Sync usage with man page.

[netbsd-mini2440.git] / dist / ipf / rules / mediaone

# This is a NAT configuration for a machine on the MediaOne cable network.
#
# Background:
# MediaOne supplies only one IP address, so all traffic from internal machines
# must be proxied.  NAT provides the facilities to do this, but getting the
# configuration right is a little tricky.
#
# The following is what I use, as of Sat Mar 20 18:50:52 EST 1999.  Your milage
# may vary.
#
# - mycroft

# Notes:
#   ep0 is the external interface (to the MediaOne cable modem).
#   ep1 is the internal interface (to the local network).
#   Run `ipf -y' when external address may have changed (from dhclient-script).

# Map all internal UDP and TCP traffic to the single external address.
# Make sure all the `proxy' lines are before any generic `portmap' lines, as
# the first match always wins.
map ep0 10.0.0.0/8 -> 0/32 proxy port ftp ftp/tcp
map ep0 10.0.0.0/8 -> 0/32 portmap tcp/udp 1024:65535

# Map incoming ICMP traffic dynamically.
# If you ping from an internal machine, only that machine will see incoming
# ICMPs until the mapping times out!
map ep0 10.0.0.0/8 -> 0/32

# Redirect incoming RealMedia traffic to a specific machine.
rdr ep0 0/0 port 7070 -> 10.1.0.2 port 7070 udp
rdr ep0 0/0 port 7070 -> 10.1.0.2 port 7070 tcp

# Redirect ports for incoming ssh connections.
# This requires having multiple keys for the gateway host in your known_hosts
# file: one for it and one for each of the machines behind it.
# You can use host entries in .ssh/config to create convenient shorthands for
# the internal hosts.
rdr ep0 0/0 port 2201 -> 10.1.0.2 port 22 tcp
rdr ep0 0/0 port 2202 -> 10.1.0.3 port 22 tcp
rdr ep0 0/0 port 2203 -> 10.1.0.4 port 22 tcp
rdr ep0 0/0 port 2204 -> 10.1.0.5 port 22 tcp
rdr ep0 0/0 port 2205 -> 10.1.0.6 port 22 tcp
rdr ep0 0/0 port 2206 -> 10.1.0.7 port 22 tcp
rdr ep0 0/0 port 2207 -> 10.1.0.8 port 22 tcp
rdr ep0 0/0 port 2208 -> 10.1.0.9 port 22 tcp