Lines Matching +full:port +full:- +full:mapping +full:- +full:mode
1 .\"-
41 library is a collection of functions for aliasing and de-aliasing of IP
48 Incoming packets are then de-aliased so that they are sent to the correct
52 In the simplest mode of operation, a many-to-one address mapping takes
55 In addition, one-to-one mappings between local and public addresses can
59 many-to-one mappings.
60 Also, a given public address and port can be statically redirected to a
61 private address/port.
70 In addition, the operating mode of the packet aliasing engine can be
76 .Bd -ragged -offset indent
82 The following mode bits are always set after calling
86 below for the meaning of these mode bits.
88 .Bl -item -offset indent -compact
102 default mode bits listed above require a call to
111 .Bd -ragged -offset indent
126 .Bd -ragged -offset indent
129 All outgoing packets are re-mapped to this address unless overridden by a
130 static address mapping established by
137 mode bit is set (the default mode of operation), then the internal aliasing
142 address may or may not change on successive dial-up attempts.
146 mode bit is set to zero, this function can also be used to dynamically change
147 the aliasing address on a packet-to-packet basis (it is a low overhead call).
154 .Bd -ragged -offset indent
155 This function sets or clears mode bits
161 The following mode bits are defined in
163 .Bl -tag -width indent
172 If this mode bit is set, all incoming packets associated with new TCP
183 This mode bit is useful for implementing a one-way firewall.
185 If this mode bit is set, the packet-aliasing engine will attempt to leave
186 the alias port numbers unchanged from the actual local port numbers.
187 This can be done as long as the quintuple (proto, alias addr, alias port,
188 remote addr, remote port) is unique.
189 If a conflict exists, a new aliasing port number is chosen even if this
190 mode bit is set.
195 host address or unknown port number (e.g.\& an FTP data connection), this
196 mode bit specifies that a socket be allocated as a place holder to prevent
197 port conflicts.
201 If this mode bit is set, traffic on the local network which does not
205 10.0.0.0 -> 10.255.255.255 (/8)
206 172.16.0.0 -> 172.31.255.255 (/16)
207 192.168.0.0 -> 192.168.255.255 (/24)
217 100.64.0.0 -> 100.127.255.255 (RFC 6598 subnet)
219 When this mode bit is set and
223 This operating mode is useful for
226 between dial-up attempts.
227 If this mode bit is not set, the link table will never be reset in the event
234 .Xr ipfirewall 4 -
236 The holes punched are bound by from/to IP address and port; it will not be
241 (e.g.\& kill -9),
274 When this bit is set, UDP uses endpoint-independent mapping (EIM), as per
276 All packets from the same internal address:port are mapped to the same NAT
277 address:port, regardless of their destination address:port.
280 is unset, any other external address:port can
281 also send to the internal address:port through its mapped NAT address:port.
282 This is more compatible with applications, and can reduce the need for port
283 forwarding, but less scalable as each NAT address:port can only be
284 concurrently used by at most one internal address:port.
286 When this bit is unset, UDP packets use endpoint-dependent mapping (EDM)
288 Each connection from a particular internal address:port to different
290 address:port.
292 by port forwarding on the NAT, or tunnelling through an in-between server.
298 .Bd -ragged -offset indent
306 .Fn LibAliasSkinnyPort "struct libalias *" "unsigned int port"
307 .Bd -ragged -offset indent
308 Set the TCP port used by the Skinny Station protocol.
312 The typical port used by Skinny is 2000.
333 .Bd -ragged -offset indent
335 de-aliased by this function.
344 .Bl -tag -width indent
348 The packet was ignored and not de-aliased.
353 mode bit was set using
365 and de-alias them with
374 .Bd -ragged -offset indent
383 IP encoding protocols place address and port information in the encapsulated
389 .Bl -tag -width indent
400 .Sh PORT AND ADDRESS REDIRECTION
404 Individual ports can be re-mapped or static network address translations can
418 .Bd -ragged -offset indent
419 This function specifies that traffic from a given remote address/port to
420 an alias address/port be redirected to a specified local address/port.
