Home
last modified time | relevance | path

Searched full:nat (Results 1 – 25 of 281) sorted by relevance

12345678910>>...12

/freebsd/sbin/ipf/libipf/
H A Dprintactivenat.c17 printactivenat(nat_t *nat, int opts, u_long ticks) in printactivenat() argument
26 PRINTF("%s", getnattype(nat)); in printactivenat()
28 if (nat->nat_flags & SI_CLONE) in printactivenat()
30 if (nat->nat_phnext[0] == NULL && nat->nat_phnext[1] == NULL) in printactivenat()
34 if (nat->nat_redir & NAT_REWRITE) { in printactivenat()
35 printactiveaddress(nat->nat_v[0], "%-15s", &nat->nat_osrc6, in printactivenat()
36 nat->nat_ifnames[0]); in printactivenat()
38 if ((nat->nat_flags & IPN_TCPUDP) != 0) in printactivenat()
39 PRINTF(" %-5hu", ntohs(nat->nat_osport)); in printactivenat()
42 printactiveaddress(nat->nat_v[0], "%-15s", &nat->nat_odst6, in printactivenat()
[all …]
H A Dinterror.c70 { 42, "ipfilter not enabled for NAT ioctl" },
282 { 60001, "insufficient privilege for NAT write operation" },
283 { 60002, "need write permissions to flush NAT logs" },
284 { 60003, "need write permissions to turn NAT logging on/off" },
285 { 60004, "error copying out current NAT log setting" },
286 { 60005, "error copying out bytes waiting to be read in NAT \
288 { 60006, "need write permissions to add NAT rule" },
289 { 60007, "NAT rule already exists" },
290 { 60008, "could not allocate memory for NAT rule" },
291 { 60009, "need write permissions to remove NAT rule" },
[all …]
/freebsd/sbin/ipf/ipnat/
H A Dipnat_y.y45 static ipnat_t *nat = NULL; variable
130 while ((nat = nattop) != NULL) {
131 if (nat->in_v[0] == 0)
132 nat->in_v[0] = 4;
133 if (nat->in_v[1] == 0)
134 nat->in_v[1] = nat->in_v[0];
135 nattop = nat->in_next;
136 err = (*nataddfunc)(natfd, natioctlfunc, nat);
137 free(nat);
174 no: IPNY_NO { nat->in_flags |= IPN_NO; }
[all …]
H A Dipnat.c228 * Read NAT statistic information in using a symbol table and memory file
279 * Issue an ioctl to flush either the NAT rules table or the active mapping
309 printf("%d entries flushed from NAT table\n", n); in flushtable()
317 printf("%d entries flushed from NAT list\n", n); in flushtable()
323 * Display NAT statistics.
328 nat_t *np, nat; in dostats_dead() local
359 for (np = nsp->ns_instances; np; np = nat.nat_next) { in dostats_dead()
360 if (kmemcpy((char *)&nat, (long)np, sizeof(nat))) in dostats_dead()
362 if ((filter != NULL) && (nat_matcharray(&nat, filter) == 0)) in dostats_dead()
366 printnatfield(&nat, nat_fields[i].w_value); in dostats_dead()
[all …]
H A Dipnat.84 ipnat \- user interface to the NAT subsystem
19 file for a set of rules which are to be added or removed from the IP NAT.
28 is not enabled when NAT is configured, it will be enabled
35 delete all entries in the current NAT rule listing (NAT rules)
41 delete all active entries in the current NAT translation table (currently
42 active NAT mappings)
48 Show the list of current NAT table entry mappings.
55 This flag is used with the \fB-r\fP flag to cause any active NAT
60 Remove matching NAT rules rather than add them to the internal lists.
63 Retrieve and display NAT statistics.
H A Dipnat.13 ipnat \- user interface to the NAT
12 file for a set of rules which are to be added or removed from the IP NAT.
