[Xorp-hackers] XORT-NAT: Proposal for NAT interface XIF and a config file syntaks
Kristen Nielsen
krn@krn.dk
Mon, 20 Feb 2006 17:58:50 +0100
This is a multi-part message in MIME format.
--------------040204020303010209060700
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi XORP Hackers.
After a long time of considerations and working on specifying a
configuratoin syntax and a XIF file for a NAT module, I am hereby
sending this proposal to the list for comments.
(Re my mail from oct 16 2005 with subject: NAT support for XORP)
20060200-NAT-interface-descr.txt file contains the syntax and a few
samples of use of the configuration format.
The nat.xif file has kdoc documentation documenting the various
functions and parameters.
The idea is to provice a common interface for the NAT module, with a
defined syntax, and then use either the native (FreeBSD natd/or the
similar functionality in linux) daemon, or a click module, with a rule
of thumb something like this:
If the nat configuration is possible to implement with the native module
this can be used, else the user must switch to the click nat module to
achieve the wanted functionality.
I have designed with the use of IP-realms (aka different ip domains)
which I am aware of is not possible to use in the standard ip stack of
Freebsd/Linux, but if one make configurations with non overlapping ip
ranges it will actually be possible to implement theese in the existing
kernel / ip stacks. The realm stuff is kept entirely in the nat config
area of the config file.
I would apreaciate comments on this, as I would like to continue
planning and coding soon.
I would also like to have ideas / comments about how to add more
datatypes to the idl generator scripts. (for the port type, and an
eventually ipv4-range type (which I here has made with 2 ipv4 ip-addresses.)
Sincerely
Mr. Kristen Nielsen
University of Copenhagen
Copenhagen
Denmark
kristen@diku.dk / krn@krn.dk
phone +4540466221 (gmt -1)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFD+fVJe7tFxipD00wRApbiAJ9p3KmXx/FN7EUjdmMh7hi0szs4hgCgmTNb
fzLck6xcwnqSfqA3uYgrphA=
=wZHj
-----END PGP SIGNATURE-----
--------------040204020303010209060700
Content-Type: text/plain;
name="20060220-NAT-interface-descr.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="20060220-NAT-interface-descr.txt"
* Short description of the config file format for the xorp NAT module.
* Examples of configurations with alike FreeBSD natd commandline.
* Syntax of the port statement.
protocols {
nat {
disable {disabled:bool}
nat-realm <text:realm-name> <description: description:txt> {
interface <ifname> vif <vif-name> {
description <description:txt>
default-vif-address: <vif-hw-name:txt>
ip-address: <ip:ipv4>
tag: <tagid:txt>
interface-alias {
description: <description:txt>
alias-address: <ip:ipv4list> /* alt to more interface-alias clauses */
tag: <tagid:txt>
}
}
/* Address pool maps to the create/delete/get_nat_realm4 function) */
address-pool {
description: <description:txt>
ip-address: <ip:ipv4>
ip-range: <ipfrom:ipv4> - <ipto:ipv4>
ipnet: <ipnet:ipv4net>
tag: <tag:txt>
}
}
static-nat {
map {
description: <description:txt>
source {
realm: <srcrealm:txt>
ip-address: <ip:ipv4>
ip-range: <ipfrom:ipv4> - <ipto:ipv4>
ipnet: <ipnet:ipv4net>
tag: <tag:txt>
port: <ports:ipv4ports>
}
destination {
realm: <destrealm:txt>
ip-address: <ip:ipv4>
ip-range: <ipfrom:ipv4> - <ipto:ipv4>
ipnet: <ipnet:ipv4net>
tag: <tag:txt>
port: <ports:ipv4ports>
}
}
}
dynamic-nat {
map {
description: <description:txt>
source {
realm: <srcrealm:txt>
ip-address: <ip:ipv4>
ip-range: <ipfrom:ipv4> - <ipto:ipv4>
ipnet: <ipnet:ipv4net>
tag: <tag:txt>
port: <ports:ipv4ports>
}
destination {
realm: <destrealm:txt>
ip-address: <ip:ipv4>
ip-range: <ipfrom:ipv4> - <ipto:ipv4>
ipnet: <ipnet:ipv4net>
tag: <tag:txt>
port: <ports:ipv4ports>
binding: <binding:txt>
}
}
ls-nat {
map {
description: <description:txt>
source {
realm: <srcrealm:txt>
ip-address: <ip:ipv4>
ip-range: <ipfrom:ipv4> - <ipto:ipv4>
ipnet: <ipnet:ipv4net>
tag: <tag:txt>
port: <ports:ipv4ports>
}
destination {
realm: <destrealm:txt>
ip-address: <ip:ipv4>
ip-range: <ipfrom:ipv4> - <ipto:ipv4>
ipnet: <ipnet:ipv4net>
tag: <tag:txt>
port: <ports:ipv4ports>
}
}
}
}
}
The "port:" parameter is used to set the ports in use for an actual translation.
