Date: Tue, 02 May 2006 14:38:35 +0300 From: Iasen Kostov <tbyte@otel.net> To: Paolo Pisati <p.pisati@oltrelinux.com> Cc: FreeBSD_Net <freebsd-net@freebsd.org> Subject: Re: [6.x patchset] Ipfw nat and libalias modules Message-ID: <1146569915.79123.9.camel@DraGoN.OTEL.net> In-Reply-To: <20060430135702.GA48117@tin.it> References: <20060430135702.GA48117@tin.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 2006-04-30 at 15:57 +0200, Paolo Pisati wrote: > I just released a new revision of my libalias+ipfw work as a > patchset for 6.x, get it here: > http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz > > To apply it: > > cp libalias_ipfw.patch /usr/src > cd /usr/src > patch -p3 < libalias_ipfw.patch > > then you have to recompile & install: > > kernel, sbin/ipfw, sbin/natd, sbin/ppp, lib/libalias, > sys/modules/ipfw, sys/modules/libalias > > or simply do a world. > > With this patch you get: > > -ipfw nat + redirect + LSNAT support > > -libalias modules (both in user and kernel land) > -for kernel land, all the libalias modules are installed > in /boot/kernel as alias_*.ko. > -for user land (natd & ppp), modules are shared lib > loaded according to /etc/libalias.conf. To reload > modules for a known process, just 'kill -HUP $PID' it. > -natd & ppp are patched to use libalias modules > > If your natd/ppp/ipfw behaves strangely after you applied my > patch (i.e. active ftp stops working), remember to check > libalias modules. > > Some ipfw examples: > > ipfw add nat 666 all from any to any via $IF > > ipfw nat 666 confg ip 192.168.0.1 # nat with a fixed address > > ipfw nat 666 confg if $IF log # dynamic if addr nat and logging > > ipfw nat 666 confg if $IF redir_port ... # redirect support with > ipfw nat 666 confg if $IF redir_addr ... # linkspec natd syntax, > ipfw nat 666 confg if $IF redir_proto ... # LSNAT works too. > > # different ipfw rules can be redirected to use > # the same nat instance > > ipfw add nat 666 all from $IP1 to any via $IF1 > ipfw add nat 666 all from any to any via $IF2 out > ipfw add nat 666 all from $IP2 to $IP3 > > ipfw nat show # see logs > ipfw nat show config # nat configuration > > To load/unload a libalias module (kernel): > > kldload alias_ftp # active ftp work ok now > kldunload alias_ftp > > To load/unload a libalias module (user): > > [edit /etc/libalias.conf and add/cut needed modules] > kill -HUP $PID > > For more info see the readme inside the archive. > > TODO: > Not tested on SMP & !i386, logging ability should be improved(right now > it's the same as original libalias), documentation should be man-pagified, > patchset for 7.x, etcetc > > bye Have you done any performace comparisons with pf's NAT ? I realy would prefer libalias based kernel NAT than pf because libalias works better with ftp, irc dcc and things like that (VoIP would be nice too :P ). So the only reason I've not put it in production is because its to new and untested but as soon as I upgrade mine home to 6.x router I'll test it more extensivly. Btw what is the status of the multi-session to the same point PPTP NAT (e.g call ID tracking) ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1146569915.79123.9.camel>