Page MenuHomeFreeBSD

netgraph: Add RFC 6598/Carrier Grade NAT support to ng_nat

Authored by on Feb 2 2020, 12:18 AM.



netgraph: Add RFC 6598/Carrier Grade NAT support to ng_nat.

This extends upon the RFC 6598 support to libalias/ipfw in r357092.

Submitted by: Neel Chauhan <neel AT neelc DOT org>

Test Plan

Load the kernel module

kldunload ng_ipfw

Replace WAN_IP with the WAN IPv4, and WAN_IF with the WAN interface.

Set the netgraph rules.

ngctl mkpeer ipfw: nat 60 out
ngctl name ipfw:60 nat
ngctl connect ipfw: nat: 61 in
ngctl msg nat: setaliasaddr WAN_IP
ngctl msg nat: setmode "{flags=0x100}"

Set the ipfw rules.

ipfw add 300 netgraph 61 all from any to any in via WAN_IF
ipfw add 400 netgraph 60 all from any to any out via WAN_IF

Set the sysctl:

sysctl net.inet.ip.fw.one_pass=0

Diff Detail

rS FreeBSD src repository
Lint Skipped
Unit Tests Skipped

Event Timeline created this revision.Feb 2 2020, 12:18 AM

Of course, the change is straight forward, but can we please have some words in the man page explaining how the names of the flags match the correspondent names in libalias.

I added the explanation in the man page.

This revision is now accepted and ready to land.Feb 13 2020, 8:05 AM
bcr accepted this revision as: manpages.Feb 13 2020, 8:10 AM
bcr added a subscriber: bcr.

Manpages is also good with this change. Thanks for the implementation.

Can you please add "TESTING" section? edited the test plan for this revision. (Show Details)Jul 4 2020, 2:46 PM

Here, added the testing section. added a subscriber: network.
adrian accepted this revision.Jul 5 2020, 5:26 PM