Page MenuHomeFreeBSD
Differential D23356

natd: Add support for RFC 6598/Carrier Grade NAT subnets via libalias
AcceptedPublic
Actions

Authored by nc on Jan 25 2020, 3:12 AM.
Tags
Referenced Files
F81580368: D23356.diff
Thu, Apr 18, 10:50 AM
Unknown Object (File)
Tue, Apr 16, 7:24 AM
Unknown Object (File)
Dec 20 2023, 5:06 AM
Unknown Object (File)
Oct 21 2023, 4:21 PM
Unknown Object (File)
Sep 2 2023, 4:18 AM
Unknown Object (File)
Jun 8 2023, 4:13 AM
Unknown Object (File)
Mar 21 2023, 8:38 PM
Unknown Object (File)
Mar 4 2023, 10:50 AM
Subscribers
bcr
imp
rgrimes
network

Details

Reviewers
melifaro
ae
rgrimes
adrian
Group Reviewers
manpages
Summary

Add support for RFC 6598/Carrier Grade NAT address ranges (100.64.0.0/10) in natd by adding a natd flag -unregistered_cgn and its short version -c. This is similar to the -unregistered_only option for RFC 1918, however those subnets will also be supported by this new option.

This extends upon r357092 where we added support for RFC 6598 subnets in libalias and ipfw.

Submitted by: Neel Chauhan <neel AT neelc DOT org>

Test Plan
  1. Compile a HEAD with this patch.
  1. Add the following in /etc/rc.conf:

ifconfig_lan0="inet 100.64.0.1 netmask 255.255.255.0"
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="wan0"
natd_flags="-unregistered_cgn"

Replace wan0 with your WAN interface, and lan0 with your LAN interface.

  1. Connect clients to the LAN connected by lan0 in the 100.64.0.0/24 subnet, with a default gateway of 100.64.0.1
  1. Clients should connect to your Carrier Grade NAT via natd.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

nc created this revision.Jan 25 2020, 3:12 AM
Herald added a reviewer: manpages. · View Herald TranscriptJan 25 2020, 3:12 AM
Herald added a subscriber: imp. · View Herald Transcript
bcr accepted this revision as: manpages.Jan 25 2020, 10:34 AM
bcr added a subscriber: bcr.

Manpage looks good, don't forget to bump the .Dd when you commit.
Thanks for adding this support!

rgrimes added a subscriber: rgrimes.Jul 4 2020, 4:06 PM

Is it possible to do cgn without rfc1918? I think the changes should allow for that configuration.

rgrimes added a reviewer: rgrimes.Jul 4 2020, 4:06 PM
nc added a comment.Jul 4 2020, 5:55 PM
In D23356#565161, @rgrimes wrote:

Is it possible to do cgn without rfc1918? I think the changes should allow for that configuration.

Theoretically, you can do CGN (or NAT) on any subnet.

But you generally do it on special subnets like 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 for RFC 1918, or 100.64.0.0/16 for CGN/RFC 6598.

The reason for special NAT subnets like RFC 1918/6598 is so you don't accidentally allocate "internal" networks using public subnets, or require RIRs to allocate separate networks to each ISP for NAT use.

This patch just adds 100.64.0.0/10 (RFC 6598) as an option to natd, so we don't break natd users who need 100.64.0.0/10 as a WAN address.

nc added a project: network.Jul 4 2020, 6:29 PM
nc added a subscriber: network.
adrian accepted this revision.Jul 4 2020, 10:43 PM
This revision is now accepted and ready to land.Jul 4 2020, 10:43 PM

Revision Contents
Changeset List

PathSize
sbin/
natd/
4 lines
10 lines
samples/
5 lines

Diff 67271

View Options

sbin/natd/natd.8

Loading...
View Options

sbin/natd/natd.c

Loading...
View Options

sbin/natd/samples/natd.cf.sample

Loading...