458 port number.
459 The remote port specification will almost always be zero, but non-zero
463 overlap in their address/port specifications, then the most recent call
472 All port numbers should be in network address byte order, so it is necessary
488 .Bd -ragged -offset indent
559 .Fa "u_short port"
561 .Bd -ragged -offset indent
568 in the server pool, using a real-time load sharing algorithm.
577 host is selected on a round-robin basis only, without regard to load on
595 .Fa port
598 This function returns 0 on success, \-1 otherwise.
603 .Bd -ragged -offset indent
617 This function returns 0 on success, \-1 otherwise.
622 .Bd -ragged -offset indent
638 .Bd -ragged -offset indent
645 .Bl -tag -width indent
648 pass the original address and port information into the new destination
652 is specified, the original destination address and port are passed
656 is specified, the original destination address and port are passed
658 .Dq Li DEST Ar IP port .
659 .It Cm port Ar portnum
660 Only packets with the destination port
673 is not specified, the destination port number is not changed.
737 .Bd -ragged -offset indent
760 Non-zero remote addresses can sometimes be useful for firewalling.
778 by changing the address according to any applicable mapping set by
785 subsequent fragments will be re-mapped in the same manner the header
792 .Bd -ragged -offset indent
817 .Bd -ragged -offset indent
838 .Bd -ragged -offset indent
841 it can then be de-aliased with a call to
847 is the pointer to the packet to be de-aliased.
854 .Bd -ragged -offset indent
860 for inbound (ext -> int) traffic.
865 .Bd -ragged -offset indent
866 When an incoming packet not associated with any pre-existing aliasing link
886 .Bd -ragged -offset indent
890 protocol-specific headers (TCP, UDP, ICMP).
897 The 16-bit checksum field should be zeroed before computing the checksum.
908 .Bd -ragged -offset indent
910 has its private address/port information restored by this function.
916 This function can be used if an already-aliased packet needs to have its
934 which is a 7-tuple describing a specific translation:
935 .Bd -literal -offset indent
936 (local addr, local port, alias addr, alias port,
937 remote addr, remote port, protocol)
940 Outgoing packets have the local address and port number replaced with the
941 alias address and port number.
951 number which acts as an equivalent port number for identifying how
955 quantities: alias address/port, remote address/port and protocol.
958 In cases where conflicts might arise, the aliasing port is chosen so that
976 and/or remote port are unknown.
983 .Bd -literal -offset indent
987 The zeros denote unspecified components for the remote address and port.
989 incoming traffic from port 8066 of 204.228.203.215 to port 23 (telnet)
996 .Bd -literal -offset indent
1004 If an address mapping exists for the outgoing packet, this determines
1006 If no mapping exists, then a default address, usually the address of the
1011 The aliasing port number is determined such that the new dynamic link does
1013 In the default operating mode, the packet aliasing engine attempts to set
1014 the aliasing port equal to the local port number.
1015 If this results in a conflict, then port numbers are randomly chosen until
1017 In an alternate operating mode, the first choice of an aliasing port is also
1018 random and unrelated to the local port number.
1024 the ability to load/unload support for new protocols at run-time.
1061 .Bd -literal -offset indent
1087 .Dl "kill -HUP <process_pid>"
1095 .Bd -literal
1111 .Bd -literal
1125 .Bl -inset
1171 .Bd -literal -offset indent
1177 &ud->uh_sport, /* original source port */
1178 &ud->uh_dport, /* original dest port */
1197 .Bl -tag -width indent
1243 .Bd -literal
1249 * dlopen() - use this ptr to get access
1257 .Bl -inset
1278 .Bd -literal
1316 .Bd -literal
1345 .Bd -literal
1372 .Bl -enum
1398 .Bd -literal -offset indent
1431 .Bd -literal
1438 * ptr to an auto-malloced
1467 versions 1.0 - 1.8, 2.0 - 2.4.
1486 .Bd -ragged -offset indent
1487 .An -split