diff options
| author | Alessandro Sagratini <ale_sagra@hotmail.com> | 2021-02-07 06:56:07 +0000 |
|---|---|---|
| committer | Li-Wen Hsu <lwhsu@FreeBSD.org> | 2021-02-08 15:14:57 +0000 |
| commit | aef3238f41a20bb47e8872bf5612308be9abb2ef (patch) | |
| tree | 21a4aaa79dd3b73fe72a5a7c267de3eaa2c6e200 | |
| parent | 762d98e0b9e94c17e6276bfac9a1a88b812d0e69 (diff) | |
| download | doc-aef3238f41a20bb47e8872bf5612308be9abb2ef.tar.gz doc-aef3238f41a20bb47e8872bf5612308be9abb2ef.zip | |
Typo fix: s/neseccary/necessary/
PR: 252973
Reported by: Alessandro Sagratini <ale_sagra@hotmail.com>
Approved by: ygy (doc)
| -rw-r--r-- | documentation/content/en/books/handbook/firewalls/_index.adoc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/documentation/content/en/books/handbook/firewalls/_index.adoc b/documentation/content/en/books/handbook/firewalls/_index.adoc index 871713bd60..65fb2fed25 100644 --- a/documentation/content/en/books/handbook/firewalls/_index.adoc +++ b/documentation/content/en/books/handbook/firewalls/_index.adoc @@ -1223,7 +1223,7 @@ With in-kernel NAT it is necessary to disable TCP segmentation offloading (TSO) net.inet.tcp.tso="0" .... -A NAT instance will also be configured. It is possible to have multiple NAT instances each with their own configuration. For this example only one NAT instance is needed, NAT instance number 1. The configuration can take a few options such as: `if` which indicates the public interface, `same_ports` which takes care that alliased ports and local port numbers are mapped the same, `unreg_only` will result in only unregistered (private) address spaces to be processed by the NAT instance, and `reset` which will help to keep a functioning NAT instance even when the public IP address of the IPFW machine changes. For all possible options that can be passed to a single NAT instance configuration consult man:ipfw[8]. When configuring a stateful NATing firewall, it is neseccary to allow translated packets to be reinjected in the firewall for further processing. This can be achieved by disabling `one_pass` behavior at the start of the firewall script. +A NAT instance will also be configured. It is possible to have multiple NAT instances each with their own configuration. For this example only one NAT instance is needed, NAT instance number 1. The configuration can take a few options such as: `if` which indicates the public interface, `same_ports` which takes care that alliased ports and local port numbers are mapped the same, `unreg_only` will result in only unregistered (private) address spaces to be processed by the NAT instance, and `reset` which will help to keep a functioning NAT instance even when the public IP address of the IPFW machine changes. For all possible options that can be passed to a single NAT instance configuration consult man:ipfw[8]. When configuring a stateful NATing firewall, it is necessary to allow translated packets to be reinjected in the firewall for further processing. This can be achieved by disabling `one_pass` behavior at the start of the firewall script. [.programlisting] .... |