| ng_nat.4 (b652778e426d00b6a1df29bbd86869db86f36e25) | ng_nat.4 (c60bda17f2a9ed4a8c1ef6483ee7b8f207de7129) |
|---|---|
| 1.\" Copyright (c) 2005 Gleb Smirnoff <glebius@FreeBSD.org> 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. --- 30 unchanged lines hidden (view full) --- 39passing through it. 40A 41.Nm nat 42node uses 43.Xr libalias 3 44engine for packet aliasing. 45.Sh HOOKS 46This node type has two hooks: | 1.\" Copyright (c) 2005 Gleb Smirnoff <glebius@FreeBSD.org> 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. --- 30 unchanged lines hidden (view full) --- 39passing through it. 40A 41.Nm nat 42node uses 43.Xr libalias 3 44engine for packet aliasing. 45.Sh HOOKS 46This node type has two hooks: |
| 47.Bl -tag -width indent | 47.Bl -tag -width ".Va out" |
| 48.It Va out 49Packets received on this hook are considered outgoing and will be 50masqueraded to a configured address. 51.It Va in 52Packets coming on this hook are considered incoming and will be 53dealiased. 54.El 55.Sh CONTROL MESSAGES 56This node type supports the generic control messages, plus the following: | 48.It Va out 49Packets received on this hook are considered outgoing and will be 50masqueraded to a configured address. 51.It Va in 52Packets coming on this hook are considered incoming and will be 53dealiased. 54.El 55.Sh CONTROL MESSAGES 56This node type supports the generic control messages, plus the following: |
| 57.Bl -tag -width indent 58.It Dv NGM_NAT_SET_IPADDR Pq Li setaliasaddr | 57.Bl -tag -width foo 58.It Dv NGM_NAT_SET_IPADDR Pq Ic setaliasaddr |
| 59Configure aliasing address for a node. 60After both hooks have been connected and aliasing address was configured, 61a node is ready for aliasing operation. | 59Configure aliasing address for a node. 60After both hooks have been connected and aliasing address was configured, 61a node is ready for aliasing operation. |
| 62.It Dv NGM_NAT_SET_MODE Pq Li setmode | 62.It Dv NGM_NAT_SET_MODE Pq Ic setmode |
| 63Set node's operation mode using supplied 64.Vt "struct ng_nat_mode" . 65.Bd -literal 66struct ng_nat_mode { 67 uint32_t flags; 68 uint32_t mask; 69}; 70/* Supported flags: */ 71#define NG_NAT_LOG 0x01 72#define NG_NAT_DENY_INCOMING 0x02 73#define NG_NAT_SAME_PORTS 0x04 74#define NG_NAT_UNREGISTERED_ONLY 0x10 75#define NG_NAT_RESET_ON_ADDR_CHANGE 0x20 76#define NG_NAT_PROXY_ONLY 0x40 77#define NG_NAT_REVERSE 0x80 78.Ed | 63Set node's operation mode using supplied 64.Vt "struct ng_nat_mode" . 65.Bd -literal 66struct ng_nat_mode { 67 uint32_t flags; 68 uint32_t mask; 69}; 70/* Supported flags: */ 71#define NG_NAT_LOG 0x01 72#define NG_NAT_DENY_INCOMING 0x02 73#define NG_NAT_SAME_PORTS 0x04 74#define NG_NAT_UNREGISTERED_ONLY 0x10 75#define NG_NAT_RESET_ON_ADDR_CHANGE 0x20 76#define NG_NAT_PROXY_ONLY 0x40 77#define NG_NAT_REVERSE 0x80 78.Ed |
| 79.It Dv NGM_NAT_SET_TARGET Pq Li settarget | 79.It Dv NGM_NAT_SET_TARGET Pq Ic settarget |
| 80Configure target address for a node. 81When an incoming packet not associated with any pre-existing aliasing 82link arrives at the host machine, it will be sent to the specified address. | 80Configure target address for a node. 81When an incoming packet not associated with any pre-existing aliasing 82link arrives at the host machine, it will be sent to the specified address. |
| 83.It Dv NGM_NAT_REDIRECT_PORT Pq Li redirectport | 83.It Dv NGM_NAT_REDIRECT_PORT Pq Ic redirectport |
