Subject: Re: How-to IP NAT (masquerading)
To: NetBSD List <port-mac68k@NetBSD.ORG>
From: Francis Peter <francisp@innet.be>
List: port-mac68k
Date: 07/12/1997 15:23:26
97/07/10 23:11 Scott Reynolds
>On Tue, 8 Jul 1997, Charles Sebold wrote:
>
>> >Q: Could this be done at boot time by using:
>> > map ppp0 192.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp 10000:65000
>> > map ppp0 192.168.1.0/24 -> 0.0.0.0/32
>>
>> I don't think so, since the whole point of this rule is to convert the fake
>> address (192.168.1.x) to an address that will work when sent to the
>> internet.
>
>if you are using PPP, which of course you are in this case, there is a
>better way.
>
>---[/etc/ipnat.tmpl]---
># map all connections from 10.0.0.0/24 to @IPADDR@
>map @IFACE@ 10.0.0.0/24 -> @IPADDR@/32 portmap tcp/udp 1025:65535
>
>---[/etc/ppp/ip-up]---
>#!/bin/sh
>sed -e "s/@IFACE@/$1/" -e "s/@IPADDR@/$4/" </etc/ipnat.tmpl >/etc/ipnat.conf
>/usr/sbin/ipnat -C -f /etc/ipnat.conf
>
>This works regardless of whether you have a static or dynamic IP address.
>It's cool. :-)
>
>>>Q: What does your routing table look like?
>>>This seems to be the part I am struggling with. If I set the default route
>>>at start up as my BSD box or as local host, things local work fine but when
>>>PPP starts I don't have a route from my gateway there my ISP's gateway.
>> Actually, I have had trouble with this too, since NetBSD seems to be
>> unwilling to route things through ppp0 when it has ae0 configured as an
>> inet network.
>
>The `defaultroute' option works fine for me. The relevant options in my
>/etc/ppp/options file are:
>
>defaultroute
>noipdefault
>ipcp-accept-local
>
>Also, the kernel you are using must have the GATEWAY option. GENERIC
>kernels are compiled this way.
>
>--scott
Hi,
I'm also interested in getting IP-NAT to work on my Mac Cx. On my Mac Cx
I have two Ethernet interfaces one at ae0 IP# 192.168.31.1 and ae1 IP#
192.168.32.98. I have compiled a kernel with the IP Filter options. The
source for my kernel comes from the 970601 -current dir. IP Filtering is
working and netatalk is also working, but IP-Nat is not working. Is it
possible that the source from 970601 -current is not capable of allowing
IP-NAT? The kernel version is 1.2F.
What kernel are you using?
My pppd options and setup is:
My /etc/ppp/options file is :
-----8<---------------------------------------
passive
crtscts
defaultroute
noipdefault
ipcp-accept-local
lock
lcp-echo-interval 30
lcp-echo-failure 10
netmask 255.255.255.0
domain innet.be
mtu 1500
name ******
disconnect /etc/ppp/ppp-down
-----8<---------------------------------------
My /etc/ppp/ppp-up file is :
-----8<---------------------------------------
#!/bin/sh
# ppp-up - start pppd
#
/usr/sbin/pppd /dev/tty00 19200 connect '/usr/sbin/chat -v ABORT "NO
CARRIER" ABORT BUSY "" ATZ OK ATDT######## CONNECT "" ogin: ******
ssword: *******' crtscts defaultroute noipdefault modem
-----8<---------------------------------------
My /etc/ppp/ip-up file is :
-----8<---------------------------------------
#!/bin/sh
sed -e "s/@IFACE@/$1/" -e "s/@IPADDR@/$4/" </etc/ipnat.tmp|
>/etc/ipnat.conf
/usr/sbin/ipnat -C -f /etc/ipnat.conf
-----8<---------------------------------------
My /etc/ppp/ppp-down file is :
-----8<---------------------------------------
#!/bin/sh
p=`cd /proc; grep -l '^pppd' */status | sed 's,^\([0-9]*\)/.*$,\1,'`
#
if [ -n "$p" ]; then
echo -n killing pppd...
kill $p
echo done
else
echo ppp already is down 1>&2
fi
-----8<---------------------------------------
My /etc/ipnat.tmp file is :
-----8<---------------------------------------
# map all connections from 192.168.32.0/24 to @IPADDR@
map @IFACE@ 192.168.32.0/24 -> @IPADDR@/32 portmap tcp/udp 10000:65000
-----8<---------------------------------------
>>>Also, as another little side project, I wanted to setup DNS. I have it
>>>working internal, but do you know how to configure it to look at my ISP's
>>>DNS if it can't resolve it locally?
My resolv.conf file is :
-----8<---------------------------------------
# /etc/resolv.conf
# Our domain
domain netlogic.be
#
# We use maccx2 as central nameserver:
nameserver 192.168.32.98
#
# We use innet.be as nameserver for the net:
nameserver 194.7.1.4
nameserver 194.7.1.2
#
# We use the nameserver for compuserve
nameserver 149.174.211.5
#
# We use the nameserver for knoware
nameserver 193.78.120.3
-----8<---------------------------------------
My /etc/named.boot file:
-----8<---------------------------------------
; @(#)named.boot 5.1 (Berkeley) 6/30/90
; boot file for secondary name server
; Note that there should be one primary entry for each SOA record.
