tc-nat(8)



NAT action in tc(8)                  Linux                 NAT action in tc(8)

NAME
       nat - stateless native address translation action

SYNOPSIS
       tc ... action nat DIRECTION OLD NEW

       DIRECTION := { ingress | egress }

       OLD := IPV4_ADDR_SPEC

       NEW := IPV4_ADDR_SPEC

       IPV4_ADDR_SPEC := { default | any | all | in_addr[/{prefix|netmask}]

DESCRIPTION
       The nat action allows to perform NAT without the overhead of conntrack,
       which is desirable if the number of flows or addresses to  perform  NAT
       on  is large. This action is best used in combination with the u32 fil-
       ter to allow for efficient lookups of a large number of  stateless  NAT
       rules in constant time.

OPTIONS
       ingress
              Translate destination addresses, i.e. perform DNAT.

       egress Translate source addresses, i.e. perform SNAT.

       OLD    Specifies addresses which should be translated.

       NEW    Specifies addresses which OLD should be translated into.

NOTES
       The  accepted  address  format in OLD and NEW is quite flexible. It may
       either consist of one of the keywords default, any or all, representing
       the  all-zero  IP address or a combination of IP address and netmask or
       prefix length separated by a slash (/) sign. In any case, the mask  (or
       prefix  length)  value of OLD is used for NEW as well so that a one-to-
       one mapping of addresses is assured.

       Address translation is done using a combination of  binary  operations.
       First,  the original (source or destination) address is matched against
       the value of OLD.  If the original address fits,  the  new  address  is
       created  by taking the leading bits from NEW (defined by the netmask of
       OLD) and taking the remaining bits from the original address.

       There is rudimental support for upper layer protocols, namely TCP,  UDP
       and  ICMP.  While for the first two only checksum recalculation is per-
       formed, the action also takes care of embedded IP headers in ICMP pack-
       ets by translating the respective address therein, too.

SEE ALSO
       tc(8)

iproute2                          12 Jan 2015              NAT action in tc(8)

Man(1) output converted with man2html
list of all man pages