FORGOT YOUR DETAILS?

CREATE ACCOUNT

 

UNISON Help

Unison Help

  1. Unison Kernel
    1. Pthreads
      1. pthread_create()
      2. pthread_exit()
      3. pthread_self()
      4. pthread_equal()
      5. pthread_join()
      6. pthread_detach()
      7. pthread_setschedparam()
      8. pthread_getschedparam()
      9. pthread_attr_init()
      10. pthread_attr_destroy()
      11. pthread_attr_setstackaddr()
      12. pthread_attr_getstackaddr()
      13. pthread_attr_setstacksize()
      14. pthread_attr_getstacksize()
      15. pthread_attr_setschedparam()
      16. pthread_attr_getschedparam()
      17. pthread_attr_setdetachstate()
      18. pthread_attr_getdetachstate()
      19. pthread_stackinfo()
      20. pthread_setprio()
      21. pthread_getprio()
      22. sched_get_priority_max()
      23. sched_get_priority_min()
      24. sched_yield()
    2. Pthread Cancellation
      1. pthread_cleanup_pop()
      2. pthread_cleanup_push()
      3. pthread_cancel()
      4. pthread_setcanceltype()
      5. pthread_setcancelstate()
      6. pthread_testcancel()
    3. Mutex
      1. pthread_mutex_init()
      2. pthread_mutex_destroy()
      3. pthread_mutex_lock()
      4. pthread_mutex_trylock()
      5. pthread_mutex_unlock()
    4. Semaphores
      1. sem_open()
      2. sem_close()
      3. sem_unlink()
      4. sem_init()
      5. sem_destroy()
      6. sem_wait()
      7. sem_trywait()
      8. sem_timedwait()
      9. sem_post()
      10. sem_getvalue()
    5. Message Queues
      1. mq_open()
      2. mq_close()
      3. mq_unlink()
      4. mq_send()
      5. mq_receive()
      6. mq_notify()
      7. mq_setattr()
      8. mq_getattr()
      9. mq_timedreceive()
      10. mq_timedsend()
    6. Conditional Variables
      1. pthread_cond_init()
      2. pthread_cond_destroy()
      3. pthread_cond_wait()
      4. pthread_cond_timedwait()
      5. pthread_cond_signal()
      6. pthread_cond_broadcast()
      7. pthread_condattr_init()
      8. pthread_condattr_destroy()
    7. Barriers
      1. pthread_barrier_init()
      2. pthread_barrier_destroy()
      3. pthread_barrier_wait()
    8. Timers
      1. timer_create()
      2. timer_delete()
      3. timer_settime()
      4. timer_gettime()
      5. timer_getoverrun()
      6. timer_tick()
      7. nanosleep()
    9. Clocks
      1. time()
      2. uptime()
      3. sleep()
      4. clock_settime()
      5. clock_gettime()
      6. clock_getres()
      7. clock_init()
    10. Memory Allocation
      1. POSIX.1
        1. malloc()
        2. free()
      2. Variable Length (Pools)
        1. pool_create()
        2. pool_destroy()
        3. pool_alloc()
        4. pool_free()
      3. Fixed Length (Partitions)
        1. pt_create()
        2. pt_destroy()
        3. pt_getblock()
        4. pt_freeblock()
    11. Rendezvous
      1. mr_init()
      2. mr_send()
      3. mr_receive()
      4. mr_reply()
      5. mr_sigrecv()
      6. mr_sigpost()
    12. Interrupts
      1. interrupts
      2. i_disable()
      3. i_restore()
    13. Directory Services
      1. dir_register()
      2. dir_deregister()
      3. dir_lookup()
      4. dir_lookup_string()
    14. Miscellaneous
      1. checkIstack()
      2. NanoStart() or DSPexec_Start()
      3. _isrStackFill
      4. Kernel Scaling
      5. kfatal()
      6. kalloc()
      7. kfree()
      8. mpu or mmu
      9. pthreadStackFill
      10. thread_numb()
      11. thread_utilization_start()
      12. thread_utilization_stop()
      13. xprintf()
      14. xputs()
      15. xputchar()
  2. Unison I/O Library
    1. accept()
    2. bind()
    3. chmod()
    4. close()
    5. connect()
    6. creat()
    7. fstat()
    8. getpeername()
    9. getsockname()
    10. getsockopt()
    11. ioctl()
    12. link()
    13. listen()
    14. lseek()
    15. mkdir()
    16. mkfs()
    17. mount()
    18. open()
    19. read()
    20. recv()
    21. recvfrom()
    22. rename()
    23. renameat()
    24. rmdir()
    25. select()
    26. send()
    27. sendto()
    28. setsockopt()
    29. shutdown()
    30. socket()
    31. stat()
    32. sync()
    33. umount()
    34. unlink()
    35. write()
  3. Unison STDIO Library
    1. STDIO Library Calls
      1. clearerr()
      2. dprintf()
      3. fclose()
      4. fdopen()
      5. feof()
      6. ferror()
      7. fileno()
      8. fflush()