Syntax:
<ports-stmt> ::= ports: <port-def>
<ports-def> ::= <protocol> <port-list>
<port-list> ::= <port-spec> [, <port-def>]...
<port-spec> ::= <port-nr | service-name> | <port-range | service-name-range>
<protocol> ::= tcp | udp
<port-nr> ::= <digits>
service-name ::= <letters><letters|digits>...
digits ::= <digit>...
digit ::= <0|1|2|3|4|5|6|7|8|9>
letters ::= <letter>...
letter ::=<a...z|A..Z>
Example:
ports: tcp 22,33,44-55, udp 22,33,66-77, 88
Sample configurations with similar FreeBSD natd mappings.
The FreeBSD
"natd -redirect_port tcp 172.17.16.15/telnet 6666"
command with the global ip address equal to 80.10.10.10 is expressed in XORP NAT configuration files as:
protocols {
NAT {
realm "global" {
ip: 80.10.1010
}
realm "local" {
ip: 172.17.16.15
}
static-map { <description>
source { ip-address: 80.10.10.10
ports: tcp 6666
}
destination {
ip-address: 172.17.16.15
ports: tcp telnet
}
}
}
}
The configline:
"natd -interface em0"
Creation of a dynamic mapping from 172.17.16/24 to global address of em0 interface = ip 80.10.10.10 is expressed as:
protocols {
NAT{
realm "global" {
ip: 80.10.10.10
tag "globalip"
}
realm "local" {
ipnet: 172.17.16.0/24
tag: "localnet"}
dynamic-map { <description>
source {tag: "localnet"
}
destination {
tag: "globalip"
}
}
}
}
Written by
Kristen Nielsen
Computer Science dept
University of Copenhagen, Denmark
kristen@diku.dk / KrN@KrN.dk
--------------040204020303010209060700
Content-Type: text/plain;
name="nat.xif"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="nat.xif"
/* xorp/xrl/interfaces/nat.xif file by KrN@KrN.DK 20060220 */
/* Suggestion to a nat interface for xorp. */
/* The following interfaces exists for the xorp nat module */
/**
* Network address translation (NAT) interface.
* The NAT module consists of the following configuration elements:
*
* set_nat_disable and get_nat_disable:
* sets and returns the status of the nat module
*
* nat_realm:
* Manages (creates/deletes/get) realms for use in nat mappings.
* Before realms can be used in configurations, they must
* be created.
*
* nat_realm_vif4:
* Manages (creates/delete/lists) vif addresses for nat use
* in nat mappings.
*
* nat_realm_alias4:
* Manages (creates/deletes/lists) alias ipv4 addresses for vif
* interfaces for use in nat mappings.
*
* nat_realm4:
* Defines ip4 addresses, ip4 networks and ip4 address ranges
* for use in nat mappings. Addresses are not directly connected
* to any vif on the xorp router. Addresses are reachable
* via the realm / vif interface stated. (This will probably be
* changed to be the interface pointed out by the next-hop entry
* in the rib.)
*
* nat_static_map4:
* Defines static NAT table mappings
* From the realm and ip definitions in the nat_realm_* group
* Tcp and/or udp port definitions can be defined here.
*
* nat_dynamic_map4:
* Defines dynamic NAT table mappings (triggers)
* From the definitions in the nat_real_* group
* Tcp and/or udp port definitions can be defined here.
*
* nat_lsnat_map4:
* Defines Load Sharing NAT mappings
* From the definitions in the nat_real_* group
* Tcp and/or udp port definitions can be defined here.
