Provided by: tnat64_0.05-1_i386 bug

NAME

       tnat64.conf - configuration file for tnat64(8)

OVERVIEW

       The configuration for tnat64 can be anything from two lines to hundreds
       of lines based on the needs at any particular site. The basic  idea  is
       to  define  any  networks  the machine can access directly via IPv4 and
       define one or many NAT64 prefixes to be used to access  other  networks
       (including a 'default' prefix).

       Local   networks   are  declared  using  the  'local'  keyword  in  the
       configuration file. When applications attempt to connect to machines in
       networks marked as local tnat64 will not attempt to use a NAT64 prefix.

       Obviously  if  a  connection  is not to a locally accessible network it
       will need to be proxied over a NAT64. However, sometimes you  may  need
       to  use  different  NAT64  prefixes  to  access different internal (and
       external) networks. For this reason the configuration file  allows  the
       definition of 'paths' as well as a default NAT64 prefix.

       Paths  are  declared as blocks in the configuration file. That is, they
       begin with a 'path {' line in the configuration file and end with a '}'
       line.  Inside  this  block directives should be used to declare a NAT64
       proxy (as documented later in this manual page) and 'subnet' directives
       should  be used to declare networks and even destination ports in those
       networks that this server should be used to  reach.  Please  note  that
       each  path  MUST define a NAT64 prefix and contain one or more 'subnet'
       directives.

       NAT64 prefix declaration directives that are  not  contained  within  a
       'path'  block  define  the  default  NAT64  prefix.  If tnat64 needs to
       connect to a machine via a NAT64 (i.e it isn't a  network  declared  as
       'local')  and  no  'path'  has declared it can reach that network via a
       'subnet' directive,  this  NAT64  prefix  is  used  to  construct  IPv6
       addresses.

CONFIGURATION SYNTAX

       The basic structure of all lines in the configuration file is:

              <directive> = <parameters>

       The exception to this is 'path' blocks which look like:

              path {
                     <directive> = <parameters>
              }

       Empty  lines  are ignored and all input on a line after a '#' character
       is ignored.

   DIRECTIVES
       The following directives are used in the tnat64 configuration file:

       nat64_prefix
              The prefix of IPv6 address of the NAT64  (e.g.  "nat64_prefix  =
              64:ff9b::").  Only  one  NAT64  prefix may be specified per path
              block, or one outside a path block (to define the default  NAT64
              prefix). The NAT64 prefix is always /96.

       local  An  IP/subnet  pair  specifying  a network which may be accessed
              directly  without  proxying  through   NAT64   (e.g   "local   =
              10.0.0.0/255.0.0.0").

       subnet This  directive is only valid inside a path block. Its parameter
              is formed as IP[:startport[-endport]]/subnet and it specifies  a
              network  (and  a  range  of  ports  on that network) that can be
              accessed by through NAT64 specified  in  this  path  block.  For
              example,  in a path block "subnet = 150.0.0.0:80-1024/255.0.0.0"
              indicates to tnat64 that  the  NAT64  prefix  specified  in  the
              current path block should be used to access any IPs in the range
              150.0.0.0 to 150.255.255.255 when the connection request is  for
              ports 80-1024.

UTILITIES

       tnat64  comes  with  two  utilities  that can be useful in creating and
       verifying the tnat64 configuration file.

       tnat64-validateconf
              tnat64-validateconf can be  used  to  verify  the  configuration
              file. It checks the format of the file and also the contents for
              errors. Having read the file it dumps the configuration  to  the
              screen  in  a  formatted, readable manner. This can be extremely
              useful in debugging problems.

              tnat64-validateconf  can  read  a  configuration  file  from   a
              location  other than the location specified at compile time with
              the -f <filename> command line option.

              Normally tnat64-validateconf simply dumps the configuration read
              to the screen (in a nicely readable format), however it also has
              a useful 'test' mode. When passed a hostname/ip on  the  command
              line like -t <hostname/ip>, tnat64-validateconf determines which
              of the NAT64 prefixes specified in the configuration file  would
              be used by tnat64 to access the specified host.

SEE ALSO

       tnat64(8)

AUTHORS

       Andrew      O.      Shadura     (bugzilla@tut.by),     Shaun     Clowes
       (delius@progsoc.uts.edu.au)

COPYRIGHT

       Copyright 2011 Andrew O. Shadura

       Original tsocks manual page, copyright 2000 Shaun Clowes

       tnat64 and its documentation may be freely copied under the  terms  and
       conditions of version 2 of the GNU General Public License, as published
       by the  Free  Software  Foundation  (Cambridge,  Massachusetts,  United
       States of America).

       This  documentation  is  heavily based on the documentation for tsocks,
       transparent SOCKSification library, whose documentation itself is based
       on the documentation for logwrites, another shared library interceptor.
       One line of code  from  it  was  used  in  tnat64  and  a  lot  of  the
       documentation  :)  logwrites is by adam@yggdrasil.com (Adam J. Richter)
       and can be had from ftp.yggdrasil.com pub/dist/pkg