Reference Manual


pmap - control port mapping
pmap [ifn|all [on|off]]
pmapt [ip [clear]]
pmapu [ip [clear]]
pmapc ip | all
pmapi [ifn | ip]
pmapx index
setka [on | off | probes]
setsd [on | off]
allow [on | off] | [ifn [proto [port [delete]]]]



Command pmap turns port mapping for the specified interface (or for all interfaces) on or off. If no arguments are specified, the current state of the port mapping table is printed as follows:
Index   - the table index
Ifn     - the Interface for which the mapping is valid
IPsrc   - the source address being mapped
IPdst   - the destination address of the mapping
Prot    - the protocol type (UDP or TCP)
Dp      - the destination port for the mapping
Sp      - the source port being mapped
Nsp     - the mapped port number
TTL     - the time-to-live (secs) for this entry
Ssff    - the SYN and FIN flags for TCP mappings
Traffic - the number of packets sent via this mapping
Port mapping is used to map multiple private IP addresses to a single registered IP address. IP address mapping must be on.

Outgoing packets are port-mapped only if their source port numbers are greater than 1024. This allows replys from servers running on the address-mapped host to be transmitted correctly.

Whenever possible, the original source port number will be preserved. A new source port number is only generated if some other host is already using the original source port number.

Incoming packets are port-mapped as needed to allow forwarding of replies to the original host.

Incoming packets with a port number contained in the Permanent Port Mapping Table are forwarded to the host and port number specified in that table.

Incoming packets with a mapping already in the Port Mapping Table are unmapped normally. For incoming UDP packets, such mappings usually expire after 60 seconds, unless the mappings was made permanent by adding the client application's destination port to the UDP Port Table.

Command pmapt displays all TCP entries, or just those for the specified machine.

Command pmapu displays all UDP entries, or just those for the specified machine.

Command pmapx clears the entry with the specified index.

Command pmapc clears all entries for the specified machine or the entire port mapping table if all is specified.

Command pmapi displays all entries for the specified machine or interface.

Command setka turns TCP connection keep-alive probing on or off. When keepalive is on, all TCP connections are probed (towards the remote endpoint) at one-minute intervals. This will force stale TCP mappings out of the port mapping table. Argument probes specifies the number of probes to be sent (default 0).

Command setsd turns SYN Duplicate behaviour on or off. When on, all TCP SYN duplicates are assigned a new source port number in the port mapping table.

Command allow is used to specify UDP or TCP destination port numbers that are allowed to be mapped. All other traffic from the specified interface will be silently discarded. After adding ports, the feature can be turned on (to selectively map ports) or off (to map all ports) as needed.

Private hosts can use the ping and traceroute utilities transparently. The needed mappings are added automatically and can be viewed with the icmap command.
icmap, ipmap, ppmap, umap, isolate, DNS blocking