CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	piso <piso@FreeBSD.org>
	Fri, 29 Dec 2006 21:59:17 +0000 (21:59 +0000)
committer	piso <piso@FreeBSD.org>
	Fri, 29 Dec 2006 21:59:17 +0000 (21:59 +0000)
commit	0db606a3b135b207a944e841f0142c30f4f43ceb
tree	69ec3c3af60d727edf88005d9af7a9beb78e73fe	tree \| snapshot
parent	d392a291a28a8cbedf2cc9398d4a03c8467d8c3d	commit \| diff

Summer of Code 2005: improve libalias - part 2 of 2

With the second (and last) part of my previous Summer of Code work, we get:

-ipfw's in kernel nat

-redirect_* and LSNAT support

General information about nat syntax and some examples are available
in the ipfw (8) man page. The redirect and LSNAT syntax are identical
to natd, so please refer to natd (8) man page.

To enable in kernel nat in rc.conf, two options were added:

o firewall_nat_enable: equivalent to natd_enable

o firewall_nat_interface: equivalent to natd_interface

Remember to set net.inet.ip.fw.one_pass to 0, if you want the packet
to continue being checked by the firewall ruleset after being
(de)aliased.

NOTA BENE: due to some problems with libalias architecture, in kernel
nat won't work with TSO enabled nic, thus you have to disable TSO via
ifconfig (ifconfig foo0 -tso).

Approved by: glebius (mentor)

etc/rc.firewall		diff \| blob \| history
sbin/ipfw/ipfw.8		diff \| blob \| history
sbin/ipfw/ipfw2.c		diff \| blob \| history
sys/netinet/in.h		diff \| blob \| history
sys/netinet/ip_fw.h		diff \| blob \| history
sys/netinet/ip_fw2.c		diff \| blob \| history
sys/netinet/ip_fw_pfil.c		diff \| blob \| history
sys/netinet/raw_ip.c		diff \| blob \| history