diff options
author | brian <brian@cvs.openbsd.org> | 2001-07-09 00:08:56 +0000 |
---|---|---|
committer | brian <brian@cvs.openbsd.org> | 2001-07-09 00:08:56 +0000 |
commit | eac879a65bfbb525aa543a590616022c0f8c184a (patch) | |
tree | 1b11294e445f4bc174c68e6d9d3de8f5cdb2e5d6 /usr.sbin/ppp | |
parent | b0d62f130faaba54cee526972c751ffcc5ae1aa4 (diff) |
Add a ``nat proto'' command -- similar to natd(8)'s -redirect_proto switch.
Diffstat (limited to 'usr.sbin/ppp')
-rw-r--r-- | usr.sbin/ppp/ppp/command.c | 4 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/nat_cmd.c | 70 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/nat_cmd.h | 3 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/ppp.8 | 25 |
4 files changed, 98 insertions, 4 deletions
diff --git a/usr.sbin/ppp/ppp/command.c b/usr.sbin/ppp/ppp/command.c index 49b2e64e854..50a5da493b4 100644 --- a/usr.sbin/ppp/ppp/command.c +++ b/usr.sbin/ppp/ppp/command.c @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: command.c,v 1.62 2001/07/07 03:08:49 brian Exp $ + * $OpenBSD: command.c,v 1.63 2001/07/09 00:08:54 brian Exp $ */ #include <sys/param.h> @@ -632,6 +632,8 @@ static struct cmdtab const NatCommands[] = (const void *) PKT_ALIAS_LOG}, {"port", NULL, nat_RedirectPort, LOCAL_AUTH, "port redirection", "nat port proto localaddr:port[-port] aliasport[-aliasport]"}, + {"proto", NULL, nat_RedirectProto, LOCAL_AUTH, "protocol redirection", + "nat proto proto localIP [publicIP [remoteIP]]"}, {"proxy", NULL, nat_ProxyRule, LOCAL_AUTH, "proxy control", "nat proxy server host[:port] ..."}, {"same_ports", NULL, NatOption, LOCAL_AUTH, diff --git a/usr.sbin/ppp/ppp/nat_cmd.c b/usr.sbin/ppp/ppp/nat_cmd.c index 01756026572..8a1da491f1b 100644 --- a/usr.sbin/ppp/ppp/nat_cmd.c +++ b/usr.sbin/ppp/ppp/nat_cmd.c @@ -24,7 +24,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: nat_cmd.c,v 1.18 2001/06/07 09:32:55 brian Exp $ + * $OpenBSD: nat_cmd.c,v 1.19 2001/07/09 00:08:55 brian Exp $ */ #include <sys/param.h> @@ -229,6 +229,74 @@ nat_RedirectAddr(struct cmdargs const *arg) } +int +nat_RedirectProto(struct cmdargs const *arg) +{ + if (!arg->bundle->NatEnabled) { + prompt_Printf(arg->prompt, "nat not enabled\n"); + return 1; + } else if (arg->argc >= arg->argn + 2 && arg->argc <= arg->argn + 4) { + struct in_addr localIP, publicIP, remoteIP; + struct alias_link *link; + struct protoent *pe; + int error, len; + + len = strlen(arg->argv[arg->argn]); + if (len == 0) { + prompt_Printf(arg->prompt, "proto redirect: invalid protocol\n"); + return 1; + } + if (strspn(arg->argv[arg->argn], "01234567") == len) + pe = getprotobynumber(atoi(arg->argv[arg->argn])); + else + pe = getprotobyname(arg->argv[arg->argn]); + if (pe == NULL) { + prompt_Printf(arg->prompt, "proto redirect: invalid protocol\n"); + return 1; + } + + error = StrToAddr(arg->argv[arg->argn + 1], &localIP); + if (error) { + prompt_Printf(arg->prompt, "proto redirect: invalid src address\n"); + return 1; + } + + if (arg->argc >= arg->argn + 3) { + error = StrToAddr(arg->argv[arg->argn + 2], &publicIP); + if (error) { + prompt_Printf(arg->prompt, "proto redirect: invalid alias address\n"); + prompt_Printf(arg->prompt, "Usage: nat %s %s\n", arg->cmd->name, + arg->cmd->syntax); + return 1; + } + } else + publicIP.s_addr = INADDR_ANY; + + if (arg->argc == arg->argn + 4) { + error = StrToAddr(arg->argv[arg->argn + 2], &remoteIP); + if (error) { + prompt_Printf(arg->prompt, "proto redirect: invalid dst address\n"); + prompt_Printf(arg->prompt, "Usage: nat %s %s\n", arg->cmd->name, + arg->cmd->syntax); + return 1; + } + } else + remoteIP.s_addr = INADDR_ANY; + + link = PacketAliasRedirectProto(localIP, remoteIP, publicIP, pe->p_proto); + if (link == NULL) { + prompt_Printf(arg->prompt, "proto redirect: packet aliasing" + " engine error\n"); + prompt_Printf(arg->prompt, "Usage: nat %s %s\n", arg->cmd->name, + arg->cmd->syntax); + } + } else + return -1; + + return 0; +} + + static int StrToAddr(const char *str, struct in_addr *addr) { diff --git a/usr.sbin/ppp/ppp/nat_cmd.h b/usr.sbin/ppp/ppp/nat_cmd.h index 1f26d98d2d0..9b6a2bb4ed6 100644 --- a/usr.sbin/ppp/ppp/nat_cmd.h +++ b/usr.sbin/ppp/ppp/nat_cmd.h @@ -24,13 +24,14 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: nat_cmd.h,v 1.5 2001/06/07 09:32:55 brian Exp $ + * $OpenBSD: nat_cmd.h,v 1.6 2001/07/09 00:08:55 brian Exp $ */ struct cmdargs; extern int nat_RedirectPort(struct cmdargs const *); extern int nat_RedirectAddr(struct cmdargs const *); +extern int nat_RedirectProto(struct cmdargs const *); extern int nat_ProxyRule(struct cmdargs const *); extern int nat_SetTarget(struct cmdargs const *); diff --git a/usr.sbin/ppp/ppp/ppp.8 b/usr.sbin/ppp/ppp/ppp.8 index f1b048055c9..5ac3a8814d7 100644 --- a/usr.sbin/ppp/ppp/ppp.8 +++ b/usr.sbin/ppp/ppp/ppp.8 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: ppp.8,v 1.114 2001/07/07 03:08:49 brian Exp $ +.\" $OpenBSD: ppp.8,v 1.115 2001/07/09 00:08:55 brian Exp $ .\" .Dd September 20, 1995 .Dt PPP 8 @@ -3365,6 +3365,28 @@ or a range of ports the same size as the other ranges. This option is useful if you wish to run things like Internet phone on machines behind your gateway, but is limited in that connections to only one interior machine per source machine and target port are possible. +.It nat proto Ar proto localIP Op Ar publicIP Op Ar remoteIP +This command tells +.Nm +to redirect packets of protocol type +.Ar proto +.Pq see Xr protocols 5 +to the internall address +.Ar localIP . +.Pp +If +.Ar publicIP +is specified, only packets destined for that address are matched, +otherwise the default alias address is used. +.Pp +If +.Ar remoteIP +is specified, only packets matching that source address are matched, +.Pp +This command is useful for redirecting tunnel endpoints to an internal machine, +for example: +.Pp +.Dl nat proto ipencap 10.0.0.1 .It "nat proxy cmd" Ar arg Ns No ... This command tells .Nm @@ -5637,6 +5659,7 @@ This socket is used to pass links between different instances of .Xr crontab 5 , .Xr group 5 , .Xr passwd 5 , +.Xr protocols 5 , .Xr radius.conf 5 , .Xr resolv.conf 5 , .Xr syslog.conf 5 , |