netbsd-users: Re: Squid and apache it works but.....

Subject: Re: Squid and apache it works but.....
To: Caloro Maurizio <mauric@gmx.ch>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: netbsd-users
Date: 06/29/2003 17:42:03
On Sun, Jun 29, 2003 at 05:16:28PM +0200, Caloro Maurizio wrote:
> 
> 
> C:\>ping pop.gmx.ch
> 
> Ping pop.gmx.net [213.165.64.20] mit 32 Bytes Daten:
> 
> Zielhost nicht erreichbar.
> Zielhost nicht erreichbar.
> Zielhost nicht erreichbar.
> Zielhost nicht erreichbar.
> 
> Ping-Statistik für 213.165.64.20:
>     Pakete: Gesendet = 4, Empfangen = 0, Verloren = 4 (100% Verlust),
> Ca. Zeitangaben in Millisek.:
>     Minimum = 0ms, Maximum =  0ms, Mittelwert =  0ms
> 
> my sparc its a router but i have not installed any IPF or NAT 
> so wat only relay SQUID
> 
> 
> C:\>ping www.netbsd.org
> 
> Ping www.netbsd.org [204.152.184.116] mit 32 Bytes Daten:
> 
> Zielhost nicht erreichbar.
> Zielhost nicht erreichbar.
> Zielhost nicht erreichbar.
> Zielhost nicht erreichbar.
> 
> Ping-Statistik für 204.152.184.116:
>     Pakete: Gesendet = 4, Empfangen = 0, Verloren = 4 (100% Verlust),
> Ca. Zeitangaben in Millisek.:
>     Minimum = 0ms, Maximum =  0ms, Mittelwert =  0ms

OK, so you have no routing at all. I though you said you had ping to
www.netbsd.org working.
You could set up a SMTP relay and some kind of pop3 proxy on your
sparc to get mail working. Delegate can probably handle both.
But the easiest is probably to setup routing and NAT. This way all simple
protocols (ssh, telnet, etc ...) will work without additionnal proxies.

First turn routing on:
echo "net.inet.ip.forwarding=1" >> /etc/sysctl.conf

Then setup network address translation:
first you have to turn ipfilter on:
cat > /etc/ipf.conf << EOF
pass in all
pass out all
EOF
echo "ipfilter=YES" >> /etc/rc.conf

then setup NAT:
cat > /etc/ipnat.conf << EOF
map pppoe0 192.168.0.0/16 -> 0.0.0.0/32 proxy port ftp ftp/tcp mssclamp 1452
map pppoe0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp/udp 10000:40000 mssclamp 1452
map pppoe0 192.168.0.0/16 -> 0.0.0.0/32 mssclamp 1452
EOF
echo "ipnat=YES" >> /etc/rc.conf

if you're not using pppoe, remplace pppoe0 with the name of your outgoing
interface (I guess le0 or le1). If you're using plain ethernet, you can also
remove the "mssclamp 1452" (this is because pppoe0 has a lower MTU than
ethernet, and ADSL infrastructure don't deal well with IP fragmentation - 
at last here in france). 

Now you can have the system handle the config file changes (no need to
reboot :)
/etc/rc.d/sysctl restart
/etc/rc.d/ipfilter restart
/etc/rc.d/ipnat restart

and now your w2k box should have access to internet.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 24 ans d'experience feront toujours la difference
--