diff options
Diffstat (limited to 'usr/src/man/man8/ipnat.8')
| -rw-r--r-- | usr/src/man/man8/ipnat.8 | 227 |
1 files changed, 227 insertions, 0 deletions
diff --git a/usr/src/man/man8/ipnat.8 b/usr/src/man/man8/ipnat.8 new file mode 100644 index 0000000000..95d610fe81 --- /dev/null +++ b/usr/src/man/man8/ipnat.8 @@ -0,0 +1,227 @@ +'\" te +.\" To view license terms, attribution, and copyright for IP Filter, the default path is /usr/lib/ipf/IPFILTER.LICENCE. If the Solaris operating environment has been installed anywhere other than the default, modify the given path to access the file at the installed +.\" location. +.\" Portions Copyright (c) 2008, Sun Microsystems Inc. All Rights Reserved. +.\" Portions Copyright (c) 2013, Joyent, Inc. All Rights Reserved. +.TH IPNAT 8 "Oct 30, 2013" +.SH NAME +ipnat \- user interface to the NAT subsystem +.SH SYNOPSIS +.LP +.nf +\fBipnat\fR [\fB-CdFhlnRrsv\fR] [\fB-G\fR | \fB-z\fR \fIzonename\fR] \fB-f\fR \fIfilename\fR +.fi + +.SH DESCRIPTION +.LP +The \fBipnat\fR utility opens a specified file (treating \fB-\fR as stdin) and +parses it for a set of rules that are to be added or removed from the IP NAT. +.sp +.LP +If there are no parsing problems, each rule processed by \fBipnat\fR is added +to the kernel's internal lists. Rules are appended to the internal lists, +matching the order in which they appear when given to \fBipnat\fR. +.sp +.LP +\fBipnat\fR's use is restricted through access to \fB/dev/ipauth\fR, +\fB/dev/ipl\fR, and \fB/dev/ipstate\fR. The default permissions of these files +require \fBipnat\fR to be run as root for all operations. +.sp +.LP +\fBipnat\fR's use is restricted through access to \fB/dev/ipnat\fR. The default +permissions of \fB/dev/ipnat\fR require \fBipnat\fR to be run as root for all +operations. +.SH OPTIONS +.LP +The following options are supported: +.sp +.ne 2 +.na +\fB\fB-C\fR\fR +.ad +.RS 15n +Delete all entries in the current NAT rule listing (NAT rules). +.RE + +.sp +.ne 2 +.na +\fB\fB-d\fR\fR +.ad +.RS 15n +Turn debug mode on. Causes a hex dump of filter rules to be generated as it +processes each one. +.RE + +.sp +.ne 2 +.na +\fB\fB-F\fR\fR +.ad +.RS 15n +Delete all active entries in the current NAT translation table (currently +active NAT mappings). +.RE + +.sp +.ne 2 +.na +\fB\fB-f\fR \fIfilename\fR\fR +.ad +.RS 15n +Parse specified file for rules to be added or removed from the IP NAT. +\fIfilename\fR can be stdin. +.RE + +.sp +.ne 2 +.na +\fB\fB-h\fR\fR +.ad +.RS 15n +Print number of hits for each MAP/Redirect filter. +.RE + +.sp +.ne 2 +.na +\fB\fB-l\fR\fR +.ad +.RS 15n +Show the list of current NAT table entry mappings. +.RE + +.sp +.ne 2 +.na +\fB\fB-n\fR\fR +.ad +.RS 15n +Prevents \fBipf\fR from doing anything, such as making ioctl calls, which might +alter the currently running kernel. +.RE + +.sp +.ne 2 +.na +\fB\fB-R\fR\fR +.ad +.RS 15n +Disable both IP address-to-hostname resolution and port number-to-service name +resolution. +.RE + +.sp +.ne 2 +.na +\fB\fB-r\fR\fR +.ad +.RS 15n +Remove matching NAT rules rather than add them to the internal lists. +.RE + +.sp +.ne 2 +.na +\fB\fB-s\fR\fR +.ad +.RS 15n +Retrieve and display NAT statistics. +.RE + +.sp +.ne 2 +.na +\fB\fB-v\fR\fR +.ad +.RS 15n +Turn verbose mode on. Displays information relating to rule processing and +active rules/table entries. +.RE + +.sp +.ne 2 +.na +\fB\fB-z\fR \fIzonename\fR\fR +.ad +.RS 15n +Operate on the in-zone IP NAT for the specified zone. If neither this option +nor \fB-G\fR is specified, the current zone is used. This command is only +available in the Global Zone. See \fBZONES\fR in \fBipf\fR(8) for more +information. +.RE + +.sp +.ne 2 +.na +\fB\fB-G\fR \fIzonename\fR\fR +.ad +.RS 15n +Operate on the global zone controlled IP NAT for the specified zone. If +neither this option nor \fB-z\fR is specified, the current zone is used. This +command is only available in the Global Zone. See \fBZONES\fR in \fBipf\fR(8) +for more information. +.RE + +.SH FILES +.ne 2 +.na +\fB\fB/dev/ipnat\fR\fR +.ad +.sp .6 +.RS 4n +Link to IP Filter pseudo device. +.RE + +.sp +.ne 2 +.na +\fB\fB/dev/kmem\fR\fR +.ad +.sp .6 +.RS 4n +Special file that provides access to virtual address space. +.RE + +.sp +.ne 2 +.na +\fB\fB/etc/ipf/ipnat.conf\fR\fR +.ad +.sp .6 +.RS 4n +Location of \fBipnat\fR startup configuration file. +.RE + +.sp +.ne 2 +.na +\fB\fB/usr/share/ipfilter/examples/\fR\fR +.ad +.sp .6 +.RS 4n +Contains numerous IP Filter examples. +.RE + +.SH ATTRIBUTES +.LP +See \fBattributes\fR(7) for descriptions of the following attributes: +.sp + +.sp +.TS +box; +c | c +l | l . +ATTRIBUTE TYPE ATTRIBUTE VALUE +_ +Interface Stability Committed +.TE + +.SH SEE ALSO +.LP +.BR ipnat (5), +.BR attributes (7), +.BR zones (7), +.BR ipf (8), +.BR ipfstat (8) |