netbsd-help: I can't get IPNAT to work

Subject: I can't get IPNAT to work
To: None <netbsd-help@netbsd.org>
From: None <KenJackson@ieee.org>
List: netbsd-help
Date: 01/12/2002 13:53:20
I can't get IP network address translation to work.  
I can dial the modem and get an IP connection and everything
works well on OLD486, my NetBSD machine.
But the IP address from OFFICE, my Windows machine, is not
being translated.

I'm not sure what to do next.  Any help is appreciated.

Here's my configuration:

 OFFICE                     OLD486
 Windows              ep0   NetBSD        ppp0 
 192.168.1.1 ============== 192.168.1.2 =========== Modem to ISP


# sysctl -a |grep kern.version
kern.version = NetBSD 1.5.2 (GENERIC) #3: Sat Aug 18 23:37:05 CEST 2001

/etc/rc.conf -------------------
...
hostname="old486"
routed=YES          routed_flags="-q -T /var/log/routedlog"
ipfilter=YES                    # uses /etc/ipf.conf
ipnat=YES                       # uses /etc/ipnat.conf
...

/etc/ipf.conf ------------------
pass in any to any
pass out any to any

/etc/ipnat.conf ----------------
map ppp0 198.168.1.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map ppp0 198.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp 10000:40000
map ppp0 198.168.1.0/24 -> 0.0.0.0/32

/etc/rc.local ------------------
sysctl -w net.inet.ip.forwarding=1


Command on OLD486:  tcpdump -i ppp0 -e -n > tcpdump.txt

ping from OFFICE to my ISP, unsuccessful, source IP is not translated

12:08:42.531434 ff 03 64 192.168.1.1 > 204.255.212.10: icmp: echo request
12:08:43.777413 ff 03 64 192.168.1.1 > 204.255.212.10: icmp: echo request

ftp from OFFICE to my ISP, unsuccessful, source IP is not translated

12:08:52.602004 ff 03 52 192.168.1.1.1285 > 204.255.212.10.21: S 84974852:84974852(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
12:08:55.534713 ff 03 52 192.168.1.1.1285 > 204.255.212.10.21: S 84974852:84974852(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)

ping from OLD486 to my ISP, successful

12:10:01.308197 ff 03 88 204.255.212.171 > 204.255.212.10: icmp: echo request
12:10:01.490790 ff 03 88 204.255.212.10 > 204.255.212.171: icmp: echo reply (DF)

ftp from OLD486 to my ISP, successful

12:10:10.724861 ff 03 64 204.255.212.171.65530 > 204.255.212.10.21: S 1940121353:1940121353(0) win 16384 <mss 1460,nop,wscale 0,nop,nop,timestamp 766705 0>
12:10:10.871349 ff 03 64 204.255.212.10.21 > 204.255.212.171.65530: S 575984619:575984619(0) ack 1940121354 win 10136 <nop,nop,timestamp 10996748 766705,nop,wscale 0,mss 1460> (DF)
12:10:10.871942 ff 03 56 204.255.212.171.65530 > 204.255.212.10.21: . ack 1 win 17520 <nop,nop,timestamp 766705 10996748>