Subject: Re: IP masquerade
To: Tom T. Thai <tomthai@future.net>
From: David Brownlee <abs@anim.dreamworks.com>
List: current-users
Date: 05/24/1997 10:14:25
On Sat, 24 May 1997, Tom T. Thai wrote:
> On Sat, 24 May 1997, Jason Thorpe wrote:
>
> > On Sat, 24 May 1997 07:14:09 -0500 (CDT)
> > "Tom T. Thai" <tomthai@future.net> wrote:
> >
> > > does NetBSD do IP masquerade?
> >
> > ...That depends on what you mean by "IP masquerade". Can you assign more
> > than one IP address to an interfaces? Yes. Can you have NAT? Yes.
> > The latter is provided by the IPFilter package, part of NetBSD-current,
> > or also available separately for NetBSD 1.2.
>
> What I wanted was to use NetBSD as a router with one real IP as a gateway
> for other systems (win95, mac) that don't have real ips (internal use
> ones). when a Mac wants to access the net, the NetBSD gateway would dial
> (if it uses a modem) or pass the info thru the dedicated line.
ipnat can do exactly this - assuming you can get a static IP
address from your ISP (doing it via a dynamic address would be
more... interesting :) Ipnat is part of ipfilter.
You need to run -current, or install ipfilter on your 1.2{,.1}
machine.
There is a webpage for ipfilter at:
http://coombs.anu.edu.au/~avalon/ip-filter.html
To setup ipnat you should need to:
a) Have a dual homed host (eg: machine with ethernet and
modem)
b) Number your internal machines on a reserved network
(eg 10.x.x.x).
c) Run 'sysctl -w net.inet.ip.forwarding=1' so it will route.
d) Ensure /etc/mygate on all other machines contains the
internal network address of the dual homed host (which in
the example would be of the form 10.x.x.x.
e) On the dual homed host create an /etc/ipnat.conf file:
map ppp0 10.0.0.0/8 -> X.X.X.X/32 portmap tcp/udp
10000:20000
(Where X.X.X.X is the address of your ppp0 interface,)
f) On dual attached host ipnat -f /etc/ipnat.conf.
Then just run pppd as normal, and try to telnet out or web browse
from another local machine.