'\" te .\" To view license terms, attribution, and copyright for IP Filter, the default path is /usr/lib/ipf/IPFILTER.LICENCE. If the Solaris operating environment has been installed anywhere other than the default, modify the given path to access the file at the installed .\" location. .\" Portions Copyright (c) 2008, Sun Microsystems Inc. All Rights Reserved. .\" Portions Copyright (c) 2013, Joyent, Inc. All Rights Reserved. .TH IPNAT 8 "Oct 30, 2013" .SH NAME ipnat \- user interface to the NAT subsystem .SH SYNOPSIS .LP .nf \fBipnat\fR [\fB-CdFhlnRrsv\fR] [\fB-G\fR | \fB-z\fR \fIzonename\fR] \fB-f\fR \fIfilename\fR .fi .SH DESCRIPTION .LP The \fBipnat\fR utility opens a specified file (treating \fB-\fR as stdin) and parses it for a set of rules that are to be added or removed from the IP NAT. .sp .LP If there are no parsing problems, each rule processed by \fBipnat\fR is added to the kernel's internal lists. Rules are appended to the internal lists, matching the order in which they appear when given to \fBipnat\fR. .sp .LP \fBipnat\fR's use is restricted through access to \fB/dev/ipauth\fR, \fB/dev/ipl\fR, and \fB/dev/ipstate\fR. The default permissions of these files require \fBipnat\fR to be run as root for all operations. .sp .LP \fBipnat\fR's use is restricted through access to \fB/dev/ipnat\fR. The default permissions of \fB/dev/ipnat\fR require \fBipnat\fR to be run as root for all operations. .SH OPTIONS .LP The following options are supported: .sp .ne 2 .na \fB\fB-C\fR\fR .ad .RS 15n Delete all entries in the current NAT rule listing (NAT rules). .RE .sp .ne 2 .na \fB\fB-d\fR\fR .ad .RS 15n Turn debug mode on. Causes a hex dump of filter rules to be generated as it processes each one. .RE .sp .ne 2 .na \fB\fB-F\fR\fR .ad .RS 15n Delete all active entries in the current NAT translation table (currently active NAT mappings). .RE .sp .ne 2 .na \fB\fB-f\fR \fIfilename\fR\fR .ad .RS 15n Parse specified file for rules to be added or removed from the IP NAT. \fIfilename\fR can be stdin. .RE .sp .ne 2 .na \fB\fB-h\fR\fR .ad .RS 15n Print number of hits for each MAP/Redirect filter. .RE .sp .ne 2 .na \fB\fB-l\fR\fR .ad .RS 15n Show the list of current NAT table entry mappings. .RE .sp .ne 2 .na \fB\fB-n\fR\fR .ad .RS 15n Prevents \fBipf\fR from doing anything, such as making ioctl calls, which might alter the currently running kernel. .RE .sp .ne 2 .na \fB\fB-R\fR\fR .ad .RS 15n Disable both IP address-to-hostname resolution and port number-to-service name resolution. .RE .sp .ne 2 .na \fB\fB-r\fR\fR .ad .RS 15n Remove matching NAT rules rather than add them to the internal lists. .RE .sp .ne 2 .na \fB\fB-s\fR\fR .ad .RS 15n Retrieve and display NAT statistics. .RE .sp .ne 2 .na \fB\fB-v\fR\fR .ad .RS 15n Turn verbose mode on. Displays information relating to rule processing and active rules/table entries. .RE .sp .ne 2 .na \fB\fB-z\fR \fIzonename\fR\fR .ad .RS 15n Operate on the in-zone IP NAT for the specified zone. If neither this option nor \fB-G\fR is specified, the current zone is used. This command is only available in the Global Zone. See \fBZONES\fR in \fBipf\fR(8) for more information. .RE .sp .ne 2 .na \fB\fB-G\fR \fIzonename\fR\fR .ad .RS 15n Operate on the global zone controlled IP NAT for the specified zone. If neither this option nor \fB-z\fR is specified, the current zone is used. This command is only available in the Global Zone. See \fBZONES\fR in \fBipf\fR(8) for more information. .RE .SH FILES .ne 2 .na \fB\fB/dev/ipnat\fR\fR .ad .sp .6 .RS 4n Link to IP Filter pseudo device. .RE .sp .ne 2 .na \fB\fB/dev/kmem\fR\fR .ad .sp .6 .RS 4n Special file that provides access to virtual address space. .RE .sp .ne 2 .na \fB\fB/etc/ipf/ipnat.conf\fR\fR .ad .sp .6 .RS 4n Location of \fBipnat\fR startup configuration file. .RE .sp .ne 2 .na \fB\fB/usr/share/ipfilter/examples/\fR\fR .ad .sp .6 .RS 4n Contains numerous IP Filter examples. .RE .SH ATTRIBUTES .LP See \fBattributes\fR(7) for descriptions of the following attributes: .sp .sp .TS box; c | c l | l . ATTRIBUTE TYPE ATTRIBUTE VALUE _ Interface Stability Committed .TE .SH SEE ALSO .LP .BR ipnat (5), .BR attributes (7), .BR zones (7), .BR ipf (8), .BR ipfstat (8)