Lines Matching +full:8 +full:- +full:port
4 ipnat, ipnat.conf \- IPFilter NAT file format
12 .B ipnat(8)
18 address, and optionally port number, will be specified.
22 by some stanzas to match a packet, followed by a "->" and this is then
28 to text that appears before the "->" and the "right hand side" (RHS) for text
37 map $nif 0/0 -> 0/32
43 map ppp0 0/0 -> 0/32
50 .B ipnat(8)
56 rules. Both the source address and optionally port number can be changed
62 map le0 0/0 -> 0/32
72 map le0 0/0 -> 0/0
79 map le0 10.1.1.0/24 -> 192.168.55.3/32
86 map le0 10.0.0.0/8 -> 192.168.55.0/24
93 each with its own port number pair. If we're unlucky, translations can be
94 dropped because the new address/port pair mapping already exists. To
95 mitigate this problem, we add in port translation or port mapping:
98 map le0 10.0.0.0/8 -> 192.168.55.0/24 portmap tcp/udp auto
102 range of port numbers for each address on the LHS to use without fear
106 port numbers, we can say:
109 map le0 10.0.0.0/8 -> 192.168.55.0/24 portmap tcp/udp 5000:65000
113 the port number space 5000-65000 as well as the IP address subnet
120 map le0 10.0.0.0/8 -> range 192.168.55.10-192.168.55.249
128 in a round-robin fashion as followed:
131 map le0 10.0.0.0/8 -> range 192.168.55.10-192.168.55.29
132 portmap tcp/udp 5000:65000 round-robin
133 map le0 10.0.0.0/8 -> range 192.168.55.40-192.168.55.49
134 portmap tcp/udp 5000:65000 round-robin
141 map le0 10.0.0.0/8 -> 192.168.55.0/24 tcp/udp
142 map le0 10.0.0.0/8 -> 192.168.55.1/32 icmp
143 map le0 10.0.0.0/8 -> 192.168.55.2/32 gre
157 map pppoe0 0/0 -> 0/32 mssclamp 1400 tcp
163 map le0 10.0.0.0/8 -> 192.168.55.1/32 icmpidmap icmp 1000:20000
172 map le0 from 10.0.0.0/8 to 26.0.0.0/8 ->
174 map le0 from 10.0.0.0/8 port > 1024 to 26.0.0.0/8 ->
176 map le0 from 10.0.0.0/8 ! to 26.0.0.0/8 ->
186 .B map-block
196 map le0 0/0 -> 0/32 gre age 30
202 map le0 from any to any port = 53 -> 0/32 age 60/10 udp
207 To address this problem, IPFilter provides a number of built-in proxies
212 map le0 0/0 -> 0/32 proxy port 21 ftp/tcp
216 translation with an internal proxy. The "port 21" is an extra restriction
217 that requires the destination port number to be 21 if this rule is to be
231 map le0 0/0 -> 0/32 proxy portmap 5000:5999 tag lan1 tcp
235 as "set-tag (nat = lan1)".
242 map hme0,le0 0/0 -> 0/32
257 map *,le0 0/0 -> 0/32
263 .B map-block.
267 port space up to ensure that each source address has its own private range
271 map-block ppp0 172.192.0.0/16 -> 209.1.2.0/24 ports auto
278 be limited to 252 with \fBmap-block\fP but would just \fImove on\fP to the next
283 the same from-to syntax as is used in \fBipf.conf\fP(5). What follows
291 map bge0 from 10.1.0.0/16 to 192.168.1.0/24 -> 172.12.1.4
299 rdr bge0 from 10.1.0.0/16 to any port = 25 -> 127.0.0.1 port 2501 tcp
302 Where only TCP packets from 10.1.0.0/16 to port 25 will be redirected to
303 port 2501.
307 \fBippool\fR(8) in \fBippool.conf\fR(5) and then refer to it in an
311 map bge0 from pool/100 to any port = 25 -> 127.0.0.1 port 2501 tcp
320 the from-to syntax in \fBipnat.conf\fR(5) is allowed.
