Date: Sat, 5 Feb 2005 05:31:11 -0700 (MST) From: Brad Davis <so14k@so14k.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: docs/77131: Fix a error in the firewall section (0.32 -> 0/32) Message-ID: <20050205123111.C3D27F63@mccaffrey.house.so14k.com> Resent-Message-ID: <200502051240.j15CeNJR071011@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 77131 >Category: docs >Synopsis: Fix a error in the firewall section (0.32 -> 0/32) >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Sat Feb 05 12:40:23 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Brad Davis >Release: FreeBSD 4.10-STABLE i386 >Organization: >Environment: System: FreeBSD mccaffrey.house.so14k.com 4.10-STABLE FreeBSD 4.10-STABLE #0: Fri May 28 08:02:41 MDT 2004 root@mccaffrey.house.so14k.com:/usr/obj/usr/src/sys/MCCAFFREY i386 >Description: 1. Fix an error that I introduced with this firewall chapter. See: http://lists.freebsd.org/pipermail/freebsd-doc/2005-February/007060.html http://www.obfuscation.org/ipf/ipf-howto.txt >How-To-Repeat: >Fix: --- doc-ori/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml Sat Feb 5 05:24:00 2005 +++ doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml Sat Feb 5 05:24:46 2005 @@ -1547,7 +1547,7 @@ role="ipaddr">192.168.1.0/24</hostid>.</para> <para>The <replaceable>PUBLIC_ADDRESS</replaceable> can either - be the external IP address or the special keyword `0.32', + be the external IP address or the special keyword `0/32', which means to use the IP address assigned to <replaceable>IF</replaceable>.</para> </sect2> @@ -1567,7 +1567,7 @@ range specified to the left of the arrow symbol on the <acronym>NAT</acronym> rule. On a match the packet has its source IP address rewritten with the public IP address - obtained by the `0.32' keyword. <acronym>NAT</acronym> posts a + obtained by the `0/32' keyword. <acronym>NAT</acronym> posts a entry in its internal <acronym>NAT</acronym> table so when the packet returns from the public Internet it can be mapped back to its original private IP address and then passed to the @@ -1614,7 +1614,7 @@ with a <programlisting> tag ?--> <para>A normal NAT rule would look like:</para> - <programlisting>map dc0 192.168.1.0/24 -> 0.32</programlisting> + <programlisting>map dc0 192.168.1.0/24 -> 0/32</programlisting> <para>In the above rule the packet's source port is unchanged as the packet passes through IP<acronym>NAT</acronym>. By @@ -1624,13 +1624,13 @@ IP<acronym>NAT</acronym> to modify the source port to be within that range:</para> - <programlisting>map dc0 192.168.1.0/24 -> 0.32 portmap tcp/udp 20000:60000</programlisting> + <programlisting>map dc0 192.168.1.0/24 -> 0/32 portmap tcp/udp 20000:60000</programlisting> <para>Additionally we can make things even easier by using the <literal>auto</literal> keyword to tell IP<acronym>NAT</acronym> to determine by itself which ports are available to use:</para> - <programlisting>map dc0 192.168.1.0/24 -> 0.32 portmap tcp/udp auto</programlisting> + <programlisting>map dc0 192.168.1.0/24 -> 0/32 portmap tcp/udp auto</programlisting> </sect3> <sect3> >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050205123111.C3D27F63>