Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
APPJAIL-NAT(1)		    General Commands Manual		APPJAIL-NAT(1)

NAME
       appjail-nat -- Mapping local IPv4 address to an external	IPv4 address

SYNOPSIS
       appjail	nat  add  jail	-n  network  [-e  interface]  [-l [-|options]]
	       [-o interface] jail
       appjail nat add jail -N -n network [-e interface] [-o interface]	jail
       appjail nat get jail [-eHIpt] -n	network	jail [keyword ...]
       appjail nat list	jail [-eHIpt] [-n network] jail	[keyword ...]
       appjail nat off jail jail
       appjail nat on jail jail
       appjail nat remove jail -n network jail
       appjail nat status jail jail

       appjail nat add network [-e interface] [-l [-|options]] [-o  interface]
	       network
       appjail nat boot	[off|on] network network
       appjail nat get network [-eHIpt]	network	[keyword ...]
       appjail nat list	network	[-eHIpt] [-n network] [keyword ...]
       appjail nat off network network
       appjail nat on network network
       appjail nat remove network network
       appjail nat status network network

DESCRIPTION
       The  appjail  nat  utility performs NAT for jails and networks. It uses
       virtual networks	to do this, that is, it	performs NAT to	allow jails to
       communicate with	the outside. The difference between per-jail  NAT  and
       per-network  NAT	 is  how it is applied:	in the first case, NAT is only
       applied to one jail and the second case is applied to the  entire  net-
       work,  which includes all jails that have an IPv4 address assigned from
       the network the NAT rule	is applied. For	those cases where you want  to
       apply a per-network NAT rule but	do not want to apply NAT to a particu-
       lar jail, you can apply a rule known as (NO)NAT.

       The options are as follows:

       add jail	-n network [-e interface] [-l [-|options]] [-o interface] jail
	    Configure a	new rule to perform NAT.

	    -n network
		Use  the  IPv4 address assigned	from this network address pool
		as the local IPv4 address.

	    -e interface
		Interface to obtain the	external IPv4 address. If not set, the
		interface specified by the EXT_IF parameter is used.

	    -l [-|options]
		Firewall-specific logging options. Use a minus sign to	enable
		logging, but without options.

	    -o interface
		Apply  rules  to  packets  coming in on, or going out through,
		this interface.	If not set, the	 interface  specified  by  the
		ON_IF parameter	is used.

       add jail	-N -n network [-e interface] [-o interface] jail
	    Perform (NO)NAT.

	    -N	Configure a new	rule to	perform	(NO)NAT.

		Useful	when  NAT is applied per network and you don't want to
		apply NAT for a	particular jail.

	    -n,	-e, -o
		All of these options perform the same task as the options  de-
		scribed	in add jail.

       get jail	[-eHIpt] [-n network] jail [keyword ...]
	    Get	 information  about  current rules , that is, the keyword that
	    represent the information to be obtained. Multiple keywords	can be
	    specified, which are displayed as a	table-like  interface  in  the
	    order  in  which  they are specified.  If no keyword is specified,
	    the	defaults are name, network and rule.

	    See	"KEYWORDS" for a list of available keywords.

	    -e	Not required when using	-p .  The \t character is used to  de-
		limit  columns,	 so as not to show strange values, this	option
		shows <TAB> instead of \t in the case that  a  value  contains
		the latter.

	    -H	Shows the name of the columns.

	    -I	Include	 empty	values.	 By default, a minus sign is displayed
		when a value is	empty.

	    -p	Columnate the list.

	    -t	Tabulate columns and values.

	    -n network
		Identifier.

       list jail [-eHIpt] [-n network] jail [keyword ...]
	    Similar to get jail	but shows each keyword for each	rule in	a nice
	    table.

	    -e,	-H, -I,	-p, -t
		All of these options perform the opposite task of the  options
		described in get jail.

	    -n network
		Only show information for network.

       off jail	jail
	    Flush the rules currently in use.

       on jail jail
	    Load enabled rules configured by add jail .

       remove jail -n network jail
	    Remove the given rule.

       status jail jail
	    Shows  the	rule that is currently in use or an error if it	is not
	    yet	applied.

       add network [-e interface] [-l [-|options]] [-o interface] network
	    Same as add	jail but for networks.

       boot [off|on] network network
	    Enable   (on)   or	 disable   (off)   NAT	  per-network	 using
	    appjail-startup(1).

       get network [-eHIpt] network [keyword ...]
	    Same as get	jail but for networks.

       list network [-eHIpt] [-n network] [keyword ...]
	    Same as get	jail but for networks.

       off network network
	    Same as off	jail but for networks.

       on network network
	    Same as on jail but	for networks.

       remove network network
	    Same as remove jail	but for	networks.

       status network network
	    Same as status jail	but for	networks.

KEYWORDS
   get jail, get network, list jail, list network
       name
	   Target (jail	or network) name.

       rule
	   The rule that will be applied.

   get jail, list jail
       network
	   Network to obtain the local IPv4 address.

   get network,	list network
       boot
	   Shows 1 if the rule will be applied by appjail-startup(1), 0	other-
	   wise.

EXIT STATUS
       The appjail nat utility exits 0 on success, and >0 if an	error occurs.

SEE ALSO
       appjail-network(1) appjail-startup(1) sysexits(3)

AUTHORS
       Jess Daniel Colmenares Oviedo <DtxdF@disroot.org>

FreeBSD	Ports 14.quarterly	April 21, 2024			APPJAIL-NAT(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=appjail-nat&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help