1# 2# $FreeBSD: src/sbin/natd/samples/natd.cf.sample,v 1.5 1999/09/13 18:18:33 ru Exp $ 3# $DragonFly: src/sbin/natd/samples/natd.cf.sample,v 1.2 2003/06/17 04:27:34 dillon Exp $ 4# 5# 6# Configuration file for natd. 7# 8# 9# Enable logging to file /var/log/alias.log 10# 11log no 12# 13# Incoming connections. Should NEVER be set to "yes" if redirect_port 14# or redirect_address statements are activated in this file! 15# 16# Setting to yes provides additional anti-crack protection 17# 18deny_incoming no 19# 20# Use sockets to avoid port clashes. Uses additional system resources, but 21# guarantees successful connections when port numbers conflict 22# 23use_sockets no 24# 25# Avoid port changes if possible when altering outbound packets. Makes rlogin 26# work in most cases. 27# 28same_ports yes 29# 30# Verbose mode. Enables dumping of packets and disables 31# forking to background. Only set to yes for debugging. 32# 33verbose no 34# 35# Divert port. Can be a name in /etc/services or numeric value. 36# 37port 32000 38# 39# Interface name or address being aliased. Either one, 40# not both is required. 41# 42# Obtain interface name from the command output of "ifconfig -a" 43# 44# alias_address 192.168.0.1 45interface ep0 46# 47# Alias unregistered addresses or all addresses. Set this to yes if 48# the inside network is all RFC1918 addresses. 49# 50unregistered_only no 51# 52# Configure permanent links. If you use host names instead 53# of addresses here, be sure that name server works BEFORE 54# natd is up - this is usually not the case. So either use 55# numeric addresses or hosts that are in /etc/hosts. 56# 57# Note: Current versions of FreeBSD all call /etc/rc.firewall 58# BEFORE running named, so if the DNS server and NAT are on the same 59# machine, the nameserver won't be up if natd is called from /etc/rc.firewall 60# 61# Map connections coming to port 30000 to telnet in my_private_host. 62# Remember to allow the connection /etc/rc.firewall also. 63# 64#redirect_port tcp my_private_host:telnet 30000 65# 66# Map connections coming from host.xyz.com to port 30001 to 67# telnet in another_host. 68#redirect_port tcp another_host:telnet 30001 host.xyz.com 69# 70# Static NAT address mapping: 71# 72# ipconfig must apply any legal IP numbers that inside hosts 73# will be known by to the outside interface. These are sometimes known as 74# virtual IP numbers. It's suggested to use the "interface" directive 75# instead of the "alias_address" directive to make it more clear what is 76# going on. (although both will work) 77# 78# DNS in this situation can get hairy. For example, an inside host 79# named aweb.company.com is located at 192.168.1.56, and needs to be 80# accessible through a legal IP number like 198.105.232.1. If both 81# 192.168.1.56 and 198.105.232.1 are set up as address records in the DNS 82# for aweb.company.com, then external hosts attempting to access 83# aweb.company.com may use address 192.168.1.56 which is inaccessible to them. 84# 85# The obvious solution is to use only a single address for the name, the 86# outside address. However, this creates needless traffic through the 87# NAT, because inside hosts will go through the NAT to get to the legal 88# number, even when the inside number is on the same subnet as they are! 89# 90# It's probably not a good idea to use DNS names in redirect_address statements 91# 92#The following mapping points outside address 198.105.232.1 to 192.168.1.56 93#redirect_address 192.168.1.56 198.105.232.1 94