{ "content": [ { "type": "text", "text": "# tc-nat (man)\n\n## NAME\n\nnat - stateless native address translation action\n\n## SYNOPSIS\n\ntc ... action nat DIRECTION OLD NEW\nDIRECTION := { ingress | egress }\nOLD := IPV4ADDRSPEC\nNEW := IPV4ADDRSPEC\nIPV4ADDRSPEC := { default | any | all | inaddr[/{prefix|netmask}]\n\n## DESCRIPTION\n\nThe nat action allows to perform NAT without the overhead of conntrack, which is desirable if\nthe number of flows or addresses to perform NAT on is large. This action is best used in com‐\nbination with the u32 filter to allow for efficient lookups of a large number of stateless\nNAT rules in constant time.\n\n## Sections\n\n- **NAME**\n- **SYNOPSIS**\n- **DESCRIPTION**\n- **OPTIONS** (1 subsections)\n- **NOTES**\n- **SEE ALSO**\n\nUse structuredContent.sections for detailed options, examples, and full documentation.\n" } ], "structuredContent": { "command": "tc-nat", "section": "", "mode": "man", "summary": "nat - stateless native address translation action", "synopsis": "tc ... action nat DIRECTION OLD NEW\nDIRECTION := { ingress | egress }\nOLD := IPV4ADDRSPEC\nNEW := IPV4ADDRSPEC\nIPV4ADDRSPEC := { default | any | all | inaddr[/{prefix|netmask}]", "tldr_summary": null, "tldr_examples": [], "tldr_source": null, "flags": [], "examples": [], "see_also": [ { "name": "tc", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/tc/8/json" }, { "name": "tc", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/tc/8/json" } ], "section_outline": [ { "name": "NAME", "lines": 2, "subsections": [] }, { "name": "SYNOPSIS", "lines": 10, "subsections": [] }, { "name": "DESCRIPTION", "lines": 5, "subsections": [] }, { "name": "OPTIONS", "lines": 1, "subsections": [ { "name": "ingress", "lines": 8 } ] }, { "name": "NOTES", "lines": 15, "subsections": [] }, { "name": "SEE ALSO", "lines": 5, "subsections": [] } ], "sections": { "NAME": { "content": "nat - stateless native address translation action\n", "subsections": [] }, "SYNOPSIS": { "content": "tc ... action nat DIRECTION OLD NEW\n\nDIRECTION := { ingress | egress }\n\nOLD := IPV4ADDRSPEC\n\nNEW := IPV4ADDRSPEC\n\nIPV4ADDRSPEC := { default | any | all | inaddr[/{prefix|netmask}]\n", "subsections": [] }, "DESCRIPTION": { "content": "The nat action allows to perform NAT without the overhead of conntrack, which is desirable if\nthe number of flows or addresses to perform NAT on is large. This action is best used in com‐\nbination with the u32 filter to allow for efficient lookups of a large number of stateless\nNAT rules in constant time.\n", "subsections": [] }, "OPTIONS": { "content": "", "subsections": [ { "name": "ingress", "content": "Translate destination addresses, i.e. perform DNAT.\n\negress Translate source addresses, i.e. perform SNAT.\n\nOLD Specifies addresses which should be translated.\n\nNEW Specifies addresses which OLD should be translated into.\n" } ] }, "NOTES": { "content": "The accepted address format in OLD and NEW is quite flexible. It may either consist of one of\nthe keywords default, any or all, representing the all-zero IP address or a combination of IP\naddress and netmask or prefix length separated by a slash (/) sign. In any case, the mask (or\nprefix length) value of OLD is used for NEW as well so that a one-to-one mapping of addresses\nis assured.\n\nAddress translation is done using a combination of binary operations. First, the original\n(source or destination) address is matched against the value of OLD. If the original address\nfits, the new address is created by taking the leading bits from NEW (defined by the netmask\nof OLD) and taking the remaining bits from the original address.\n\nThere is rudimental support for upper layer protocols, namely TCP, UDP and ICMP. While for\nthe first two only checksum recalculation is performed, the action also takes care of embed‐\nded IP headers in ICMP packets by translating the respective address therein, too.\n", "subsections": [] }, "SEE ALSO": { "content": "tc(8)\n\n\n\niproute2 12 Jan 2015 NAT action in tc(8)", "subsections": [] } } } }