[6.x patchset] Ipfw nat and libalias modules
- From: Paolo Pisati <p.pisati@xxxxxxxxxxxxxx>
- Date: Sun, 30 Apr 2006 15:57:02 +0200
I just released a new revision of my libalias+ipfw work as a
patchset for 6.x, get it here:
http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz
To apply it:
cp libalias_ipfw.patch /usr/src
cd /usr/src
patch -p3 < libalias_ipfw.patch
then you have to recompile & install:
kernel, sbin/ipfw, sbin/natd, sbin/ppp, lib/libalias,
sys/modules/ipfw, sys/modules/libalias
or simply do a world.
With this patch you get:
-ipfw nat + redirect + LSNAT support
-libalias modules (both in user and kernel land)
-for kernel land, all the libalias modules are installed
in /boot/kernel as alias_*.ko.
-for user land (natd & ppp), modules are shared lib
loaded according to /etc/libalias.conf. To reload
modules for a known process, just 'kill -HUP $PID' it.
-natd & ppp are patched to use libalias modules
If your natd/ppp/ipfw behaves strangely after you applied my
patch (i.e. active ftp stops working), remember to check
libalias modules.
Some ipfw examples:
ipfw add nat 666 all from any to any via $IF
ipfw nat 666 confg ip 192.168.0.1 # nat with a fixed address
ipfw nat 666 confg if $IF log # dynamic if addr nat and logging
ipfw nat 666 confg if $IF redir_port ... # redirect support with
ipfw nat 666 confg if $IF redir_addr ... # linkspec natd syntax,
ipfw nat 666 confg if $IF redir_proto ... # LSNAT works too.
# different ipfw rules can be redirected to use
# the same nat instance
ipfw add nat 666 all from $IP1 to any via $IF1
ipfw add nat 666 all from any to any via $IF2 out
ipfw add nat 666 all from $IP2 to $IP3
ipfw nat show # see logs
ipfw nat show config # nat configuration
To load/unload a libalias module (kernel):
kldload alias_ftp # active ftp work ok now
kldunload alias_ftp
To load/unload a libalias module (user):
[edit /etc/libalias.conf and add/cut needed modules]
kill -HUP $PID
For more info see the readme inside the archive.
TODO:
Not tested on SMP & !i386, logging ability should be improved(right now
it's the same as original libalias), documentation should be man-pagified,
patchset for 7.x, etcetc
bye
--
Paolo
"le influenze esterne sono troppe, il mondo reale non e' mica
quello fatato dei komunisti :-p" - Anonymous Lumbard
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"
- Prev by Date: [6.1-RC] xl(4) 'command never completed' infinite loop on shutdown
- Previous by thread: [6.1-RC] xl(4) 'command never completed' infinite loop on shutdown
- Index(es):
