FreeBSD Manual Pages
APPJAIL-NAT(1) General Commands Manual APPJAIL-NAT(1) NAME appjail-nat -- Mapping local IPv4 address to an external IPv4 address SYNOPSIS appjail nat add jail -n network [-e interface] [-I address] [-l [-|options]] [-o interface] jail appjail nat add jail -N -n network [-e interface] [-o interface] jail appjail nat get jail [-eHIpt] -n network jail [keyword ...] appjail nat list jail [-eHIpt] [-n network] jail [keyword ...] appjail nat off jail jail appjail nat on jail jail appjail nat remove jail -n network jail appjail nat status jail jail appjail nat add network [-e interface] [-I address] [-l [-|options]] [-o interface] network appjail nat boot [off|on] network network appjail nat get network [-eHIpt] network [keyword ...] appjail nat list network [-eHIpt] [-n network] [keyword ...] appjail nat off network network appjail nat on network network appjail nat remove network network appjail nat status network network DESCRIPTION The appjail nat utility performs NAT for jails and networks. It uses virtual networks to do this, that is, it performs NAT to allow jails to communicate with the outside. The difference between per-jail NAT and per-network NAT is how it is applied: in the first case, NAT is only applied to one jail and the second case is applied to the entire net- work, which includes all jails that have an IPv4 address assigned from the network the NAT rule is applied. For those cases where you want to apply a per-network NAT rule but do not want to apply NAT to a particu- lar jail, you can apply a rule known as (NO)NAT. The options are as follows: add jail -n network [-e interface] [-I address] [-l [-|options]] [-o interface] jail Configure a new rule to perform NAT. -n network Use the IPv4 address assigned from this network address pool as the local IPv4 address. -e interface Interface to obtain the external IPv4 address. If not set, the interface specified by the EXT_IF parameter is used. -I address Use address as the external IPv4 address instead of the first matching IPv4 address. The IPv4 address must exist on the specified external interface before executing this command. -l [-|options] Firewall-specific logging options. Use a minus sign to enable logging, but without options. -o interface Apply rules to packets coming in on, or going out through, this interface. If not set, the interface specified by the ON_IF parameter is used. add jail -N -n network [-e interface] [-o interface] jail Perform (NO)NAT. -N Configure a new rule to perform (NO)NAT. Useful when NAT is applied per network and you don't want to apply NAT for a particular jail. -n, -e, -o All of these options perform the same task as the options de- scribed in add jail. get jail [-eHIpt] [-n network] jail [keyword ...] Get information about current rules , that is, the keyword that represent the information to be obtained. Multiple keywords can be specified, which are displayed as a table-like interface in the order in which they are specified. If no keyword is specified, the defaults are name, network and rule. See "KEYWORDS" for a list of available keywords. -e Not required when using -p . The \t character is used to de- limit columns, so as not to show strange values, this option shows <TAB> instead of \t in the case that a value contains the latter. -H Shows the name of the columns. -I Include empty values. By default, a minus sign is displayed when a value is empty. -p Columnate the list. -t Tabulate columns and values. -n network Identifier. list jail [-eHIpt] [-n network] jail [keyword ...] Similar to get jail but shows each keyword for each rule in a nice table. -e, -H, -I, -p, -t All of these options perform the opposite task of the options described in get jail. -n network Only show information for network. off jail jail Flush the rules currently in use. on jail jail Load enabled rules configured by add jail . remove jail -n network jail Remove the given rule. status jail jail Shows the rule that is currently in use or an error if it is not yet applied. add network [-e interface] [-I address] [-l [-|options]] [-o interface] network Same as add jail but for networks. boot [off|on] network network Enable (on) or disable (off) NAT per-network using appjail-startup(1). get network [-eHIpt] network [keyword ...] Same as get jail but for networks. list network [-eHIpt] [-n network] [keyword ...] Same as get jail but for networks. off network network Same as off jail but for networks. on network network Same as on jail but for networks. remove network network Same as remove jail but for networks. status network network Same as status jail but for networks. KEYWORDS get jail, get network, list jail, list network name Target (jail or network) name. rule The rule that will be applied. get jail, list jail network Network to obtain the local IPv4 address. get network, list network boot Shows 1 if the rule will be applied by appjail-startup(1), 0 other- wise. EXIT STATUS The appjail nat utility exits 0 on success, and >0 if an error occurs. SEE ALSO appjail-network(1) appjail-startup(1) sysexits(3) AUTHORS Jess Daniel Colmenares Oviedo <DtxdF@disroot.org> FreeBSD ports 15.0 April 21, 2024 APPJAIL-NAT(1)
NAME | SYNOPSIS | DESCRIPTION | KEYWORDS | EXIT STATUS | SEE ALSO | AUTHORS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=appjail-nat&sektion=1&manpath=FreeBSD+Ports+15.0>