Page MenuHomeFreeBSD

netgraph: Add RFC 6598/Carrier Grade NAT support to ng_nat

Authored by nc on Feb 2 2020, 12:18 AM.



netgraph: Add RFC 6598/Carrier Grade NAT support to ng_nat.

This extends upon the RFC 6598 support to libalias/ipfw in r357092.

Submitted by: Neel Chauhan <neel AT neelc DOT org>

Test Plan

Load the kernel module

kldunload ng_ipfw

Replace WAN_IP with the WAN IPv4, and WAN_IF with the WAN interface.

Set the netgraph rules.

ngctl mkpeer ipfw: nat 60 out
ngctl name ipfw:60 nat
ngctl connect ipfw: nat: 61 in
ngctl msg nat: setaliasaddr WAN_IP
ngctl msg nat: setmode "{flags=0x100}"

Set the ipfw rules.

ipfw add 300 netgraph 61 all from any to any in via WAN_IF
ipfw add 400 netgraph 60 all from any to any out via WAN_IF

Set the sysctl:

sysctl net.inet.ip.fw.one_pass=0

Diff Detail

R10 FreeBSD src repository
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

Of course, the change is straight forward, but can we please have some words in the man page explaining how the names of the flags match the correspondent names in libalias.

I added the explanation in the man page.

This revision is now accepted and ready to land.Feb 13 2020, 8:05 AM
bcr added a subscriber: bcr.

Manpages is also good with this change. Thanks for the implementation.

Can you please add "TESTING" section?

Here, added the testing section.

kp added a subscriber: kp.

Approved by: kp (mentor)

Don't forget to update the man page date before you commit.