| 84Redirect incoming connections arriving to given port(s) to 85another host and port(s). 86The following 87.Vt "struct ng_nat_redirect_port" 88must be supplied as argument. 89.Bd -literal 90#define NG_NAT_DESC_LENGTH 64 91struct ng_nat_redirect_port { --- 9 unchanged lines hidden (view full) --- 101.Ed 102.Pp 103Redirection is assigned an unique ID which is returned as 104response to this message, and 105information about redirection added to 106list of static redirects which later can be retrieved by 107.Dv NGM_NAT_LIST_REDIRECTS 108message. | 84Redirect incoming connections arriving to given port(s) to 85another host and port(s). 86The following 87.Vt "struct ng_nat_redirect_port" 88must be supplied as argument. 89.Bd -literal 90#define NG_NAT_DESC_LENGTH 64 91struct ng_nat_redirect_port { --- 9 unchanged lines hidden (view full) --- 101.Ed 102.Pp 103Redirection is assigned an unique ID which is returned as 104response to this message, and 105information about redirection added to 106list of static redirects which later can be retrieved by 107.Dv NGM_NAT_LIST_REDIRECTS 108message. |
| 109.It Dv NGM_NAT_REDIRECT_ADDR Pq Li redirectaddr | 109.It Dv NGM_NAT_REDIRECT_ADDR Pq Ic redirectaddr |
| 110Redirect traffic for public IP address to a machine on the 111local network. 112This function is known as 113.Em static NAT . 114The following 115.Vt "struct ng_nat_redirect_addr" 116must be supplied as argument. 117.Bd -literal 118struct ng_nat_redirect_addr { 119 struct in_addr local_addr; 120 struct in_addr alias_addr; 121 char description[NG_NAT_DESC_LENGTH]; 122}; 123.Ed 124.Pp 125Unique ID for this redirection is returned as response to this message. | 110Redirect traffic for public IP address to a machine on the 111local network. 112This function is known as 113.Em static NAT . 114The following 115.Vt "struct ng_nat_redirect_addr" 116must be supplied as argument. 117.Bd -literal 118struct ng_nat_redirect_addr { 119 struct in_addr local_addr; 120 struct in_addr alias_addr; 121 char description[NG_NAT_DESC_LENGTH]; 122}; 123.Ed 124.Pp 125Unique ID for this redirection is returned as response to this message. |
| 126.It Dv NGM_NAT_REDIRECT_PROTO Pq Li redirectproto | 126.It Dv NGM_NAT_REDIRECT_PROTO Pq Ic redirectproto |
| 127Redirect incoming IP packets of protocol 128.Va proto 129(see 130.Xr protocols 5 ) 131to a machine on the local network. 132The following 133.Vt "struct ng_nat_redirect_proto" 134must be supplied as argument. 135.Bd -literal 136struct ng_nat_redirect_proto { 137 struct in_addr local_addr; 138 struct in_addr alias_addr; 139 struct in_addr remote_addr; 140 uint8_t proto; 141 char description[NG_NAT_DESC_LENGTH]; 142}; 143.Ed 144.Pp 145Unique ID for this redirection is returned as response to this message. | 127Redirect incoming IP packets of protocol 128.Va proto 129(see 130.Xr protocols 5 ) 131to a machine on the local network. 132The following 133.Vt "struct ng_nat_redirect_proto" 134must be supplied as argument. 135.Bd -literal 136struct ng_nat_redirect_proto { 137 struct in_addr local_addr; 138 struct in_addr alias_addr; 139 struct in_addr remote_addr; 140 uint8_t proto; 141 char description[NG_NAT_DESC_LENGTH]; 142}; 143.Ed 144.Pp 145Unique ID for this redirection is returned as response to this message. |
| 146.It Dv NGM_NAT_REDIRECT_DYNAMIC Pq Li redirectdynamic | 146.It Dv NGM_NAT_REDIRECT_DYNAMIC Pq Ic redirectdynamic |
