On Sun, 2006-04-30 at 15:57 +0200, Paolo Pisati wrote:
> I just released a new revision of my libalias+ipfw work as a
> patchset for 6.x, get it here:
> http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz
>
> To apply it:
>
> cp libalias_ipfw.patch /usr/src
> cd /usr/src
> patch -p3 < libalias_ipfw.patch
>
> then you have to recompile & install:
>
> kernel, sbin/ipfw, sbin/natd, sbin/ppp, lib/libalias,
> sys/modules/ipfw, sys/modules/libalias
>
> or simply do a world.
>
> With this patch you get:
>
> -ipfw nat + redirect + LSNAT support
>
> -libalias modules (both in user and kernel land)
> -for kernel land, all the libalias modules are installed
> in /boot/kernel as alias_*.ko.
> -for user land (natd & ppp), modules are shared lib
> loaded according to /etc/libalias.conf. To reload
> modules for a known process, just 'kill -HUP $PID' it.
> -natd & ppp are patched to use libalias modules
>
> If your natd/ppp/ipfw behaves strangely after you applied my
> patch (i.e. active ftp stops working), remember to check
> libalias modules.
>
> Some ipfw examples:
>
> ipfw add nat 666 all from any to any via $IF
>
> ipfw nat 666 confg ip 192.168.0.1 # nat with a fixed address
>
> ipfw nat 666 confg if $IF log # dynamic if addr nat and logging
>
> ipfw nat 666 confg if $IF redir_port ... # redirect support with
> ipfw nat 666 confg if $IF redir_addr ... # linkspec natd syntax,
> ipfw nat 666 confg if $IF redir_proto ... # LSNAT works too.
>
> # different ipfw rules can be redirected to use
> # the same nat instance
>
> ipfw add nat 666 all from $IP1 to any via $IF1
> ipfw add nat 666 all from any to any via $IF2 out
> ipfw add nat 666 all from $IP2 to $IP3
>
> ipfw nat show # see logs
> ipfw nat show config # nat configuration
>
> To load/unload a libalias module (kernel):
>
> kldload alias_ftp # active ftp work ok now
> kldunload alias_ftp
>
> To load/unload a libalias module (user):
>
> [edit /etc/libalias.conf and add/cut needed modules]
> kill -HUP $PID
>
> For more info see the readme inside the archive.
>
> TODO:
> Not tested on SMP & !i386, logging ability should be improved(right now
> it's the same as original libalias), documentation should be man-pagified,
> patchset for 7.x, etcetc
>
> bye
Have you done any performace comparisons with pf's NAT ? I realy would
prefer libalias based kernel NAT than pf because libalias works better
with ftp, irc dcc and things like that (VoIP would be nice too :P ). So
the only reason I've not put it in production is because its to new and
untested but as soon as I upgrade mine home to 6.x router I'll test it
more extensivly. Btw what is the status of the multi-session to the same
point PPTP NAT (e.g call ID tracking) ?
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
