1.8.3 IPv4 Network Address Translation

tmesh machines support IPv4 and thus require NAT between network segments (although not strictly required if subnetting - see Proxy ARP). IPv6 should work as well, but must be set up manually (and is currently untested). The way NAT is done is host-dependent. There are multiple NAT alternatives from host to host, and even on the same host platforms. We try to support the major ones here, either through autoconfiguration within TME itself, or by providing instructions to allow you to manually customize it to your own setup. Currently, three NAT technologies are supported: NFTables, NPF and PF. NFTables is a Linux-only solution, and is the next-generation packet filtering technology to replace IPTables in the future. NPF is a NetBSD-only tech that serves a similar purpose on that platform, supplanting PF at some point presumably. They are both very similar in that they work in the same way as BPF. They take a set of compiled filter rules that specify what to do with individual packets. PF is the traditional BSD filter.

All will write the rules automatically, enable IPv4 forwarding and start filtering right away. You can disable this behaviour at compile-time (using –disable-nat) or run-time (by specifying a nat interface that doesn’t exist on the tap nat option). Alternatively, you may manually add or modify the rules after starting tme to suit your own needs, but tmesh will overwrite them if you run it again — it does not persist, but uses a static set of rules in the current implementation.