evan/protomask
1
Fork 0
Code
85 Commits 24 Branches 2 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Evan Pratten 2c95540bd3
Delete CNAME
2023-08-04 18:32:27 -04:00
.cargo
Ignore tokio oneshot alert
2023-07-20 11:53:04 -04:00
.github
Only run clippy on sources
2023-07-20 19:31:30 -04:00
.vscode
implement tcp and icmpv6
2023-07-18 14:00:22 -04:00
debian
Prioritize debian packages
2023-07-20 19:09:21 -04:00
protomask-tun
Add readme to protomask-tun
2023-07-20 19:43:48 -04:00
src
Fix pedantic clippy warnings
2023-07-21 10:20:07 -04:00
.dockerignore
Prioritize debian packages
2023-07-20 19:09:21 -04:00
.gitignore
Add make rules for tars
2023-07-20 15:48:05 -04:00
Cargo.toml
Embed README in deb
2023-07-22 11:27:00 -04:00
LICENSE
Initial commit
2023-07-14 11:44:35 -04:00
Makefile
Prioritize debian packages
2023-07-20 19:09:21 -04:00
protomask.toml
Keep metrics local by default
2023-07-22 11:27:11 -04:00
README.md
Keep metrics local by default
2023-07-22 11:27:11 -04:00

README.md

protomask

Crates.io Docs.rs Build

A user space NAT64 implementation.

Protomask started as a challenge to create a NAT64 implementation in a weekend. The goal of protomask is to keep things simple.

There aren't many knobs to tweak, so stateful NAT or source address filtering will require protomask to be paired with a utility like iptables.

How it works

Protomask operates by listening on an IPv6 /96 prefix for incoming traffic.

When a new IPv6 host sends traffic through protomask, it is dynamically assigned an IPv4 address from a pool of addresses on a first-come-first-serve basis.

From then on, all subsequent packets coming from that same IPv6 host will be NATed through the assigned IPv4 address until the reservation period expires. Likewise, a similar process occurs for return traffic.

For hosts that necessitate a consistent IPv4 address, it is possible to configure a static mapping in the configuration file. This ensures it always communicates using the same IPv4 address no matter how long it is offline for. This is useful for single-stack hosts that need IPv4 DNS entries.

Configuration

Protomask uses a TOML configuration file. Here is a functional example:

# The NAT64 prefix to route to protomask
Nat64Prefix = "64:ff9b::/96"
# Setting this will enable prometheus metrics
Prometheus = "[::1]:8080" # Optional, defaults to disabled

[Pool]
# All prefixes in the pool
Prefixes = ["192.0.2.0/24"]
# The maximum duration an ipv4 address from the pool will be reserved for after becoming idle
MaxIdleDuration = 7200 # Optional, seconds. Defaults to 7200 (2 hours)
# Permanent address mappings
Static = [{ v4 = "192.0.2.2", v6 = "2001:db8:1::2" }]

Installation

Protomask can be installed using various methods:

Debian

Head over to the releases page and download the latest release for your architecture.

Then, install with:

apt install /path/to/protomask_<version>_<arch>.deb

# You can also edit the config file in /etc/protomask.toml
# And once ready, start protomask with
systemctl start protomask

Using Cargo

cargo install protomask

Usage

Usage: protomask [OPTIONS] <CONFIG_FILE>

Arguments:
  <CONFIG_FILE>  Path to the config file

Options:
  -v, --verbose  Enable verbose logging
  -h, --help     Print help
  -V, --version  Print version
Description
Fast & reliable user space NAT64
Readme 766 KiB
Languages
Rust 96.6%
Makefile 3.4%