|
it back to its original requester.</para>
|
||||||
|
|
@ -6165,7 +6165,7 @@ driftfile /var/db/ntp.drift</programlisting>
|
||||||
provide Internet access to several more over a LAN.</para>
|
provide Internet access to several more over a LAN.</para>
|
||||||
|
|
||||||
<para>To do this, the FreeBSD machine on the Internet must act as a
|
<para>To do this, the FreeBSD machine on the Internet must act as a
|
||||||
gateway. This gateway machine must have two NICs--one for connecting
|
gateway. This gateway machine must have two NICs—one for connecting
|
||||||
to the Internet router, the other connecting to a LAN. All the
|
to the Internet router, the other connecting to a LAN. All the
|
||||||
machines on the LAN are connected through a hub or switch.</para>
|
machines on the LAN are connected through a hub or switch.</para>
|
||||||
|
|
||||||
|
|
@ -6264,60 +6264,63 @@ natd_flags=""</programlisting>
|
||||||
assigned IP address numbers in the private network space as
|
assigned IP address numbers in the private network space as
|
||||||
defined by <ulink
|
defined by <ulink
|
||||||
url="ftp://ftp.isi.edu/in-notes/rfc1918.txt">RFC 1918</ulink>
|
url="ftp://ftp.isi.edu/in-notes/rfc1918.txt">RFC 1918</ulink>
|
||||||
and have a default gateway of the natd machine's internal IP
|
and have a default gateway of the <application>natd</application> machine's internal IP
|
||||||
address.</para>
|
address.</para>
|
||||||
|
|
||||||
<para>For example, client <hostid>a</hostid> and
|
<para>For example, client <hostid>A</hostid> and
|
||||||
<hostid>b</hostid> behind the LAN have IP addresses of <hostid
|
<hostid>B</hostid> behind the LAN have IP addresses of <hostid
|
||||||
role="ipaddr">192.168.0.2</hostid> and <hostid
|
role="ipaddr">192.168.0.2</hostid> and <hostid
|
||||||
role="ipaddr">192.168.0.3</hostid>, while the natd machine's
|
role="ipaddr">192.168.0.3</hostid>, while the natd machine's
|
||||||
LAN interface has an IP address of <hostid
|
LAN interface has an IP address of <hostid
|
||||||
role="ipaddr">192.168.0.1</hostid>. Client <hostid>a</hostid>
|
role="ipaddr">192.168.0.1</hostid>. Client <hostid>A</hostid>
|
||||||
and <hostid>b</hostid>'s default gateway must be set to that
|
and <hostid>B</hostid>'s default gateway must be set to that
|
||||||
of the natd machine, <hostid
|
of the <application>natd</application> machine, <hostid
|
||||||
role="ipaddr">192.168.0.1</hostid>. The natd machine's
|
role="ipaddr">192.168.0.1</hostid>. The <application>natd</application> machine's
|
||||||
external, or Internet interface does not require any special
|
external, or Internet interface does not require any special
|
||||||
modification for natd to work.</para>
|
modification for &man.natd.8; to work.</para>
|
||||||
</sect2>
|
</sect2>
|
||||||
|
|
||||||
<sect2 id="network-natdport-redirection">
|
<sect2 id="network-natdport-redirection">
|
||||||
<title>Port Redirection</title>
|
<title>Port Redirection</title>
|
||||||
|
|
||||||
<para>The drawback with natd is that the LAN clients are not accessible
|
<para>The drawback with &man.natd.8; is that the LAN clients are not accessible
|
||||||
from the Internet. Clients on the LAN can make outgoing connections to
|
from the Internet. Clients on the LAN can make outgoing connections to
|
||||||
the world but cannot receive incoming ones. This presents a problem
|
the world but cannot receive incoming ones. This presents a problem
|
||||||
if trying to run Internet services on one of the LAN client machines.
|
if trying to run Internet services on one of the LAN client machines.
|
||||||
A simple way around this is to redirect selected Internet ports on the
|
A simple way around this is to redirect selected Internet ports on the
|
||||||
natd machine to a LAN client.
|
<application>natd</application> machine to a LAN client.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>For example, an IRC server runs on Client A, and a web server runs
|
<para>For example, an IRC server runs on client <hostid>A</hostid>, and a web server runs
|
||||||
on Client B. For this to work properly, connections received on ports
|
on client <hostid>B</hostid>. For this to work properly, connections received on ports
|
||||||
6667 (IRC) and 80 (web) must be redirected to the respective machines.
|
6667 (IRC) and 80 (web) must be redirected to the respective machines.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>The <command>-redirect_port</command> must be passed to
|
<para>The <option>-redirect_port</option> must be passed to
|
||||||
&man.natd.8; with the proper options. The syntax is as follows:</para>
|
&man.natd.8; with the proper options. The syntax is as follows:</para>
|
||||||
<para><programlisting> -redirect_port proto targetIP:targetPORT[-targetPORT]
|
<programlisting> -redirect_port proto targetIP:targetPORT[-targetPORT]
|
||||||
[aliasIP:]aliasPORT[-aliasPORT]
|
[aliasIP:]aliasPORT[-aliasPORT]
|
||||||
[remoteIP[:remotePORT[-remotePORT]]]</programlisting></para>
|
[remoteIP[:remotePORT[-remotePORT]]]</programlisting>
|
||||||
|
|
||||||
|
<para>In the above example, the argument should be:</para>
|
||||||
|
|
||||||
<para>In the above example, the argument should be:
|
|
||||||
<programlisting> -redirect_port tcp 192.168.0.2:6667 6667
|
<programlisting> -redirect_port tcp 192.168.0.2:6667 6667
|
||||||
-redirect_port tcp 192.168.0.3:80 80</programlisting>
|
-redirect_port tcp 192.168.0.3:80 80</programlisting>
|
||||||
|
|
||||||
|
<para>
|
||||||
This will redirect the proper <emphasis>tcp</emphasis> ports to the
|
This will redirect the proper <emphasis>tcp</emphasis> ports to the
|
||||||
LAN client machines.
