Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Revised.

  • Loading branch information...
commit c9dbac50bf11764335fff0867fd28496a2d27473 1 parent 808b05a
fujisawa authored
Showing with 191 additions and 24 deletions.
  1. +191 −24 kame/kame/natptconfig/natptconfig.8
View
215 kame/kame/natptconfig/natptconfig.8
@@ -25,7 +25,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $Id: natptconfig.8,v 1.3 2000/02/20 21:15:37 fujisawa Exp $
+.\" $Id: natptconfig.8,v 1.4 2000/03/12 21:48:56 fujisawa Exp $
.\"
.\" Note: The date here should be updated whenever a non-trivial
.\" change is made to the manual page.
@@ -43,6 +43,8 @@
.Sh SYNOPSIS
.Nm natptconfig
.Fl f Ar configfile
+.Nm natptconfig
+.Ar show ...
.\"
.Sh DESCRIPTION
.Nm Natptconfig
@@ -50,8 +52,8 @@ configures and control the IPv6-to-IPv4 translator implemented in the
kernel.
.Pp
.Nm Natptconfig
-has two format of command line arguments. First one has the
-following options.
+has two format of command line arguments. First one has the following
+options.
.Bl -tag -width Ds
.It Fl f Ar configfile
Evaluate the content of file specified by configfile, as configuration
@@ -60,8 +62,7 @@ directives. By specifying
standard input is used.
.Pp
.El
-The second form is ...
-(to be written)
+The second form is to show various useful information read from kernel.
.\"
.Sh DIRECTIVES
Each rule processed by translater is added in the kernel internal
@@ -69,15 +70,10 @@ lists if there is no parsing problems. Rules are added to the end of
the internal lists using "map" natptconfig directive, matching the
order in which they appear when given in natptconfig.
.Pp
-The following directives are available.
+The following directives are available in the configuration file.
.Bl -tag -width Ds
.\"
.It Xo
-.Li ?
-.Xc
-Show available actions on each stage.
-.\"
-.It Xo
.Li interface
.Ar interfaceName
.Li {internal|external}
@@ -93,7 +89,9 @@ subject to IPv6-to-IPv4 protocol translation.
.Ar natpt <v6addr> / <prefixlen>
.Xc
Set NAT-PT prefix, and packet addressed to this prefix will subject to
-translate.
+translate. A number followed by a slash (/) represent the number of
+bits significant in the IP address. 96bit prefix is used in case of
+most.
.\"
.It Xo
.Li map {inbound|outbound} from <v6addr> [port] to <v4addr> port
@@ -103,15 +101,146 @@ incoming packet mathes this rule will subject to translate. The rules
for returning packet is not appear in this map list.
.\"
.It Xo
+.Li map flush [{static|dynamic}]
+.Xc
+Remove all rules from the kernel. If static or dynamic was specified,
+corresponding rule will removed.
+.\"
+.It Xo
.Li map {enable|disable}
.Xc
Enable or disable translation.
+.El
+.Pp
+The following directives are available in interactive use.
+.Bl -tag -width Ds
+.\"
+.It Xo
+.Li ?
+.Xc
+Show available actions on each stage.
.\"
.It Xo
-.Li show
+.Li set Ar var = value
.Xc
+This option allows to setting of the following variables:
+.Bl -tag -width XXX
+.It natpt_debug
+.It natpt_dump
+When set, dump mbuf or ip packet. You must run natptlog command to
+show its dump.
+.El
+.Pp
+Value can use decimal or hexadecimal (begin with 0x) notation.
+Currently, blank of each side of '=' is not allowed.
.\"
-.Sh EXAMPLES
+.It Xo
+.Li show [subcommand...]
+.Xc
+Show various useful information.
+.Nm natptconfig
+read this information from kernel, so you must have read permission of
+/dev/kmem.
+Available subcommands are listed below.
+.Bl -tag -width XXX
+.It ?
+Show available subcommands on each stage.
+.It interface
+Show interface setting.
+.It prefix
+Show NAT-PT prefix and prefix mask.
+.It static
+Show NAT-PT rules which set by statically.
+.It dynamic
+Show NAT-PT rules which set by dynamically.
+.It xlate [[long] [interval]]
+Show NAT-PT current translation table entry.
+Interval is a
+number, and this option specified,
+.Nm natptconfig
+will continuously display the information which is shown with xlate
+subcommand in specified second interval.
+.Pp
+By default, this command display IPv6 as short format (22 columns per
+address), when 'long' specified, this command display IPv6 address
+without omitting it.
+.Pp
+It is useful to see this
+table entry when this translator seems not to work. See
+.Em TABLE FORMAT
+section below for more detail.
+.It variables
+Show variables set with set subcommand.
+.It mapping
+Show current mapping status. Status is displayed as "enable" or "disable".
+.El
+.It test [subcommand...]
+Test log system. You must run natptlog command. When only log
+specified, send LOGTESTPATTERN to translator, and translator send this
+pattern to log system. When you running natptlog command, this
+command display LOGTESTPATTERN. Current available subcommands are
+shown.
