/sbin/natd portrange documentation and bugfix

Submitted by: Ruslan Ermilov <ru@ucb.crimea.ua> PR: 11690 3.2 candidate ?
svn path=/head/; revision=47121
2024-09-06 09:10:28 +00:00 · 1999-05-13 16:58:31 +00:00 · 1999-05-13 16:58:31 +00:00 · 9c501140f7 · 2020-12-20 02:59:44 +00:00
parent 8dbb1e2bfd
commit 9c501140f7
2 changed files with 20 additions and 8 deletions
--- a/sbin/natd/natd.8
+++ b/sbin/natd/natd.8
@ -1,5 +1,5 @@
 .\" manual page [] for natd 1.4
-.\"	$Id: natd.8,v 1.16 1999/03/07 18:23:55 brian Exp $
+.\"	$Id: natd.8,v 1.17 1999/04/08 23:15:31 eivind Exp $
 .Dd 15 April 1997
 .Os FreeBSD
 .Dt NATD 8
@ -114,13 +114,19 @@ Only alter outgoing packets with an unregistered source address.
 According to rfc 1918, unregistered source addresses are 10.0.0.0/8,
 172.16.0.0/12 and 192.168.0.0/16.

-.It Fl redirect_port Ar proto targetIP:targetPORT [aliasIP:]aliasPORT [remoteIP[:remotePORT]]
-Redirect incoming connections arriving to given port to another host and port.
+.It Fl redirect_port Ar proto targetIP:targetPORT[-targetPORT] [aliasIP:]aliasPORT[-aliasPORT] [remoteIP[:remotePORT[-remotePORT]]]
+Redirect incoming connections arriving to given port(s) to another host
+and port(s).
 Proto is either tcp or udp, targetIP is the desired target IP
-number, targetPORT is the desired target PORT number, aliasPORT
-is the requested PORT number and aliasIP is the aliasing address.
+number, targetPORT is the desired target PORT number or range, aliasPORT
+is the requested PORT number or range, and aliasIP is the aliasing address.
 RemoteIP and remotePORT can be used to specify the connection
 more accurately if necessary.
+The targetPORT range and aliasPORT range need not be the same numerically,
+but must have the same size.
+If remotePORT is not specified, it is assumed to be all ports.
+If remotePORT is specified, it must match the size of targetPORT, or be 0
+(all ports).
 For example, the argument

 .Ar tcp inside1:telnet 6666
@ -128,6 +134,12 @@ For example, the argument
 means that tcp packets destined for port 6666 on this machine will
 be sent to the telnet port on the inside1 machine.

+.Ar tcp inside2:2300-2399 3300-3399
+
+will redirect incoming connections on ports 3300-3399 to host
+inside2, ports 2300-2399.
+The mapping is 1:1 meaning port 3300 maps to 2300, 3301 maps to 2301, etc.
+
 .It Fl redirect_address Ar localIP publicIP
 Redirect traffic for public IP address to a machine on the local
 network. This function is known as "static NAT". Normally static NAT
--- a/sbin/natd/natd.c
+++ b/sbin/natd/natd.c
@ -9,7 +9,7 @@
 *
 * Ari Suutari <suutari@iki.fi>
 *
- *	$Id: natd.c,v 1.14 1999/03/30 10:11:21 brian Exp $
+ *	$Id: natd.c,v 1.15 1999/04/25 22:33:30 imp Exp $
 */

 #define SYSLOG_NAMES
@ -1380,7 +1380,7 @@ void SetupPortRedirect (const char* parms)
 	numLocalPorts = GETNUMPORTS(portRange);

 /*
- * Extract public port and optinally address.
+ * Extract public port and optionally address.
 */
 	ptr = strtok (NULL, " \t");
 	if (!ptr)
@ -1431,7 +1431,7 @@ void SetupPortRedirect (const char* parms)
 	        errx (1, "redirect_port: port ranges must be equal in size");

 	/* Remote port range is allowed to be '0' which means all ports. */
-	if (numRemotePorts != numLocalPorts && numRemotePorts != 1 && remotePort != 0)
+	if (numRemotePorts != numLocalPorts && (numRemotePorts != 1 || remotePort != 0)
 	        errx (1, "redirect_port: remote port must be 0 or equal to local port range in size");

 	for (i = 0 ; i < numPublicPorts ; ++i) {