On Sat, Jan 12, 2002 at 01:53:20PM -0500, KenJackson@ieee.org wrote:
> I can't get IP network address translation to work.  
> I can dial the modem and get an IP connection and everything
> works well on OLD486, my NetBSD machine.
> But the IP address from OFFICE, my Windows machine, is not
> being translated.
> 
> I'm not sure what to do next.  Any help is appreciated.
> 
> Here's my configuration:
> 
>  OFFICE                     OLD486
>  Windows              ep0   NetBSD        ppp0 
>  192.168.1.1 ============== 192.168.1.2 =========== Modem to ISP
> 
> 
> # sysctl -a |grep kern.version
> kern.version = NetBSD 1.5.2 (GENERIC) #3: Sat Aug 18 23:37:05 CEST 2001
> 
> /etc/rc.conf -------------------
> ...
> hostname="old486"
> routed=YES          routed_flags="-q -T /var/log/routedlog"
> ipfilter=YES                    # uses /etc/ipf.conf
> ipnat=YES                       # uses /etc/ipnat.conf
> ...
> 
> /etc/ipf.conf ------------------
> pass in any to any
> pass out any to any

I'm not sure this syntax is correct, I think you should have
pass in from any to any
pass out from any to any
> 
> /etc/ipnat.conf ----------------
> map ppp0 198.168.1.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
> map ppp0 198.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp 10000:40000
> map ppp0 198.168.1.0/24 -> 0.0.0.0/32
> 
> /etc/rc.local ------------------
> sysctl -w net.inet.ip.forwarding=1

Looks good.

> 
> 
> Command on OLD486:  tcpdump -i ppp0 -e -n > tcpdump.txt
> 
> ping from OFFICE to my ISP, unsuccessful, source IP is not translated

This may be because of the error in ipf.conf, which cause ipfilter to
not be enabled.
what does
/etc/rc.d/ipfilter start
say ?

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
--