Re: Configure NetBSD as a gateway for LAN hosts

[Martin Husemann <martin%duskware.de@localhost>]

On Tue, Oct 13, 2020 at 12:01:17PM +0200, Rocky Hotas wrote:
> I probably have no difficulties in configuring the routing as regards the
> netbsd_gateway host itself. Something like:
> 
> Internet:
> Destination        Gateway            Flags    Refs      Use    Mtu
> Interface
> default            modem_IP           UG          -        -      -  NIC2
> 127/8              localhost          UGR         -        -  33624  lo0
> localhost          lo0                UHl         -        -  33624  lo0
> subnet2		   link#2             U           -        -      -  NIC2
> subnet1		   link#1             UHl         -        -      -  NIC1
> 
> But when netbsd_gateway receives a packet from a host in subnet1, whose
> destination is a remote host in the internet, how must it be instructed
> to forward the packet to modem_IP through NIC2?

With above routing table this should already happen - no concrete local subnet
matching, so it will pick "default".

> With a routing table
> entry, or with a rule (the `pass stateful out all' in soho_gw-npf.conf)
> in npf?

That rule does not change routing, it just allows the packet to go out,
and also creates a NAT state entry so any answers are allowed back in.

In general it is best to get packet flow working first and then start caring
about filtering, but with NAT this is tricky.

Martin