Added FORCE_NAT mode to the access.conf file
authorMichael Rash <mbr@cipherdyne.org>
Thu, 1 Dec 2011 01:51:19 +0000 (20:51 -0500)
committerMichael Rash <mbr@cipherdyne.org>
Thu, 1 Dec 2011 01:51:19 +0000 (20:51 -0500)
commit9b7c1a8ce69fe51337458cce4e7b5e9cb3d7654b
treed3946d89ca7721d60becbbd136af4df16f19d8f4
parent8585958e6e164d47c3d9dc106d4a15aee18599b9
Added FORCE_NAT mode to the access.conf file

This commit adds a new configuration variable "FORCE_NAT" to the access.conf
file:

    For any valid SPA packet, force the requested connection to be NAT'd
    through to the specified (usually internal) IP and port value.  This is
    useful if there are multiple internal systems running a service such as
    SSHD, and you want to give transparent access to only one internal system
    for each stanza in the access.conf file.  This way, multiple external
    users can each directly access only one internal system per SPA key.

This commit also implements a few minor code cleanups.
21 files changed:
client/config_init.c
client/fwknop_common.h
client/http_resolve_host.c
common/common.h
doc/fwknop.man.asciidoc
doc/fwknopd.man.asciidoc
server/access.c
server/fw_util.h
server/fw_util_ipf.c
server/fw_util_ipfw.c
server/fw_util_iptables.c
server/fw_util_pf.c
server/fwknopd.c
server/fwknopd_common.h
server/incoming_spa.c
server/tcp_server.c
test/conf/expired_stanza_access.conf
test/conf/force_nat_access.conf [new file with mode: 0644]
test/conf/future_expired_stanza_access.conf [new file with mode: 0644]
test/conf/invalid_expire_access.conf [new file with mode: 0644]
test/test-fwknop.pl