netbsd-help: RR @Home Routing Problem

Subject: RR @Home Routing Problem
To: None <netbsd-help@netbsd.org>
From: Keith Parker <kparker@xtechsolutions.net>
List: netbsd-help
Date: 11/08/2003 10:50:16
I'm new to NetBSD, but I'm in love with it already. I am concerned, 
however, that I'm an idiot. Here's the story.

I've got RR @home service with a *Static IP*, let's call it 55.55.55.10. 
I've got a RR supplied Zyxel router that serves as the gateway.

Initially, I had a standalone XP box plugged directly into the Zyxel router 
with the following settings:

XP Box
-----------
NIC IP Address 55.55.55.10
Gateway: 55.55.55.9

Later, I added a Linksys Router, which I set it as follows:

Linksys Router
------------------
Static IP: 55.55.55.10
Netmask: 255.255.255.252
Gateway: 55.55.55.9
LAN IP 192.168.1.1

XP Box
-----------
NIC IP Address 192.168.1.100
Gateway: 192.168.1.1  (Zyxel Router)


The XP box was successfully routed to the Internet and all was well.

On to the NetBSD part...

When I set up the NetBSD box, I set one of the NIC's up with my static IP 
(ex0 55.55.55.10) and one of the NICs up with my private network address 
(rtk0 192.168.1.1).
Then I set /etc/mygate to 55.55.55.9 (the Zyxel router)
Then I set resolv.conf with the RR nameservers

Once that was done, the NetBSD box was surfing like crazy.

The problem is that if I attach the NetBSD box to a hub and then attach the 
XP box (192.168.1.100) to the hub I can only do the following:

1) From XP box, ping --> 192.168.1.1 (rtk0)
2) From XP box, ping --> 55.55.55.10 (ex0)
A ping to 55.55.55.9 fails - therefore I'm stuck on this side of the router.

The NetBSD box can do the following:
3) From NetBeast ping --> 192.168.1.100 (XP NIC)
4) From NetBeast ping --> 192.168.1.1 (rtk0)
5) From netBeast ping --> 55.55.55.10 (ex0)
6) From NetBeast ping --> 55.55.55.9 (Zyxel)
7) From NetBeast ping --> yahoo.com

I did not touch the kernel, but I did add:
net.inet.ip.forwarding=1 to /etc/sysctrl.conf
and have verified that the value has been changed from 0 to 1 at boot.

I enabled ipfilter and ipnat by editing /etc/rc.conf as follows:
ipfilter=YES
ipnat=YES

Here are the relevant settings:

/etc/mygate
55.55.55.9

My firewall is wide open for testing
/etc/ipf.conf:
pass in on any all
pass out all

1st /etc/ipnat.conf attempt
map rtk0 192.168.1.1/32 -> ex0 55.55.55.10/32

2nd /etc/ipnat.conf attempt
map rtk0 192.168.1.0/24 -> 55.55.55.10/32 proxy port ftp ftp/tcp
map rtk0 192.168.1.0/24 -> 55.55.55.10/32 portmap tcp/udp 40000:60000
map rtk0 192.168.1.0/24 -> 55.55.55.10/32

3rd /etc/ipnat.conf attempt
map rtk0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp
map rtk0 192.168.1.0/24 -> 0/32 portmap tcp/udp 40000:60000
map rtk0 192.168.1.0/24 -> 0/32

/etc/ifconfig.ex0
55.55.55.10 netmask 255.255.255.252  (also tried with 255.255.255.0, but 
shouldn't be)

/etc/ifconfig.rtk0
192.168.1.1 netmask 0xffffff00

Again, the NETBSDbox can access the internet, so mustn't the problem be 
with forwarding?
If I disable ipfilter and ipnat, I get the same results as if they are 
enabled.  XP box can ping NetBSD 192.168.1.1 and 24.56.85.10 - but not the 
Zyxel connected to 24.56.85.10.

Any help would be appreciated. I am stumped.

Thanks