Jan Danielsson <[email protected]> wrote: > On 2019-04-02 08:53, Martin Husemann wrote: > >> This, exactly, is the showstopper that has prevented me from moving to > >> npf. The ability to add/remove IP addresses from a NAT translation > >> without changing npf.conf doesn't seem to be possible in any > >> documentation I was able to find.
If you just want to dynamically change the translation address(es), then NPF in -current already supports that. Basically, NPF supports NAT address being specified as a table. However, npf.conf(5) syntax hides/abstracts some of that (as the common case is for the interface addresses and because we need to specify address selection algorithm). > <...> > > These are the filter rules, not the NAT rules. > > The UPnP device essentially says two things: > 1) Hey, I would like external hosts to be able to access me on port > X. (filter rule, this works as you pointed out). > 2) Hey, I'm at a.b.c.d, and I would like external port X to redirect > to me at port Y. (NAT rule, this isn't supported yet). > There is a partial support for dynamic NAT rules too, but yes -- it is not documented anywhere. Supporting miniupnpd is essentially the same type of work as for ftp-proxy. If anybody wants to work on miniupnpd, please feel free to contact me. -- Mindaugas