| 147Mark redirection with specified ID as dynamic, i.e., it will serve 148for exactly one next connection and then will be automatically 149deleted from internal links table. 150Only fully specified links can be made dynamic. 151The redirection with this ID is also immediately deleted from 152user-visible list of static redirects (available through 153.Dv NGM_NAT_LIST_REDIRECTS 154message). | 147Mark redirection with specified ID as dynamic, i.e., it will serve 148for exactly one next connection and then will be automatically 149deleted from internal links table. 150Only fully specified links can be made dynamic. 151The redirection with this ID is also immediately deleted from 152user-visible list of static redirects (available through 153.Dv NGM_NAT_LIST_REDIRECTS 154message). |
| 155.It Dv NGM_NAT_REDIRECT_DELETE Pq Li redirectdelete | 155.It Dv NGM_NAT_REDIRECT_DELETE Pq Ic redirectdelete |
| 156Delete redirection with specified ID (currently active 157connections are not affected). | 156Delete redirection with specified ID (currently active 157connections are not affected). |
| 158.It Dv NGM_NAT_ADD_SERVER Pq Li addserver | 158.It Dv NGM_NAT_ADD_SERVER Pq Ic addserver |
| 159Add another server to a pool. 160This is used to transparently offload network load on a single server 161and distribute the load across a pool of servers, also known as 162.Em LSNAT 163(RFC 2391). 164The following 165.Vt "struct ng_nat_add_server" 166must be supplied as argument. --- 19 unchanged lines hidden (view full) --- 186is ignored and could have any value. 187Original redirection's parameters 188.Va local_addr 189and 190.Va local_port 191are also ignored after 192.Dv NGM_NAT_ADD_SERVER 193was used (they are effectively replaced by server pool). | 159Add another server to a pool. 160This is used to transparently offload network load on a single server 161and distribute the load across a pool of servers, also known as 162.Em LSNAT 163(RFC 2391). 164The following 165.Vt "struct ng_nat_add_server" 166must be supplied as argument. --- 19 unchanged lines hidden (view full) --- 186is ignored and could have any value. 187Original redirection's parameters 188.Va local_addr 189and 190.Va local_port 191are also ignored after 192.Dv NGM_NAT_ADD_SERVER 193was used (they are effectively replaced by server pool). |
| 194.It Dv NGM_NAT_LIST_REDIRECTS Pq Li listredirects | 194.It Dv NGM_NAT_LIST_REDIRECTS Pq Ic listredirects |
| 195Return list of configured static redirects as 196.Vt "struct ng_nat_list_redirects" . 197.Bd -literal 198struct ng_nat_listrdrs_entry { 199 uint32_t id; /* Anything except zero */ 200 struct in_addr local_addr; 201 struct in_addr alias_addr; 202 struct in_addr remote_addr; --- 25 unchanged lines hidden (view full) --- 228.Dv NG_NAT_REDIRPROTO_ADDR . 229If 230.Va lsnat 231servers counter is greater than zero, then 232.Va local_addr 233and 234.Va local_port 235are also meaningless. | 195Return list of configured static redirects as 196.Vt "struct ng_nat_list_redirects" . 197.Bd -literal 198struct ng_nat_listrdrs_entry { 199 uint32_t id; /* Anything except zero */ 200 struct in_addr local_addr; 201 struct in_addr alias_addr; 202 struct in_addr remote_addr; --- 25 unchanged lines hidden (view full) --- 228.Dv NG_NAT_REDIRPROTO_ADDR . 229If 230.Va lsnat 231servers counter is greater than zero, then 232.Va local_addr 233and 234.Va local_port 235are also meaningless. |
| 236.It Dv NGM_NAT_PROXY_RULE Pq Li proxyrule | 236.It Dv NGM_NAT_PROXY_RULE Pq Ic proxyrule |
| 237Specify a transparent proxying rule (string must be 238supplied as argument). 239See 240.Xr libalias 3 241for details. 242.El 243.Pp 244In all redirection messages --- 81 unchanged lines hidden --- | 237Specify a transparent proxying rule (string must be 238supplied as argument). 239See 240.Xr libalias 3 241for details. 242.El 243.Pp 244In all redirection messages --- 81 unchanged lines hidden --- |