From 3ca51363be15ea13c292a84aec38c3b6847b2b40 Mon Sep 17 00:00:00 2001
From: "Paul C. Buetow (mars.fritz.box)" <paul@buetow.org>
Date: Fri, 16 May 2014 19:37:07 +0200
Subject: document NAT and SNAT

---
 docs/fapi.pod | 32 +++++++++++++++++++++++++++++---
 1 file changed, 29 insertions(+), 3 deletions(-)

diff --git a/docs/fapi.pod b/docs/fapi.pod
index b5cfa9b..163b025 100644
--- a/docs/fapi.pod
+++ b/docs/fapi.pod
@@ -140,13 +140,39 @@ And everything can be deleted as folows:
   fapi node fooserver1.example.com delete
   fapi node fooserver2.example.com delete
 
-=head2 Setting up simple NAT Services
+=head2 Setting up simple HTTP NAT Services
 
-  (Docu to be written)
+A simple HTTP NATed service can be created as follows.
+
+  # Create a NATed HTTP vserver
+  # fapi auto resolves the IP address.
+  fapi vserver myvserver.example.com:80 create PROTOCOL_TCP /Common/http
+
+  # Add the pool to the vserver. 
+  fapi vserver myvserver.example.com:80 set pool foopool
+
+  # Add a NATed HTTPS vserver
+  fapi vserver myvserver.example.com:443 create PROTOCOL_TCP /Common/http
+  fapi vserver myvserver.example.com:443 set pool foopool
+
+  # Restrict the vserver to a specific VLAN (IMPORTANT! security
+  # hole otherwise!)
+  fapi vserver myvserver.example.com:443 set vlan VLANNAME
+
+  # Put the VirtualAddress of the vserver into a specific traffic group
+  fapi vip myserver.example.com set tgroup some-traffic-group
+
+In order to make this work your application servers need to have setup a
+default route to the loadbalancers floating self IP.
 
 =head2 Setting up simple SNAT Services
 
-  (Docu to be written)
+Same as setting up a NATed services, but you don't need to configure default 
+routes from your application servers to the loadbalancers floating self IP.
+
+You need also to set the SNAT flag as follows:
+
+  fapi vserver myvserver.example.com:443 set snat automap
 
 =head2 About the NAME argument
 
-- 
cgit v1.2.3