Re: Removing PF

To: Jan Danielsson <jan.m.danielsson%gmail.com@localhost>, "Aaron B." <aaron%zadzmo.org@localhost>
Subject: Re: Removing PF
From: Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
Date: Tue, 2 Apr 2019 12:19:25 +0100

Jan Danielsson <jan.m.danielsson%gmail.com@localhost> wrote:
> On 2019-04-02 08:53, Martin Husemann wrote:
> >> This, exactly, is the showstopper that has prevented me from moving to
> >> npf. The ability to add/remove IP addresses from a NAT translation
> >> without changing npf.conf doesn't seem to be possible in any
> >> documentation I was able to find.

If you just want to dynamically change the translation address(es),
then NPF in -current already supports that.  Basically, NPF supports
NAT address being specified as a table.  However, npf.conf(5) syntax
hides/abstracts some of that (as the common case is for the interface
addresses and because we need to specify address selection algorithm).

> <...>
> 
>    These are the filter rules, not the NAT rules.
> 
>    The UPnP device essentially says two things:
>    1) Hey, I would like external hosts to be able to access me on port
> X.  (filter rule, this works as you pointed out).
>    2) Hey, I'm at a.b.c.d, and I would like external port X to redirect
> to me at port Y.  (NAT rule, this isn't supported yet).
> 

There is a partial support for dynamic NAT rules too, but yes -- it is
not documented anywhere.  Supporting miniupnpd is essentially the same
type of work as for ftp-proxy.  If anybody wants to work on miniupnpd,
please feel free to contact me.

-- 
Mindaugas

References:
- Re: Removing PF
  - From: Brian Buhrow
- Re: Removing PF
  - From: Matt Sporleder
- Re: Removing PF
  - From: Jan Danielsson
- Re: Removing PF
  - From: Aaron B.
- Re: Removing PF
  - From: Martin Husemann
- Re: Removing PF
  - From: Jan Danielsson

Prev by Date: Re: Removing PF
Next by Date: Re: Removing PF
Previous by Thread: Re: Removing PF
Next by Thread: Re: Removing PF
Indexes:

Home | Main Index | Thread Index | Old Index