xref: /dflybsd-src/sbin/natd/samples/natd.cf.sample (revision 6af9a77b394698e42f3a7ec6126497a3fc2fd470)
1#
2# $FreeBSD: src/sbin/natd/samples/natd.cf.sample,v 1.5 1999/09/13 18:18:33 ru Exp $
3# $DragonFly: src/sbin/natd/samples/natd.cf.sample,v 1.2 2003/06/17 04:27:34 dillon Exp $
4#
5#
6# Configuration file for natd.
7#
8#
9# Enable logging to file /var/log/alias.log
10#
11log		no
12#
13# Incoming connections.  Should NEVER be set to "yes" if redirect_port
14# or redirect_address statements are activated in this file!
15#
16# Setting to yes provides additional anti-crack protection
17#
18deny_incoming	no
19#
20# Use sockets to avoid port clashes.  Uses additional system resources, but
21# guarantees successful connections when port numbers conflict
22#
23use_sockets	no
24#
25# Avoid port changes if possible when altering outbound packets. Makes rlogin
26# work in most cases.
27#
28same_ports	yes
29#
30# Verbose mode. Enables dumping of packets and disables
31# forking to background.  Only set to yes for debugging.
32#
33verbose		no
34#
35# Divert port. Can be a name in /etc/services or numeric value.
36#
37port		32000
38#
39# Interface name or address being aliased. Either one,
40# not both is required.
41#
42# Obtain interface name from the command output of "ifconfig -a"
43#
44# alias_address	192.168.0.1
45interface	ep0
46#
47# Alias unregistered addresses or all addresses.  Set this to yes if
48# the inside network is all RFC1918 addresses.
49#
50unregistered_only	no
51#
52# Configure permanent links. If you use host names instead
53# of addresses here, be sure that name server works BEFORE
54# natd is up - this is usually not the case. So either use
55# numeric addresses or hosts that are in /etc/hosts.
56#
57# Note:  Current versions of FreeBSD all call /etc/rc.firewall
58# BEFORE running named, so if the DNS server and NAT are on the same
59# machine, the nameserver won't be up if natd is called from /etc/rc.firewall
60#
61# Map connections coming to port 30000 to telnet in my_private_host.
62# Remember to allow the connection /etc/rc.firewall also.
63#
64#redirect_port		tcp my_private_host:telnet 30000
65#
66# Map connections coming from host.xyz.com to port 30001 to
67# telnet in another_host.
68#redirect_port		tcp another_host:telnet 30001 host.xyz.com
69#
70# Static NAT address mapping:
71#
72#  ipconfig must apply any legal IP numbers that inside hosts
73# will be known by to the outside interface.  These are sometimes known as
74# virtual IP numbers.  It's suggested to use the "interface" directive
75# instead of the "alias_address" directive to make it more clear what is
76# going on. (although both will work)
77#
78# DNS in this situation can get hairy.  For example, an inside host
79# named aweb.company.com is located at 192.168.1.56, and needs to be
80# accessible through a legal IP number like 198.105.232.1.  If both
81# 192.168.1.56 and 198.105.232.1 are set up as address records in the DNS
82# for aweb.company.com, then external hosts attempting to access
83# aweb.company.com may use address 192.168.1.56 which is inaccessible to them.
84#
85# The obvious solution is to use only a single address for the name, the
86# outside address.  However, this creates needless traffic through the
87# NAT, because inside hosts will go through the NAT to get to the legal
88# number, even when the inside number is on the same subnet as they are!
89#
90# It's probably not a good idea to use DNS names in redirect_address statements
91#
92#The following mapping points outside address 198.105.232.1 to 192.168.1.56
93#redirect_address  192.168.1.56		198.105.232.1
94