+.Bl -tag -width XXX
+.It ?
+Show available subcommands on each stage.
+.It log
+Send predefined pattern LOGTESTPATTERN to the log system.
+.It log NAME
+Send one word to the log system.
+.It log "STRING"
+Send double quoted string to the log system. String should be double
+quoted.
+.El
+.\"
+.Sh RUNNING NAT-PT
+The following steps are necessary before attempting to run
+.Nm NAT-PT:
+.Bl -enum
+.It
+Build a custom kernel with uncomment the following options:
+
+ options NATPT
+
+This options is commented with distributed GENERIC.V6 as a default.
+Refer to the handbook for detailed instructions on building a custom
+kernel.
+.It
+Ensure that your machine is acting as a gateway. This can be done by
+specifying the line
+
+ ip6router=YES
+
+in
+.Pa /usr/local/v6/etc/rc.net6 .
+.It
+Write natpt configuration and set its configuration into kernel.
+See
+.Em EXAMPLE 1
+section below for more detail.
+.It
+When NAT-PT seems not to work properly, try next procedure.
+.Bl -enum
+.It
+Use show xlate command, and see current translation table entry.
+.It
+Set the natpt_dump variable to appropriately value, and see mbuf or ip
+packet dump generated with natptlog command.
+.El
+.El
+.\"
+.Sh EXAMPLE 1
+The following is an example of '?' directive.
+.Bd -literal -offset Ds
+% natptconfig ?
+ interface Mark interface as outside or inside.
+ map Set translation rule.
+ set Set value to in-kernel variable.
+ show Show setting.
+% natptconfig interface ?
+ <interfaceName> {internal|external}
+%
+.Ed
+.Pp
The following is an example of a typical usage
of the
.Nm
@@ -131,17 +260,51 @@ map outbound from 3ffe:0501:4819:6000::/64 to 172.16.196.1 port 28672 - 32767
map enable
%
.Ed
+.Sh EXAMPLE 2
+Assume mapping rule was set as follows,
+.Bd -literal -offset indent
+map inbound from 203.178.141.196 port 65303 \\
+ to 3ffe:501:4819:6000:200:f4ff:fe5c:3599 port 23
+.Ed
.Pp
-The following is an example of '?' directive.
-.Bd -literal -offset Ds
-% natptconfig ?
- interface Mark interface as outside or inside.
- map Set translation rule.
- set Set value to in-kernel variable.
- show Show setting.
-% natptconfig interface ?
- <interfaceName> {internal|external}
-%
+When v4 packet is coming from outside to this machine, and when its
+packet's dstaddr == 203.178.141.196 and dstport == 65303, this v4
+packet is translated to v6, dstaddr == 3ffe:..3559 and desport == 23,
+so this packet will send to v6 machine to telnet port.
+.Pp
+So, this function is restricted with TCP and UDP, and you must know
+destination address and port number (in this case 65303) before send
+packet.
+.Pp
+Some people say this function is enough and this restriction (to
+know port mapping ahead of making session, and cannot connect any
+port before set mapping configuration) is acceptable.
+.\"
+.Sh TABLE FORMAT
+This is a one sample of 'show xlate' output. Sorry, this table entry
+was too long, show this entry over two lines.
+.Bd -literal -offset XX
+tcp 3ffe:501:4819:c1ad::857b:10bf.23 3ffe:501:4819:6001:2e0:18ff:fea8:4e66.1041
+ 133.123.16.193.28686 133.123.16.191.23 00:00:01 SYN_SENT
+.Ed
+.Pp
+This entry has 7 fields. The leftmost field shows protocol. The
+second and third field shows src.port and dst.port of internal side.
+The forth and fifth field show src.port and dst.port of external side.
+The sixth field shows the time (second) from last packet matches this
+entry. The last field has TCP inner status. Of course, the last
+field appears only protocol is TCP.
+.Pp
+When use 'long' directive with 'show xlate', these table show as below
+.Bd -literal -offeet XX
+tcp 3ffe=857b:10bf.23 3ffe=fea8:4e66.1041
+ 133.123.16.193.28686 133.123.16.191.23 00:00:01 SYN_SENT
+.Ed
+.Pp
+This entry has same field as above, but IPv6 address was shrinked to
+14 columns, so it is easy to see this table entry. Each IPv6 address
+was shown as first 4 column and last 9 column connecting with '='
+character.
.\"
.Sh FILES
.Bl -tag -width /dev/kmemxxx -compact
@@ -176,6 +339,10 @@ This translator will not automatically perform proxy ARP. Therefore,
you may need to configure the translator box for proxy ARP, or
configure alias IP address by using
.Xr ifconfig 8 .
+.Pp
+.Nm Natptconfig
+show subcommand read many information from kernel device
+(ie. /dev/kmem), so you must have read permission of this device.
.\"
.Sh HISTORY
.Nm Natptconfig
Please sign in to comment.
Something went wrong with that request. Please try again.