Status/2024Q3: Status report for EIM NAT project

Approved by: salvadore Differential Revision: https://reviews.freebsd.org/D46869
freebsd · Oct 3, 2024 · 1929236 · 1929236
1 parent c7d3dd7
commit 1929236
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/website/content/en/status/report-2024-07-2024-09/eim-nat.adoc b/website/content/en/status/report-2024-07-2024-09/eim-nat.adoc
@@ -0,0 +1,21 @@
+=== Endpoint-Independent NAT
+
+Contact: Tom Jones <thj@freebsd.org>
+
+This project aims to add support for Endpoint-Independent Mappings for UDP to the pf and ipfw firewalls.
+
+End Point Independent NAT enables applications behind a NAT speaking to multiple remote hosts to receive the same mappings.
+This allows an application without any NAT traversal mechanisms to work around NAT issues to perform peer discovery.
+From the remote hosts perspective the NAT is transparent and it is as-if there is no NAT at all.
+This form of NAT has been given several names over the last few decades and might be known as 'full-cone' NAT.
+
+Patches to pf landed in early September based on work by Damjan Jovanovic and Naman Sood with updates to work on pf in main.
+The patches add a new 'endpoint-independent' suffix to UDP pf nat rules.
+
+ipfw support for endpoint-independent is going to be made available via libalias, allowing any system which uses libalias for address translation to benefit from the change.
+There is an in-progress review https://reviews.freebsd.org/D46689[D46689] to add support to libalias.
+
+The in-progress change and the committed pf change could both benefit from testing in more and diverse environments.
+
+Sponsor: The FreeBSD Foundation
+Sponsor: Tailscale