anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-08 21:54:57 +02:00
Code Issues Releases Wiki Activity

doc: dissolve contractions

Browse Source
This commit is contained in:
Jan Engelhardt
2013-06-02 16:59:14 +02:00
parent 2dc8f21476
commit 9de3027c02
1 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
extensions/libxt_DNETMAP.man
View File

@@ -19,13 +19,14 @@ Network subnet to map to. If not specified, all existing prefixes are used.
Reuse entry for given prenat-ip from any prefix despite bindings ttl < 0. Reuse entry for given prenat-ip from any prefix despite bindings ttl < 0.
.TP .TP
\fB\-\-persistent\fR \fB\-\-persistent\fR
Set prefix persistent. It won't be removed after deleting last iptables rule. Set prefix persistent. It will not be removed after deleting last iptables
rule.
Option is effective only in the first rule for a given prefix. If you Option is effective only in the first rule for a given prefix. If you
need to change persistency for existing prefix, please use proc interface need to change persistency for existing prefix, please use proc interface
described below. described below.
.TP .TP
\fB\-\-static\fR \fB\-\-static\fR
Don't create dynamic mappings using this rule. Use static mappings only. Note Do not create dynamic mappings using this rule. Use static mappings only. Note
that you need to create static mappings via proc interface for this rule with that you need to create static mappings via proc interface for this rule with
this option to have any effect. this option to have any effect.
.TP .TP
@@ -50,7 +51,7 @@ numerical values separated by spaces. First one is number of currently used
dynamic addresses (bindings with negative ttl excluded), second one is number dynamic addresses (bindings with negative ttl excluded), second one is number
static assignments, third one is number of all usable addresses in subnet and static assignments, third one is number of all usable addresses in subnet and
the fourth one is mean \fBttl\fR value for all active entries. If prefix has the fourth one is mean \fBttl\fR value for all active entries. If prefix has
persistent flag set it'll be noted as fifth entry. persistent flag set it will be noted as fifth entry.
.PP .PP
Following write operations are supported via proc interface: Following write operations are supported via proc interface:
.TP .TP
@@ -61,10 +62,11 @@ timedout.
.TP .TP
echo "\-\fIIP\fR" > \fB/proc/net/xt_DNETMAP/subnet_mask\fR echo "\-\fIIP\fR" > \fB/proc/net/xt_DNETMAP/subnet_mask\fR
Removes binding with \fIIP\fR as prenat or postnat address. If removed binding Removes binding with \fIIP\fR as prenat or postnat address. If removed binding
is currently static, it'll make entry available for dynamic allocation. is currently static, it will make entry available for dynamic allocation.
.TP .TP
echo "+persistent" > \fB/proc/net/xt_DNETMAP/subnet_mask\fR echo "+persistent" > \fB/proc/net/xt_DNETMAP/subnet_mask\fR
Sets persistent flag for prefix. It's useful if you don't want bindings to get Sets persistent flag for prefix. It is useful if you do not want bindings to
get
flushed when firewall is restarted. You can check if prefix is persistent by flushed when firewall is restarted. You can check if prefix is persistent by
printing \fB/proc/net/xt_DNETMAP/\fR\fIsubnet\fR\fB_\fR\fImask\fR\fB_stat\fR printing \fB/proc/net/xt_DNETMAP/\fR\fIsubnet\fR\fB_\fR\fImask\fR\fB_stat\fR
contents. contents.
@@ -78,7 +80,7 @@ Flushes all bindings for specific prefix. All static entries are also flushed
and are available for dynamic bindings. and are available for dynamic bindings.
.PP .PP
Note! Entries are removed if the last iptables rule for a specific prefix is Note! Entries are removed if the last iptables rule for a specific prefix is
deleted unless there's persistent flag set. deleted unless there is persistent flag set.
.PP .PP
\fB* Logging\fR \fB* Logging\fR
.PP .PP
@@ -107,7 +109,7 @@ iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 30.0.
.PP .PP
Active hosts from 192.168.0.0/24 subnet are mapped to 20.0.0.0/26 with ttl = Active hosts from 192.168.0.0/24 subnet are mapped to 20.0.0.0/26 with ttl =
200 seconds. If there are no free addresses in first prefix the next one 200 seconds. If there are no free addresses in first prefix the next one
(30.0.0.0/26) is used with default ttl. It's important to note that the first (30.0.0.0/26) is used with default ttl. It is important to note that the first
rule SNATs all flows whose source IP is already actively (ttl>0) bound to ANY rule SNATs all flows whose source IP is already actively (ttl>0) bound to ANY
prefix. Parameter \fB\-\-reuse\fR makes this functionality work even for prefix. Parameter \fB\-\-reuse\fR makes this functionality work even for
inactive (ttl<0) entries. inactive (ttl<0) entries.
@@ -122,10 +124,10 @@ iptables \-t nat \-A PREROUTING \-j DNETMAP
.PP .PP
If host 192.168.0.10 generates some traffic, it gets bound to first free IP in If host 192.168.0.10 generates some traffic, it gets bound to first free IP in
subnet - 20.0.0.0. Now any traffic directed to 20.0.0.0 gets DNATed to subnet - 20.0.0.0. Now any traffic directed to 20.0.0.0 gets DNATed to
192.168.0.10 as long as there's an active (ttl>0) binding. There's no need to 192.168.0.10 as long as there is an active (ttl>0) binding. There is no need to
specify \fB\-\-prefix\fR parameter in PREROUTING rule, because this way it DNATs specify \fB\-\-prefix\fR parameter in PREROUTING rule, because this way it DNATs
traffic to all active prefixes. You could specify prefix it you'd like to make traffic to all active prefixes. You could specify prefix it you would like to
DNAT work for specific prefix only. make DNAT work for specific prefix only.
.PP .PP
\fB4.\fR Map 192.168.0.0/24 to subnets 20.0.0.0/26 with static assignments only: \fB4.\fR Map 192.168.0.0/24 to subnets 20.0.0.0/26 with static assignments only:
.PP .PP