diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2006-12-03 01:07:13 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-12-03 01:07:13 -0500 |
commit | 5b1158e909ecbe1a052203e0d8df15633f829930 (patch) | |
tree | 1d29320fd6184b982b1a8a83e7e1e9f25537d3ff /net/ipv4/netfilter/Kconfig | |
parent | d2483ddefd38b06053cdce7206382ca61f6282b1 (diff) |
[NETFILTER]: Add NAT support for nf_conntrack
Add NAT support for nf_conntrack. Joint work of Jozsef Kadlecsik,
Yasuyuki Kozakai, Martin Josefsson and myself.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/netfilter/Kconfig')
-rw-r--r-- | net/ipv4/netfilter/Kconfig | 30 |
1 files changed, 23 insertions, 7 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index 71485276b81..01789aeaeb5 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig | |||
@@ -6,7 +6,7 @@ menu "IP: Netfilter Configuration" | |||
6 | depends on INET && NETFILTER | 6 | depends on INET && NETFILTER |
7 | 7 | ||
8 | config NF_CONNTRACK_IPV4 | 8 | config NF_CONNTRACK_IPV4 |
9 | tristate "IPv4 support for new connection tracking (EXPERIMENTAL)" | 9 | tristate "IPv4 support for new connection tracking (required for NAT) (EXPERIMENTAL)" |
10 | depends on EXPERIMENTAL && NF_CONNTRACK | 10 | depends on EXPERIMENTAL && NF_CONNTRACK |
11 | ---help--- | 11 | ---help--- |
12 | Connection tracking keeps a record of what packets have passed | 12 | Connection tracking keeps a record of what packets have passed |
@@ -387,7 +387,7 @@ config IP_NF_TARGET_TCPMSS | |||
387 | 387 | ||
388 | To compile it as a module, choose M here. If unsure, say N. | 388 | To compile it as a module, choose M here. If unsure, say N. |
389 | 389 | ||
390 | # NAT + specific targets | 390 | # NAT + specific targets: ip_conntrack |
391 | config IP_NF_NAT | 391 | config IP_NF_NAT |
392 | tristate "Full NAT" | 392 | tristate "Full NAT" |
393 | depends on IP_NF_IPTABLES && IP_NF_CONNTRACK | 393 | depends on IP_NF_IPTABLES && IP_NF_CONNTRACK |
@@ -398,14 +398,30 @@ config IP_NF_NAT | |||
398 | 398 | ||
399 | To compile it as a module, choose M here. If unsure, say N. | 399 | To compile it as a module, choose M here. If unsure, say N. |
400 | 400 | ||
401 | # NAT + specific targets: nf_conntrack | ||
402 | config NF_NAT | ||
403 | tristate "Full NAT" | ||
404 | depends on IP_NF_IPTABLES && NF_CONNTRACK | ||
405 | help | ||
406 | The Full NAT option allows masquerading, port forwarding and other | ||
407 | forms of full Network Address Port Translation. It is controlled by | ||
408 | the `nat' table in iptables: see the man page for iptables(8). | ||
409 | |||
410 | To compile it as a module, choose M here. If unsure, say N. | ||
411 | |||
401 | config IP_NF_NAT_NEEDED | 412 | config IP_NF_NAT_NEEDED |
402 | bool | 413 | bool |
403 | depends on IP_NF_NAT != n | 414 | depends on IP_NF_NAT |
415 | default y | ||
416 | |||
417 | config NF_NAT_NEEDED | ||
418 | bool | ||
419 | depends on NF_NAT | ||
404 | default y | 420 | default y |
405 | 421 | ||
406 | config IP_NF_TARGET_MASQUERADE | 422 | config IP_NF_TARGET_MASQUERADE |
407 | tristate "MASQUERADE target support" | 423 | tristate "MASQUERADE target support" |
408 | depends on IP_NF_NAT | 424 | depends on (NF_NAT || IP_NF_NAT) |
409 | help | 425 | help |
410 | Masquerading is a special case of NAT: all outgoing connections are | 426 | Masquerading is a special case of NAT: all outgoing connections are |
411 | changed to seem to come from a particular interface's address, and | 427 | changed to seem to come from a particular interface's address, and |
@@ -417,7 +433,7 @@ config IP_NF_TARGET_MASQUERADE | |||
417 | 433 | ||
418 | config IP_NF_TARGET_REDIRECT | 434 | config IP_NF_TARGET_REDIRECT |
419 | tristate "REDIRECT target support" | 435 | tristate "REDIRECT target support" |
420 | depends on IP_NF_NAT | 436 | depends on (NF_NAT || IP_NF_NAT) |
421 | help | 437 | help |
422 | REDIRECT is a special case of NAT: all incoming connections are | 438 | REDIRECT is a special case of NAT: all incoming connections are |
423 | mapped onto the incoming interface's address, causing the packets to | 439 | mapped onto the incoming interface's address, causing the packets to |
@@ -428,7 +444,7 @@ config IP_NF_TARGET_REDIRECT | |||
428 | 444 | ||
429 | config IP_NF_TARGET_NETMAP | 445 | config IP_NF_TARGET_NETMAP |
430 | tristate "NETMAP target support" | 446 | tristate "NETMAP target support" |
431 | depends on IP_NF_NAT | 447 | depends on (NF_NAT || IP_NF_NAT) |
432 | help | 448 | help |
433 | NETMAP is an implementation of static 1:1 NAT mapping of network | 449 | NETMAP is an implementation of static 1:1 NAT mapping of network |
434 | addresses. It maps the network address part, while keeping the host | 450 | addresses. It maps the network address part, while keeping the host |
@@ -439,7 +455,7 @@ config IP_NF_TARGET_NETMAP | |||
439 | 455 | ||
440 | config IP_NF_TARGET_SAME | 456 | config IP_NF_TARGET_SAME |
441 | tristate "SAME target support" | 457 | tristate "SAME target support" |
442 | depends on IP_NF_NAT | 458 | depends on (NF_NAT || IP_NF_NAT) |
443 | help | 459 | help |
444 | This option adds a `SAME' target, which works like the standard SNAT | 460 | This option adds a `SAME' target, which works like the standard SNAT |
445 | target, but attempts to give clients the same IP for all connections. | 461 | target, but attempts to give clients the same IP for all connections. |