21 delete all entries in the current NAT rule listing (NAT rules)
24 delete all active entries in the current NAT translation table (currently
25 active NAT mappings)
28 Show the list of current NAT table entry mappings.
35 Retrieve and display NAT statistics
38 Remove matching NAT rules rather than add them to the internal lists
H A Dipnat.413 To add and delete rules to the NAT list, two 'basic' ioctls are provided
23 Unlike \fBipf(4)\fP, there is only a single list supported by the kernel NAT
32 The structure used with the NAT interface is described below:
66 \fBNAT statistics\fP
69 the NAT table and the current usage level of the NAT table.
71 Pointers to the NAT table inside the kernel, as well as to the top of the
72 internal NAT lists constructed with the \fBSIOCADNAT\fP ioctls. The table
/freebsd/sys/netpfil/ipfilter/netinet/
H A Dip_nat6.c142 /* Parameters: in(I) - NAT rule that requires address fields to be init'd */
144 /* For each of the source/destination address fields in a NAT rule, call */
198 /* Parameters: n(I) - pointer to NAT rule to add */
201 /* loaded NAT rules. Updates the bitmask indicating which netmasks are in */
245 /* Parameters: n(I) - pointer to NAT rule to add */
247 /* Adds a NAT map rule to the hash table of rules and the list of loaded */
248 /* NAT rules. Updates the bitmask indicating which netmasks are in use by */
286 /* Parameters: n(I) - pointer to NAT rule to delete */
288 /* Removes a NAT rdr rule from the hash table of NAT rdr rules. */
318 /* Parameters: n(I) - pointer to NAT rule to delete */
[all …]
H A Dip_nat.c127 /* nat */
179 /* How the NAT is organised and works. */
181 /* Inside (interface y) NAT Outside (interface x) */
195 /* In the NAT table, internal source is recorded as "in" and externally */
260 /* The only global NAT structure that needs to be initialised is the filter */
288 /* Returns: void * - NULL = failure, else pointer to NAT context */
291 /* Allocate the initial soft context structure for NAT and populate it with */
375 /* Initialise all of the NAT locks, tables and other structures. */
470 "nat ipftq udp tab"); in ipf_nat_soft_init()
474 "nat ipftq udpack tab"); in ipf_nat_soft_init()
[all …]
H A Dip_tftp_pxy.c130 ipf_p_tftp_out(void *arg, fr_info_t *fin, ap_session_t *aps, nat_t *nat) in ipf_p_tftp_out() argument
135 if (nat->nat_dir == NAT_OUTBOUND) in ipf_p_tftp_out()
136 return (ipf_p_tftp_client(softt, fin, aps, nat)); in ipf_p_tftp_out()
137 return (ipf_p_tftp_server(softt, fin, aps, nat)); in ipf_p_tftp_out()
142 ipf_p_tftp_in(void *arg, fr_info_t *fin, ap_session_t *aps, nat_t *nat) in ipf_p_tftp_in() argument
147 if (nat->nat_dir == NAT_INBOUND) in ipf_p_tftp_in()
148 return (ipf_p_tftp_client(softt, fin, aps, nat)); in ipf_p_tftp_in()
149 return (ipf_p_tftp_server(softt, fin, aps, nat)); in ipf_p_tftp_in()
154 ipf_p_tftp_new(void *arg, fr_info_t *fin, ap_session_t *aps, nat_t *nat) in ipf_p_tftp_new() argument
164 np = nat->nat_ptr; in ipf_p_tftp_new()
[all …]
H A Dip_rcmd_pxy.c9 * Simple RCMD transparent proxy for in-kernel use. For use with the NAT
66 ipf_p_rcmd_new(void *arg, fr_info_t *fin, ap_session_t *aps, nat_t *nat) in ipf_p_rcmd_new() argument
76 np = nat->nat_ptr; in ipf_p_rcmd_new()
88 ipn = ipf_proxy_rule_rev(nat); in ipf_p_rcmd_new()
135 ipf_p_rcmd_portmsg(fr_info_t *fin, ap_session_t *aps, nat_t *nat) in ipf_p_rcmd_portmsg() argument
201 * Initialise the packet info structure so we can search the NAT in ipf_p_rcmd_portmsg()
