Page MenuHomeFreeBSD
Files F143351031

D23450.id67942.diff
No OneTemporary
Actions

D23450.id67942.diff
View Options

Index: nat.sh
===================================================================
--- nat.sh
+++ nat.sh
@@ -147,10 +147,107 @@
firewall_cleanup $firewall
}
+common_cgn() {
+ firewall=$1
+ portalias=$2
+ firewall_init $firewall
+ nat_init $firewall
+
+ epair_host_nat=$(vnet_mkepair)
+ epair_client1_nat=$(vnet_mkepair)
+ epair_client2_nat=$(vnet_mkepair)
+
+ vnet_mkjail nat ${epair_host_nat}b ${epair_client1_nat}a ${epair_client2_nat}a
+ vnet_mkjail client1 ${epair_client1_nat}b
+ vnet_mkjail client2 ${epair_client2_nat}b
+
+ ifconfig ${epair_host_nat}a 198.51.100.2/24 up
+ jexec nat ifconfig ${epair_host_nat}b 198.51.100.1/24 up
+
+ jexec nat ifconfig ${epair_client1_nat}a 100.64.0.1/24 up
+ jexec client1 ifconfig ${epair_client1_nat}b 100.64.0.2/24 up
+
+ jexec nat ifconfig ${epair_client2_nat}a 100.64.1.1/24 up
+ jexec client2 ifconfig ${epair_client2_nat}b 100.64.1.2/24 up
+
+ jexec nat sysctl net.inet.ip.forwarding=1
+
+ jexec client1 route add -net 198.51.100.0/24 100.64.0.1
+ jexec client2 route add -net 198.51.100.0/24 100.64.1.1
+
+ # ping fails without NAT configuration
+ atf_check -s exit:2 -o ignore jexec client1 ping -t 1 -c 1 198.51.100.2
+ atf_check -s exit:2 -o ignore jexec client2 ping -t 1 -c 1 198.51.100.2
+
+ if [[ $portalias ]]; then
+ firewall_config nat $firewall \
+ "ipfw" \
+ "ipfw -q nat 123 config if ${epair_host_nat}b unreg_cgn port_alias 2000 2999" \
+ "ipfw -q nat 456 config if ${epair_host_nat}b unreg_cgn port_alias 3000 3999" \
+ "ipfw -q add 1000 nat 123 all from any to 198.51.100.2 in via ${epair_host_nat}b" \
+ "ipfw -q add 2000 nat 456 all from any to 198.51.100.2 in via ${epair_host_nat}b" \
+ "ipfw -q add 3000 nat 123 all from 100.64.0.2 to any out via ${epair_host_nat}b" \
+ "ipfw -q add 4000 nat 456 all from 100.64.1.2 to any out via ${epair_host_nat}b"
+ else
+ firewall_config nat $firewall \
+ "ipfw" \
+ "ipfw -q nat 123 config if ${epair_host_nat}b unreg_cgn" \
+ "ipfw -q add 1000 nat 123 all from any to any"
+ fi
+
+ # ping is successful now
+ atf_check -s exit:0 -o ignore jexec client1 ping -t 1 -c 1 198.51.100.2
+ atf_check -s exit:0 -o ignore jexec client2 ping -t 1 -c 1 198.51.100.2
+
+ # if portalias, test a tcp server/client with nc
+ if [[ $portalias ]]; then
+ for inst in 1 2; do
+ daemon nc -p 198.51.100.2 7
+ atf_check -s exit:0 -o ignore jexec client$inst sh -c "echo | nc -N 198.51.100.2 7"
+ done
+ fi
+}
+
+cgn_head()
+{
+ atf_set descr 'IPv4 CGN (RFC 6598) test'
+ atf_set require.user root
+}
+
+cgn_body()
+{
+ common_cgn $1 false
+}
+
+cgn_cleanup()
+{
+ firewall_cleanup ipfw
+}
+
+portalias_head()
+{
+ atf_set descr 'IPv4 CGN (RFC 6598) port aliasing test'
+ atf_set require.user root
+}
+
+portalias_body()
+{
+ common_cgn $1 true
+}
+
+portalias_cleanup()
+{
+ firewall_cleanup ipfw
+}
+
setup_tests \
basic \
pf \
ipfw \
ipfnat \
userspace_nat \
- ipfw
\ No newline at end of file
+ ipfw \
+ cgn \
+ ipfw \
+ portalias \
+ ipfw

File Metadata

Mime Type
text/plain
Expires
Fri, Jan 30, 6:56 AM (6 h, 48 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
28096270
Default Alt Text
D23450.id67942.diff (2 KB)

Event Timeline