Changeset View
Changeset View
Standalone View
Standalone View
share/man/man4/ng_nat.4
Show All 18 Lines | |||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
.\" SUCH DAMAGE. | .\" SUCH DAMAGE. | ||||
.\" | .\" | ||||
.\" $FreeBSD: releng/11.2/share/man/man4/ng_nat.4 298904 2016-05-01 22:00:41Z wblock $ | .\" $FreeBSD: releng/11.2/share/man/man4/ng_nat.4 298904 2016-05-01 22:00:41Z wblock $ | ||||
.\" | .\" | ||||
.Dd March 21, 2013 | .Dd December 12, 2018 | ||||
.Dt NG_NAT 4 | .Dt NG_NAT 4 | ||||
.Os | .Os | ||||
.Sh NAME | .Sh NAME | ||||
.Nm ng_nat | .Nm ng_nat | ||||
.Nd "NAT netgraph node type" | .Nd "NAT netgraph node type" | ||||
.Sh SYNOPSIS | .Sh SYNOPSIS | ||||
.In netgraph/ng_nat.h | .In netgraph/ng_nat.h | ||||
.Sh DESCRIPTION | .Sh DESCRIPTION | ||||
▲ Show 20 Lines • Show All 223 Lines • ▼ Show 20 Lines | |||||
.Ed | .Ed | ||||
In case of | In case of | ||||
.Nm | .Nm | ||||
failed to retrieve a certain counter | failed to retrieve a certain counter | ||||
from its | from its | ||||
.Xr libalias | .Xr libalias | ||||
instance, the corresponding field is returned as | instance, the corresponding field is returned as | ||||
.Va UINT32_MAX . | .Va UINT32_MAX . | ||||
.It Dv NGM_NAT_SET_DLT Pq Ic setdlt | |||||
Sets the data link type on the | |||||
.Va in | |||||
and | |||||
.Va out | |||||
hooks. Currently, supported types are | |||||
glebius: New line at end of a sentence. | |||||
.Cm DLT_RAW | |||||
(raw IP datagrams , no offset applied, the default) and | |||||
.Cm DLT_EN10MB | |||||
(Ethernet). DLT_ definitions can be found in | |||||
.In net/bpf.h . | |||||
If you want to work on the | |||||
.Xr ipfw 8 | |||||
level you must use no additional offset by specifying | |||||
.Cm DLT_RAW . | |||||
If, however, you attach | |||||
.Nm | |||||
to a network interface directly and | |||||
.Cm EN10MB | |||||
is specified, then the extra offset will be applied to take into account | |||||
link-level header. In this mode the | |||||
glebiusUnsubmitted Not Done Inline ActionsOne more new line. glebius: One more new line. | |||||
.Nm | |||||
would also inspect appropriate type field in the Ethernet header and | |||||
pass-through any datagrams that are not IP packets. | |||||
.It Dv NGM_NAT_GET_DLT Pq Ic getdlt | |||||
This control message returns the current data link type of the | |||||
.Va in | |||||
and | |||||
.Va out | |||||
hooks. | |||||
.El | .El | ||||
.Pp | .Pp | ||||
In all redirection messages | In all redirection messages | ||||
.Va local_addr | .Va local_addr | ||||
and | and | ||||
.Va local_port | .Va local_port | ||||
mean address and port of target machine in the internal network, | mean address and port of target machine in the internal network, | ||||
respectively. | respectively. | ||||
▲ Show 20 Lines • Show All 56 Lines • ▼ Show 20 Lines | /usr/sbin/ngctl -f- <<-SEQ | ||||
name cp0:rawdata hdlc | name cp0:rawdata hdlc | ||||
mkpeer hdlc: nat inet in | mkpeer hdlc: nat inet in | ||||
name hdlc:inet nat | name hdlc:inet nat | ||||
mkpeer nat: iface out inet | mkpeer nat: iface out inet | ||||
msg nat: setaliasaddr x.y.8.35 | msg nat: setaliasaddr x.y.8.35 | ||||
SEQ | SEQ | ||||
ifconfig ng0 x.y.8.35 x.y.8.1 | ifconfig ng0 x.y.8.35 x.y.8.1 | ||||
.Ed | .Ed | ||||
.Pp | |||||
The | |||||
.Nm | |||||
node can also be attached directly to the physical interface | |||||
via | |||||
.Xr ng_ether 4 | |||||
node in the graph. | |||||
In the following example, we perform masquerading on a | |||||
Ethernet interface connected to a public network. | |||||
.Bd -literal -offset indent | |||||
ifconfig igb0 inet x.y.8.35 netmask 0xfffff000 | |||||
route add default x.y.0.1 | |||||
/usr/sbin/ngctl -f- <<-SEQ | |||||
mkpeer igb0: nat lower in | |||||
name igb0:lower igb0_NAT | |||||
connect igb0: igb0_NAT: upper out | |||||
msg igb0_NAT: setdlt 1 | |||||
msg igb0_NAT: setaliasaddr x.y.8.35 | |||||
SEQ | |||||
.Sh SEE ALSO | .Sh SEE ALSO | ||||
.Xr libalias 3 , | .Xr libalias 3 , | ||||
.Xr ng_ipfw 4 , | .Xr ng_ipfw 4 , | ||||
.Xr natd 8 , | .Xr natd 8 , | ||||
.Xr ngctl 8 | .Xr ngctl 8 , | ||||
.Xr ng_ether 8 | |||||
.Sh HISTORY | .Sh HISTORY | ||||
The | The | ||||
.Nm | .Nm | ||||
node type was implemented in | node type was implemented in | ||||
.Fx 6.0 . | .Fx 6.0 . | ||||
.Sh AUTHORS | .Sh AUTHORS | ||||
.An Gleb Smirnoff Aq Mt glebius@FreeBSD.org | .An Gleb Smirnoff Aq Mt glebius@FreeBSD.org |
New line at end of a sentence.