Try to clarify column usage in DNAT/REDIRECT rules

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7507 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2007-10-22 16:00:33 +00:00 · 2007-10-22 16:00:33 +00:00 · e8b1231f8a
commit e8b1231f8a
parent 8d81bfc05b
1 changed files with 20 additions and 0 deletions
--- a/manpages/shorewall-rules.xml
+++ b/manpages/shorewall-rules.xml
@ -104,6 +104,26 @@
    appear in the file then all rules are assumed to be in the NEW
    section.</para>

+    <para>When defining rules that rewrite the destination IP address and/or
+    port number (namely DNAT and REDIRECT rules), it is important to keep
+    straight which columns in the file specify the packet before rewriting and
+    which specify how the packet will look after rewriting.</para>
+
+    <itemizedlist>
+      <listitem>
+        <para>The DEST column specifies the final destination for the packet
+        after rewriting and can include the final IP address and/or port
+        number.</para>
+      </listitem>
+
+      <listitem>
+        <para>The remaining columns specify characteristics of the packet
+        before rewriting. In particular, the ORIGINAL DEST column gives the
+        original destination IP address of the packet and the DEST PORT(S)
+        column give the original destination port(s).</para>
+      </listitem>
+    </itemizedlist>
+
    <para>The columns in the file are as follows.</para>

    <variablelist>