doc: spelling and grammar corrections to DNETMAP

2025-12-06 16:13:54 +01:00 · 2013-06-02 17:13:25 +02:00
parent fda591dba4
commit 2b38d081a5
1 changed files with 91 additions and 85 deletions
--- a/extensions/libxt_DNETMAP.man
+++ b/extensions/libxt_DNETMAP.man
@@ -1,91 +1,95 @@
 .PP
-The \fBDNETMAP\fR target allows dynamic two-way 1:1 mapping of IPv4 subnets.
+The \fBDNETMAP\fR target allows dynamic two-way 1:1 mapping of IPv4 subnets. A
-Single rule can map private subnet to shorter public subnet creating and
+single rule can map a private subnet to a shorter public subnet, creating and
-maintaining unambigeous private-public ip bindings. Second rule can be used to
+maintaining unambiguous private-public IP address bindings. The second rule can
-map new flows to private subnet according to maintained bindings. Target allows
+be used to map new flows to a private subnet according to maintained bindings.
-efficient public IPv4 space usage and unambigeous NAT at the same time.
+The target allows efficient public IPv4 space usage and unambiguous NAT at the
 same time.
 .PP
-Target can be used only in \fBnat\fR table in \fBPOSTROUTING\fR or \fBOUTPUT\fR
+The target can be used only in the \fBnat\fR table in \fBPOSTROUTING\fR or
-chains for SNAT and in \fBPREROUTING\fR for DNAT. Only flows directed to bound
+\fBOUTPUT\fR chains for SNAT, and in \fBPREROUTING\fR for DNAT. Only flows
-IPs will be DNATed. Packet continues chain traversal if there is no free
+directed to bound addresses will be DNATed. The packet continues chain
-postnat-ip to be assigned to prenat-ip. Default binding \fBttl\fR is \fI10
+traversal if there is no free postnat address to be assigned to the prenat
-minutes\fR and can be changed using \fBdefault_ttl\fR module option. Default ip
+address. The default binding \fBTTL\fR is \fI10 minutes\fR and can be changed
-hash size is 256 and can be changed using \fBhash_size\fR module option.
+using the \fBdefault_ttl\fR module option. The default address hash size is 256
 and can be changed using the \fBhash_size\fR module option.
 .TP
 \fB\-\-prefix\fR \fIaddr\fR\fB/\fR\fImask\fR
-Network subnet to map to. If not specified, all existing prefixes are used.
+The network subnet to map to. If not specified, all existing prefixes are used.
 .TP
 \fB\-\-reuse\fR
-Reuse entry for given prenat-ip from any prefix despite bindings ttl < 0.
+Reuse the entry for a given prenat address from any prefix even if the
 binding's TTL is < 0.
 .TP
 \fB\-\-persistent\fR
-Set prefix persistent. It will not be removed after deleting last iptables
+Set the prefix to be persistent. It will not be removed after deleting the last
-rule.
+iptables rule. The option is effective only in the first rule for a given
-Option is effective only in the first rule for a given prefix. If you
+prefix. If you need to change persistency for an existing prefix, please use
-need to change persistency for existing prefix, please use proc interface
+the procfs interface described below.
 described below.
 .TP
 \fB\-\-static\fR
 Do not create dynamic mappings using this rule. Use static mappings only. Note
-that you need to create static mappings via proc interface for this rule with
+that you need to create static mappings via the procfs interface for this rule
-this option to have any effect.
+for this option to have any effect.
 .TP
 \fB\-\-ttl\fR \fIseconds\fR
-Regenerate bindings ttl value to \fIseconds\fR. If negative value is specified,
+Reset the binding's TTL value to \fIseconds\fR. If a negative value is
-bindings ttl is kept unchanged. If not specified then default ttl value (600s)
+specified, the binding's TTL is kept unchanged. If this option is not
-is used.
+specified, then the default TTL value (600s) is used.
 .PP
 \fB* /proc interface\fR
 .PP
-Module creates following entries for each new specified subnet:
+The module creates the following entries for each new specified subnet:
 .TP
 \fB/proc/net/xt_DNETMAP/\fR\fIsubnet\fR\fB_\fR\fImask\fR
-Contains binding table for subnet/mask. Each line contains \fBprenat-ip\fR,
+Contains the binding table for the given \fIsubnet/mask\fP. Each line contains
-\fBpostnat-ip\fR,\fBttl\fR (seconds till entry times out), \fBlasthit\fR (last
+\fBprenat address\fR, \fBpostnat address\fR, \fBttl\fR (seconds until the entry
-entry hit in seconds relative to system boot time). Please note that \fBttl\fR
+times out), \fBlasthit\fR (last hit to the entry in seconds relative to system
-and \fBlasthit\fR entries contain \fBS\fR in case of static binding.