209 fi.fin_src6 = nat->nat_ndst6; in ipf_p_rcmd_portmsg()
210 fi.fin_dst6 = nat->nat_nsrc6; in ipf_p_rcmd_portmsg()
212 if (nat->nat_v[0] == 6) { in ipf_p_rcmd_portmsg()
214 if (nat->nat_dir == NAT_OUTBOUND) { in ipf_p_rcmd_portmsg()
[all …]
H A Dip_pptp_pxy.c4 * Simple PPTP transparent proxy for in-kernel use. For use with the NAT
110 ipf_p_pptp_new(void *arg, fr_info_t *fin, ap_session_t *aps, nat_t *nat) in ipf_p_pptp_new() argument
122 np = nat->nat_ptr; in ipf_p_pptp_new()
125 if (ipf_nat_outlookup(fin, 0, IPPROTO_GRE, nat->nat_osrcip, in ipf_p_pptp_new()
151 * Create NAT rule against which the tunnel/transport mapping is in ipf_p_pptp_new()
152 * created. This is required because the current NAT rule does not in ipf_p_pptp_new()
161 ipn->in_snip = ntohl(nat->nat_nsrcaddr); in ipf_p_pptp_new()
163 ipn->in_dnip = ntohl(nat->nat_ndstaddr); in ipf_p_pptp_new()
164 ipn->in_ndstaddr = nat->nat_ndstaddr; in ipf_p_pptp_new()
166 ipn->in_osrcaddr = nat->nat_osrcaddr; in ipf_p_pptp_new()
[all …]
H A Dip_ftp_pxy.c7 * Simple FTP transparent proxy for in-kernel use. For use with the NAT
222 ipf_p_ftp_new(void *arg, fr_info_t *fin, ap_session_t *aps, nat_t *nat) in ipf_p_ftp_new() argument
231 nat = nat; /* LINT */ in ipf_p_ftp_new()
277 ipf_p_ftp_port(ipf_ftp_softc_t *softf, fr_info_t *fin, ip_t *ip, nat_t *nat, in ipf_p_ftp_port() argument
298 DT3(ftp_PORT_error_dlen, nat_t *, nat, ftpside_t *, f, in ipf_p_ftp_port()
314 DT2(ftp_PORT_error_atoi_1, nat_t *, nat, ftpside_t *, f); in ipf_p_ftp_port()
321 DT2(ftp_PORT_error_atoi_2, nat_t *, nat, ftpside_t *, f); in ipf_p_ftp_port()
333 if (((nat->nat_dir == NAT_OUTBOUND) && in ipf_p_ftp_port()
334 (a1 != ntohl(nat->nat_osrcaddr))) || in ipf_p_ftp_port()
335 ((nat->nat_dir == NAT_INBOUND) && in ipf_p_ftp_port()
[all …]
H A Dip_ipsec_pxy.c6 * Simple ISAKMP transparent proxy for in-kernel use. For use with the NAT
126 ipf_p_ipsec_new(void *arg, fr_info_t *fin, ap_session_t *aps, nat_t *nat) in ipf_p_ipsec_new() argument
156 if (ipf_nat_outlookup(fin, 0, IPPROTO_ESP, nat->nat_nsrcip, in ipf_p_ipsec_new()
160 np = nat->nat_ptr; in ipf_p_ipsec_new()
179 * Create NAT rule against which the tunnel/transport mapping is in ipf_p_ipsec_new()
180 * created. This is required because the current NAT rule does not in ipf_p_ipsec_new()
191 ipn->in_snip = ntohl(nat->nat_nsrcaddr); in ipf_p_ipsec_new()
193 ipn->in_osrcip = nat->nat_osrcip; in ipf_p_ipsec_new()
195 ipn->in_nsrcip = nat->nat_nsrcip; in ipf_p_ipsec_new()
197 ipn->in_odstip = nat->nat_odstip; in ipf_p_ipsec_new()
[all …]
H A Dip_proxy.c648 /* nat(I) - pointer to current NAT session */
650 /* This function extends the NAT matching to ensure that a packet that has */
651 /* arrived matches the proxy information attached to the NAT rule. Notably, */
736 /* nat(I) - pointer to current NAT session */
739 /* matching. Whilst other parts of the NAT code are rather lenient when it */
744 ipf_proxy_match(fr_info_t *fin, nat_t *nat) in ipf_proxy_match() argument
752 ipn = nat->nat_ptr; in ipf_proxy_match()
755 (u_long)fin, (u_long)nat, (u_long)nat->nat_aps, in ipf_proxy_match()
774 result = (*apr->apr_match)(fin, nat->nat_aps, nat); in ipf_proxy_match()
789 /* nat(I) - pointer to current NAT session */
[all …]
H A Dip_rpcb_pxy.c19 * When triggered by appropriate IP NAT rules, this proxy works by
21 * modified, NAT and state table entries created, etc., as necessary.
