fwd, conf: Allow NAT of the guest's assigned address

The guest is usually assigned one of the host's IP addresses.  That means
it can't access the host itself via its usual address.  The
--map-host-loopback option (enabled by default with the gateway address)
allows the guest to contact the host.  However, connections forwarded this
way appear on the host to have originated from the loopback interface,
which isn't always desirable.

Add a new --map-guest-addr option, which acts similarly but forwarded
connections will go to the host's external address, instead of loopback.

If '-a' is used, so the guest's address is not the same as the host's, this
will instead forward to whatever host-visible site is shadowed by the
guest's assigned address.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

1 files changed, 15 insertions, 0 deletions

diff --git a/passt.1 b/passt.1
index e85d988..79d134d 100644
--- a/passt.1
+++ b/passt.1
@@ -349,6 +349,21 @@ default route, or if there is no default route, for any of the enabled address
 families.
 
 .TP
+.BR \-\-map-guest-addr " " \fIaddr
+Translate \fIaddr\fR in the guest to be equal to the guest's assigned
+address on the host.  That is, packets from the guest to \fIaddr\fR
+will be redirected to the address assigned to the guest with \fB-a\fR,
+or by default the host's global address.  This allows the guest to
+access services availble on the host's global address, even though its
+own address shadows that of the host.
+
+If \fIaddr\fR is 'none', no address is mapped.  Only one IPv4 and one
+IPv6 address can be translated, and if the option is specified
+multiple times, the last one for each address type takes effect.
+
+Default is no mapping.
+
+.TP
 .BR \-4 ", " \-\-ipv4-only
 Enable IPv4-only operation. IPv6 traffic will be ignored.
 By default, IPv6 operation is enabled as long as at least an IPv6 route and an