Changeset View
Changeset View
Standalone View
Standalone View
nat.sh
Show First 20 Lines • Show All 141 Lines • ▼ Show 20 Lines | |||||
} | } | ||||
userspace_nat_cleanup() | userspace_nat_cleanup() | ||||
{ | { | ||||
firewall=$1 | firewall=$1 | ||||
firewall_cleanup $firewall | firewall_cleanup $firewall | ||||
} | } | ||||
common_cgn() { | |||||
firewall=$1 | |||||
portalias=$2 | |||||
firewall_init $firewall | |||||
nat_init $firewall | |||||
epair_host_nat=$(vnet_mkepair) | |||||
epair_client1_nat=$(vnet_mkepair) | |||||
epair_client2_nat=$(vnet_mkepair) | |||||
vnet_mkjail nat ${epair_host_nat}b ${epair_client1_nat}a ${epair_client2_nat}a | |||||
vnet_mkjail client1 ${epair_client1_nat}b | |||||
vnet_mkjail client2 ${epair_client2_nat}b | |||||
ifconfig ${epair_host_nat}a 198.51.100.2/24 up | |||||
jexec nat ifconfig ${epair_host_nat}b 198.51.100.1/24 up | |||||
jexec nat ifconfig ${epair_client1_nat}a 100.64.0.1/24 up | |||||
jexec client1 ifconfig ${epair_client1_nat}b 100.64.0.2/24 up | |||||
jexec nat ifconfig ${epair_client2_nat}a 100.64.1.1/24 up | |||||
jexec client2 ifconfig ${epair_client2_nat}b 100.64.1.2/24 up | |||||
jexec nat sysctl net.inet.ip.forwarding=1 | |||||
jexec client1 route add -net 198.51.100.0/24 100.64.0.1 | |||||
jexec client2 route add -net 198.51.100.0/24 100.64.1.1 | |||||
# ping fails without NAT configuration | |||||
atf_check -s exit:2 -o ignore jexec client1 ping -t 1 -c 1 198.51.100.2 | |||||
atf_check -s exit:2 -o ignore jexec client2 ping -t 1 -c 1 198.51.100.2 | |||||
if [[ $portalias ]]; then | |||||
firewall_config nat $firewall \ | |||||
"ipfw" \ | |||||
"ipfw -q nat 123 config if ${epair_host_nat}b unreg_cgn port_alias 2000 2999" \ | |||||
"ipfw -q nat 456 config if ${epair_host_nat}b unreg_cgn port_alias 3000 3999" \ | |||||
"ipfw -q add 1000 nat 123 all from any to 198.51.100.2 in via ${epair_host_nat}b" \ | |||||
"ipfw -q add 2000 nat 456 all from any to 198.51.100.2 in via ${epair_host_nat}b" \ | |||||
"ipfw -q add 3000 nat 123 all from 100.64.0.2 to any out via ${epair_host_nat}b" \ | |||||
"ipfw -q add 4000 nat 456 all from 100.64.1.2 to any out via ${epair_host_nat}b" | |||||
else | |||||
firewall_config nat $firewall \ | |||||
"ipfw" \ | |||||
"ipfw -q nat 123 config if ${epair_host_nat}b unreg_cgn" \ | |||||
"ipfw -q add 1000 nat 123 all from any to any" | |||||
fi | |||||
# ping is successful now | |||||
atf_check -s exit:0 -o ignore jexec client1 ping -t 1 -c 1 198.51.100.2 | |||||
atf_check -s exit:0 -o ignore jexec client2 ping -t 1 -c 1 198.51.100.2 | |||||
# if portalias, test a tcp server/client with nc | |||||
if [[ $portalias ]]; then | |||||
for inst in 1 2; do | |||||
daemon nc -p 198.51.100.2 7 | |||||
atf_check -s exit:0 -o ignore jexec client$inst sh -c "echo | nc -N 198.51.100.2 7" | |||||
done | |||||
fi | |||||
} | |||||
cgn_head() | |||||
{ | |||||
atf_set descr 'IPv4 CGN (RFC 6598) test' | |||||
atf_set require.user root | |||||
} | |||||
cgn_body() | |||||
{ | |||||
common_cgn $1 false | |||||
} | |||||
cgn_cleanup() | |||||
{ | |||||
firewall_cleanup ipfw | |||||
} | |||||
portalias_head() | |||||
{ | |||||
atf_set descr 'IPv4 CGN (RFC 6598) port aliasing test' | |||||
atf_set require.user root | |||||
} | |||||
portalias_body() | |||||
{ | |||||
common_cgn $1 true | |||||
} | |||||
portalias_cleanup() | |||||
{ | |||||
firewall_cleanup ipfw | |||||
} | |||||
setup_tests \ | setup_tests \ | ||||
basic \ | basic \ | ||||
pf \ | pf \ | ||||
ipfw \ | ipfw \ | ||||
ipfnat \ | ipfnat \ | ||||
userspace_nat \ | userspace_nat \ | ||||
ipfw | ipfw \ | ||||
No newline at end of file | cgn \ | ||||
ipfw \ | |||||
portalias \ | |||||
ipfw |