34 * o There is a potential collision between cloning, wildcard NAT and
142 /* nat(I) - pointer to NAT session structure */
147 ipf_p_rpcb_new(void *arg, fr_info_t *fin, ap_session_t *aps, nat_t *nat) in ipf_p_rpcb_new() argument
151 nat = nat; /* LINT */ in ipf_p_rpcb_new()
195 /* nat(I) - pointer to NAT session structure */
201 ipf_p_rpcb_in(void *arg, fr_info_t *fin, ap_session_t *aps, nat_t *nat) in ipf_p_rpcb_in() argument
232 rv = ipf_p_rpcb_decodereq(fin, nat, rs, rm); in ipf_p_rpcb_in()
243 rv = ipf_p_rpcb_modreq(fin, nat, rm, m, off); in ipf_p_rpcb_in()
[all …]
/freebsd/usr.sbin/ppp/
H A DREADME.nat25 User PPP NAT (Packet Aliasing)
41 User mode ppp has embedded NAT (Network Address Translation) code.
42 Enabling this, either by the "-nat" command line option or the
43 "nat enable yes" command in a ppp.conf file, makes the ppp host
44 automatically NAT IP packets forwarded from a local network, making
46 from the outside world are then appropriately de-NAT'd.
48 The process of NAT'ing involves both the IP address and the TCP or UDP
62 A disadvantage of NAT is that machines on the local network,
82 The NAT code also handles many ICMP messages. In particular,
90 NAT enabled. This will confirm that the ppp.conf file is
[all …]
/freebsd/tests/sys/netpfil/common/
H A Dnat.sh34 atf_set descr 'Basic IPv4 NAT test'
48 vnet_mkjail nat ${epair_host_nat}b ${epair_client1_nat}a ${epair_client2_nat}a
53 jexec nat ifconfig ${epair_host_nat}b 198.51.100.1/24 up
55 jexec nat ifconfig ${epair_client1_nat}a 192.0.2.1/24 up
58 jexec nat ifconfig ${epair_client2_nat}a 192.0.3.1/24 up
61 jexec nat sysctl net.inet.ip.forwarding=1
66 # ping fails without NAT configuration
70 firewall_config nat ${firewall} \
72 "nat pass on ${epair_host_nat}b inet from any to any -> (${epair_host_nat}b)" \
74 "ipfw -q nat 123 config if ${epair_host_nat}b" \
[all …]
/freebsd/tests/sys/netpfil/pf/
H A Dnat.sh32 atf_set descr 'Test exhausting the NAT pool'
43 vnet_mkjail nat ${epair_nat}b ${epair_echo}a
49 jexec nat ifconfig ${epair_nat}b 192.0.2.1/24 up
50 jexec nat ifconfig ${epair_echo}a 198.51.100.1/24 up
51 jexec nat sysctl net.inet.ip.forwarding=1
57 jexec nat pfctl -e
58 pft_set_rules nat \
59 …"nat pass on ${epair_echo}a inet from 192.0.2.0/24 to any -> (${epair_echo}a) port 30000:30001 sti…
73 timeout 2 jexec nat pfctl -sa
88 atf_set descr 'Test setting and retrieving nested nat anchors'
[all …]
H A Dicmp.sh98 vnet_mkjail nat ${epair_int}b ${epair_cl}b
99 jexec nat ifconfig ${epair_int}b 203.0.113.1/24 up
100 jexec nat ifconfig ${epair_cl}b 198.51.100.2/24 up
101 jexec nat sysctl net.inet.ip.forwarding=1
102 jexec nat route add default 203.0.113.2
108 jexec nat pfctl -e
109 pft_set_rules nat \
110 "nat on ${epair_int}b from 198.51.100.0/24 -> (${epair_int}b)" \
128 jexec nat pfctl -Fs
/freebsd/share/examples/ipfilter/samples/
H A Dproxy.c9 * with a NAT rue like this:
89 * Build up the NAT natlookup structure.
