.\" $OpenBSD: ipnat.4,v 1.13 1999/07/02 20:11:46 aaron Exp $ .Dd June 5, 1999 .Os .Dt IPNAT 4 .Sh NAME .Nm ipnat .Nd Network Address Translation kernel interface .Sh SYNOPSIS .Fd #include .Fd #include .Fd #include .Fd #include .Sh DESCRIPTION Unlike .Xr ipf 4 , only a single list is supported by the kernel NAT interface. An inactive list which can be swapped to is not currently supported. .Pp .Pp To add/delete rules to/from the NAT list, two .Dq basic ioctl's are provided: .Bd -literal -offset indent .Fn ioctl fd SIOCADNAT "struct ipnat *" .Fn ioctl fd SIOCRMNAT "struct ipnat *" .Ed .Pp To retrieve NAT statistics .Bd -literal -offset indent .Fn ioctl fd SIOCGNATS "struct natstat *" .Ed .Pp is provided. .Pp These ioctl's are implemented as routing ioctl's, so the rules for routing ioctl's and the file descriptor .Ar fd must be followed. The most important rule is that the file descriptor .Fa fd must be for the device associated with the module (i.e., .Pa /dev/ipl ) . .Pp The structure .Fa ipnat and associated macros are defined as: .Bd -literal -offset indent typedef struct ipnat { struct ipnat *in_next; void *in_ifp; void *in_apr; u_int in_space; u_int in_use; struct in_addr in_nextip; u_short in_pnext; u_short in_flags; u_short in_port[2]; struct in_addr in_in[2]; struct in_addr in_out[2]; int in_redir; char in_ifname[IFNAMSIZ]; char in_plabel[APR_LABELLEN]; char in_p; u_short in_dport; } ipnat_t; #define in_pmin in_port[0] #define in_pmax in_port[1] #define in_nip in_nextip.s_addr #define in_inip in_in[0].s_addr #define in_inmsk in_in[1].s_addr #define in_outip in_out[0].s_addr #define in_outmsk in_out[1].s_addr .Ed .Pp Where recognised values for .Fa in_redir are: .Bd -literal -offset indent #define NAT_MAP 0x01 #define NAT_REDIRECT 0x02 #define NAT_BIMAP (NAT_MAP|NAT_REDIRECT) .Ed .Pp The structure .Fa natstat is defined as: .Bd -literal -offset indent typedef struct natstat { u_long ns_mapped[2]; u_long ns_rules; u_long ns_added; u_long ns_expire; u_long ns_inuse; u_long ns_logged; u_long ns_logfail; nat_t **ns_table[2]; ipnat_t *ns_list; void *ns_apslist; } natstat_t; .Ed .Pp The NAT kernel tables are hash tables of size .Dv NAT_SIZE (default is 367). .Sh FILES .Bl -tag -width /dev/ipnat -compact .It Pa /dev/ipnat .El .Sh SEE ALSO .Xr ipf 1 , .Xr ipftest 1 , .Xr ipf 4 , .Xr ipl 4 , .Xr ipf 5 , .Xr ipnat 5 , .Xr ipnat 8 , .Xr ipfstat 8 , .Xr ipmon 8 .Pp http://coombs.anu.edu.au/ipfilter/ .Sh BUGS It would be nice if there were more flexibility when adding and deleting filter rules.