Subject: Re: does IPNAT work or not?
To: Olli <>
From: Guenther Grau <>
List: netbsd-users
Date: 02/12/1999 20:24:52
Hi Olli,

Olli wrote:

I assume that you made sure that ppp works when used from the netbsd
right? :-)

> 3. setup IPNAT + IPF (no entries in /etc/ipf.conf -> no firewalling)

How did you configure IPNAT?

Which options did you use for tcpdump?
You should try 

tcpdump -v -v -v -x -s 1500 "(host | (host | (host"

Note that you shouldn't actually try to log in, because then
we would be able to see your userId/password in the packets :-)
But If I understand you right, you don't event get a login prompt
so the contents of the packets contain no secrets.

Which interface did you run tcpdump on? On the ppp0 or on the local
interface to the debian machine? You should run two of them so
you can see what happens to the packets.

and show us the complete output if it's not too long (i.e. < 64 KB).

> <time><some numbers> >
> S328
> <time><some numbers>  win 512 <mss 1460> [tos 0x10]
> <time><some numbers> arp who-has tell

I need to know the time between these two lines. This shouldn't happen
if the time is very small. When the netbsd machine gets a packet from
debian1, it should remember the mac address in it's arp cache. But
this doesn't hurt.

> <time><some numbers>  arp is-at 52:54:0:de:6d:51

this is fine.

> <time><some numbers> >
> S 339

This would be the wrong port 1027. it should be 10227 like above.
I assume this was a type, right?

> ...
> <time><some numbers>  52:54:0:de:30:e > 3:0:0:0:0:1 sap f0 ui/C ln0145

Who has this mac address?

> < block with some numbers>
> <time><some numbers> netbios-dgm >
> udp 201

Looks like some program is trying to send netbios requests to a
address. With the above options you'll find the mac address of the

I guess your NAT setup is wrong. Plaese post it here, including the
tcpdump-output if possible. Also, which adresses does the netbsd machine
have on it's interfaces (ppp, local interface to the debian machine)?

Have a nice weekend,