diff options
| -rw-r--r-- | usr.sbin/ppp/command.c | 31 | ||||
| -rw-r--r-- | usr.sbin/ppp/filter.c | 2 | ||||
| -rw-r--r-- | usr.sbin/ppp/nat_cmd.c | 24 | ||||
| -rw-r--r-- | usr.sbin/ppp/nat_cmd.h | 1 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp.8 | 5 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp.8.m4 | 5 |
6 files changed, 52 insertions, 16 deletions
diff --git a/usr.sbin/ppp/command.c b/usr.sbin/ppp/command.c index 99753c3..8bb3651 100644 --- a/usr.sbin/ppp/command.c +++ b/usr.sbin/ppp/command.c @@ -172,8 +172,8 @@ static int IfaceDeleteCommand(struct cmdargs const *); static int IfaceClearCommand(struct cmdargs const *); static int SetProcTitle(struct cmdargs const *); #ifndef NONAT -static int AliasEnable(struct cmdargs const *); -static int AliasOption(struct cmdargs const *); +static int NatEnable(struct cmdargs const *); +static int NatOption(struct cmdargs const *); #endif static const char * @@ -582,36 +582,37 @@ ResolvCommand(struct cmdargs const *arg) } #ifndef NONAT -static struct cmdtab const AliasCommands[] = +static struct cmdtab const NatCommands[] = { {"addr", NULL, nat_RedirectAddr, LOCAL_AUTH, "static address translation", "nat addr [addr_local addr_alias]"}, - {"deny_incoming", NULL, AliasOption, LOCAL_AUTH, + {"deny_incoming", NULL, NatOption, LOCAL_AUTH, "stop incoming connections", "nat deny_incoming yes|no", (const void *) PKT_ALIAS_DENY_INCOMING}, - {"enable", NULL, AliasEnable, LOCAL_AUTH, + {"enable", NULL, NatEnable, LOCAL_AUTH, "enable NAT", "nat enable yes|no"}, - {"log", NULL, AliasOption, LOCAL_AUTH, + {"log", NULL, NatOption, LOCAL_AUTH, "log NAT link creation", "nat log yes|no", (const void *) PKT_ALIAS_LOG}, {"port", NULL, nat_RedirectPort, LOCAL_AUTH, "port redirection", "nat port proto localaddr:port[-port] aliasport[-aliasport]"}, - {"pptp", NULL, nat_Pptp, LOCAL_AUTH, - "Set the PPTP address", "nat pptp IP"}, + {"pptp", NULL, nat_Pptp, LOCAL_AUTH, "Set the PPTP address", "nat pptp IP"}, {"proxy", NULL, nat_ProxyRule, LOCAL_AUTH, "proxy control", "nat proxy server host[:port] ..."}, - {"same_ports", NULL, AliasOption, LOCAL_AUTH, + {"same_ports", NULL, NatOption, LOCAL_AUTH, "try to leave port numbers unchanged", "nat same_ports yes|no", (const void *) PKT_ALIAS_SAME_PORTS}, - {"unregistered_only", NULL, AliasOption, LOCAL_AUTH, + {"target", NULL, nat_SetTarget, LOCAL_AUTH, + "Default address for incoming connections", "nat target addr" }, + {"unregistered_only", NULL, NatOption, LOCAL_AUTH, "translate unregistered (private) IP address space only", "nat unregistered_only yes|no", (const void *) PKT_ALIAS_UNREGISTERED_ONLY}, - {"use_sockets", NULL, AliasOption, LOCAL_AUTH, + {"use_sockets", NULL, NatOption, LOCAL_AUTH, "allocate host sockets", "nat use_sockets yes|no", (const void *) PKT_ALIAS_USE_SOCKETS}, {"help", "?", HelpCommand, LOCAL_AUTH | LOCAL_NO_AUTH, - "Display this message", "nat help|? [command]", AliasCommands}, + "Display this message", "nat help|? [command]", NatCommands}, {NULL, NULL, NULL}, }; #endif @@ -688,7 +689,7 @@ static struct cmdtab const Commands[] = { "Load settings", "load [system ...]"