*
*/
interface nat/0.1 {
/**
* set nat disable (and enable) function
*
* @param disabled sets the status of the nat module true = disabled,
* false = enabled
* @param disabledstatus returns the status of the module,
* true = disabled, false = enabled
*/
set_nat_disable ? disabled:bool -> disabledstatus:bool
/**
* get nat status function
*
* @param disabledstatus returns the status of the module, (as the
* set_nat_disable function) true = disabled, false = enabled
*/
get_nat_disable -> disabledstatus:bool
/**
* create_nat_realm - creates a nat realm.
*
* @param realm holds the name of the realm to be created. The name
* must not exist when the call is made.
* @param descr is the textual description of the realm.
*/
create_nat_realm ? realm:txt & descr:txt
/**
* delete_nat_realm - deletes a nat realm.
*
* @param realm holds the name of the realm to be deleted. The name
* must exist when the call is made.
*/
delete_nat_realm ? realm:txt
/**
* get_nat_realm - lists nat realms.
*
* @param realm holds the name of the realm to be deleted.
* If the parameter is NULL, all existing realms is returned.
*/
get_nat_realm ? realm:txt -> realms:list
/**
* create_nat_realm_vif4 - creates an entry for the base ipv4 address
* of a virtual interface.
* Any virtual interface can at most be a member of one realm.
* Virtual interfaces must be in the same realm as the ip addresses
* passing the vif interface.
*
* @param realm is an existing realm that the vif is mapped to.
* @param ifname is the name of the physical interface where the
* vif is defined.
* @param vifname is the name of the virtual interface to be mapped.
* @param tag is a textlabel that the mapping is labeled with.
* @param description textual description of the mapping.
*/
create_nat_realm_vif4 ? realm:txt & ifname:txt & vifname:txt & \
tag:txt & description:txt
/**
* delete_nat_realm_vif4 - removes an entry for a base ipv4 (vif)
* address of virtual interface from a nat realm.
* The definitions matching all the supplied parameters is deleted.
* Wild card parameters must be set to NULL.
*
* @param realm all vif4 definitions to this realm is deleted.
* @param ifname all definitions with this ifname is deleted.
* @param vifname all mappings to this vifname is deleted
* @param tag all mappings with this tag is deleted.
*/
delete_nat_realm_vif4 ? realm:txt & ifname:txt & vifname:txt & \
tag:txt
/**
* update_nat_realm_vif4 - updates an existing vif mapping with its
* new ipv4 address.
* The vif4 mapping is updated when the vif get a new ipv4 address.
*/
update_nat_realm_vif4 ? ifname:txt & vifname:txt & ip:ipv4
/**
* get_nat_realm_vif4 - lists nat_realm_vif4 definitions.
*
* get_nat_realm_vif4 returns a list of all nat_realm_vif4
* interfaces in the router matching the realm supplied.
* @param realm specifies the realm to return interfaces for.
* If NULL then all defined nat_realm_vif4 interfaces are returned.
*/
get_nat_realm_vif4 ? realm:txt -> nat_realm_vif4s:list
/**
* create_nat_realm_alias4 - creates a mapping to the nat_realm
* definitions. Manipulates ipv4 address aliases of an interface
* (vif) for in/out going nat gateways. Aliases are not the base
* ipv4 address of the virtual interface, but ipv4 addresses in
* the same subnet as the vif. (see nat_realm_vif)
*
* Any aliases, aliased to a vif must be in the same realm as the
* vif itself.
*
* @param realm specifies the realm that the IP address belongs to.
* @param ifname is the physical interfaces for this interface
* @param vifname is the virtual interface name to add this alias to.
* @param tag is a label for grouping definitions.
* @param description is a textual description of this alias.
* @param ipaddr is the ipv4 alias address added to the vif.
*/
create_nat_realm_alias4 ? realm:txt & ifname:txt & vifname:txt & \
tag:txt & description:txt & ipaddr:ipv4
/**
* delete_realm_alias4 function
* Deletes ipv4 realm_alias4 address from the virtuel interface (vif).
*
* The alias4 mappings matching the supplied parameters are deleted.
* Parameters that are not defined (=not matched against) must be NULL.
*
* @param realm the alias4 mappings in the same realm is deleted.
* @param ifname all alias4 mappings defined for this interface is
* deleted.
