evan/protomask
1
Fork 0
Code
74 Commits 24 Branches 2 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Evan Pratten 5ddfcbffbe Improve description wording
2023-07-20 19:38:07 -04:00
.cargo
Ignore tokio oneshot alert
2023-07-20 11:53:04 -04:00
.github
Only run clippy on sources
2023-07-20 19:31:30 -04:00
.vscode
implement tcp and icmpv6
2023-07-18 14:00:22 -04:00
debian
Prioritize debian packages
2023-07-20 19:09:21 -04:00
protomask-tun
Fix some TCP bugs
2023-07-18 16:57:40 -04:00
src
Log common errors instead of panic
2023-07-20 14:55:16 -04:00
.dockerignore
Prioritize debian packages
2023-07-20 19:09:21 -04:00
.gitignore
Add make rules for tars
2023-07-20 15:48:05 -04:00
Cargo.toml
fix some deb bugs
2023-07-20 19:20:53 -04:00
LICENSE
Initial commit
2023-07-14 11:44:35 -04:00
Makefile
Prioritize debian packages
2023-07-20 19:09:21 -04:00
protomask.toml
fix some deb bugs
2023-07-20 19:20:53 -04:00
README.md
Improve description wording
2023-07-20 19:38:07 -04:00

README.md

protomask

Crates.io Docs.rs Build

A user space NAT64 implementation.

Protomask started as a challenge to create a NAT64 implementation in a weekend. The goal of this implementation is to keep things simple. There aren't many knobs to tweak, so if you want to do stateful NAT or source address filtering, put something like iptables in front of it.

How it works

Protomask operates by listening on an IPv6 /96 prefix for incoming traffic.

When a new IPv6 host sends traffic through protomask, it is dynamically assigned an IPv4 address from a pool of addresses on a first-come-first-serve basis.

From then on, all subsequent packets coming from that same IPv6 host will be NATed through the assigned IPv4 address until the reservation period expires. Likewise, a similar process occurs for return traffic.

For hosts that necessitate a consistent IPv4 address, it is possible to configure a static mapping in the configuration file. This ensures it always communicates using the same IPv4 address no matter how long it is offline for. This is useful for single-stack hosts that need IPv4 DNS entries.

Configuration

Protomask uses a TOML configuration file. Here is a functional example:

# The NAT64 prefix to route to protomask
Nat64Prefix = "64:ff9b::/96"
# Setting this will enable prometheus metrics
Prometheus = "[::]:8080" # Optional, defaults to disabled

[Pool]
# All prefixes in the pool
Prefixes = ["192.0.2.0/24"]
# The maximum duration a prefix will be reserved for after becoming idle
MaxIdleDuration = 7200 # Optional, seconds. Defaults to 7200 (2 hours)
# Permanent address mappings
Static = [{ v4 = "192.0.2.2", v6 = "2001:db8:1::2" }]

Installation

Protomask can be installed using various methods:

Debian

Head over to the releases page and download the latest release for your architecture.

Then, install with:

apt install /path/to/protomask_<version>_<arch>.deb

# You can also edit the config file in /etc/protomask.toml
# And once ready, start protomask with
systemctl start protomask

Using Cargo

cargo install protomask

Usage

Usage: protomask [OPTIONS] <CONFIG_FILE>

Arguments:
  <CONFIG_FILE>  Path to the config file

Options:
  -v, --verbose  Enable verbose logging
  -h, --help     Print help
  -V, --version  Print version
Description
Fast & reliable user space NAT64
Readme 766 KiB
Languages
Rust 96.6%
Makefile 3.4%