+boot time). Please note that the \fBttl\fR and \fBlasthit\fR entries contain an
 '\fBS\fR' in case of a static binding.
 .TP
 \fB/proc/net/xt_DNETMAP/\fR\fIsubnet\fR\fB_\fR\fImask\fR\fB_stat\fR
-Contains statistics for given subnet/mask. Line contains contains four
+Contains statistics for a given \fIsubnet/mask\fP. The line contains four
-numerical values separated by spaces. First one is number of currently used
+numerical values separated by spaces. The first one is the number of currently
-dynamic addresses (bindings with negative ttl excluded), second one is number
+used dynamic addresses (bindings with negative TTL excluded), the second one is
-static assignments, third one is number of all usable addresses in subnet and
+the number of static assignments, the third one is the number of all usable
-the fourth one is mean \fBttl\fR value for all active entries. If prefix has
+addresses in the subnet, and the fourth one is the mean \fBTTL\fR value for all
-persistent flag set it will be noted as fifth entry.
+active entries. If the prefix has the persistent flag set, it will be noted as
 fifth entry.
 .PP
-Following write operations are supported via proc interface:
+The following write operations are supported via the procfs interface:
 .TP
-echo "+\fIprenatIP\fR:\fIpostnatIP\fR" > \fB/proc/net/xt_DNETMAP/subnet_mask\fR
+echo "+\fIprenat-address\fR:\fIpostnat-address\fR" >\fB/proc/net/xt_DNETMAP/subnet_mask\fR
-Adds static binding between prenatIP nad postnatIP. If postnatIP is already
+Adds a static binding between the prenat and postnap address. If
-bound, previous binding will be timedout immediatelly. Static binding is never
+postnat_address is already bound, any previous binding will be timed out
-timedout.
+immediately. A static binding is never timed out.
 .TP
-echo "\-\fIIP\fR" > \fB/proc/net/xt_DNETMAP/subnet_mask\fR
+echo "\-\fIaddress\fR" >\fB/proc/net/xt_DNETMAP/subnet_mask\fR
-Removes binding with \fIIP\fR as prenat or postnat address. If removed binding
+Removes the binding with \fIaddress\fR as prenat or postnat address. If the
-is currently static, it will make entry available for dynamic allocation.
+removed binding is currently static, it will make the entry available for
 dynamic allocation.
 .TP
 echo "+persistent" >\fB/proc/net/xt_DNETMAP/subnet_mask\fR
-Sets persistent flag for prefix. It is useful if you do not want bindings to
+Sets the persistent flag for the prefix. It is useful if you do not want
-get
+bindings to get flushed when the firewall is restarted. You can check if the
-flushed when firewall is restarted. You can check if prefix is persistent by
+prefix is persistent by printing the contents of
-printing \fB/proc/net/xt_DNETMAP/\fR\fIsubnet\fR\fB_\fR\fImask\fR\fB_stat\fR
+\fB/proc/net/xt_DNETMAP/\fR\fIsubnet\fR\fB_\fR\fImask\fR\fB_stat\fR.
 contents.
 .TP
 echo "\-persistent" >\fB/proc/net/xt_DNETMAP/subnet_mask\fR
-Unsets persistent flag for prefix. In this mode prefix will be deleted if the
+Unsets the persistent flag for the prefix. In this mode, the prefix will be
-last iptables rule for that prefix is removed.
+deleted if the last iptables rule for that prefix is removed.
 .TP
 echo "flush" >\fB/proc/net/xt_DNETMAP/subnet_mask\fR
-Flushes all bindings for specific prefix. All static entries are also flushed
+Flushes all bindings for the specific prefix. All static entries are also
-and are available for dynamic bindings.
+flushed and become available for dynamic bindings.
 .PP
 Note! Entries are removed if the last iptables rule for a specific prefix is
-deleted unless there is persistent flag set.
+deleted unless the persistent flag is set.
 .PP
 \fB* Logging\fR
 .PP
-Module logs binding add/timeout events to klog. This behaviour can be disabled
+The module logs binding add/timeout events to klog. This behaviour can be
-using \fBdisable_log\fR module parameter.
+disabled using the \fBdisable_log\fR module parameter.
 .PP
 \fB* Examples\fR
 .PP
@@ -93,11 +97,12 @@ using \fBdisable_log\fR module parameter.
