Stand-a-lone NAT PGM
matt at compar.com
Tue Jul 1 16:28:30 PDT 2003
I'm saying that the functionality you want already exists -- in a low-level
library called libalias(3), or with a cleaner front-end called natd(8).
What you're failing to understand is that NATD cannot run "standalone' --
you have to have hook it into the TCP/IP stack somehow.
For ppp(8) this is easy, since ppp is already "hooked" into your system's
TCP/IP stack, and can easily run the packets through libalias(3) to achieve
For "standard" ethernet applications, a common approach is to use ipfw(8)
with a single "divert" rule which redirects all TCP/IP traffic from the
TCP/IP stack, through the natd(8) front-end to libalias(3), and then back
into the TCP/IP stack.
The overhead of ipfw with a single "divert" rule is very low. The overhead
of IPFITLER/IPNAT is even lower.
I'm not sure exactly what performance problem you're trying to overcome.
> Are you saying I can run NATD as a stand-a-lone function? IE: not
> enabling IPFW and using the 'divert natd' rule
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Matthew
> Sent: Tuesday, July 01, 2003 6:49 PM
> To: FBSD_user at adelphia.net; freebsd-questions at FreeBSD. ORG
> Subject: Re: Stand-a-lone NAT PGM
> > I have been looking for NAT program which is not part of some
> > program like NATD is part of IPFW or IPNAT is part of IPFILTER or
> > NAT of user ppp. I can not find any NAT program in the FBSD ports
> > collection unless I mis-understood some description. If anybody
> > knows of one please let me know. Yes I know that I can set
> > rule to pass all packets just to use NAT function, but I don't
> > overhead of firewall logic, just simple NAT like PPP NAT function
> > with out the PPP stuff.
> The reason you can't find a NAT program in the ports collection is
> such a program exists in the base system.
> natd(8) is a front-end to the libalias(3) library, which implements
> packet aliasing and masqerading functions (aka NAT).
> > I was wondering if the NAT logic code from user ppp could be
> > and made into stand-a-lone NAT program. My programming ability is
> > not great so I am asking for opinions on weather this is
> > possible? Thanks
> Both ppp(8) and natd(8) use the libalias(3) library for NAT
> Matt Emmerton
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions