[6.x patchset] Ipfw nat and libalias modules

Paolo Pisati p.pisati at oltrelinux.com
Sun Apr 30 13:57:41 UTC 2006


I just released a new revision of my libalias+ipfw work as a 
patchset for 6.x, get it here: 
http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz

To apply it: 

cp libalias_ipfw.patch /usr/src
cd /usr/src
patch -p3 < libalias_ipfw.patch

then you have to recompile & install:

kernel, sbin/ipfw, sbin/natd, sbin/ppp, lib/libalias, 
sys/modules/ipfw, sys/modules/libalias

or simply do a world.

With this patch you get:

-ipfw nat + redirect + LSNAT support

-libalias modules (both in user and kernel land)
 -for kernel land, all the libalias modules are installed
  in /boot/kernel as alias_*.ko.
 -for user land (natd & ppp), modules are shared lib
  loaded according to /etc/libalias.conf. To reload 
  modules for a known process, just 'kill -HUP $PID' it.
-natd & ppp are patched to use libalias modules

If your natd/ppp/ipfw behaves strangely after you applied my 
patch (i.e. active ftp stops working), remember to check
libalias modules. 

Some ipfw examples:

ipfw add nat 666 all from any to any via $IF

ipfw nat 666 confg ip 192.168.0.1 	# nat with a fixed address

ipfw nat 666 confg if $IF log		# dynamic if addr nat and logging

ipfw nat 666 confg if $IF redir_port ...	# redirect support with
ipfw nat 666 confg if $IF redir_addr ...	# linkspec natd syntax,
ipfw nat 666 confg if $IF redir_proto ...	# LSNAT works too. 

# different ipfw rules can be redirected to use 
# the same nat instance

ipfw add nat 666 all from $IP1 to any via $IF1
ipfw add nat 666 all from any to any via $IF2 out
ipfw add nat 666 all from $IP2 to $IP3 

ipfw nat show 				# see logs
ipfw nat show config 			# nat configuration

To load/unload a libalias module (kernel):

kldload alias_ftp 	# active ftp work ok now
kldunload alias_ftp

To load/unload a libalias module (user):

[edit /etc/libalias.conf and add/cut needed modules]
kill -HUP $PID

For more info see the readme inside the archive.

TODO: 
Not tested on SMP & !i386, logging ability should be improved(right now 
it's the same as original libalias), documentation should be man-pagified, 
patchset for 7.x, etcetc

bye
-- 

Paolo

"le influenze esterne sono troppe, il mondo reale non e' mica 
quello fatato dei komunisti :-p" - Anonymous Lumbard


More information about the freebsd-ipfw mailing list