natd.cf.sample (578d29dd1214d217403e69c7c91a706cd207fcba) | natd.cf.sample (24084f9bfc80f32d7390568d742988293cc6547b) |
---|---|
1# | 1# |
2# $FreeBSD$ 3# 4# | |
5# Configuration file for natd. 6# 7# | 2# Configuration file for natd. 3# 4# |
8# Enable logging to file /var/log/alias.log | 5# Logging to /var/log |
9# 10log no 11# | 6# 7log no 8# |
12# Incoming connections. Should NEVER be set to "yes" if redirect_port 13# or redirect_address statements are activated in this file! | 9# Incoming connections. |
14# | 10# |
15# Setting to yes provides additional anti-crack protection 16# | |
17deny_incoming no 18# | 11deny_incoming no 12# |
19# Use sockets to avoid port clashes. Uses additional system resources, but 20# guarantees successful connections when port numbers conflict | 13# Use sockets to avoid port clashes. |
21# 22use_sockets no 23# | 14# 15use_sockets no 16# |
24# Avoid port changes if possible when altering outbound packets. Makes rlogin 25# work in most cases. | 17# Avoid port changes if possible. Makes rlogin work 18# in most cases. |
26# | 19# |
27same_ports yes | 20same_port yes |
28# 29# Verbose mode. Enables dumping of packets and disables | 21# 22# Verbose mode. Enables dumping of packets and disables |
30# forking to background. Only set to yes for debugging. | 23# forking to background. |
31# 32verbose no 33# 34# Divert port. Can be a name in /etc/services or numeric value. 35# 36port 32000 37# 38# Interface name or address being aliased. Either one, 39# not both is required. 40# | 24# 25verbose no 26# 27# Divert port. Can be a name in /etc/services or numeric value. 28# 29port 32000 30# 31# Interface name or address being aliased. Either one, 32# not both is required. 33# |
41# Obtain interface name from the command output of "ifconfig -a" 42# | |
43# alias_address 192.168.0.1 44interface ep0 45# | 34# alias_address 192.168.0.1 35interface ep0 36# |
46# Alias unregistered addresses or all addresses. Set this to yes if 47# the inside network is all RFC1918 addresses. | 37# Alias unregistered addresses or all addresses. |
48# 49unregistered_only no 50# 51# Configure permanent links. If you use host names instead 52# of addresses here, be sure that name server works BEFORE 53# natd is up - this is usually not the case. So either use 54# numeric addresses or hosts that are in /etc/hosts. 55# | 38# 39unregistered_only no 40# 41# Configure permanent links. If you use host names instead 42# of addresses here, be sure that name server works BEFORE 43# natd is up - this is usually not the case. So either use 44# numeric addresses or hosts that are in /etc/hosts. 45# |
56# Note: Current versions of FreeBSD all call /etc/rc.firewall 57# BEFORE running named, so if the DNS server and NAT are on the same 58# machine, the nameserver won't be up if natd is called from /etc/rc.firewall 59# | |
60# Map connections coming to port 30000 to telnet in my_private_host. 61# Remember to allow the connection /etc/rc.firewall also. | 46# Map connections coming to port 30000 to telnet in my_private_host. 47# Remember to allow the connection /etc/rc.firewall also. |
48#permanent_link tcp my_private_host:telnet 0.0.0.0:0 30000 |
|
62# | 49# |
63#redirect_port tcp my_private_host:telnet 30000 64# 65# Map connections coming from host.xyz.com to port 30001 to | 50# Map connections coming from host.xyz.com to port 30001 to |
66# telnet in another_host. | 51# telnet in another_host. |
67#redirect_port tcp another_host:telnet 30001 host.xyz.com 68# 69# Static NAT address mapping: 70# 71# ipconfig must apply any legal IP numbers that inside hosts 72# will be known by to the outside interface. These are sometimes known as 73# virtual IP numbers. It's suggested to use the "interface" directive 74# instead of the "alias_address" directive to make it more clear what is 75# going on. (although both will work) 76# 77# DNS in this situation can get hairy. For example, an inside host 78# named aweb.company.com is located at 192.168.1.56, and needs to be 79# accessible through a legal IP number like 198.105.232.1. If both 80# 192.168.1.56 and 198.105.232.1 are set up as address records in the DNS 81# for aweb.company.com, then external hosts attempting to access 82# aweb.company.com may use address 192.168.1.56 which is inaccessible to them. 83# 84# The obvious solution is to use only a single address for the name, the 85# outside address. However, this creates needless traffic through the 86# NAT, because inside hosts will go through the NAT to get to the legal 87# number, even when the inside number is on the same subnet as they are! 88# 89# It's probably not a good idea to use DNS names in redirect_address statements 90# 91#The following mapping points outside address 198.105.232.1 to 192.168.1.56 92#redirect_address 192.168.1.56 198.105.232.1 | 52#permanent_link tcp another_host:telnet host.xyz.com:0 30001 |