 .PP
 iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 20.0.0.0/26
 .PP
-Active hosts from 192.168.0.0/24 subnet are mapped to 20.0.0.0/26. If packet
+Active hosts from the 192.168.0.0/24 subnet are mapped to 20.0.0.0/26. If the
-from not yet bound prenat-ip hits the rule and there are no free or timed-out
+packet from a not yet bound prenat address hits the rule and there are no free
-(ttl<0) entries in prefix 20.0.0.0/28, then notice is logged to klog and chain
+or timed-out (TTL<0) entries in prefix 20.0.0.0/28, then a notice is logged to
-traversal continues. If packet from already bound prenat-ip hits the rule,
+klog and chain traversal continues. If packet from an already-bound prenat
-bindings ttl value is regenerated to default_ttl and SNAT is performed.
+address hits the rule, the binding's TTL value is reset to default_ttl and SNAT
 is performed.
 .PP
 \fB2.\fR Use of \fB\-\-reuse\fR and \fB\-\-ttl\fR switches, multiple rule
 interaction:
@@ -107,29 +112,30 @@ iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix
 .PP
 iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 30.0.0.0/26
 .PP
-Active hosts from 192.168.0.0/24 subnet are mapped to 20.0.0.0/26 with ttl =
+Active hosts from 192.168.0.0/24 subnet are mapped to 20.0.0.0/26 with TTL =
-200 seconds. If there are no free addresses in first prefix the next one
+200 seconds. If there are no free addresses in first prefix, the next one
-(30.0.0.0/26) is used with default ttl. It is important to note that the first
+(30.0.0.0/26) is used with the default TTL. It is important to note that the
-rule SNATs all flows whose source IP is already actively (ttl>0) bound to ANY
+first rule SNATs all flows whose source address is already actively bound
-prefix. Parameter \fB\-\-reuse\fR makes this functionality work even for
+(TTL>0) to ANY prefix. The \fB\-\-reuse\fR parameter makes this functionality
-inactive (ttl<0) entries.
+work even for inactive (TTL<0) entries.
 .PP
-If both subnets are exhaused, then chain traversal continues.
+If both subnets are exhausted, then chain traversal continues.
 .PP
-\fB3.\fR Map 192.168.0.0/24 to subnets 20.0.0.0/26 bidirectional way:
+\fB3.\fR Map 192.168.0.0/24 to subnets 20.0.0.0/26 in a bidirectional way:
 .PP
 iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 20.0.0.0/26
 .PP
 iptables \-t nat \-A PREROUTING \-j DNETMAP
 .PP
-If host 192.168.0.10 generates some traffic, it gets bound to first free IP in
+If the host 192.168.0.10 generates some traffic, it gets bound to first free
-subnet - 20.0.0.0. Now any traffic directed to 20.0.0.0 gets DNATed to
+address in the subnet \(em 20.0.0.0. Now, any traffic directed to 20.0.0.0 gets
-192.168.0.10 as long as there is an active (ttl>0) binding. There is no need to
+DNATed to 192.168.0.10 as long as there is an active (TTL>0) binding. There is
-specify \fB\-\-prefix\fR parameter in PREROUTING rule, because this way it DNATs
+no need to specify \fB\-\-prefix\fR parameter in a PREROUTING rule, because
-traffic to all active prefixes. You could specify prefix it you would like to
+this way, it DNATs traffic to all active prefixes. You could specify the prefix
-make DNAT work for specific prefix only.
+you would like to make DNAT work for a specific prefix only.
 .PP
-\fB4.\fR Map 192.168.0.0/24 to subnets 20.0.0.0/26 with static assignments only:
+\fB4.\fR Map 192.168.0.0/24 to subnets 20.0.0.0/26 with static assignments
 only:
 .PP
 iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 20.0.0.0/26
 \-\-static
@@ -141,8 +147,8 @@ echo "+192.168.0.11:20.0.0.2" > /proc/net/xt_DNETMAP/20.0.0.0_26
 echo "+192.168.0.51:20.0.0.3" >/proc/net/xt_DNETMAP/20.0.0.0_26
 .PP
 This configuration will allow only preconfigured static bindings to work due to
-\fBstatic\fR rule option. Without this flag dynamic bindings would be created
+the \fBstatic\fR rule option. Without this flag, dynamic bindings would be
-using non-static entries.
+created using non-static entries.
 .PP
 \fB5.\fR Persistent prefix:
 .PP
@@ -155,13 +161,13 @@ iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 20.0.
 .br
 echo "+persistent" >/proc/net/xt_DNETMAP/20.0.0.0_26
 .PP
-Now we can check persistent flag of the prefix:
+Now, we can check the persistent flag of the prefix:
 .br
 cat /proc/net/xt_DNETMAP/20.0.0.0_26
 .br
 0 0 64 0 \fBpersistent\fR
 .PP
-Flush iptables nat table and see that prefix is still in existence:
+Flush the iptables nat table and see that prefix is still in existence:
 .br
 iptables \-F \-t nat
 .br