port-mac68k: Re: How-to IP NAT (masquerading)

Subject: Re: How-to IP NAT (masquerading)
To: None <port-mac68k@NetBSD.ORG>
From: Charles Sebold <pretender@macstore.com>
List: port-mac68k
Date: 07/08/1997 10:10:20
>>Put the following into a text file (I called mine /etc/nat.rules, you can
>>do what you like):
>>
>>map ppp0 192.168.1.0/24 -> xxx.xxx.xxx.xxx/32 portmap tcp/udp 10000:65000
>>map ppp0 192.168.1.0/24 -> xxx.xxx.xxx.xxx/32
>
>Q: Could this be done at boot time by using:
>	map ppp0 192.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp 10000:65000
>	map ppp0 192.168.1.0/24 -> 0.0.0.0/32

I don't think so, since the whole point of this rule is to convert the fake
address (192.168.1.x) to an address that will work when sent to the
internet.  I haven't tried it yet, though.  The only way I know of to
handle this on a dynamically allocated IP address is to put something at
the end of a ppp-up script (like Bill Studenmund's) that will grep for the
address (out of the routing table, perhaps) and substitute it for the
0.0.0.0 above.  Possible, but I haven't had time (when I take a NetBSD box
home to install it, you can bet I'll get it figured out, one way or
t'other).

>Q: What does your routing table look like?
>This seems to be the part I am struggling with.  If I set the default route
>at start up as my BSD box or as local host, things local work fine but when
>PPP starts I don't have a route from my gateway there my ISP's gateway.

Actually, I have had trouble with this too, since NetBSD seems to be
unwilling to route things through ppp0 when it has ae0 configured as an
inet network.  The defaultroute ppp option has never worked for me in these
cases; I always ended up manually entering a

route add default [remote IP address]

to get it to route properly.

Internet: [example]
Destination        Gateway            Flags     Refs     Use    Mtu  Interface
default            205.242.92.254     UGS         6     2609      -  ppp0
127.0.0.1          127.0.0.1          UH          2    32861      -  lo0
192.168.1          link#1             UC          0        0      -  ae0
192.168.1.1        00:00:94:04:a5:4a  UHL         1       24      -  lo0
192.168.1.5        link#1             UHL         2     4713      -  ae0
205.242.92.224     127.0.0.1          UH          0        0      -  lo0
205.242.92.254     205.242.92.224     UH          0        0      -  ppp0

>Also, as another little side project, I wanted to setup DNS.  I have it
>working internal, but do you know how to configure it to look at my ISP's
>DNS if it can't resolve it locally?

My named.boot file:

directory       /etc/namedb

cache           .                       root.cache
primary         petrarch.macstore.com   205.242.182.62 205.242.92.2

There's the one that works for me.  Make your root.cache the file you get
from ftp://ftp.rs.internic.net/pub/domain

I think it comes with a root.cache file already, you can use it, but it's
outdated in a couple of months, generally.

Hope this helps.

-----------------------------------------------
I                                             I
I Charles Sebold, Pontifex Macintosh          I
I CWW Computers, Inc.                         I
I 2497A Adie Rd.                              I
I St. Louis, MO  63043                        I
I WWW:   http://bronte.macstore.com/pretender I
I                                             I
I            La compagnie c'est moi.          I
I                                             I
-----------------------------------------------