* @param vifname all alias4 mappings defined under this vif is
* deleted.
* @param tag all alias4 mappings with tag is deleted.
* @param ipaddr the alias4 mapping with this ipv4 address is deleted.
*/
delete_nat_realm_alias4 ? realm:txt & ifname:txt & vifname:txt & \
tag:txt & ipaddr:ipv4
/**
* get_nat_realm_alias4 returns a nat_realm_alias4 list with matching
* alias4 elements. Wildcard parameters shuld be set to NULL.
*
* @param realm specifies the realm of the alias4 addresses to be
* returned.
* @param ifname specifies the physical interfaces to match.
* @param vifname specifies the virtual interfaces to match.
* @param tag specifies the tag of the definitions to match.
* @param ipaddr specifies the ipv4 addr of the alias4 to match.
* @param nat_realm_alias4s is the list of the matching aliases
* defined.
*/
get_nat_realm_alias4 ? realm:txt & ifname:txt & vifname:txt & \
tag:txt & ipaddr:ipv4 \
-> nat_realm_alias4s:list
/**
* create_nat_realm - create definitions of ipv4 addresses/ipv4/
* networks/ipv4 ip ranges to the nat_realm list.
*
* The ipv4 addresses / ipv4 networks / ipv4 address ranges / tagged
* list of definitions, are all ip-addresses not directly attached
* to any physical/virtual interface on the xorp router.
*
* The function have the following way of interpreting the address
* arguments:
* All function calls must have theese parameters defined:
* <realm> <ifname> <vifname>, where realm specifies the actural realm.
* ifname and vifname the interfaces to route these addresses through.
* (If the ifname and vifname is possible to acquire via the routing
* info, these parameters might disappear during implementation)
*
* To specify a tag for the definition, supply the <tag> parameter.
*
* To specify an single ipv4 address supply ONLY the <ip> parameter.
*
* To specify an ipv4 network supply ONLY the <ipnet> parameter.
*
* To specify an ipv4 range supply ONLY the <ip> and <ipto> parameters.
* <ip> is the lowest ip address and ipto is the highest ip address
* in the range.
*
* The 3 types of definitions above can not be mixed in a single call
* to the function. Grouping is done with defining more of the 3
* first classes with the same tag.
*
* create_nat_realm4 create an ipv4 address/ipv4network/ipv4-range/tag
* at the nat map list.
*
* @param realm specifies the realm to which the mapping belong.
* @param tag maps the definition with this tag.
* @param description a textual description of this alias.
* @param ip is the ip address or the lowest bound of an ip range.
* @param ipto is the highest bound of a range.
* @param ipnet specifies an ipv4 network (ip address + subnetmask)
*/
create_nat_realm4 ? realm:txt & \
tag:txt & description:txt & \
ip:ipv4 & ipto:ipv4 & \
ipnet:ipv4net
/**
* delete_nat_realm4 deletes all nat_realm4 mappings, matching
* all supplied parameters. Wild card parameters must be set to NULL.
* (For further doc see add_nat_realm4)
*
* @param realm all nat_realm4 with this realm is deleted.
* @param tag all nat_realm4 definitions with this tag is deleted.
* @param ip the ipv4 address mapping is deleted. (see ipto param too)
* @param ipto the range defined together with the ip parameter is
* deleted.
* @param ipnet the ipv4network defined is deleted.
*
* If more parameters are defined, only the definitions that match
* ALL the supplied parameters is deleted.
*/
delete_nat_realm4 ? realm:txt & \
tag:txt & \
ip:ipv4 & ipto:ipv4 & \
ipnet:ipv4net
/**
* get_nat_realm4 function - returns the list of defined elements
* that matches the supplied parameters.
* (For further doc on the use see add_nat_realm4 the doc.)
* Wildcard parameters must be set to NULL.
*
* @param realm returns the list of realm4 definitions for this realm.
* @param tag returns the list of definitions tagged with this tag.
* @param ip returns the list of definitions with this ipv4 address.
* @param ipto returns the list of definitions with this ipv4 range.
* @param ipnet returns the list of ipv4 networks defined.
* @param nat_realm4s is a list of the matched definitions.
