NAME

ipnat - user interface to the NAT subsystem

SYNOPSIS

ipnat [ -dhlnrsvCF ] [ -M core ] [ -N system ] -f <_f_i_l_e_n_a_m_e>

DESCRIPTION

iippnnaatt opens the filename given (treating "-" as stdin) and parses the file for a set of rules which are to be added or removed from the IP NAT.

Each rule processed by iippnnaatt is added to the kernels internal lists if there are no parsing problems. Rules are added to the end of the internal lists, matching the order in which they appear when given to iippnnaatt.

Note that iippff((88)) must be enabled (with iippff --EE) before NAT is configured, as the same kernel facilities are used for NAT functionality. In addition, packet forwarding must be enabled. These details may be handled automatically when iippnnaatt is run by rrcc at normal system startup. See ooppttiioonnss((44)), ssyyssccttll((88)), and rrcc..ccoonnff((55)) for more information.

OPTIONS

-C
delete all entries in the current NAT rule listing (NAT rules)
-d
Enable printing of some extra debugging information.
-F
delete all active entries in the current NAT translation table (currently active NAT mappings)
-h
Print number of hits for each MAP/Redirect filter.
-l
Show the list of current NAT table entry mappings.
-n
This flag (no-change) prevents iippff from actually making any ioctl calls or doing anything which would alter the currently running kernel.
-r
Remove matching NAT rules rather than add them to the internal lists.
-s
Retrieve and display NAT statistics.
-v
Turn verbose mode on. Displays information relating to rule processing and active rules/table entries.

FILES

/dev/ipnat
/usr/share/examples/ipf Directory with examples.

DIAGNOSTICS

iiooccttll((SSIIOOCCGGNNAATTSS)):: IInnppuutt//oouuttppuutt eerrrroorr Ensure that the necessary kernel functionality is present and iippff enabled with iippff --EE.

SEE ALSO

ipnat(5), rc.conf(5), ipf(8), ipfstat(8)