; sortlist 128.3.0.0
directory /etc/namedb
; type domain source host/file backup file
cache . named.ca
primary netlogic.be named.hosts
primary 0.0.127.IN-ADDR.ARPA named.local
primary 32.168.192.IN-ADDR.ARPA named.rev
; example secondary server config:
; secondary Berkeley.EDU 128.32.130.11 128.32.133.1 ucbhosts.bak
; secondary 32.128.IN-ADDR.ARPA 128.32.130.11
128.32.133.1 ucbhosts.rev.bak
; example primary server config:
; primary Berkeley.EDU ucbhosts
; primary 32.128.IN-ADDR.ARPA ucbhosts.rev
-----8<---------------------------------------
My /et/namedb/named.ca file:
-----8<---------------------------------------
; $NetBSD: root.cache,v 1.5 1995/11/27 15:11:33 perry Exp $
;
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC registration services
; under anonymous FTP as
; file /domain/named.root
; on server FTP.RS.INTERNIC.NET
; -OR- under Gopher at RS.INTERNIC.NET
; under menu InterNIC Registration Services (NSI)
; submenu InterNIC Registration Archives
; file named.root
;
; last update: Nov 8, 1995
; related version of root zone: 1995110800
;
;
; formerly NS.INTERNIC.NET
;
;. 3600000 IN NS A.ROOT-SERVERS.NET.
;A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
;. 3600000 NS B.ROOT-SERVERS.NET.
;B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
;
; formerly C.PSI.NET
;
;. 3600000 NS C.ROOT-SERVERS.NET.
;C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
;. 3600000 NS D.ROOT-SERVERS.NET.
;D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
;. 3600000 NS E.ROOT-SERVERS.NET.
;E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
;. 3600000 NS F.ROOT-SERVERS.NET.
;F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
;. 3600000 NS G.ROOT-SERVERS.NET.
;G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
;. 3600000 NS H.ROOT-SERVERS.NET.
;H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
;. 3600000 NS I.ROOT-SERVERS.NET.
;I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
; End of File
-----8<---------------------------------------
My /etc/namedb/named.hosts file:
-----8<---------------------------------------
; @(#)/etc/namedb/named.hosts 1 (frapcom) 6/30/97
;
@ IN SOA maccx2.netlogic.be. francisp.netlogic.be. (
16 ; Serial
86400 ; Refresh: once per day
3600 ; Retry: one hour
3600000 ; Expire: 42 days
604800 ; Minimum: 1 week
)
IN NS maccx2.netlogic.be.
;
; local mail is distributed on maccx2
IN MX 10 maccx2
;
; loopback address
localhost IN A 127.0.0.1
; NetLogic Ethernet
maccx2 IN A 192.168.32.98
maccx1 IN A 192.168.32.97
macse IN A 192.168.32.92
macci IN A 192.168.32.94
ppc8100-80 IN A 192.168.32.96
;
; maccx2 is also mail, news, web, ftp and pop3 server
;
news IN CNAME maccx2
ftp IN CNAME maccx2
www IN CNAME maccx2
mail IN CNAME maccx2
pop3 IN CNAME maccx2
-----8<---------------------------------------
My /etc/namedb/named.local file:
-----8<---------------------------------------
; @(#)/etc/namedb/named.local 1 (frapcom) 6/30/97
;
@ IN SOA maccx2.netlogic.be. francisp.netlogic.be. (
1 ; Serial
360000 ; Refresh: 100 hrs
3600 ; Retry: one hour
3600000 ; Expire: 42 days
360000 ; Minimum: 100 hrs
)
IN NS maccx2.netlogic.be.
1 IN PTR localhost.
-----8<---------------------------------------
My /etc/namedb/named.rev file:
-----8<---------------------------------------
; @(#)/etc/namedb/named.hosts 1 (frapcom) 6/30/97
;
@ IN SOA maccx2.netlogic.be. francisp.netlogic.be. (
16 ; Serial
86400 ; Refresh: once per day
3600 ; Retry: one hour
3600000 ; Expire: 42 days
604800 ; Minimum: 1 week
)
IN NS maccx2.netlogic.be.
;
; frapcom Ethernet
98 IN PTR maccx2.netlogic.be.
97 IN PTR maccx1.netlogic.be.
92 IN PTR macse.netlogic.be.
94 IN PTR macci.netlogic.be.
96 IN PTR ppc8100-80.netlogic.be.
-----8<---------------------------------------
...
(o o)
_______________________oOO__(_)__OOo__________________________________
Francis Peter e-mail internet: francisp@innet.be
Beverijstraat 8 francisp@knoware.nl
B 9180 Moerbeke-Waas CompuServe: 100073,1633
Belgium Phone +32 (0) 9 346 67 94