NG_NAT(4) MidnightBSD Kernel Interfaces Manual NG_NAT(4)

NAME

ng_nat — NAT netgraph node type

SYNOPSIS

#include <netgraph/ng_nat.h>

DESCRIPTION

An ng_nat node performs network address translation (NAT) of packets passing through it. A nat node uses libalias(3) engine for packet aliasing. At this moment it supports only the basic functionality of the library.

HOOKS

This node type has two hooks:

out

Packets received on this hook are considered outgoing and will be masqueraded to a configured address.

in

Packets coming on this hook are considered incoming and will be dealiased.

CONTROL MESSAGES

This node type supports the generic control messages, plus the following:

NGM_NAT_SET_IPADDR (setaliasaddr)

Configure aliasing address for a node. After both hooks have been connected and aliasing address was configured, a node is ready for aliasing operation.

SHUTDOWN

This node shuts down upon receipt of a NGM_SHUTDOWN control message, or when both hooks are disconnected.

EXAMPLES

In the following example, the packets are injected into a nat node using the ng_ipfw(4) node.

# Create NAT node
ngctl mkpeer ipfw: nat 60 out
ngctl name ipfw:60 nat
ngctl connect ipfw: nat: 61 in
ngctl msg nat: setaliasaddr x.y.35.8

# Divert traffic into NAT node
ipfw add 300 netgraph 61 all from any to any in via fxp0
ipfw add 400 netgraph 60 all from any to any out via fxp0

# Let packets continue with after being (de)aliased
sysctl net.inet.ip.fw.one_pass=0

The ng_nat node can be inserted right after the ng_iface(4) node in the graph. In the following example, we perform masquerading on a serial line with HDLC encapsulation.

/usr/sbin/ngctl -f- <<-SEQ

SEQ
ifconfig ng0 x.y.8.35 x.y.8.1

SEE ALSO

libalias(3), ng_ipfw(4), natd(8), ngctl(8)

HISTORY

The ng_nat node type was implemented in FreeBSD 6.0.

AUTHORS

Gleb Smirnoff 〈glebius@FreeBSD.org〉

MidnightBSD 0.3 May 6, 2005 MidnightBSD 0.3