xref: /freebsd-10-stable/sbin/natd/samples/natd.cf.sample

#
# $FreeBSD$
#
#
# Configuration file for natd.
#
#
# Enable logging to file /var/log/alias.log
#
log		no
#
# Incoming connections.  Should NEVER be set to "yes" if redirect_port
# or redirect_address statements are activated in this file!
#
# Setting to yes provides additional anti-crack protection
#
deny_incoming	no
#
# Use sockets to avoid port clashes.  Uses additional system resources, but
# guarantees successful connections when port numbers conflict
#
use_sockets	no
#
# Avoid port changes if possible when altering outbound packets. Makes rlogin
# work in most cases.
#
same_ports	yes
#
# Verbose mode. Enables dumping of packets and disables
# forking to background.  Only set to yes for debugging.
#
verbose		no
#
# Divert port. Can be a name in /etc/services or numeric value.
#
port		32000
#
# Interface name or address being aliased. Either one,
# not both is required.
#
# Obtain interface name from the command output of "ifconfig -a"
#
# alias_address	192.168.0.1
interface	ep0
#
# Alias unregistered addresses or all addresses.  Set this to yes if
# the inside network is all RFC1918 addresses.
#
unregistered_only	no
#
# Configure permanent links. If you use host names instead
# of addresses here, be sure that name server works BEFORE
# natd is up - this is usually not the case. So either use
# numeric addresses or hosts that are in /etc/hosts.
#
# Note:  Current versions of FreeBSD all call /etc/rc.firewall
# BEFORE running named, so if the DNS server and NAT are on the same
# machine, the nameserver won't be up if natd is called from /etc/rc.firewall
#
# Map connections coming to port 30000 to telnet in my_private_host.
# Remember to allow the connection /etc/rc.firewall also.
#
#redirect_port		tcp my_private_host:telnet 30000
#
# Map connections coming from host.xyz.com to port 30001 to
# telnet in another_host.
#redirect_port		tcp another_host:telnet 30001 host.xyz.com
#
# Static NAT address mapping:
#
#  ipconfig must apply any legal IP numbers that inside hosts
# will be known by to the outside interface.  These are sometimes known as
# virtual IP numbers.  It's suggested to use the "interface" directive
# instead of the "alias_address" directive to make it more clear what is
# going on. (although both will work)
#
# DNS in this situation can get hairy.  For example, an inside host
# named aweb.company.com is located at 192.168.1.56, and needs to be
# accessible through a legal IP number like 198.105.232.1.  If both
# 192.168.1.56 and 198.105.232.1 are set up as address records in the DNS
# for aweb.company.com, then external hosts attempting to access
# aweb.company.com may use address 192.168.1.56 which is inaccessible to them.
#
# The obvious solution is to use only a single address for the name, the
# outside address.  However, this creates needless traffic through the
# NAT, because inside hosts will go through the NAT to get to the legal
# number, even when the inside number is on the same subnet as they are!
#
# It's probably not a good idea to use DNS names in redirect_address statements
#
#The following mapping points outside address 198.105.232.1 to 192.168.1.56
#redirect_address  192.168.1.56		198.105.232.1