Module Name: src
Committed By: spz
Date: Sat May 31 11:54:37 UTC 2014
Modified Files:
src/share/examples/npf: host-npf.conf
Log Message:
example for port remapping added
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/share/examples/npf/host-npf.conf
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/examples/npf/host-npf.conf
diff -u src/share/examples/npf/host-npf.conf:1.6 src/share/examples/npf/host-npf.conf:1.7
--- src/share/examples/npf/host-npf.conf:1.6 Sat Feb 8 01:32:19 2014
+++ src/share/examples/npf/host-npf.conf Sat May 31 11:54:37 2014
@@ -1,4 +1,4 @@
-# $NetBSD: host-npf.conf,v 1.6 2014/02/08 01:32:19 rmind Exp $
+# $NetBSD: host-npf.conf,v 1.7 2014/05/31 11:54:37 spz Exp $
#
# this is an example of NPF rules for a host (i.e., not routing) with
# two network interfaces, wired and wifi
@@ -31,6 +31,10 @@ procedure "log" {
log: npflog0
}
+# make a service running on a high port on 127.0.0.1 available on $wired_if
+# see also the pass rules below
+map $wired_if dynamic 127.0.0.1 port 8080 <- $wired_v4 port 80
+
group "wired" on $wired_if {
# not being picky about our own address here
@@ -45,6 +49,11 @@ group "wired" on $wired_if {
pass in final family inet6 proto tcp to $wired_v6 port ssh
+ # the port mapping
+ # Note the filter sees packets before translation
+ pass in final family inet4 proto tcp from any to $wired_v4 port 80
+ pass out final family inet4 proto tcp from 127.0.0.1 port 8080 to any
+
pass in final family inet4 proto tcp flags S/SA \
from $backupsrv_v4 to $wired_v4 port $backup_port
pass in final family inet4 proto udp \
