diff options
| author | ae <ae@FreeBSD.org> | 2011-06-14 13:35:24 +0000 |
|---|---|---|
| committer | ae <ae@FreeBSD.org> | 2011-06-14 13:35:24 +0000 |
| commit | a060389e5b178c7324442c0723886c8fda798998 (patch) | |
| tree | 2c079dd50524382ccfa62d936bc012d4c0f8795b /sbin/ipfw/nat.c | |
| parent | 7b7c6f4e74ea94ae75d0f52366eaf6a8ccd0022e (diff) | |
| download | FreeBSD-src-a060389e5b178c7324442c0723886c8fda798998.zip FreeBSD-src-a060389e5b178c7324442c0723886c8fda798998.tar.gz | |
Implement "global" mode for ipfw nat. It is similar to natd(8)
"globalport" option for multiple NAT instances.
If ipfw rule contains "global" keyword instead of nat_number, then
for each outgoing packet ipfw_nat looks up translation state in all
configured nat instances. If an entry is found, packet aliased
according to that entry, otherwise packet is passed unchanged.
User can specify "skip_global" option in NAT configuration to exclude
an instance from the lookup in global mode.
PR: kern/157867
Submitted by: Alexander V. Chernikov (previous version)
Tested by: Eugene Grosbein
Diffstat (limited to 'sbin/ipfw/nat.c')
| -rw-r--r-- | sbin/ipfw/nat.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/sbin/ipfw/nat.c b/sbin/ipfw/nat.c index e91c6ec..6f8c39f 100644 --- a/sbin/ipfw/nat.c +++ b/sbin/ipfw/nat.c @@ -53,6 +53,7 @@ static struct _s_x nat_params[] = { { "deny_in", TOK_DENY_INC }, { "same_ports", TOK_SAME_PORTS }, { "unreg_only", TOK_UNREG_ONLY }, + { "skip_global", TOK_SKIP_GLOBAL }, { "reset", TOK_RESET_ADDR }, { "reverse", TOK_ALIAS_REV }, { "proxy_only", TOK_PROXY_ONLY }, @@ -628,6 +629,9 @@ print_nat_config(unsigned char *buf) } else if (n->mode & PKT_ALIAS_SAME_PORTS) { printf(" same_ports"); n->mode &= ~PKT_ALIAS_SAME_PORTS; + } else if (n->mode & PKT_ALIAS_SKIP_GLOBAL) { + printf(" skip_global"); + n->mode &= ~PKT_ALIAS_SKIP_GLOBAL; } else if (n->mode & PKT_ALIAS_UNREGISTERED_ONLY) { printf(" unreg_only"); n->mode &= ~PKT_ALIAS_UNREGISTERED_ONLY; @@ -746,10 +750,11 @@ ipfw_config_nat(int ac, char **av) case TOK_IP: case TOK_IF: ac1--; av1++; - break; + break; case TOK_ALOG: case TOK_DENY_INC: case TOK_SAME_PORTS: + case TOK_SKIP_GLOBAL: case TOK_UNREG_ONLY: case TOK_RESET_ADDR: case TOK_ALIAS_REV: @@ -821,6 +826,9 @@ ipfw_config_nat(int ac, char **av) case TOK_UNREG_ONLY: n->mode |= PKT_ALIAS_UNREGISTERED_ONLY; break; + case TOK_SKIP_GLOBAL: + n->mode |= PKT_ALIAS_SKIP_GLOBAL; + break; case TOK_RESET_ADDR: n->mode |= PKT_ALIAS_RESET_ON_ADDR_CHANGE; break; |