*/
get_nat_realm4 ? realm:txt & \
tag:txt & description:txt & \
ip:ipv4 & ipto:ipv4 & \
ipnet:ipv4net -> nat_realm4s:list
/**
* create_nat_static_map4
*
* create_nat_static_map4 - defines static NAT table entries from the
* ip definitions from the nat_realm* functions.
*
* The nat_static_map functions defines static nat mappings between
* ip addresses at the source side realm and the ip addresses of
* the destination side realm.
* If the ip sizes of the ranges on either side of the mapping is not
* equal, then the mappings must go from the source side realm
* (aka local realm) to the destination side realm (aka global realm).
* ip addresses that is used for TCP/UDP port mapping
* (port overloading) must always be defined at the destination side.
*
* The nat_static_map function has more sub functions dependent of
* the supplied parameters. The parameters can define either a single
* ip address, a contiguous range of ip addresses or a sub net, or a
* tagged set of definitions. The ip addresses and realm used in a map
* statement must be defined in a nat_realm* clause.
* The source and destination side of a mapping can take all 4 forms
* from the following definitions.
*
* To specify a single ip address the ip parameter is used. The
* ipto paramter must be NULL.
*
* To specify a contiguous range of IP addresses, the ip and ipto
* parameters are used. The ipnet parameter must be NULL.
*
* To specify an ipnetwork, the ipnet parameters must be specified.
* The ipnet takes a subnet-address and a submet-mask. The ip and ipto
* parameters must be NULL.
*
* To use a tag from the nat_realm definitions, specify the tag at
* the tag parameter. The ip, ipto and ipnet parameters must be NULL.
*
* @param srcrealm specifies the realm for the source side of the map.
*
* @param destrealm specifies the realm for the destination side
* of the map.
*
* @param srcip is the ipv4 source ip address of a mapping.
*
* @param srcipto is the source ipv4 address that forms the upper
* bound of an ip range.
*
* @param srcipnet is the ipv4 network which forms the source mapping.
* bound of an ip range.
*
* @param srctag maps all nat_realm definitions with the same tag as
* the source definition.
*
* @param srcport is the range of ports used to this mapping.
*
* @param destip is the ipv4 destination address of the mapping
*
* @param destipto is the ipv4 address that forms the upper bound of
* the destination ip range.
*
* @param destipnet is the ipv4 network that is the destination ip
* addresses for the mapping.
*
* @param desttag maps all nat_realm definitions with the same tag as
* the destination definition.
*
* @param destport is a list of tcp and/or udp ports used at the
* destination addresses.
*
*/
create_nat_static_map4 ? description:txt & \
srcrealm:txt & \
srcip:ipv4 & srcipto:ipv4 & \
srcipnet:ipv4net & \
srctag:txt & \
srcport:ipv4ports & \
destrealm:txt & \
destip:ipv4 & destipto:ipv4 & \
destipnet:ipv4net & \
desttag:txt & \
destport:ipv4ports
/**
* delete_nat_static_map4
*
* delete_nat_static_map4 - delete static nat table entries from the
* ip definitions from the nat_static_map4 functions.
*
* The function deletes the nat_static_map4 entries that matches
* all the supplied parameters. (for more information about the
* interfaces see create_nat_static_map4 documentation)
*
* The selected ranges must be fully matching sets from the
* create_nat_static_map4 definition. No internal ranges can be deleted.
*
* @param srcrealm specifies the source realm to be deleted. All
* nat_static_map4 definitions with the same realm is selected.
*
* @param destrealm specifies the realm for the destination side
* to be deleted. All nat_static_map4 definitions with the same realm
* is selected.
*
* @param srcip is the ipv4 source ip address to be deleted.
*
* @param srcipto is together with the srcip parameter defines the
* source ip range to be deleted.
*
* @param srcipnet is the ipv4 network source mapping to be deleted.
*
* @param srctag maps selects the source tags to be deleted.
*
* @param srcport is the range of tcp and/or udp ports to be deleted.
*
* @param destip is the ipv4 destination address to be deleted.
*
* @param destipto is together with the destip parameter defines
* the destination ip range to be deleted.
*
* @param destipnet is the ipv4 network to be deleted.
*
* @param desttag maps defines the destination tags to be deleted.
*
* @param destport is a list of tcp and/or udp ports to be deleted.
