Subject: ipnat problem - help needed
To: None <netbsd-users@netbsd.org>
From: Wojciech Puchar <wojtek@tensor.3miasto.net>
List: netbsd-users
Date: 11/22/2002 23:12:36
what i'm doing wrong?
i already made >10 nat boxes with NetBSD 1.5.* all works fine, all with
ppp outgoing interface if that matters
the problem - all interfaces works, a can communicate to router from local
network, from router to outside world, but NAT just doesn't work.
ipnat -l shows no connections.
NetBSD is mostly 1.5.3, kernel is release-1-5 cvs'ed today, ipf, ipnat,
ifconfig, route are recompiled to match kernel.
info:
ep0 - outgoing
ep1 - local
root@router# ifconfig ep0
ep0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu
1500
address: 00:20:af:d3:f4:39
media: Ethernet 10baseT
inet 10.1.1.19 netmask 0xffffff00 broadcast 10.1.1.255
YES! 10.* - it's double NAT, but it doesn't work with any
root@router# ifconfig ep1
ep1: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu
1500
address: 00:60:08:74:87:aa
media: Ethernet 10base2
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
default route is 10.1.1.1
empty ipf.conf (now)
ipnat.conf:
map ep0 192.168.1.0/24 -> 10.1.1.19/32 proxy port ftp ftp/tcp
map ep0 192.168.1.0/24 -> 10.1.1.19/32 portmap tcp/udp 10000:20000
map ep0 192.168.1.0/24 -> 10.1.1.19/32
dmesg:
NetBSD 1.5.4_ALPHA (******) #0: Fri Nov 22 21:14:54 CET 2002
wojtek@chylonia.3miasto.net:/home/wojtek/kernel/*******
cpu0: Intel 486SX (486-class)
total memory = 8064 KB
avail memory = 6612 KB
using 64 buffers containing 256 KB of memory
mainbus0 (root)
isa0 at mainbus0
ep0 at isa0 port 0x300-0x30f irq 10: 3Com 3C509 Ethernet
ep0: address 00:20:af:d3:f4:39, 8KB byte-wide FIFO, 1:1 Rx:Tx split
ep0: 10baseT, 10base5, 10base2 (default 10baseT)
ep1 at isa0 port 0x320-0x32f irq 9: 3Com 3C509 Ethernet
ep1: address 00:60:08:74:87:aa, 8KB byte-wide FIFO, 1:1 Rx:Tx split
ep1: 10baseT, 10base2 (default 10baseT)
com0 at isa0 port 0x3f8-0x3ff irq 4: ns8250 or ns16450, no fifo
com1 at isa0 port 0x2f8-0x2ff irq 3: ns8250 or ns16450, no fifo
wdc0 at isa0 port 0x1f0-0x1f7 irq 14
wd0 at wdc0 channel 0 drive 0: <Conner Peripherals 40MB - CP3046F>
wd0: drive supports 32-sector pio transfers, chs addressing
wd0: 42120 KB, 1053 cyl, 2 head, 40 sec, 512 bytes/sect x 84240 sectors
wd0: reported multisector count wrong - resetting to 1!
lpt0 at isa0 port 0x378-0x37b irq 7
pcprobe: reset error 1
pc0 at isa0 port 0x60-0x6f irq 1: color
pc0: console
biomask f965 netmask ff65 ttymask ffe7
boot device: wd0
root on wd0a dumps on wd0b
WARNING: NVRAM century is 19 but RTC year is 2002
IP Filter: v3.4.29 initialized. Default = pass all, Logging = disabled
kernel config:
include "arch/i386/conf/std.i386"
maxusers 16 # estimated number of users
options I486_CPU
options DUMMY_NOPS
options MATH_EMULATE
options CPURESET_DELAY=500
makeoptions DEBUG="-march=i486 -O2"
options RTC_OFFSET=0 # hardware clock is this many mins. west of GMT
file-system FFS # UFS
options SOFTDEP # FFS soft updates support.
options BUFPAGES=64
options NVNODE=256
options INET # IP + ICMP + TCP + UDP
options NMBCLUSTERS=2048
options IPFORWARDING=1
options IPFORWSRCRT=0
config netbsd root on wd0a type ffs dumps on wd0b
mainbus0 at root
isa0 at mainbus0
lpt0 at isa0 port 0x378 irq 7 # standard PC parallel ports
wdc0 at isa0 port 0x1f0 irq 14 flags 0x00
wd0 at wdc0 channel 0 drive 0 flags 0x0000
pc0 at isa0 port 0x60 irq 1
com0 at isa0 port 0x3f8 irq 4 # Standard PC serial ports
com1 at isa0 port 0x2f8 irq 3
ep0 at isa0 port ? irq ?
ep1 at isa0 port ? irq ?
pseudo-device ipfilter # IP filter (firewall) and NAT
pseudo-device bpfilter 16
pseudo-device loop # network loopback
pseudo-device pty 8 # pseudo-terminals
pseudo-device rnd # /dev/random and in-kernel generator
pseudo-device tun 8 # IPv[46] over IPv[46] tunnel (RFC1933)