npf map syntax

To: netbsd-users%netbsd.org@localhost
Subject: npf map syntax
From: Patrick Welche <prlw1%cam.ac.uk@localhost>
Date: Thu, 29 Dec 2016 22:59:40 +0000

Just looking at npf as a workaround for kern/50198 (I think the patch in
there is correct, and the last comments amount to trying with and without
IPN_IN), and am stumped at the first hurdle:

ipf:

rdr xennet0 0.0.0.0/0 port 80 -> 127.0.0.1 port 1234 tcp

What is the equivalent in npf? I tried

$any = 0.0.0.0/0
map $ext_if dynamic 127.0.0.1 port 1234 <- $any port 80
#map $ext_if dynamic 127.0.0.1 port 1234 <- $ext_if port 80
#map $ext_if dynamic $any port 80 <- 127.0.0.1 port 1234

and none seem to work. (What is net-seg defined as?)

(for the second hurdle: I have the equivalent code running calling
npf_nat_lookup() which seems to work, but I suspect it is because
I am running on amd64: is npf_addr_t in host or net order? simply
same as sockaddr_in?)

Cheers,

Patrick

Prev by Date: The $0.5M donation to FreeBSD Foundation
Next by Date: NetBSD, ipv6, and linode
Previous by Thread: The $0.5M donation to FreeBSD Foundation
Next by Thread: NetBSD, ipv6, and linode
Indexes:

Home | Main Index | Thread Index | Old Index