Date: Thu, 10 Feb 2005 13:07:15 +0300 From: Gleb Smirnoff <glebius@freebsd.org> To: net@freebsd.org, current@freebsd.org Subject: ng_nat: proof of concept Message-ID: <20050210100715.GB20344@cell.sick.ru>
next in thread | raw e-mail | index | archive | help
[pls, remove current@freebsd.org from Cc, when replying] Collegues, I'm glad to announce new and VERY immature node - ng_nat. Actually it is just a proof of concept, not ready for any practical usage. ng_nat is a netgraph node, performing NAT. It works using libalias(3) ported to kernel, that's why it is going to have the same functionality as good old natd(8). But it will work in netgraph, in kernel. Node has two hooks - "in" and "out". Packets to be masqueraded should be sent to "out" hook, packets to be demasqueraded should be sent to "in" hook. Here a sample P.O.C. setup, which is working: kldload ng_ipfw ipfw add 30 netgraph 60 ip from 192.168.0.1 to ${some_host} out via ng1 ipfw add 31 netgraph 61 ip from ${some_host} to ${oif} in via ng1 kldload libalias kldload ng_nat ngctl mkpeer ipfw: nat 60 out ngctl name ipfw:60 nat ngctl connect ipfw: nat: 61 in ngctl msg nat: setaliasaddr ${oif} [on 192.168.0.1 host] ping ${some_host} And it works! :) Well, it is not yet time to call for testers, but patches are already shared. First kernel alias library needs to be built. cd /usr/src/lib/libalias fetch http://people.freebsd.org/~glebius/totest/ng_nat/libalias-kernel.diff patch < libalias-kernel.diff cd /usr/src/sys/modules mkdir libalias cd libalias fetch http://people.freebsd.org/~glebius/totest/ng_nat/Makefile make make install Then ng_nat module can be built: cd /usr/src/sys/netgraph fetch http://people.freebsd.org/~glebius/totest/ng_nat/ng_nat.c fetch http://people.freebsd.org/~glebius/totest/ng_nat/ng_nat.h cd /usr/src/sys/modules/netgraph mkdir nat cd nat fetch http://people.freebsd.org/~glebius/totest/ng_nat/ng_nat/Makefile make make install The snapshots at http://people.freebsd.org/~glebius/totest/ng_nat are going to be updated several times per weeek. Comments are welcome. Especially I'd be glad for criticism and advices concerning of clean porting libalias to kernel. Make ifdefs and defines more nice, etc. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050210100715.GB20344>