diff options
| author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2006-12-03 01:07:13 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2006-12-03 01:07:13 -0500 |
| commit | 5b1158e909ecbe1a052203e0d8df15633f829930 (patch) | |
| tree | 1d29320fd6184b982b1a8a83e7e1e9f25537d3ff /net/ipv4/netfilter/Kconfig | |
| parent | d2483ddefd38b06053cdce7206382ca61f6282b1 (diff) | |
[NETFILTER]: Add NAT support for nf_conntrack
Add NAT support for nf_conntrack. Joint work of Jozsef Kadlecsik,
Yasuyuki Kozakai, Martin Josefsson and myself.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/netfilter/Kconfig')
| -rw-r--r-- | net/ipv4/netfilter/Kconfig | 30 |
1 files changed, 23 insertions, 7 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index 71485276b81..01789aeaeb5 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig | |||
| @@ -6,7 +6,7 @@ menu "IP: Netfilter Configuration" | |||
| 6 | depends on INET && NETFILTER | 6 | depends on INET && NETFILTER |
| 7 | 7 | ||
| 8 | config NF_CONNTRACK_IPV4 | 8 | config NF_CONNTRACK_IPV4 |
| 9 | tristate "IPv4 support for new connection tracking (EXPERIMENTAL)" | 9 | tristate "IPv4 support for new connection tracking (required for NAT) (EXPERIMENTAL)" |
| 10 | depends on EXPERIMENTAL && NF_CONNTRACK | 10 | depends on EXPERIMENTAL && NF_CONNTRACK |
| 11 | ---help--- | 11 | ---help--- |
| 12 | Connection tracking keeps a record of what packets have passed | 12 | Connection tracking keeps a record of what packets have passed |
| @@ -387,7 +387,7 @@ config IP_NF_TARGET_TCPMSS | |||
| 387 | 387 | ||
| 388 | To compile it as a module, choose M here. If unsure, say N. | 388 | To compile it as a module, choose M here. If unsure, say N. |
| 389 | 389 | ||
| 390 | # NAT + specific targets | 390 | # NAT + specific targets: ip_conntrack |
| 391 | config IP_NF_NAT | 391 | config IP_NF_NAT |
| 392 | tristate "Full NAT" | 392 | tristate "Full NAT" |
| 393 | depends on IP_NF_IPTABLES && IP_NF_CONNTRACK | 393 | depends on IP_NF_IPTABLES && IP_NF_CONNTRACK |
| @@ -398,14 +398,30 @@ config IP_NF_NAT | |||
| 398 | 398 | ||
| 399 | To compile it as a module, choose M here. If unsure, say N. | 399 | To compile it as a module, choose M here. If unsure, say N. |
| 400 | 400 | ||
| 401 | # NAT + specific targets: nf_conntrack | ||
| 402 | config NF_NAT | ||
| 403 | tristate "Full NAT" | ||
| 404 | depends on IP_NF_IPTABLES && NF_CONNTRACK | ||
| 405 | help | ||
| 406 | The Full NAT option allows masquerading, port forwarding and other | ||
| 407 | forms of full Network Address Port Translation. It is controlled by | ||
| 408 | the `nat' table in iptables: see the man page for iptables(8). | ||
| 409 | |||
| 410 | To compile it as a module, choose M here. If unsure, say N. | ||
| 411 | |||
| 401 | config IP_NF_NAT_NEEDED | 412 | config IP_NF_NAT_NEEDED |
| 402 | bool | 413 | bool |
| 403 | depends on IP_NF_NAT != n | 414 | depends on IP_NF_NAT |
| 415 | default y | ||
| 416 | |||
| 417 | config NF_NAT_NEEDED | ||
| 418 | bool | ||
| 419 | depends on NF_NAT | ||
| 404 | default y | 420 | default y |
| 405 | 421 | ||
| 406 | config IP_NF_TARGET_MASQUERADE | 422 | config IP_NF_TARGET_MASQUERADE |
| 407 | tristate "MASQUERADE target support" | 423 | tristate "MASQUERADE target support" |
| 408 | depends on IP_NF_NAT | 424 | depends on (NF_NAT || IP_NF_NAT) |
| 409 | help | 425 | help |
| 410 | Masquerading is a special case of NAT: all outgoing connections are | 426 | Masquerading is a special case of NAT: all outgoing connections are |
| 411 | changed to seem to come from a particular interface's address, and | 427 | changed to seem to come from a particular interface's address, and |
| @@ -417,7 +433,7 @@ config IP_NF_TARGET_MASQUERADE | |||
| 417 | 433 | ||
| 418 | config IP_NF_TARGET_REDIRECT | 434 | config IP_NF_TARGET_REDIRECT |
| 419 | tristate "REDIRECT target support" | 435 | tristate "REDIRECT target support" |
| 420 | depends on IP_NF_NAT | 436 | depends on (NF_NAT || IP_NF_NAT) |
| 421 | help | 437 | help |
| 422 | REDIRECT is a special case of NAT: all incoming connections are | 438 | REDIRECT is a special case of NAT: all incoming connections are |
| 423 | mapped onto the incoming interface's address, causing the packets to | 439 | mapped onto the incoming interface's address, causing the packets to |
| @@ -428,7 +444,7 @@ config IP_NF_TARGET_REDIRECT | |||
| 428 | 444 | ||
| 429 | config IP_NF_TARGET_NETMAP | 445 | config IP_NF_TARGET_NETMAP |
| 430 | tristate "NETMAP target support" | 446 | tristate "NETMAP target support" |
| 431 | depends on IP_NF_NAT | 447 | depends on (NF_NAT || IP_NF_NAT) |
| 432 | help | 448 | help |
| 433 | NETMAP is an implementation of static 1:1 NAT mapping of network | 449 | NETMAP is an implementation of static 1:1 NAT mapping of network |
| 434 | addresses. It maps the network address part, while keeping the host | 450 | addresses. It maps the network address part, while keeping the host |
| @@ -439,7 +455,7 @@ config IP_NF_TARGET_NETMAP | |||
| 439 | 455 | ||
| 440 | config IP_NF_TARGET_SAME | 456 | config IP_NF_TARGET_SAME |
| 441 | tristate "SAME target support" | 457 | tristate "SAME target support" |
| 442 | depends on IP_NF_NAT | 458 | depends on (NF_NAT || IP_NF_NAT) |
| 443 | help | 459 | help |
| 444 | This option adds a `SAME' target, which works like the standard SNAT | 460 | This option adds a `SAME' target, which works like the standard SNAT |
| 445 | target, but attempts to give clients the same IP for all connections. | 461 | target, but attempts to give clients the same IP for all connections. |