      9. fgetc()
      10. fgetpos()
      11. fgets()
      12. fopen()
      13. fprintf()
      14. fputc()
      15. fputs()
      16. fread()
      17. freopen()
      18. fscanf()
      19. fseek()
      20. fseeko()
      21. fsetpos()
      22. ftell()
      23. ftello()
      24. fwrite()
      25. getc()
      26. getc_unlocked()
      27. getchar()
      28. getchar_unlocked()
      29. getdelim()
      30. getline()
      31. gets()
      32. get_stderr_ptr()
      33. get_stdin_ptr()
      34. get_stdout_ptr()
      35. noperprintf()
      36. perprintf()
      37. perror()
      38. posix_compat()
      39. printf()
      40. putc()
      41. putc_unlocked()
      42. putchar()
      43. putchar_unlocked()
      44. puts()
      45. remove()
      46. rewind()
      47. scanf()
      48. setbuf()
      49. setvbuf()
      50. snprintf()
      51. sprintf()
      52. sscanf()
      53. stderr_init()
      54. stderr_close()
      55. stdin_init()
      56. stdin_close()
      57. stdout_init()
      58. stdout_close()
      59. vdprintf()
      60. vscanf()
      61. vsscanf()
      62. vfscanf()
      63. vprintf()
      64. vsnprintf()
      65. vsprintf()
      66. vfprintf()
      67. ungetc()
    2. Do-nothing Stubs
      1. ctermid()
      2. flockfile()
      3. fmemopen()
      4. ftrylockfile()
      5. open_memstream()
      6. pclose()
      7. popen()
      8. tempnam()
      9. tmpfile()
      10. tmpnam()
  4. Unison LIBC Library
    1. LIBC Library Calls
      1. assert()
      2. realloc()
      3. strcasecmp()
      4. strdup()
      5. strncasecmp()
      6. strftime()
    2. Do-nothing Stubs
      1. abort()
      2. execve()
      3. exit()
      4. _Exit()
      5. fork()
      6. getpid()
      7. isatty()
      8. kill()
      9. sbrk()
      10. times()
      11. wait()
    3. Do-nothing Wide-character Stubs
      1. <wchar.h>
      2. <wctype.h>
  5. Unison I/O Servers
    1. File Servers
      1. Multimedia File Server - fsys
      2. FAT File System - fatfs
      3. NAND File Server - nandfsys
      4. NOR File Server - norfsys
      5. Network File Server - nfs
  6. Graphics, Camera, Video, Audio
    1. Vendor Graphics
    2. Prism++ Graphics
    3. ADPCM Services - adpcmd
    4. Camera
  7. Network Protocols
    1. TCP and UDP Server - tcpd
      1. IPv4 only server
      2. IPv4/IPv6 server
    2. DHCP Client Service - dhcp client
    3. DHCP Server - dhcpd
    4. Telnet Server - telnetd
    5. Tiny FTP Server - tftpd
    6. Point to Point - pppd
    7. Network Translation - NAT with PAT
    8. Firewall
      1. Packet filter: pf
      2. Packet filter control: pfctl
      3. Fitler rules: pf.filtering
      4. Translation rules: pf.nat
    9. Tiny HTTP Server - thttpd
    10. Tiny HTTP Server with TLS
    11. POP3 Server
    12. Simple Mail Transfer Protocol Services (SMTP)
    13. Bootp Protocol
    14. File Transfer Protocol Server (FTP)
    15. File Transfer Client Services
    16. RPC / XDR
    17. DNS Client
    18. HTTP/HTTPS Client
    19. REST Client
    20. AutoIP Service - autoip client
    21. mDNS server - mdnsd
    22. SNTP Client
    23. SNMP Agent - Snmpd server
    24. SSL/TLS library
    25. SSH server
    26. IP security
      1. IPsec description
      2. IPsec administration: ipsecadm
      3. Virtual Private Network: VPN
    27. Power Control
      1. Motor and Motion Control Servers
      2. PWM, Encoders
    28. Serial I/O
      1. Asynchronous Serial I/O Server - ttyserver
      2. CAN Server - cand
      3. I2C Server - i2cd
      4. I2S Server - i2sd
    29. System Services
      1. Power Management Servers
      2. Login Service - login_services
      3. XML
      4. POSIX Shell and Login Service - posh
    30. Universal Serial Bus (USB)
      1. USB Server
      2. USB Device Server
      3. USB Embedded Host Server
    31. Wireless
      1. Wireless Servers and Drivers
      2. 802.15.4 Radio Servers
      3. TCP/v6 with 6loWPAN
      4. ZigBee
      5. BlueTooth Server
      6. 802.11 Wi-Fi
      7. GPRS, UHF and GPS Radio Servers
    32. Remedy Tools for Unison
      1. Remedy Data Logging and Event Display Tools
      2. Remedy Diagnostics
      3. Remedy Flash Downloader/Bootloader
      4. Remedy Power On Self Test - POST
      5. Remedy OS Object Viewer
      6. Remedy Remote Control Tools