332 rdr le0 0/0 -> 192.168.1.0
339 rdr le0 0/0 -> 192.168.1.0/24
344 The from-to source-destination matching used with
347 restriction moves - only a source address match can be negated:
350 rdr le0 from 1.1.0.0/16 to any -> 192.168.1.3
351 rdr le0 ! from 1.1.0.0/16 to any -> 192.168.1.4
359 rdr le0 0/0 -> 192.168.1.1 - 192.168.1.5
360 rdr le0 0/0 -> range 192.168.1.1 - 192.168.1.5
367 rdr le0 0/0 -> 192.168.1.1,192.168.1.2
372 .B round-robin
376 rdr le0 0/0 -> 192.168.1.1,192.168.1.2 round-robin
377 rdr le0 0/0 -> 192.168.1.5,192.168.1.7 round-robin
378 rdr le0 0/0 -> 192.168.1.9 round-robin
389 rdr le0 0/0 -> 192.168.1.1,192.168.1.2 sticky
390 rdr le0 0/0 -> 192.168.1.5,192.168.1.7 round-robin sticky
391 rdr le0 0/0 -> 192.168.1.9 round-robin sticky
397 .B round-robin
401 port number and to modify it. For example, to change the destination port
405 rdr de0 0/0 port 80 -> 127.0.0.1 port 3128 tcp
408 If a range of ports is given on the LHS and a single port is given on the
412 rdr le0 0/0 port 80-88 -> 127.0.0.1 port 3128 tcp
415 then port 80 would become 3128, port 81 would become 3129, etc. If we
416 want to redirect a number of different pots to just a single port, an
417 equals sign ("=") is placed before the port number on the RHS like this:
420 rdr le0 0/0 port 80-88 -> 127.0.0.1 port = 3128 tcp
423 In this case, port 80 goes to 3128, port 81 to 3128, etc.
432 rdr le0 0/0 port 53 -> 127.0.0.1 port 10053 udp age 5/5
441 rdr ge0 0/0 port 21 -> 127.0.0.1 port 21 tcp proxy ftp
448 rules - input first, then output. In situations where the outgoing interface
453 rdr le0,* 0/0 -> 192.168.1.0
460 rdr le0,ppp0 9.8.7.6/32 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp
461 round-robin frag age 40/40 sticky mssclamp 1000 tag tagged
482 rewrite in on ppp0 proto tcp from any to any port = 80 ->
484 rewrite out on ppp0 from any to any ->
492 interface (\fB0/32\fR.) For TCP and UDP, both address and port information
494 port numbers to be used (\fBX-Y\fR) or a single port number (\fB= X\fR) as
498 rewrite in on le0 proto tcp from any to any port = 80 ->
499 src 0/0,2000-20000 dst 127.0.0.1,port = 3128;
507 source port
511 destination port
517 rewrite out on le0 proto tcp from any to any port = 80 ->
518 src 1.0.0.0/8,5000-5999 dst 2.0.0.0/24,6000-6999;
543 rewrite from any to any port = 80 ->
544 src 1.1.2.3 - 1.1.2.6 dst 2.2.3.4 - 2.2.3.6;
561 divert in on le0 proto udp from any to any port = 53 ->
613 rdr le0 192.0.0.0/8 port 80 -> 127.0.0.1 3132 tcp
614 rdr le0 192.2.0.0/16 port 80 -> 127.0.0.1 3131 tcp
615 rdr le0 from any to pool/100 port 80 -> 127.0.0.1 port 3130 tcp
616 rdr le0 192.2.2.0/24 port 80 -> 127.0.0.1 3129 tcp
617 rdr le0 192.2.2.1 port 80 -> 127.0.0.1 3128 tcp
625 rdr le0 192.2.2.1 port 80 -> 127.0.0.1 3128 tcp
626 rdr le0 192.2.2.0/24 port 80 -> 127.0.0.1 3129 tcp
627 rdr le0 192.2.0.0/16 port 80 -> 127.0.0.1 3131 tcp
628 rdr le0 192.0.0.0/8 port 80 -> 127.0.0.1 3132 tcp
629 rdr le0 from any to pool/100 port 80 -> 127.0.0.1 port 3130 tcp
645 rdr le0 from 1.1.0.0/16 to 192.2.2.1 port 80 -> 127.0.0.1 3129 tcp
646 rdr le0 from 1.1.1.0/24 to 192.2.2.1 port 80 -> 127.0.0.1 3128 tcp
667 Aging - protocol is roughly understood from
671 Developmental - basic functionality exists, works most of the time but
674 Experimental - rough support for the protocol at best, may or may not
678 Mature - well tested, protocol is properly
683 FTP - Mature
684 (map ... proxy port ftp ftp/tcp)
686 IRC - Experimental
687 (proxy port 6667 irc/tcp)
689 rpcbind - Experimental
691 PPTP - Experimental
693 H.323 - Experimental
694 (map ... proxy port 1720 h323/tcp)
696 Real Audio (PNA) - Aging
698 DNS - Developmental
699 (map ... proxy port 53 dns/udp { block .cnn.com; })
701 IPsec - Developmental
702 (map ... proxy port 500 ipsec/tcp)
704 netbios - Experimental
706 R-command - Mature
707 (map ... proxy port shell rcmd/tcp)
718 ipnat(4), hosts(5), ipf(5), services(5), ipf(8), ipnat(8)