summaryrefslogtreecommitdiff
path: root/docs/ch08-nat.rst
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2018-10-05 21:55:54 +0200
committerChristian Poessinger <christian@poessinger.com>2018-10-05 21:55:56 +0200
commit30c913bf7e4e8a3ee93523dd33dd36584c9e298e (patch)
treec08d35aa34439b4d74cd39262b0ceed14c3abf77 /docs/ch08-nat.rst
parent8194e0391cc3f83bdfb30048de6547437f863ede (diff)
downloadvyos-documentation-30c913bf7e4e8a3ee93523dd33dd36584c9e298e.tar.gz
vyos-documentation-30c913bf7e4e8a3ee93523dd33dd36584c9e298e.zip
Replace all **NOTE** occurences with valid ReST statement
See http://docutils.sourceforge.net/docs/ref/rst/directives.html#specific-admonitions for more information.
Diffstat (limited to 'docs/ch08-nat.rst')
-rw-r--r--docs/ch08-nat.rst16
1 files changed, 9 insertions, 7 deletions
diff --git a/docs/ch08-nat.rst b/docs/ch08-nat.rst
index 9b7f9c34..df0b61af 100644
--- a/docs/ch08-nat.rst
+++ b/docs/ch08-nat.rst
@@ -57,7 +57,7 @@ rule [n] translation address` statement.
set nat source rule 100 translation address '203.0.113.32-203.0.113.63'
-**NOTE:** Avoiding "leaky" NAT
+.. note:: Avoiding "leaky" NAT
Linux netfilter will not NAT traffic marked as INVALID. This often confuses
people into thinking that Linux (or specifically VyOS) has a broken NAT
@@ -82,7 +82,7 @@ protocol behavior. For this reason, VyOS does not globally drop invalid state
traffic, instead allowing the operator to make the determination on how the
traffic is handled.
-**NOTE:** Avoiding NAT breakage in the absence of split-DNS
+.. note:: Avoiding NAT breakage in the absence of split-DNS
A typical problem with using NAT and hosting public servers is the ability for
internal systems to reach an internal server using it's external IP address.
@@ -175,9 +175,9 @@ Which would generate the following NAT destination configuration:
}
}
-Note that if forwarding traffic to a different port than it is arriving on,
-you may also configure the translation port using `set nat destination rule
-[n] translation port`.
+.. note:: If forwarding traffic to a different port than it is arriving on,
+ you may also configure the translation port using `set nat destination rule
+ [n] translation port`.
This establishes our Port Forward rule, but if we created a firewall policy it
will likely block the traffic.
@@ -213,8 +213,10 @@ This would generate the following configuration:
}
}
-**NOTE**: If you have configured the `INSIDE-OUT` policy, you will need to add
-additional rules to permit inbound NAT traffic.
+.. note::
+
+ If you have configured the `INSIDE-OUT` policy, you will need to add
+ additional rules to permit inbound NAT traffic.
1-to-1 NAT
----------