*/
delete_nat_static_map4 ? srcrealm:txt & \
srcip:ipv4 & srcipto:ipv4 & \
srcipnet:ipv4net & \
srctag:txt & \
srcport:ipv4ports & \
destrealm:txt & \
destip:ipv4 & destipto:ipv4 & \
destipnet:ipv4net & \
desttag:txt & \
destport:ipv4ports
/**
* get_nat_static_map4 - lists nat_static_map4 entries.
*
* get_nat_static_map4 - lists static NAT table entries that matches
* the supplied parameters.
*
* The function deletes the nat_static_map4 entries that is matches
* all the supplied parameters.
* (for more information about the interfaces see
* create_nat_static_map4 documentation)
*
* @param srcrealm specifies the source realm to be listed.
*
* @param destrealm specifies the realm for the destination side
* to be listed.
*
* @param srcip is the ipv4 source ip address to be listed.
*
* @param srcipto is together with the srcip parameter defines the
* source ip range to be listed.
*
* @param srcipnet is the ipv4 network source to be listed.
*
* @param srctag maps selects the srctags to be listed.
*
* @param srcport is the range of tcp and/or udp ports to be delted.
*
* @param destip is the ipv4 destination address to be listed.
*
* @param destipto is together with the destip parameter defines
* the destination ip range to be listed.
*
* @param destipnet is the ipv4 network to be listed.
*
* @param desttag maps defines the destination tags to be listed.
*
* @param nat_static_map4s contains the list of matched elements.
*
* @param destport is a list of tcp and/or udp ports to be matched.
*/
get_nat_static_map4 ? description:txt & \
srcrealm:txt & \
srcip:ipv4 & srcipto:ipv4 & \
srcipnet:ipv4net & \
srctag:txt & \
srcport:ipv4ports & \
destrealm:txt & \
destip:ipv4 & destipto:ipv4 & \
destipnet:ipv4net & \
destport:ipv4ports & \
desttag:txt -> nat_static_map4s:list
/**
* create_nat_dynamic map definitions.
*
* The nat_static_map functions defines static mappings between
* IP addresses at the source side realm and the IP addresses of
* the destination side realm.
* If the IP sizes of the ranges on either side is not equal,
* then the mappings must go from the source side realm
* (aka local realm) and the destination side realm (aka global realm).
* IP addresses that is used for TCP/UDP port mapping
* (port overloading) must be defined on the destination side.
*
* @param srcrealm specify the network realm for the source part
* of the mapping.
*
* @param srctag maps the nat_realm* definitions with this tag as
* the source side of the mapping. The tagged definitions must belong
* to the same realm as stated in srcrealm. If the special meaning
* tag "all" is given then all the definitions in the nat_realm
* with the same realm as stated in srcrealm is matched.
*
* Src or dest definitions defults to "all" which is all addresses
* in the matching (src/dest) realm as defined in nat_realm_* group.
*
* @param srcip is the ipv4 source ip address of a mapping.
*
* @param srcipnet is the ipv4 network which forms the source mapping.
*
* @param scrip is the source ipv4 address that forms the lower bound
* of an ip range.
*
* @param srcipto is the source ipv4 address that forms the upper
* bound of an ip range.
*
* @param srcport is the range of tcp and/or udp ports to be used in
* the mapping.
*
* @param destip is the ipv4 destination address of the mapping
*
* @param destipnet is the ipv4 network that is the destination ip
* addresses for the mapping.
*
* @param destip is the ipv4 address that forms the lower bound of the
* destination ip range.
*
* @param destipto is the ipv4 address that forms the upper bound of
* the destination ip range.
*
* @param desttag maps the nat_realm* definitions with this tag as
* the destination side of the mapping. The tagged definitions must
* belong to the same realm as stated in srcrealm. If the special
* meaning tag "all" is given then all the definitions in the nat_realm
* with the same realm as stated in srcrealm is matched.
*
* @param destport is a list of tcp and/or udp ports to use for the
* dynamic mapping.
*
* @param binding This argument can be "dynamic" (default) or "fixed"
* Dynamic can be a new mapping each time the mapping is used for a
* new connection (from src side). "fixed" is using the same source
* and destination mapping each time the src ip/port is connecting.
