DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH
 

ipnat(SFF)


ipnat, ipnat.conf -- IP NAT file format

Description

The format for files accepted by ipnat is described by the following grammar:
   ipmap :: = mapit ifname ipmask "->" ipmask [ mapport ] .
   

mapit ::= "map" | "rdr" . ipmask ::= ip "/" bits | ip "/" mask | ip "netmask" mask . mapport ::= "portmap" tcpudp portnumber ":" portnumber .

tcpudp ::= "tcp" | "udp" | "tcp/udp" . portnumber ::= number { numbers } . ifname ::= 'A' - 'Z' { 'A' - 'Z' } numbers .

numbers ::= '0' | '1' | '2' | '3' | '4' | '5' | '6' | '7' | '8' | '9' .

For standard NAT functionality, a rule should start with map and then proceeds to specify the interface for which outgoing packets will have their source address rewritten.

Packets which will be rewritten can only be selected by matching the original source address. A netmask must be specified with the IP address.

The address selected for replacing the original is chosen from an IP number/netmask pair. A netmask of all 1's indicating a hostname is valid. A netmask of 31 1's (255.255.255.254) is considered invalid as there is no space for allocating host IP numbers after consideration for broadcast and network addresses.

When remapping TCP and UDP packets, it is also possible to change the source port number. Either TCP or UDP or both can be selected by each rule, with a range of port numbers to remap into given as port-number:port-number.

Examples

To change IP numbers used internally from network 10 into an ISP provided 8 bit subnet at 209.1.2.0 through the ppp0 interface, the following would be used:
   map ppp0 10.0.0.0/8 -> 209.1.2.0/24

The obvious problem here is we're trying to squeeze over 16,000,000 IP addresses into a 254 address space. To increase the scope, remapping for TCP and/or UDP, port remapping can be used;

   map ppp0 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000

which falls only 527,566 `addresses' short of the space available in network 10. If we were to combine these rules, they would need to be specified as follows:

   map ppp0 10.0.0.0/8 -> 209.1.2.0/24 portmap tcp/udp 1025:65000
   map ppp0 10.0.0.0/8 -> 209.1.2.0/24
so that all TCP/UDP packets were port mapped and only other protocols, such as ICMP, only have their IP number changed.

Files

/dev/ipnat
/etc/services
/etc/hosts

See also

ipnat(ADMP), hosts(SFF), ipf(SFF), services(SFF), ipf(ADMN)

Standards conformance

ipnat.conf is not part of any currently supported standard. It is an extension of AT&T UNIX System V provided by The Santa Cruz Operation, Inc. It includes software developed by the University of California, Berkeley and its contributors.
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003