Stand-a-lone NAT PGM

Matthew Emmerton matt at compar.com
Tue Jul 1 16:28:30 PDT 2003 

I'm saying that the functionality you want already exists -- in a low-level
library called libalias(3), or with a cleaner front-end called natd(8).

What you're failing to understand is that NATD cannot run "standalone' -- 
you have to have hook it into the TCP/IP stack somehow.

For ppp(8) this is easy, since ppp is already "hooked" into your system's
TCP/IP stack, and can easily run the packets through libalias(3) to achieve
NAT functionality.

For "standard" ethernet applications, a common approach is to use ipfw(8)
with a single "divert" rule which redirects all TCP/IP traffic from the
TCP/IP stack, through the natd(8) front-end to libalias(3), and then back
into the TCP/IP stack.

The overhead of ipfw with a single "divert" rule is very low.  The overhead
of IPFITLER/IPNAT is even lower.

I'm not sure exactly what performance problem you're trying to overcome.

--
Matt Emmerton

> Are you saying I can run NATD as a stand-a-lone function? IE: not
> enabling IPFW and using the 'divert natd' rule
>
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Matthew
> Emmerton
> Sent: Tuesday, July 01, 2003 6:49 PM
> To: FBSD_user at adelphia.net; freebsd-questions at FreeBSD. ORG
> Subject: Re: Stand-a-lone NAT PGM
>
> > I have been looking for NAT program which is not part of some
> other
> > program like NATD is part of IPFW or IPNAT is part of IPFILTER or
> > NAT of user ppp. I can not find any NAT program in the FBSD ports
> > collection unless I mis-understood some description.  If anybody
> > knows of one please let me know. Yes I know that I can set
> firewall
> > rule to pass all packets just to use NAT function, but I don't
> want
> > overhead of firewall logic, just simple NAT like PPP NAT function
> > with out the PPP stuff.
>
> The reason you can't find a NAT program in the ports collection is
> because
> such a program exists in the base system.
> natd(8) is a front-end to the libalias(3) library, which implements
> generic
> packet aliasing and masqerading functions (aka NAT).
>
> > I was wondering if the NAT logic code from user ppp could be
> copied
> > and made into stand-a-lone NAT program. My programming ability is
> > not great so I am asking for opinions  on weather this is
> technical
> > possible?  Thanks
>
> Both ppp(8) and natd(8) use the libalias(3) library for NAT
> functionality.
>
> --
> Matt Emmerton
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>

More information about the freebsd-questions mailing list