holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Document port masquerading

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2018-01-19 08:55:56 -08:00
parent 5d7dcc3122
commit 4e6949f996
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Shorewall/manpages/shorewall-snat.xml
View File

@ -97,7 +97,7 @@
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">MASQUERADE[+]</emphasis>[([<replaceable>lowport</replaceable>-<replaceable>highport</replaceable>][<option>random</option>])][:<replaceable>level</replaceable>]</term> role="bold">MASQUERADE[+]</emphasis>[([<replaceable>lowport</replaceable>[-<replaceable>highport</replaceable>]][<option>random</option>])][:<replaceable>level</replaceable>]</term>
<listitem> <listitem>
<para>Causes matching outgoing packages to have their source <para>Causes matching outgoing packages to have their source
@ -105,11 +105,12 @@
specified in the DEST column. if specified in the DEST column. if
<replaceable>lowport</replaceable>-<replaceable>highport</replaceable> <replaceable>lowport</replaceable>-<replaceable>highport</replaceable>
is given, that port range will be used to assign a source is given, that port range will be used to assign a source
port. If option <option>random</option> is used then port port. If only <replaceable>lowport</replaceable> is given,
mapping will be randomized. MASQUERADE should only be used that port will be assigned, if possible. If option
when the DEST interface has a dynamic IP address. Otherwise, <option>random</option> is used then port mapping will be
SNAT should be used and should specify the interface's static randomized. MASQUERADE should only be used when the DEST
address.</para> interface has a dynamic IP address. Otherwise, SNAT should be
used and should specify the interface's static address.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -156,7 +157,7 @@
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">SNAT[+]</emphasis>([<emphasis>address-or-address-range</emphasis>][:<emphasis>lowport</emphasis><emphasis role="bold">SNAT[+]</emphasis>([<emphasis>address-or-address-range</emphasis>][:<emphasis>lowport</emphasis><emphasis
role="bold">-</emphasis><emphasis>highport</emphasis>][<emphasis role="bold">[-</emphasis><emphasis>highport</emphasis>]][<emphasis
role="bold">:random</emphasis>][:<option>persistent</option>]|<emphasis role="bold">:random</emphasis>][:<option>persistent</option>]|<emphasis
role="bold">detect</emphasis>)[:<replaceable>level</replaceable>]</term> role="bold">detect</emphasis>)[:<replaceable>level</replaceable>]</term>
@ -209,6 +210,9 @@
<programlisting> 192.0.2.4:5000-6000 <programlisting> 192.0.2.4:5000-6000
:4000-5000</programlisting> :4000-5000</programlisting>
<para>You may also specify a single port number, which will be
assigned to the outgoing connection, if possible.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>