Re: Configure NetBSD as a gateway for LAN hosts

To: John Nemeth <jnemeth%cue.bc.ca@localhost>
Subject: Re: Configure NetBSD as a gateway for LAN hosts
From: Rocky Hotas <rockyhotas%firemail.cc@localhost>
Date: Tue, 13 Oct 2020 12:01:17 +0200

On ott 12 13:55, John Nemeth wrote:

>      This is a very common configuration, so there is lots of
> documentation on the Internet about how to do it.  For NetBSD in
> particular, take a look at the Guide:
> 
> http://www.netbsd.org/docs/guide/en/
> http://www.netbsd.org/docs/guide/en/part-net.html

I had already checked out Section `IV. Networking and related issues',
but it seems sometimes to be outdated (for example, when speaking about
ipfilter) or without examples (I'll try to better explain this below).

>      Yes, you will need this, unless you have 'options GATEWAY' in
> your kernel config.

Ok! (I have a GENERIC, so I it's necessary).

> } - put `gateway_enable="YES"' in /etc/rc.conf.
> 
>      I don't know what the source of this is, but it doesn't do
> anything on NetBSD.

Oh, ok. It comes from:

 <http://daemonforums.org/showthread.php?p=69409>

>      You will need to use one of the packet filters in order to do
> NAT.  The example above is overkill for your needs (l2tp
[...]
> You would probably be better off starting with soho_gw-npf.conf

This is all very useful.

> Note
> that the examples in the Guide use ipfilter which will work for
> now, but will likely be deleted at some point.

This is why Section `24.5. Setting up an Internet gateway with IPNAT'
gave me only a partial help. I should use npf instead of ipnat, through
a normal Ethernet connection to the modem, instead of a PPP direct
connection with the ISP. There are several adaptations to be made for my
case I can't figure out.

>      No, assuming the standard ISP setup where you're provided with
> a single IPv4 address, a bridge won't work.

Yes, the modem has a single IPv4 address.

> See the Guide for how to configure routing.

The Guide deals with this in Section `23.5. Subnetting and Routing', but
only with a theoretical example, with no route(8) commands.

However, maybe I'm overlapping the roles of routing with the role of npf.

I probably have no difficulties in configuring the routing as regards the
netbsd_gateway host itself. Something like:

Internet:
Destination        Gateway            Flags    Refs      Use    Mtu
Interface
default            modem_IP           UG          -        -      -  NIC2
127/8              localhost          UGR         -        -  33624  lo0
localhost          lo0                UHl         -        -  33624  lo0
subnet2		   link#2             U           -        -      -  NIC2
subnet1		   link#1             UHl         -        -      -  NIC1

But when netbsd_gateway receives a packet from a host in subnet1, whose
destination is a remote host in the internet, how must it be instructed
to forward the packet to modem_IP through NIC2? With a routing table
entry, or with a rule (the `pass stateful out all' in soho_gw-npf.conf)
in npf?

Bye and thank you!

Rocky

Follow-Ups:
- Re: Configure NetBSD as a gateway for LAN hosts
  - From: Martin Husemann

References:
- Re: Configure NetBSD as a gateway for LAN hosts
  - From: John Nemeth

Prev by Date: Re: Configure NetBSD as a gateway for LAN hosts
Next by Date: Re: Configure NetBSD as a gateway for LAN hosts
Previous by Thread: Re: Configure NetBSD as a gateway for LAN hosts
Next by Thread: Re: Configure NetBSD as a gateway for LAN hosts
Indexes:

Home | Main Index | Thread Index | Old Index