99 * Open the NAT device and lookup the mapping pair.
144 nat_t *nat; local
148 nat = &ns.ipn_nat;
149 nat->nat_p = IPPROTO_TCP;
150 nat->nat_dir = NAT_OUTBOUND;
152 strncpy(nat->nat_ifnames[0], extif,
153 sizeof(nat->nat_ifnames[0]));
154 strncpy(nat->nat_ifnames[1], extif,
[all …]
/freebsd/sbin/pfctl/tests/files/
H A Dpf0018.in1 # test nat
6 #match out on lo0 from 192.168.1.1 to any nat-to 10.0.0.1
7 #match out on lo0 proto tcp from 192.168.1.2 to any nat-to 10.0.0.2
8 #match out on lo0 proto udp from 192.168.1.3 to any nat-to 10.0.0.3
9 #match out on lo0 proto icmp from 192.168.1.4 to any nat-to 10.0.0.4
11 #match out on lo0 inet from $TEST_LIST1 to $TEST_LIST2 nat-to lo0
13 #match out on lo0 inet from 192.168.0.1/24 to any nat-to (lo0)
15 #match out on lo0 from 192.168.1.8 to ! 172.17.0.0/16 nat-to 10.0.0.8
17 #match out on ! lo0 proto { udp, tcp } from any to any nat-to 10.0.0.8 static-port
19 #match out on { lo0, tun1000000 } from any to any nat-to 10.0.0.8
/freebsd/release/scripts/
H A Dbox.ovf12 <Network ovf:name="NAT">
78 <rasd:Caption>Ethernet adapter on 'NAT'</rasd:Caption>
79 <rasd:Connection>NAT</rasd:Connection>
80 <rasd:ElementName>Ethernet adapter on 'NAT'</rasd:ElementName>
127 <NAT>
130 </NAT>
134 <NAT>
137 </NAT>
142 <NAT>
145 </NAT>
[all …]
/freebsd/share/man/man4/
H A Dng_nat.430 .Nd "NAT netgraph node type"
36 node performs network address translation (NAT) of IPv4 packets
39 .Nm nat
118 .Em static NAT .
227 .Em static NAT
339 .Nm nat
344 # Create NAT node
345 ngctl mkpeer ipfw: nat 60 out
346 ngctl name ipfw:60 nat
347 ngctl connect ipfw: nat: 61 in
[all …]
/freebsd/sbin/ipf/ipfs/
H A Dipfs.c146 * Change interface names in NAT information saved out to disk.
152 nat_t *nat; in changenatif() local
162 nat = &ipn.ipn_nat; in changenatif()
163 if (nlen >= sizeof(nat->nat_ifnames[0]) || in changenatif()
164 olen >= sizeof(nat->nat_ifnames[0])) in changenatif()
175 if (!strncmp(nat->nat_ifnames[0], ifs, olen + 1)) { in changenatif()
176 strcpy(nat->nat_ifnames[0], s); in changenatif()
179 if (!strncmp(nat->nat_ifnames[1], ifs, olen + 1)) { in changenatif()
180 strcpy(nat->nat_ifnames[1], s); in changenatif()
539 nat_t *nat; in readnat() local
[all …]

12345678910>>...12