Stand-a-lone NAT PGM

Matthew Emmerton matt at
Tue Jul 1 16:28:30 PDT 2003

I'm saying that the functionality you want already exists -- in a low-level
library called libalias(3), or with a cleaner front-end called natd(8).

What you're failing to understand is that NATD cannot run "standalone' -- 
you have to have hook it into the TCP/IP stack somehow.

For ppp(8) this is easy, since ppp is already "hooked" into your system's
TCP/IP stack, and can easily run the packets through libalias(3) to achieve
NAT functionality.

For "standard" ethernet applications, a common approach is to use ipfw(8)
with a single "divert" rule which redirects all TCP/IP traffic from the
TCP/IP stack, through the natd(8) front-end to libalias(3), and then back
into the TCP/IP stack.

The overhead of ipfw with a single "divert" rule is very low.  The overhead
of IPFITLER/IPNAT is even lower.

I'm not sure exactly what performance problem you're trying to overcome.

Matt Emmerton

> Are you saying I can run NATD as a stand-a-lone function? IE: not
> enabling IPFW and using the 'divert natd' rule
> -----Original Message-----
> From: owner-freebsd-questions at
> [mailto:owner-freebsd-questions at]On Behalf Of Matthew
> Emmerton
> Sent: Tuesday, July 01, 2003 6:49 PM
> To: FBSD_user at; freebsd-questions at FreeBSD. ORG
> Subject: Re: Stand-a-lone NAT PGM
> > I have been looking for NAT program which is not part of some
> other
> > program like NATD is part of IPFW or IPNAT is part of IPFILTER or
> > NAT of user ppp. I can not find any NAT program in the FBSD ports
> > collection unless I mis-understood some description.  If anybody
> > knows of one please let me know. Yes I know that I can set
> firewall
> > rule to pass all packets just to use NAT function, but I don't
> want
> > overhead of firewall logic, just simple NAT like PPP NAT function
> > with out the PPP stuff.
> The reason you can't find a NAT program in the ports collection is
> because
> such a program exists in the base system.
> natd(8) is a front-end to the libalias(3) library, which implements
> generic
> packet aliasing and masqerading functions (aka NAT).
> > I was wondering if the NAT logic code from user ppp could be
> copied
> > and made into stand-a-lone NAT program. My programming ability is
> > not great so I am asking for opinions  on weather this is
> technical
> > possible?  Thanks
> Both ppp(8) and natd(8) use the libalias(3) library for NAT
> functionality.
> --
> Matt Emmerton
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at"

More information about the freebsd-questions mailing list