}, #ifndef NONAT {"nat", "alias", RunListCommand, LOCAL_AUTH, - "NAT control", "nat option yes|no", AliasCommands}, + "NAT control", "nat option yes|no", NatCommands}, #endif {"open", NULL, OpenCommand, LOCAL_AUTH | LOCAL_CX_OPT, "Open an FSM", "open! [lcp|ccp|ipcp]", (void *)1}, @@ -2129,7 +2130,7 @@ DeleteCommand(struct cmdargs const *arg) #ifndef NONAT static int -AliasEnable(struct cmdargs const *arg) +NatEnable(struct cmdargs const *arg) { if (arg->argc == arg->argn+1) { if (strcasecmp(arg->argv[arg->argn], "yes") == 0) { @@ -2152,7 +2153,7 @@ AliasEnable(struct cmdargs const *arg) static int -AliasOption(struct cmdargs const *arg) +NatOption(struct cmdargs const *arg) { long param = (long)arg->cmd->args; diff --git a/usr.sbin/ppp/filter.c b/usr.sbin/ppp/filter.c index bed986e..8fca40f 100644 --- a/usr.sbin/ppp/filter.c +++ b/usr.sbin/ppp/filter.c @@ -113,7 +113,7 @@ ParseAddr(struct ipcp *ipcp, const char *data, strncpy(s, data, len); s[len] = '\0'; *paddr = GetIpAddr(s); - if (paddr->s_addr == INADDR_NONE) { + if (paddr->s_addr == INADDR_ANY || paddr->s_addr == INADDR_NONE) { log_Printf(LogWARN, "ParseAddr: %s: Bad address\n", s); return 0; } diff --git a/usr.sbin/ppp/nat_cmd.c b/usr.sbin/ppp/nat_cmd.c index 999a31a..f1d75ed 100644 --- a/usr.sbin/ppp/nat_cmd.c +++ b/usr.sbin/ppp/nat_cmd.c @@ -339,6 +339,30 @@ nat_Pptp(struct cmdargs const *arg) return 0; } +int +nat_SetTarget(struct cmdargs const *arg) +{ + struct in_addr addr; + + if (arg->argc == arg->argn) { + addr.s_addr = INADDR_ANY; + PacketAliasSetTarget(addr); + return 0; + } + + if (arg->argc != arg->argn + 1) + return -1; + + addr = GetIpAddr(arg->argv[arg->argn]); + if (addr.s_addr == INADDR_NONE) { + log_Printf(LogWARN, "%s: invalid address\n", arg->argv[arg->argn]); + return 1; + } + + PacketAliasSetTarget(addr); + return 0; +} + static struct mbuf * nat_LayerPush(struct bundle *bundle, struct link *l, struct mbuf *bp, int pri, u_short *proto) diff --git a/usr.sbin/ppp/nat_cmd.h b/usr.sbin/ppp/nat_cmd.h index 1ce19d1..f9bee45 100644 --- a/usr.sbin/ppp/nat_cmd.h +++ b/usr.sbin/ppp/nat_cmd.h @@ -11,5 +11,6 @@ extern int nat_RedirectPort(struct cmdargs const *); extern int nat_RedirectAddr(struct cmdargs const *); extern int nat_ProxyRule(struct cmdargs const *); extern int nat_Pptp(struct cmdargs const *); +extern int nat_SetTarget(struct cmdargs const *); extern struct layer natlayer; diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8 index c384be4..da73af1 100644 --- a/usr.sbin/ppp/ppp.8 +++ b/usr.sbin/ppp/ppp.8 @@ -2992,6 +2992,11 @@ When enabled, this command will tell the network address translation engine to attempt to avoid changing the port number on outgoing packets. This is useful if you want to support protocols such as RPC and LPD which require connections to come from a well known port. +.It nat target Op Ar address +Set the given target address or clear it if no address is given. The target +address is used by libalias to specify how to NAT incoming packets by default. +If a target address is not set, the alias address (that of the tun interface) +is used. .It nat use_sockets yes|no When enabled, this option tells the network address translation engine to create a socket so that it can guarantee a correct incoming ftp data or diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4 index c384be4..da73af1 100644 --- a/usr.sbin/ppp/ppp.8.m4 +++ b/usr.sbin/ppp/ppp.8.m4 @@ -2992,6 +2992,11 @@ When enabled, this command will tell the network address translation engine to attempt to avoid changing the port number on outgoing packets. This is useful if you want to support protocols such as RPC and LPD which require connections to come from a well known port. +.It nat target Op Ar address +Set the given target address or clear it if no address is given. The target +address is used by libalias to specify how to NAT incoming packets by default. +If a target address is not set, the alias address (that of the tun interface) +is used. .It nat use_sockets yes|no When enabled, this option tells the network address translation engine to create a socket so that it can guarantee a correct incoming ftp data or |