|
LAN client machines.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>The -redirect_port argument can be used to indicate port
|
<para>The <option>-redirect_port</option> argument can be used to indicate port
|
||||||
ranges over individual ports. For example, <replaceable>tcp
|
ranges over individual ports. For example, <replaceable>tcp
|
||||||
192.168.0.2:2000-3000 2000-3000</replaceable> would redirect
|
192.168.0.2:2000-3000 2000-3000</replaceable> would redirect
|
||||||
all connections received on ports 2000 to 3000 to ports 2000
|
all connections received on ports 2000 to 3000 to ports 2000
|
||||||
to 3000 on Client A.</para>
|
to 3000 on client <hostid>A</hostid>.</para>
|
||||||
|
|
||||||
<para>These options can be used when directly running
|
<para>These options can be used when directly running
|
||||||
&man.natd.8; or placed within the
|
&man.natd.8; or placed within the
|
||||||
<programlisting>natd_flags=""</programlisting> option in
|
<literal>natd_flags=""</literal> option in
|
||||||
<filename>/etc/rc.conf</filename>.</para>
|
<filename>/etc/rc.conf</filename>.</para>
|
||||||
|
|
||||||
<para>For further configuration options, consult &man.natd.8;</para>
|
<para>For further configuration options, consult &man.natd.8;</para>
|
||||||
|
|
@ -6335,16 +6338,17 @@ natd_flags=""</programlisting>
|
||||||
the specific LAN client. This is also known as static NAT.
|
the specific LAN client. This is also known as static NAT.
|
||||||
For example, the IP addresses <hostid role="ipaddr">128.1.1.1</hostid>,
|
For example, the IP addresses <hostid role="ipaddr">128.1.1.1</hostid>,
|
||||||
<hostid role="ipaddr">128.1.1.2</hostid>, and
|
<hostid role="ipaddr">128.1.1.2</hostid>, and
|
||||||
<hostid role="ipaddr">128.1.1.3</hostid> belong to the natd gateway
|
<hostid role="ipaddr">128.1.1.3</hostid> belong to the <application>natd</application> gateway
|
||||||
machine. <hostid role="ipaddr">128.1.1.1</hostid> can be used
|
machine. <hostid role="ipaddr">128.1.1.1</hostid> can be used
|
||||||
as the natd gateway machine's external IP address, while
|
as the <application>natd</application> gateway machine's external IP address, while
|
||||||
<hostid role="ipaddr">128.1.1.2</hostid> and
|
<hostid role="ipaddr">128.1.1.2</hostid> and
|
||||||
<hostid role="ipaddr">128.1.1.3</hostid> are forwarded back to LAN
|
<hostid role="ipaddr">128.1.1.3</hostid> are forwarded back to LAN
|
||||||
clients A and B.</para>
|
clients <hostid>A</hostid> and <hostid>B</hostid>.</para>
|
||||||
|
|
||||||
|
<para>The <option>-redirect_address</option> syntax is as follows:</para>
|
||||||
|
|
||||||
|
<programlisting>-redirect_address localIP publicIP</programlisting>
|
||||||
|
|
||||||
<para>The -redirect_address syntax is as follows:</para>
|
|
||||||
<para><option> -redirect_address localIP publicIP</option>
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<informaltable frame="none">
|
<informaltable frame="none">
|
||||||
<tgroup cols="2">
|
<tgroup cols="2">
|
||||||
|
|
@ -6362,15 +6366,16 @@ natd_flags=""</programlisting>
|
||||||
</informaltable>
|
</informaltable>
|
||||||
|
|
||||||
<para>In the example, this argument would read:</para>
|
<para>In the example, this argument would read:</para>
|
||||||
<para><option> -redirect_address 192.168.0.2 128.1.1.2
|
|
||||||
-redirect_address 192.168.0.3 128.1.1.3</option></para>
|
|
||||||
|
|
||||||
<para>Like -redirect_port, these arguments are also placed within
|
<programlisting>-redirect_address 192.168.0.2 128.1.1.2
|
||||||
natd_flags of <filename>/etc/rc.conf</filename>. With address
|
-redirect_address 192.168.0.3 128.1.1.3</programlisting>
|
||||||
|
|
||||||
|
<para>Like <option>-redirect_port</option>, these arguments are also placed within
|
||||||
|
the <literal>natd_flags=""</literal> option of <filename>/etc/rc.conf</filename>. With address
|
||||||
redirection, there is no need for port redirection since all data
|
redirection, there is no need for port redirection since all data
|
||||||
received on a particular IP address is redirected.</para>
|
received on a particular IP address is redirected.</para>
|
||||||
|
|
||||||
<para>The external IP addresses on the natd machine must be active and aliased
|
<para>The external IP addresses on the <application>natd</application> machine must be active and aliased
|
||||||
to the external interface. Look at &man.rc.conf.5; to do so.</para>
|
to the external interface. Look at &man.rc.conf.5; to do so.</para>
|
||||||
|
|
||||||
</sect2>
|
</sect2>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue