ng_nat(4)

NAME

ng_nat - NAT netgraph node type

SYNOPSIS

#include <netgraph/ng_nat.h>

DESCRIPTION

An ng_nat node performs network address translation (NAT) of

packets
passing through it. A nat node uses libalias(3) engine for

packet aliasing. At this moment it supports only the basic functionali

ty of the
library.

HOOKS

This node type has two hooks:

out Packets received on this hook are considered outgo

ing and will be

masqueraded to a configured address.

in Packets coming on this hook are considered incoming

and will be

dealiased.

CONTROL MESSAGES

This node type supports the generic control messages, plus

the following:

NGM_NAT_SET_IPADDR (setaliasaddr)

Configure aliasing address for a node. After both

hooks have
been connected and aliasing address was configured,

a node is
ready for aliasing operation.

SHUTDOWN

This node shuts down upon receipt of a NGM_SHUTDOWN control

message, or
when both hooks are disconnected.

EXAMPLES

In the following example, the packets are injected into a

nat node using
the ng_ipfw(4) node.

# Create NAT node
ngctl mkpeer ipfw: nat 60 out
ngctl name ipfw:60 nat
ngctl connect ipfw: nat: 61 in
ngctl msg nat: setaliasaddr x.y.35.8

# Divert traffic into NAT node
ipfw add 300 netgraph 61 all from any to any in via

fxp0
ipfw add 400 netgraph 60 all from any to any out via

fxp0

# Let packets continue with after being (de)aliased
sysctl net.inet.ip.fw.one_pass=0

The ng_nat node can be inserted right after the ng_iface(4)

node in the
graph. In the following example, we perform masquerading on

a serial
line with HDLC encapsulation.

/usr/sbin/ngctl -f- <<-SEQ

mkpeer cp0: cisco rawdata downstream
name cp0:rawdata hdlc
mkpeer hdlc: nat inet in
name hdlc:inet nat
mkpeer nat: iface out inet
msg nat: setaliasaddr x.y.8.35

SEQ
ifconfig ng0 x.y.8.35 x.y.8.1

SEE ALSO

libalias(3), ng_ipfw(4), natd(8), ngctl(8)

HISTORY

The ng_nat node type was implemented in FreeBSD 6.0.

AUTHORS

Gleb Smirnoff <glebius@FreeBSD.org>

BSD May 6, 2005

BSD