*/
create_nat_dynamic_map4 ? description:txt & \
srcrealm:txt & \
srcip:ipv4 & srcipto:ipv4 & \
srcipnet:ipv4net & \
srctag:txt & \
srcport:ipv4ports & \
destrealm:txt & \
destip:ipv4 & destipto:ipv4 & \
destipnet:ipv4net & \
desttag:txt & \
destport:ipv4ports & \
binding:txt
/**
* delete_nat_dynamic_map4
*
* The delete_nat_dynamic_map4 function deletes the elements from the
* nat_dynamic_map4 table that matches the supplied parameters.
*
* @param srcrealm matches source realm parameter of mappings.
*
* @param srctag matches the source tag paramter of the mappings to
* be deleted.
* If the special meaning tag "all" is given then all the definitions
* with this tag on the source side is matched. With the same realm
* as stated in srcrealm is matched.
*
* @param srcip matches the ipv4 source ip, or the lower bound of an
* ipv4 ip-range to be deleted.
*
* @param srcipto matches the source ipv4 address that forms the upper
* bound of an ip range to be deleted.
*
* @param srcipnet matches the source ipv4 network to be deleted.
*
* @param srcport is the tcp and/or udp port range to be deleted.
*
* @param destip matches the ipv4 destination address of the mapping
* or the ipv4 address that forms the lower bound of the destination
* ip range.
*
* @param destipto matches the destination ipv4 address to be deleted.
*
* @param destipnet matches the destination ipv4 network.
*
* @param desttag maps the mappings with this tag as the destination
* side of the mapping. The tagged definitions must belong to the
* same realm as stated in srcrealm. If the special
* meaning tag "all" is given then all the definitions in the
* nat_dynamic_realm with the same source realm as stated in srcrealm
* is matched.
*
* @param destport is a list of tcp and/or udp ports to be deleted.
*
* @param binding This argument can be "dynamic" (default) or "fixed"
* Dynamic can be a new mapping each time the mapping is used for a
* new connection (from src side). "fixed" is using the same source
* and destination mapping each time the src ip/port is connecting.
*/
delete_nat_dynamic_map4 ? srcrealm:txt & \
srcip:ipv4 & srcipto:ipv4 & \
srcipnet:ipv4net & \
srctag:txt & \
srcport:ipv4ports & \
destrealm:txt & \
destip:ipv4 & destipto:ipv4 & \
destipnet:ipv4net & \
desttag:txt & \
destport:ipv4ports & \
binding:txt
/**
* get_nat_dynamic_map4
*
* The get_nat_dynamic_map4 function returns the elements from the
* nat_dynamic_map4 table that matches all the supplied parameters.
*
* @param srcrealm matches source realm parameter of the mappings.
*
* @param srctag matches the source tag parameter of the mappings.
* If the special meaning tag "all" is given then all the definitions
* with this tag on the source side is matched. With the same realm
* as stated in srcrealm is matched.
*
* @param srcip matches the ipv4 source ip, or the lower bound of an
* ipv4 ip-range.
*
* @param srcipto matches the source ipv4 address that forms the upper
* bound of an ip range.
*
* @param srcipnet matches the source ipv4 network.
*
* @param srcport is the tcp and/or udp range to be returned.
*
* @param destip matches the ipv4 destination address of the mapping
* or the ipv4 address that forms the lower bound of the destination
* ip range.
*
* @param destipto matches the destination ipv4 address.
*
* @param destipnet matches the destination ipv4 network.
*
* @param desttag maps the mappings with this tag as the destination
* side of the mapping. The tagged definitions must belong to the
* same realm as stated in srcrealm. If the special
* mening tag "all" is given then all the definitions in the
* nat_dynamic_realm with the same source realm as stated in srcrealm
* is matched.
*
* @param destport is a list of tcp and/or udp ports to be returned.
*
* @param binding This argument can be "dynamic" (default) or "fixed"
* Dynamic can be a new mapping each time the mapping is used for a
* new connection (from src side). "fixed" is using the same source
* and destination mapping each time the src ip/port is connecting.
*/
get_nat_dynamic_map4 ? description:txt & \
srcrealm:txt & \
srcip:ipv4 & srcipto:ipv4 & \
srcipnet:ipv4net & \
srctag:txt & \
srcport:ipv4ports & \
destrealm:txt & \
destip:ipv4 & destipto:ipv4 & \
destipnet:ipv4net & \
desttag:txt & \
destport:ipv4ports & \
binding:txt -> nat_dynamic_map4s:list
/**
* lsnat_map functions - define Load Sharing NAT (LSNAT) functionality.
