[ipfilter-cvs] ipfilter/man ipnat.5,v5-1-RELEASE
Brought to you by:
darren_r
Menu
▾
▴
[ipfilter-cvs] ipfilter/man ipnat.5,v5-1-RELEASE
|
From: Darren <dar...@us...> - 2012-07-20 08:04:16
|
Update of /cvsroot/ipfilter/ipfilter/man
In directory vz-cvs-4.sog:/tmp/cvs-serv28509/man
Modified Files:
Tag: v5-1-RELEASE
ipnat.5
Log Message:
3544313 remove nat encap feature
Index: ipnat.5
===================================================================
RCS file: /cvsroot/ipfilter/ipfilter/man/ipnat.5,v
retrieving revision 1.7.2.2
retrieving revision 1.7.2.3
diff -C2 -d -r1.7.2.2 -r1.7.2.3
*** ipnat.5 29 May 2012 14:44:58 -0000 1.7.2.2
--- ipnat.5 20 Jul 2012 08:04:13 -0000 1.7.2.3
***************
*** 555,561 ****
rule.
.PP
! The syntax for these rules is much the same as
! .B encap
! rules, but instead the syntax must supply required information for UDP:
.nf
--- 555,565 ----
rule.
.PP
! Divert rules can be be used with both inbound and outbound packet
! matching however the rule
! .B must
! specify host addresses for the outer packet, not ranges of addresses
! or netmasks, just single addresses.
! Additionally the syntax must supply required information for UDP.
! An example of what a divert rule looks ike is as follows:
.nf
***************
*** 578,604 ****
not possible to cause Path MTU discovery to happen as this feature
is intended to be transparent to both endpoints.
- .SH ENCAPSULATING PACKETS
- .PP
- In addition to translating address fields of a packet, the NAT module in
- IPFILter also supports wrapping them up in another IP packet and sending
- them off to a new destination. Full compliance of this feature with
- RFC 1853 and RFC 2003 is pending implementation of support for PMTU
- discovery with it.
- .PP
- Encapsulation can be performed on both incoming and outgoing packets
- but
- .B must
- specify host addresses for the outer packet, not ranges of addresses
- or netmasks, just single addresses.
- .PP
- As with the
- .B rewrite
- rules, the LHS requires a from/to match and terminates with a
- semi-colon (";"). An example of what these might look like are:
- .nf
-
- encap out on le0 from any to any -> src 10.1.1.1 dst 192.168.1.1;
- .fi
- .TP
.B Path MTU Discovery
If Path MTU discovery is being used and the "do not fragment" flag
--- 582,585 ----
|