diff --git a/extensions/libxt_DNETMAP.man b/extensions/libxt_DNETMAP.man index 989792d..c619997 100644 --- a/extensions/libxt_DNETMAP.man +++ b/extensions/libxt_DNETMAP.man @@ -19,13 +19,14 @@ Network subnet to map to. If not specified, all existing prefixes are used. Reuse entry for given prenat-ip from any prefix despite bindings ttl < 0. .TP \fB\-\-persistent\fR -Set prefix persistent. It won't be removed after deleting last iptables rule. +Set prefix persistent. It will not be removed after deleting last iptables +rule. Option is effective only in the first rule for a given prefix. If you need to change persistency for existing prefix, please use proc interface described below. .TP \fB\-\-static\fR -Don't create dynamic mappings using this rule. Use static mappings only. Note +Do not create dynamic mappings using this rule. Use static mappings only. Note that you need to create static mappings via proc interface for this rule with this option to have any effect. .TP @@ -50,7 +51,7 @@ numerical values separated by spaces. First one is number of currently used dynamic addresses (bindings with negative ttl excluded), second one is number static assignments, third one is number of all usable addresses in subnet and the fourth one is mean \fBttl\fR value for all active entries. If prefix has -persistent flag set it'll be noted as fifth entry. +persistent flag set it will be noted as fifth entry. .PP Following write operations are supported via proc interface: .TP @@ -61,10 +62,11 @@ timedout. .TP echo "\-\fIIP\fR" > \fB/proc/net/xt_DNETMAP/subnet_mask\fR Removes binding with \fIIP\fR as prenat or postnat address. If removed binding -is currently static, it'll make entry available for dynamic allocation. +is currently static, it will make entry available for dynamic allocation. .TP echo "+persistent" > \fB/proc/net/xt_DNETMAP/subnet_mask\fR -Sets persistent flag for prefix. It's useful if you don't want bindings to get +Sets persistent flag for prefix. It is useful if you do not want bindings to +get flushed when firewall is restarted. You can check if prefix is persistent by printing \fB/proc/net/xt_DNETMAP/\fR\fIsubnet\fR\fB_\fR\fImask\fR\fB_stat\fR contents. @@ -78,7 +80,7 @@ Flushes all bindings for specific prefix. All static entries are also flushed and are available for dynamic bindings. .PP Note! Entries are removed if the last iptables rule for a specific prefix is -deleted unless there's persistent flag set. +deleted unless there is persistent flag set. .PP \fB* Logging\fR .PP @@ -107,7 +109,7 @@ iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 30.0. .PP Active hosts from 192.168.0.0/24 subnet are mapped to 20.0.0.0/26 with ttl = 200 seconds. If there are no free addresses in first prefix the next one -(30.0.0.0/26) is used with default ttl. It's important to note that the first +(30.0.0.0/26) is used with default ttl. It is important to note that the first rule SNATs all flows whose source IP is already actively (ttl>0) bound to ANY prefix. Parameter \fB\-\-reuse\fR makes this functionality work even for inactive (ttl<0) entries. @@ -122,10 +124,10 @@ iptables \-t nat \-A PREROUTING \-j DNETMAP .PP If host 192.168.0.10 generates some traffic, it gets bound to first free IP in subnet - 20.0.0.0. Now any traffic directed to 20.0.0.0 gets DNATed to -192.168.0.10 as long as there's an active (ttl>0) binding. There's no need to +192.168.0.10 as long as there is an active (ttl>0) binding. There is no need to specify \fB\-\-prefix\fR parameter in PREROUTING rule, because this way it DNATs -traffic to all active prefixes. You could specify prefix it you'd like to make -DNAT work for specific prefix only. +traffic to all active prefixes. You could specify prefix it you would like to +make DNAT work for specific prefix only. .PP \fB4.\fR Map 192.168.0.0/24 to subnets 20.0.0.0/26 with static assignments only: .PP