*
* lsnat_map defines hosts at the destination side which is to be
* loadshared when accesses via a common global address and port,
* defined at the source side.
*
* The lsnat_map function has a range of ways to define ipv4 addresses,
* ipv4 networks and ipv4 ip address ranges.
* The parameters can define either a single ip address, a contigous
* range of IP addresses or a subnet, or a tag.
* The source and destination side of a mapping can each take all
* 4 forms.
*
* To specify an single ip address the ip parameter is used. The
* ipto paramter must be NULL.
*
* To specify a contiguous range of IP addresses, the ip and ipto
* parameters are used. The ipnet parameter must be NULL.
*
* To specify an ipnetwork, the ipnet parameters must be specified.
* The ipnet takes a sub net-address and a sub net-mask. The ip and ipto
* parameters must be NULL.
*
* To use a named tag from the nat_realm definitions, specify the tag
* at the tag parameter. The ip, ipto and ipnet parameters must be
* NULL. Tags with the special value "all" matches all defined
* addresses in the same realm as the tag.
*
* @param srcrealm defines which realm the source addresses belongs
* to. The common ip addresses to access the load shared services must
* be load shared must be connected to the source side of the map.
*
* @param destrealm defines which realm the destination addresses
* belongs to (host network realm). The ip addresses of the hosts
* with the services to be load shared is on this realm.
*
* @param srcip is the ipv4 source ip address of a mapping.
*
* @param srcipto is the source ipv4 address that forms the upper
* bound of an ip range.
*
* @param srcipnet is the ipv4 network which forms the source mapping.
* bound of an ip range.
*
* @param srctag maps all nat_realm definitions with the same tag as
* the source definition. The special tag value "all" matches all
* definitions from the nat_realm with the same realm.
*
* @param srcport is the list of tcp and/or udp ports to created.
*
* @param destip is the ipv4 destination address of the mapping
*
* @param destipto is the ipv4 address that forms the upper bound of
* the destination ip range.
*
* @param destipnet is the ipv4 network that is the destination ip
* addresses for the mapping.
*
* @param desttag maps all nat_realm definitions with the same tag as
* the destination definition. The special tag value "all" matches all
* definitions from the nat_realm with the same realm.
*
* @param destport is the tcp and/or udp port to load share.
*
* @param lsalgorithm defines the load sharing algorithm, and takes
* the values: round-robin, random, (more ?), ...
*
*/
/**
* create_lsnat_map4 function -
* Creates a lsnat_map4 table entry to the nat mappings.
*/
create_lsnat_map4 ? description:txt & \
srcrealm:txt & \
srcip:ipv4 & srcipto:ipv4 & \
srcipnet:ipv4net & \
srctag:txt & \
srcport:ipv4ports & \
destrealm:txt & \
destip:ipv4 & destipto:ipv4 & \
destipnet:ipv4net & \
desttag:txt & \
destport:ipv4ports & \
lsalgorithm:txt
/**
* delete_lsnat_map4 function -
* Deletes the lsnat_map4 tableentries from the nat mappings that
* matches all the defined parameters.
*/
delete_lsnat_map4 ? srcrealm:txt & \
srcip:ipv4 & srcipto:ipv4 & \
srcipnet:ipv4net & \
srctag:txt & \
srcport:ipv4ports & \
destrealm:txt & \
destip:ipv4 & destipto:ipv4 & \
destipnet:ipv4net & \
desttag:txt & \
destport:ipv4ports & \
/**
* get_lsnat_map4 function -
* Lists lsnat_map4 table entries that matches all the defined the
* parameters.
*/
get_lsnat_map4 ? description:txt & \
srcrealm:txt & \
srcip:ipv4 & srcipto:ipv4 & \
srcipnet:ipv4net & \
srctag:txt & \
srcport:ipv4ports & \
destrealm:txt & \
destip:ipv4 & destipto:ipv4 & \
destipnet:ipv4net & \
desttag:txt & \
destport:ipv4ports & \
lsalgorithm:txt -> lsnat_map4s:list
}
--------------040204020303010209060700--