Date: Sun, 30 Apr 2006 15:57:36 +0200 From: Paolo Pisati <p.pisati@oltrelinux.com> To: FreeBSD_Ipfw <freebsd-ipfw@freebsd.org> Subject: [6.x patchset] Ipfw nat and libalias modules Message-ID: <20060430135736.GB48117@tin.it>
next in thread | raw e-mail | index | archive | help
I just released a new revision of my libalias+ipfw work as a patchset for 6.x, get it here: http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz To apply it: cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 < libalias_ipfw.patch then you have to recompile & install: kernel, sbin/ipfw, sbin/natd, sbin/ppp, lib/libalias, sys/modules/ipfw, sys/modules/libalias or simply do a world. With this patch you get: -ipfw nat + redirect + LSNAT support -libalias modules (both in user and kernel land) -for kernel land, all the libalias modules are installed in /boot/kernel as alias_*.ko. -for user land (natd & ppp), modules are shared lib loaded according to /etc/libalias.conf. To reload modules for a known process, just 'kill -HUP $PID' it. -natd & ppp are patched to use libalias modules If your natd/ppp/ipfw behaves strangely after you applied my patch (i.e. active ftp stops working), remember to check libalias modules. Some ipfw examples: ipfw add nat 666 all from any to any via $IF ipfw nat 666 confg ip 192.168.0.1 # nat with a fixed address ipfw nat 666 confg if $IF log # dynamic if addr nat and logging ipfw nat 666 confg if $IF redir_port ... # redirect support with ipfw nat 666 confg if $IF redir_addr ... # linkspec natd syntax, ipfw nat 666 confg if $IF redir_proto ... # LSNAT works too. # different ipfw rules can be redirected to use # the same nat instance ipfw add nat 666 all from $IP1 to any via $IF1 ipfw add nat 666 all from any to any via $IF2 out ipfw add nat 666 all from $IP2 to $IP3 ipfw nat show # see logs ipfw nat show config # nat configuration To load/unload a libalias module (kernel): kldload alias_ftp # active ftp work ok now kldunload alias_ftp To load/unload a libalias module (user): [edit /etc/libalias.conf and add/cut needed modules] kill -HUP $PID For more info see the readme inside the archive. TODO: Not tested on SMP & !i386, logging ability should be improved(right now it's the same as original libalias), documentation should be man-pagified, patchset for 7.x, etcetc bye -- Paolo "le influenze esterne sono troppe, il mondo reale non e' mica quello fatato dei komunisti :-p" - Anonymous Lumbard
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060430135736.GB48117>