Re: Configure NetBSD as a gateway for LAN hosts

[Rocky Hotas <rockyhotas%firemail.cc@localhost>]

On ott 13 12:08, Martin Husemann wrote:
> With above routing table this should already happen - no concrete local subnet
> matching, so it will pick "default".

Yes, I tried and it does!

> > With a routing table
> > entry, or with a rule (the `pass stateful out all' in soho_gw-npf.conf)
> > in npf?
> 
> That rule does not change routing, it just allows the packet to go out,
> and also creates a NAT state entry so any answers are allowed back in.

I checked npf.conf(5) and also

 <http://rmind.github.io/npf/configuration.html>

but I wasn't able to determine this. Thank you, it is exactly as you
said: I tried with ssh, ping and also a random client/server
communication in a random port with nc(1).

> In general it is best to get packet flow working first and then start caring
> about filtering, but with NAT this is tricky.

Why is this tricky with NAT? Because when a request exits from the
gateway, it exits from a port determined by the NAT, but when the answer gets
back to the gateway, it is hard to recognize it?

I still can't figure it out.

If you think there's a better way, let me know. Also, so far, I still
didn't try with the `map' keyword in npf.com (which I thought was the
only way to perform NAT).

Thanks a lot!

Rocky