netbsd-help: Re: Configuring IPNat

Subject: Re: Configuring IPNat
To: Frederick Bruckman <netbsd-help@netbsd.org>
From: James Webster <James3838@tsi-net.com>
List: netbsd-help
Date: 07/30/1999 16:07:42
I've made some progress, but it still is not working and I've found out this
is a issue with other people as well, so I'd like to find a solution.
Here is my current solution:
# Direct X 6.0 ports for 10.0.0.1
map ep0 10.0.0.1/32 -> a.b.c.d/32
rdr ne1 a.b.c.d/32 port 47624 -> 10.0.0.1 port 47624
rdr ne1 a.b.c.d/32 port 2300 -> 10.0.0.1 port 2300
rdr ne1 a.b.c.d/32 port 2301 -> 10.0.0.1 port 2301
rdr ne1 a.b.c.d/32 port 2302 -> 10.0.0.1 port 2302
rdr ne1 a.b.c.d/32 port 2303 -> 10.0.0.1 port 2303
rdr ne1 a.b.c.d/32 port 2304 -> 10.0.0.1 port 2304
rdr ne1 a.b.c.d/32 port 2305 -> 10.0.0.1 port 2305
rdr ne1 a.b.c.d/32 port 2306 -> 10.0.0.1 port 2306
rdr ne1 a.b.c.d/32 port 2307 -> 10.0.0.1 port 2307
rdr ne1 a.b.c.d/32 port 2308 -> 10.0.0.1 port 2308
rdr ne1 a.b.c.d/32 port 2309 -> 10.0.0.1 port 2309
rdr ne1 a.b.c.d/32 port 28800 -> 10.0.0.1 port 28800
rdr ne1 a.b.c.d/32 port 28801 -> 10.0.0.1 port 28801
rdr ne1 a.b.c.d/32 port 28802 -> 10.0.0.1 port 28802
rdr ne1 a.b.c.d/32 port 28803 -> 10.0.0.1 port 28803
rdr ne1 a.b.c.d/32 port 28804 -> 10.0.0.1 port 28804
rdr ne1 a.b.c.d/32 port 28805 -> 10.0.0.1 port 28805
rdr ne1 a.b.c.d/32 port 28806 -> 10.0.0.1 port 28806
rdr ne1 a.b.c.d/32 port 28807 -> 10.0.0.1 port 28807
rdr ne1 a.b.c.d/32 port 28808 -> 10.0.0.1 port 28808
rdr ne1 a.b.c.d/32 port 28809 -> 10.0.0.1 port 28809

It still does not work as expected, and I suspect it has to do with UDP
packets not being routed.
One other thing that I have found, is that if I add another address using
ifaliases, and change all of my a.b.c.d to a.b.c.e, then IP nat does not
work at all.  Does IPnat know how to handle multiple IP's?

----- Original Message -----
From: Frederick Bruckman <fb@enteract.com>
To: James Webster <James3838@tsi-net.com>
Cc: <netbsd-help@netbsd.org>
Sent: Wednesday, July 28, 1999 3:12 AM
Subject: Re: Configuring IPNat


> On Wed, 28 Jul 1999, James Webster wrote:
>
> > Still not working...   so I'm taking a different approach..
> > I have an extra IP, so I want to do a 1:1 mapping.  I've added the IP to
> > ifaliases, and want to confirm the following mapping makes sense.
>
> That's making more sense than your earlier plan...
>
> > rdr ep0 10.0.0.1/0 -> a.b.c.d/0        # changes source from 10.0.0.1 to
> > a.b.c.d to all external (internet) ports
> > map ne1 a.b.c.d/0 -> 10.0.0.1/0    # changes destination from a.b.c.d to
> > 10.0.0.1 for all ports
>
> The comment doesn't sound quite right. On any particular interface,
> "rdr" rewrites the destination of the incoming packets; wheras "map"
> rewrites the source addr of outgoing packets. I forgot already which
> interface is external and which is internal, but it sounds like you're
> getting close.
>
> Remember that you can enter and delete rules interactively. If you can
> open a bunch of telnet sessions, or xterms, just run "ipnat -f -" in
> one, "ipnat -rf -" in another, and repeat "ipnat -l" in a third. Or
> you can clear all the rules with "ipnat -l | ipnat -rf -", and then
> enter new ones with "ipnat -f -". Ipfilter ("ipf") works along the
> same lines.
>
> Here's some references:
>
> The IP-Filter Home Page
>
> <http://coombs.anu.edu.au/~avalon/ip-filter.html>
>
> The NAT FAQ
>
> <http://radon.moof.ai.mit.edu/~armenb/ipnat.html>
>
>
>