ipnat(4) [freebsd man page]
IPNAT(4) Kernel Interfaces Manual IPNAT(4) NAME
ipnat - Network Address Translation kernel interface SYNOPSIS
#include <netinet/ip_compat.h> #include <netinet/ip_fil.h> #include <netinet/ip_proxy.h> #include <netinet/ip_nat.h> IOCTLS
To add and delete rules to the NAT list, two 'basic' ioctls are provided for use. The ioctl's are called as: ioctl(fd, SIOCADNAT, struct ipnat **) ioctl(fd, SIOCRMNAT, struct ipnat **) ioctl(fd, SIOCGNATS, struct natstat **) ioctl(fd, SIOCGNATL, struct natlookup **) Unlike ipf(4), there is only a single list supported by the kernel NAT interface. An inactive list which can be swapped to is not cur- rently supported. These ioctl's are implemented as being routing ioctls and thus the same rules for the various routing ioctls and the file descriptor are employed, mainly being that the fd must be that of the device associated with the module (i.e., /dev/ipl). The structure used with the NAT interface is described below: typedef struct ipnat { struct ipnat *in_next; void *in_ifp; u_short in_flags; u_short in_pnext; u_short in_port[2]; struct in_addr in_in[2]; struct in_addr in_out[2]; struct in_addr in_nextip; int in_space; int in_redir; /* 0 if it's a mapping, 1 if it's a hard redir */ char in_ifname[IFNAMSIZ]; } ipnat_t; #define in_pmin in_port[0] /* Also holds static redir port */ #define in_pmax in_port[1] #define in_nip in_nextip.s_addr #define in_inip in_in[0].s_addr #define in_inmsk in_in[1].s_addr #define in_outip in_out[0].s_addr #define in_outmsk in_out[1].s_addr Recognised values for in_redir: #define NAT_MAP 0 #define NAT_REDIRECT 1 NAT statistics Statistics on the number of packets mapped, going in and out are kept, the number of times a new entry is added and deleted (through expiration) to the NAT table and the current usage level of the NAT table. Pointers to the NAT table inside the kernel, as well as to the top of the internal NAT lists constructed with the SIOCADNAT ioctls. The table itself is a hash table of size NAT_SIZE (default size is 367). To retrieve the statistics, the SIOCGNATS ioctl must be used, with the appropriate structure passed by reference, as follows: ioctl(fd, SIOCGNATS, struct natstat *) typedef struct natstat { u_long ns_mapped[2]; u_long ns_added; u_long ns_expire; u_long ns_inuse; nat_t ***ns_table; ipnat_t *ns_list; } natstat_t; BUGS
It would be nice if there were more flexibility when adding and deleting filter rules. FILES
/dev/ipnat SEE ALSO
ipf(4), ipnat(5), ipf(8), ipnat(8), ipfstat(8) IPNAT(4)
Check Out this Related Man Page
ipnat(1M) ipnat(1M) NAME
ipnat - user interface to the NAT subsystem SYNOPSIS
ipnat [-dlhnrsvCF] -f filename The ipnat utility opens a specified file (treating - as stdin) and parses it for a set of rules that are to be added or removed from the IP NAT. If there are no parsing problems, each rule processed by ipnat is added to the kernel's internal lists. Rules are appended to the internal lists, matching the order in which they appear when given to ipnat. ipnat's use is restricted through access to /dev/ipauth, /dev/ipl, and /dev/ipstate. The default permissions of these files require ipnat to be run as root for all operations. ipnat's use is restricted through access to /dev/ipnat. The default permissions of /dev/ipnat require ipnat to be run as root for all oper- ations. The following options are supported: -C Delete all entries in the current NAT rule listing (NAT rules). -F Delete all active entries in the current NAT translation table (currently active NAT mappings). -d Turn debug mode on. Causes a hex dump of filter rules to be generated as it processes each one. -f filename Parse specified file for rules to be added or removed from the IP NAT. filename can be stdin. -h Print number of hits for each MAP/Redirect filter. -l Show the list of current NAT table entry mappings. -n Prevents ipf from doing anything, such as making ioctl calls, which might alter the currently running kernel. -s Retrieve and display NAT statistics. -r Remove matching NAT rules rather than add them to the internal lists. -v Turn verbose mode on. Displays information relating to rule processing and active rules/table entries. /dev/ipnat Link to IP Filter pseudo device. /dev/kmem Special file that provides access to virtual address space. /etc/ipf/ipnat.conf Location of ipnat startup configuration file. /usr/share/ipfilter/examples/ Contains numerous IP Filter examples. See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWipfu | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ ipf(1M), ipfstat(1M), ipnat(4), attributes(5) To view license terms, attribution, and copyright for IP Filter, the default path is /usr/lib/ipf/IPFILTER.LICENCE. If the Solaris operat- ing environment has been installed anywhere other than the default, modify the given path to access the file at the installed location. 25 Jul 2005 ipnat(1M)