NAME¶

tnat64.conf - configuration file for tnat64(8)

OVERVIEW¶

The configuration for tnat64 can be anything from two lines to hundreds of lines based on the needs at any particular site. The basic idea is to define any networks the machine can access directly via IPv4 and define one or many NAT64 prefixes to be used to access other networks (including a 'default' prefix). Local networks are declared using the 'local' keyword in the configuration file. When applications attempt to connect to machines in networks marked as local tnat64 will not attempt to use a NAT64 prefix. Obviously if a connection is not to a locally accessible network it will need to be proxied over a NAT64. However, sometimes you may need to use different NAT64 prefixes to access different internal (and external) networks. For this reason the configuration file allows the definition of 'paths' as well as a default NAT64 prefix. Paths are declared as blocks in the configuration file. That is, they begin with a 'path {' line in the configuration file and end with a '}' line. Inside this block directives should be used to declare a NAT64 proxy (as documented later in this manual page) and 'subnet' directives should be used to declare networks and even destination ports in those networks that this server should be used to reach. Please note that each path MUST define a NAT64 prefix and contain one or more 'subnet' directives. NAT64 prefix declaration directives that are not contained within a 'path' block define the default NAT64 prefix. If tnat64 needs to connect to a machine via a NAT64 (i.e it isn't a network declared as 'local') and no 'path' has declared it can reach that network via a 'subnet' directive, this NAT64 prefix is used to construct IPv6 addresses.

CONFIGURATION SYNTAX¶

The basic structure of all lines in the configuration file is: The exception to this is 'path' blocks which look like: Empty lines are ignored and all input on a line after a '#' character is ignored.

DIRECTIVES¶

The following directives are used in the tnat64 configuration file:

nat64_prefix

The prefix of IPv6 address of the NAT64 (e.g. "nat64_prefix = 64:ff9b::"). Only one NAT64 prefix may be specified per path block, or one outside a path block (to define the default NAT64 prefix). The NAT64 prefix is always /96.

 

local

An IP/subnet pair specifying a network which may be accessed directly without proxying through NAT64 (e.g "local = 10.0.0.0/255.0.0.0").

 

subnet

This directive is only valid inside a path block. Its parameter is formed as IP[:startport[-endport]]/subnet and it specifies a network (and a range of ports on that network) that can be accessed by through NAT64 specified in this path block. For example, in a path block "subnet = 150.0.0.0:80-1024/255.0.0.0" indicates to tnat64 that the NAT64 prefix specified in the current path block should be used to access any IPs in the range 150.0.0.0 to 150.255.255.255 when the connection request is for ports 80-1024.

 

UTILITIES¶

tnat64 comes with two utilities that can be useful in creating and verifying the tnat64 configuration file.

tnat64-validateconf

tnat64-validateconf can be used to verify the configuration file. It checks the format of the file and also the contents for errors. Having read the file it dumps the configuration to the screen in a formatted, readable manner. This can be extremely useful in debugging problems.

 

tnat64-validateconf can read a configuration file from a location other than the location specified at compile time with the -f <filename> command line option.

 

Normally tnat64-validateconf simply dumps the configuration read to the screen (in a nicely readable format), however it also has a useful 'test' mode. When passed a hostname/ip on the command line like -t <hostname/ip>, tnat64-validateconf determines which of the NAT64 prefixes specified in the configuration file would be used by tnat64 to access the specified host.

 

SEE ALSO¶

tnat64(8)

AUTHORS¶

Andrew O. Shadura (bugzilla@tut.by), Shaun Clowes (delius@progsoc.uts.edu.au)

COPYRIGHT¶

Copyright 2011 Andrew O. Shadura Original tsocks manual page, copyright 2000 Shaun Clowes tnat64 and its documentation may be freely copied under the terms and conditions of version 2 of the GNU General Public License, as published by the Free Software Foundation (Cambridge, Massachusetts, United States of America). This documentation is heavily based on the documentation for tsocks, transparent SOCKSification library, whose documentation itself is based on the documentation for logwrites, another shared library interceptor. One line of code from it was used in tnat64 and a lot of the documentation :) logwrites is by adam@yggdrasil.com (Adam J. Richter) and can be had from ftp.yggdrasil.com pub/dist/pkg