[src/trunk]: src/share/examples/npf example for port remapping added

[spz <spz%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/576634844220
branches:  trunk
changeset: 796388:576634844220
user:      spz <spz%NetBSD.org@localhost>
date:      Sat May 31 11:54:37 2014 +0000

description:
example for port remapping added

diffstat:

 share/examples/npf/host-npf.conf |  11 ++++++++++-
 1 files changed, 10 insertions(+), 1 deletions(-)

diffs (32 lines):

diff -r e04715b13c96 -r 576634844220 share/examples/npf/host-npf.conf
--- a/share/examples/npf/host-npf.conf  Sat May 31 10:43:00 2014 +0000
+++ b/share/examples/npf/host-npf.conf  Sat May 31 11:54:37 2014 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: host-npf.conf,v 1.6 2014/02/08 01:32:19 rmind Exp $
+# $NetBSD: host-npf.conf,v 1.7 2014/05/31 11:54:37 spz Exp $
 #
 # this is an example of NPF rules for a host (i.e., not routing) with
 # two network interfaces, wired and wifi
@@ -31,6 +31,10 @@
      log: npflog0
 }
 
+# make a service running on a high port on 127.0.0.1 available on $wired_if
+# see also the pass rules below
+map $wired_if dynamic 127.0.0.1 port 8080 <- $wired_v4 port 80
+
 group "wired" on $wired_if {
 
        # not being picky about our own address here
@@ -45,6 +49,11 @@
 
        pass in final family inet6 proto tcp to $wired_v6 port ssh
 
+       # the port mapping
+       # Note the filter sees packets before translation
+       pass in  final family inet4 proto tcp from any to $wired_v4 port 80
+       pass out final family inet4 proto tcp from 127.0.0.1 port 8080 to any
+
        pass in final family inet4 proto tcp flags S/SA \
                from $backupsrv_v4 to $wired_v4 port $backup_port 
        pass in final family inet4 proto udp \