7.8.4.Translation rules: pf.nat #

NAME

pf.nat – network address translation configuration description for packet filtering

DESCRIPTION

The rules for network address translation specify which addresses are to be mapped and which are to be redirected.

A nat rule specifies that IP addresses are to be changed as the packet traverses the given interface. This technique of network address translation (NAT) allows a single IP address on the translating host to support network traffic for a larger range of machines on an inside network. Although in theory any IP address can be used on the inside, it is strongly recommended that one of the address ranges defined by RFC 1918 be used. These netblocks are:

     10.0.0.0    - 10.255.255.255 (all of net 10, i.e., 10/8)
     172.16.0.0  - 172.31.255.255 (i.e., 172.16/12)
     192.168.0.0 - 192.168.255.255 (i.e., 192.168/16)

A binat rule specifies a bidirectional map between an external IP address and an an internal IP address.

An rdr rule specifies an incoming connection to be redirected to another host and optionally a different port.

Note that all translation rules apply only to packets that pass through the specified interface. For instance, redirecting port 80 on an external interface to an internal web server will only work for connections originating from the outside. Connections to the address of the external interface from local hosts will not be redirected, since such packets do not actually pass through the external interface. Redirections can’t reflect packets back through the interface they arrive on, they can only be redirected to hosts connected to different interfaces or to the firewall itself.

Also note that all translations of packets occur before the filter rules (see pf.filtering) are evaluated. Hence, ‘pass in’ rules for redirected packets should specify the address/port after translation.

GRAMMAR

Syntax for NAT rules in BNF:

     rule      = [ "no" ] ( nat_rule | binat_rule | rdr_rule ) .

     nat_rule  = "nat" "on" [ "!" ] ifname [ protospec ] "from" ipspec
                 "to" ipspec [ "->" address ] .

     binat_rule = "binat" "on" ifname [ protospec ] "from" address
                  "to" ipspec [ "->" address ] .

     rdr_rule  = "rdr" "on" [ "!" ] ifname [ protospec ] "from" ipspec
                 "to" ipspec [ portspec ] [ "->" address [ portspec ] ] .

     protospec = "proto" ( number | "tcp" | "udp" | "icmp" ) .

     ipspec    = "any" | host .

     host      = [ "!" ] address [ "/" mask-bits ] .

     portspec  = "port" number [ ":" ( "*" | number ) ] .

