natd.cf.sample (578d29dd1214d217403e69c7c91a706cd207fcba) natd.cf.sample (24084f9bfc80f32d7390568d742988293cc6547b)
1#
1#
2# $FreeBSD$
3#
4#
5# Configuration file for natd.
6#
7#
2# Configuration file for natd.
3#
4#
8# Enable logging to file /var/log/alias.log
5# Logging to /var/log
9#
10log no
11#
6#
7log no
8#
12# Incoming connections. Should NEVER be set to "yes" if redirect_port
13# or redirect_address statements are activated in this file!
9# Incoming connections.
14#
10#
15# Setting to yes provides additional anti-crack protection
16#
17deny_incoming no
18#
11deny_incoming no
12#
19# Use sockets to avoid port clashes. Uses additional system resources, but
20# guarantees successful connections when port numbers conflict
13# Use sockets to avoid port clashes.
21#
22use_sockets no
23#
14#
15use_sockets no
16#
24# Avoid port changes if possible when altering outbound packets. Makes rlogin
25# work in most cases.
17# Avoid port changes if possible. Makes rlogin work
18# in most cases.
26#
19#
27same_ports yes
20same_port yes
28#
29# Verbose mode. Enables dumping of packets and disables
21#
22# Verbose mode. Enables dumping of packets and disables
30# forking to background. Only set to yes for debugging.
23# forking to background.
31#
32verbose no
33#
34# Divert port. Can be a name in /etc/services or numeric value.
35#
36port 32000
37#
38# Interface name or address being aliased. Either one,
39# not both is required.
40#
24#
25verbose no
26#
27# Divert port. Can be a name in /etc/services or numeric value.
28#
29port 32000
30#
31# Interface name or address being aliased. Either one,
32# not both is required.
33#
41# Obtain interface name from the command output of "ifconfig -a"
42#
43# alias_address 192.168.0.1
44interface ep0
45#
34# alias_address 192.168.0.1
35interface ep0
36#
46# Alias unregistered addresses or all addresses. Set this to yes if
47# the inside network is all RFC1918 addresses.
37# Alias unregistered addresses or all addresses.
48#
49unregistered_only no
50#
51# Configure permanent links. If you use host names instead
52# of addresses here, be sure that name server works BEFORE
53# natd is up - this is usually not the case. So either use
54# numeric addresses or hosts that are in /etc/hosts.
55#
38#
39unregistered_only no
40#
41# Configure permanent links. If you use host names instead
42# of addresses here, be sure that name server works BEFORE
43# natd is up - this is usually not the case. So either use
44# numeric addresses or hosts that are in /etc/hosts.
45#
56# Note: Current versions of FreeBSD all call /etc/rc.firewall
57# BEFORE running named, so if the DNS server and NAT are on the same
58# machine, the nameserver won't be up if natd is called from /etc/rc.firewall
59#
60# Map connections coming to port 30000 to telnet in my_private_host.
61# Remember to allow the connection /etc/rc.firewall also.
46# Map connections coming to port 30000 to telnet in my_private_host.
47# Remember to allow the connection /etc/rc.firewall also.
48#permanent_link tcp my_private_host:telnet 0.0.0.0:0 30000
62#
49#
63#redirect_port tcp my_private_host:telnet 30000
64#
65# Map connections coming from host.xyz.com to port 30001 to
50# Map connections coming from host.xyz.com to port 30001 to
66# telnet in another_host.
51# telnet in another_host.
67#redirect_port tcp another_host:telnet 30001 host.xyz.com
68#
69# Static NAT address mapping:
70#
71# ipconfig must apply any legal IP numbers that inside hosts
72# will be known by to the outside interface. These are sometimes known as
73# virtual IP numbers. It's suggested to use the "interface" directive
74# instead of the "alias_address" directive to make it more clear what is
75# going on. (although both will work)
76#
77# DNS in this situation can get hairy. For example, an inside host
78# named aweb.company.com is located at 192.168.1.56, and needs to be
79# accessible through a legal IP number like 198.105.232.1. If both
80# 192.168.1.56 and 198.105.232.1 are set up as address records in the DNS
81# for aweb.company.com, then external hosts attempting to access
82# aweb.company.com may use address 192.168.1.56 which is inaccessible to them.
83#
84# The obvious solution is to use only a single address for the name, the
85# outside address. However, this creates needless traffic through the
86# NAT, because inside hosts will go through the NAT to get to the legal
87# number, even when the inside number is on the same subnet as they are!
88#
89# It's probably not a good idea to use DNS names in redirect_address statements
90#
91#The following mapping points outside address 198.105.232.1 to 192.168.1.56
92#redirect_address 192.168.1.56 198.105.232.1
52#permanent_link tcp another_host:telnet host.xyz.com:0 30001