ng_sbinat – (Symmetric | Simple) Bidirectional NAT
Requirements
- FreeBSD >= 7.0 (tested on 7.2, should work on all 7.x, and, maybe, on 6.x too)
- NetGraph
- kernel sources (for building)
Memory usage & speed
Lightning fast! B/c there’s no any heavy data processing and no packet checksums recalculation.
And negligible memory usage b/c there’s no remembering of ip<—>ip translation pairs.
Limitations
- only symmetrinc mapping of one /16 subnet to another /16 subnet is possible now (f.ex. 192.168.×.y <—> 10.22.×.y)
- passive FTP will not work
Installation
git clone git://github.com/zed-0xff/ng_sbinat.git
cd ng_sbinat
make
make install
Configuration
kldload ng_sbinat
kldload ng_ether
ngctl mkpeer em0: sbinat upper in
ngctl name em0:upper sbinat
ngctl conn sbinat: em0: out lower
ngctl msg sbinat: setinaddr 192.168.0.0
ngctl msg sbinat: setoutaddr 10.22.0.0
Credits
- thanks to Gleb Smirnoff (glebius@FreeBSD.org) for ng_nat & ng_netflow
- thanks to Alexey Popov (lollypop@flexuser.ru) for ng_tcpmss’s TCPMSS_ADJUST_CHECKSUM()