Comments begin with the character ‘#’; empty lines are ignored. Rules are processed in the order read, one rule per line. The first matching rule is applied. Rules prefixed with “no” lead to no translation. Such rules can be used to exclude certain connections from being translated.

An ifname is a network interface such as eth0, wifi0 and etc. address can be specified in CIDR notation (matching a netblock) or as symbolic interface name. Host name resolution and interface to address translation are done at rule set load-time. When the address of an interface (or host name) changes (by DHCP or PPP, for instance), the rule set must be reloaded for the change to be reflected in the tcp-server. If specified, mask-bits refers to the number of bits in the net- mask. The negation character, ‘!’, may be used before an ifname or an address. The protocol specification is optional. If it is omitted, the rule applies to packets of all protocols.

rdr rules can optionally specify port ranges instead of single ports.
'rdr ... port 2000:2999 -> ... port 4000' – redirects ports 2000 to 2999 (including port 2000 and 2999) to the same port 4000.
'rdr ... port 2000:2999 -> ... port 4000:*' – redirects port 2000 to 4000, 2001 to 4001, …, 2999 to 4999.

EXAMPLE

In the example below, ppp0 is configured for the 192.168.168.1; the machine translates all packets coming from 192.168.168.0/24 to 204.92.77.111 when they are going out any interface except ppp0. This has the net effect of making traffic from the 192.168.168.0/24 network appear as though it is the Internet routeable address 204.92.77.111 to nodes behind any interface on the router except for the nodes on ppp0. (Thus, 192.168.168.1 can talk to the 192.168.168.0/24 nodes.)

     nat on ! ppp0 from 192.168.168.0/24 to any -> 204.92.77.111

In the example below, eth0 is the outside interface; the machine sits between a fake internal 144.19.74.* network, and a routable external IP of 204.92.77.100. The “no nat” rule excludes protocol AH (51) from being translated.

     no nat on eth0 proto 51 from 144.19.74.0/24 to any
     nat on eth0 from 144.19.74.0/24 to any -> 204.92.77.100

In the example below, eth0 is the outside interface; a 1:1 bidirectional map is created between the private address 192.168.1.5 and the routable external address 204.92.77.113. (Thus, incoming traffic to 204.92.77.113 is mapped to the internal address 192.168.1.5.)

     binat on eth0 from 192.168.1.5 to any -> 204.92.77.113

This longer example uses both a NAT and a redirection. Interface wifi0 is the outside interface, and its external address is 157.161.48.183. Interface eth0 is the inside interface, and we are running thread listening for outbound ftp sessions captured to port 8081.

     # NAT
     # translate outgoing packets' source addresses (any protocol)
     # in my case, any address but the gateway's external address is mapped
     #
     nat on wifi0 from ! 157.161.48.183 to any -> 157.161.48.183

     # BINAT
     # translate outgoing packets' source address (any protocol)
     # translate incoming packets' destination address to an internal machine
     # (bidirectional)
     binat on wifi0 from 10.1.2.150 to any -> 157.161.48.184

     # RDR
     # translate incoming packets' destination addresses
     # as an example, redirect a TCP and UDP port to an internal machine
     # NOTE: the lines below are split for readability
     #
     rdr on wifi0 proto tcp from any to 157.161.48.183/32 port 8080 \
             -> 10.1.2.151 port 22
     rdr on wifi0 proto udp from any to 157.161.48.183/32 port 8080 \
             -> 10.1.2.151 port 53

     # RDR
     # translate outgoing ftp control connections to send them to localhost
     # for capturing with thread's socket running on port 8081
     rdr on eth0 proto tcp from any to any port 21 -> 127.0.0.1 port 8081

NOTES

There is a demo available for the Unison and DSPnano pf.nat which is found in installdir/demos.

SEE ALSO

pfctl, pf.filtering

 

« Fitler rules: pf.filteringTiny HTTP Server - thttpd »
Suggest Edit

CONTACT US

TO GET YOUR PROJECT STARTED

TOP