Date: Tue, 1 Jul 2003 19:27:28 -0400 From: "Matthew Emmerton" <matt@compar.com> To: <FBSD_user@adelphia.net>, "freebsd-questions@FreeBSD. ORG" <freebsd-questions@freebsd.org> Subject: Re: Stand-a-lone NAT PGM Message-ID: <005f01c34028$566ab890$1200a8c0@gsicomp.on.ca> References: <MIEPLLIBMLEEABPDBIEGAEKJEAAA.FBSD_user@adelphia.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm saying that the functionality you want already exists -- in a low-level library called libalias(3), or with a cleaner front-end called natd(8). What you're failing to understand is that NATD cannot run "standalone' -- you have to have hook it into the TCP/IP stack somehow. For ppp(8) this is easy, since ppp is already "hooked" into your system's TCP/IP stack, and can easily run the packets through libalias(3) to achieve NAT functionality. For "standard" ethernet applications, a common approach is to use ipfw(8) with a single "divert" rule which redirects all TCP/IP traffic from the TCP/IP stack, through the natd(8) front-end to libalias(3), and then back into the TCP/IP stack. The overhead of ipfw with a single "divert" rule is very low. The overhead of IPFITLER/IPNAT is even lower. I'm not sure exactly what performance problem you're trying to overcome. -- Matt Emmerton > Are you saying I can run NATD as a stand-a-lone function? IE: not > enabling IPFW and using the 'divert natd' rule > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Matthew > Emmerton > Sent: Tuesday, July 01, 2003 6:49 PM > To: FBSD_user@adelphia.net; freebsd-questions@FreeBSD. ORG > Subject: Re: Stand-a-lone NAT PGM > > > I have been looking for NAT program which is not part of some > other > > program like NATD is part of IPFW or IPNAT is part of IPFILTER or > > NAT of user ppp. I can not find any NAT program in the FBSD ports > > collection unless I mis-understood some description. If anybody > > knows of one please let me know. Yes I know that I can set > firewall > > rule to pass all packets just to use NAT function, but I don't > want > > overhead of firewall logic, just simple NAT like PPP NAT function > > with out the PPP stuff. > > The reason you can't find a NAT program in the ports collection is > because > such a program exists in the base system. > natd(8) is a front-end to the libalias(3) library, which implements > generic > packet aliasing and masqerading functions (aka NAT). > > > I was wondering if the NAT logic code from user ppp could be > copied > > and made into stand-a-lone NAT program. My programming ability is > > not great so I am asking for opinions on weather this is > technical > > possible? Thanks > > Both ppp(8) and natd(8) use the libalias(3) library for NAT > functionality. > > -- > Matt Emmerton > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005f01c34028$566ab890$1200a8c0>