1NAT action in tc(8)                  Linux                 NAT action in tc(8)
2
3
4

NAME

6       nat - stateless native address translation action
7

SYNOPSIS

9       tc ... action nat DIRECTION OLD NEW
10
11       DIRECTION := { ingress | egress }
12
13       OLD := IPV4_ADDR_SPEC
14
15       NEW := IPV4_ADDR_SPEC
16
17       IPV4_ADDR_SPEC := { default | any | all | in_addr[/{prefix|netmask}]
18

DESCRIPTION

20       The nat action allows to perform NAT without the overhead of conntrack,
21       which is desirable if the number of flows or addresses to  perform  NAT
22       on  is large. This action is best used in combination with the u32 fil‐
23       ter to allow for efficient lookups of a large number of  stateless  NAT
24       rules in constant time.
25

OPTIONS

27       ingress
28              Translate destination addresses, i.e. perform DNAT.
29
30       egress Translate source addresses, i.e. perform SNAT.
31
32       OLD    Specifies addresses which should be translated.
33
34       NEW    Specifies addresses which OLD should be translated into.
35

NOTES

37       The  accepted  address  format in OLD and NEW is quite flexible. It may
38       either consist of one of the keywords default, any or all, representing
39       the  all-zero  IP address or a combination of IP address and netmask or
40       prefix length separated by a slash (/) sign. In any case, the mask  (or
41       prefix  length)  value of OLD is used for NEW as well so that a one-to-
42       one mapping of addresses is assured.
43
44       Address translation is done using a combination of  binary  operations.
45       First,  the original (source or destination) address is matched against
46       the value of OLD.  If the original address fits,  the  new  address  is
47       created  by taking the leading bits from NEW (defined by the netmask of
48       OLD) and taking the remaining bits from the original address.
49
50       There is rudimental support for upper layer protocols, namely TCP,  UDP
51       and  ICMP.  While for the first two only checksum recalculation is per‐
52       formed, the action also takes care of embedded IP headers in ICMP pack‐
53       ets by translating the respective address therein, too.
54

SEE ALSO

56       tc(8)
57
58
59
60iproute2                          12 Jan 2015              NAT action in tc(8)
Impressum