Provided by: tnat64_0.06-1_amd64 bug


       tnat64.conf - configuration file for tnat64(8)


       The  configuration for tnat64 can be anything from two lines to hundreds of lines based on
       the needs at any particular site. The basic idea is to define any networks the machine can
       access  directly via IPv4 and define one or many NAT64 prefixes to be used to access other
       networks (including a 'default' prefix).

       Local networks are declared using the 'local' keyword  in  the  configuration  file.  When
       applications  attempt  to  connect to machines in networks marked as local tnat64 will not
       attempt to use a NAT64 prefix.

       Obviously if a connection is not to a locally  accessible  network  it  will  need  to  be
       proxied  over  a NAT64. However, sometimes you may need to use different NAT64 prefixes to
       access different internal (and external) networks. For this reason the configuration  file
       allows the definition of 'paths' as well as a default NAT64 prefix.

       Paths  are  declared as blocks in the configuration file. That is, they begin with a 'path
       {' line in the configuration file and end with a '}' line. Inside  this  block  directives
       should  be  used  to  declare  a NAT64 proxy (as documented later in this manual page) and
       'subnet' directives should be used to declare networks and even destination ports in those
       networks  that this server should be used to reach. Please note that each path MUST define
       a NAT64 prefix and contain one or more 'subnet' directives.

       NAT64 prefix declaration directives that are not contained within a  'path'  block  define
       the  default  NAT64  prefix.  If  tnat64 needs to connect to a machine via a NAT64 (i.e it
       isn't a network declared as 'local') and no 'path' has declared it can reach that  network
       via a 'subnet' directive, this NAT64 prefix is used to construct IPv6 addresses.


       The basic structure of all lines in the configuration file is:

              <directive> = <parameters>

       The exception to this is 'path' blocks which look like:

              path {
                     <directive> = <parameters>

       Empty lines are ignored and all input on a line after a '#' character is ignored.

       The following directives are used in the tnat64 configuration file:

              The prefix of IPv6 address of the NAT64 (e.g. "nat64_prefix = 64:ff9b::"). Only one
              NAT64 prefix may be specified per path block, or  one  outside  a  path  block  (to
              define the default NAT64 prefix). The NAT64 prefix is always /96.

       local  An  IP/subnet  pair  specifying  a  network  which may be accessed directly without
              proxying through NAT64 (e.g "local =").

       subnet This directive is only valid inside a  path  block.  Its  parameter  is  formed  as
              IP[:startport[-endport]]/subnet and it specifies a network (and a range of ports on
              that network) that can be accessed by through NAT64 specified in this  path  block.
              For  example,  in  a path block "subnet =" indicates to
              tnat64 that the NAT64 prefix specified in the current path block should be used  to
              access  any  IPs  in  the  range  to when the connection
              request is for ports 80-1024.


       tnat64 comes with two utilities that can be useful in creating and  verifying  the  tnat64
       configuration file.

              tnat64-validateconf  can  be  used  to verify the configuration file. It checks the
              format of the file and also the contents for errors. Having read the file it  dumps
              the  configuration  to  the  screen  in  a  formatted, readable manner. This can be
              extremely useful in debugging problems.

              tnat64-validateconf can read a configuration file from a location  other  than  the
              location specified at compile time with the -f <filename> command line option.

              Normally  tnat64-validateconf simply dumps the configuration read to the screen (in
              a nicely readable format), however it also has a useful 'test' mode. When passed  a
              hostname/ip   on  the  command  line  like  -t  <hostname/ip>,  tnat64-validateconf
              determines which of the NAT64 prefixes specified in the configuration file would be
              used by tnat64 to access the specified host.




       Andrej Shadura (, Shaun Clowes (


       Copyright 2011 Andrej Shadura

       Original tsocks manual page, copyright 2000 Shaun Clowes

       tnat64  and  its  documentation  may  be  freely  copied under the terms and conditions of
       version 2 of the GNU General Public License, as published by the Free Software  Foundation
       (Cambridge, Massachusetts, United States of America).

       This  documentation  is  heavily  based  on  the  documentation  for  tsocks,  transparent
       SOCKSification library, whose documentation itself  is  based  on  the  documentation  for
       logwrites, another shared library interceptor. One line of code from it was used in tnat64
       and a lot of the documentation :) logwrites is by (Adam J. Richter) and
       can be had from pub/dist/pkg