port-mac68k: Re: How-to IP NAT (masquerading)

Subject: Re: How-to IP NAT (masquerading)
To: Scott Reynolds <scottr@og.org>
From: Francis Peter <francisp@innet.be>
List: port-mac68k
Date: 07/20/1997 14:56:52
97/07/19 17:47 Scott Reynolds

>On Sat, 12 Jul 1997, Francis Peter wrote:
>
>> I'm also interested in getting IP-NAT to work on my Mac Cx. On my Mac Cx 
>> I have two Ethernet interfaces one at ae0 IP# 192.168.31.1 and ae1 IP# 
>> 192.168.32.98. I have compiled a kernel with the IP Filter options. The 
>> source for my kernel comes from the 970601 -current dir. IP Filtering is 
>> working and netatalk is also working, but IP-Nat is not working. Is it 
>> possible that the source from 970601 -current is not capable of allowing 
>> IP-NAT?
>
>No, I've been using NAT since at least May, when I had a 1.2E kernel.
>I've had few (if any) troubles with it.  What, specifically, are you
>having a problem with?

The ipnat.conf is add after my ppp connection is up, I have a file 
ipnat.conf in my /etc dir. The contents of the file is : 
/======================
# map all connections from 192.168.32.0/24 to 194.7.7.92
map ppp0 192.168.32.0/24 -> 194.7.7.92/32 portmap tcp/udp 10000:65000
======================/
If I use the command ipnat -l, I can't see any active sessions:
/======================
List of active MAP/Redirect filters:
map ppp0 192.168.32.0/24 -> 194.7.7.92/32 portmap tcp/udp 10000:65000

List of active sessions:
======================/
If I use the tcpdump -i ppp0 command: I get following output on a ftp 
session to ftp.innet.be from my ppc8100-80 (IP#192.168.32.96) on the ae1 
network.
/======================
20:54:23.106458 ppc8100-80.netlogic.be.32768 > ns.INbe.net.domain: 5+ A? 
ftp.innet.be. (30) (DF)
20:54:23.438816 pmpool09-92.innet.be.1072 > ns.INbe.net.domain: 12422+ 
(40)
20:54:23.605816 ppc8100-80.netlogic.be.32768 > ns.INbe.net.domain: 5+ A? 
ftp.innet.be. (30) (DF)
20:54:23.951808 ns.INbe.net.domain > pmpool09-92.innet.be.1072: 12422* 
1/4/4 (224)
20:54:24.607648 ppc8100-80.netlogic.be.32768 > ns.INbe.net.domain: 5+ A? 
ftp.innet.be. (30) (DF)
20:54:25.020085 pmpool09-92.innet.be.1075 > ns.INbe.net.domain: 12424+ 
(41)
20:54:25.484375 ns.INbe.net.domain > pmpool09-92.innet.be.1075: 12424* 
1/2/2 (170)
20:54:26.609131 ppc8100-80.netlogic.be.32768 > ns.INbe.net.domain: 5+ A? 
ftp.innet.be. (30) (DF)
20:54:30.603872 ppc8100-80.netlogic.be.32768 > ns.INbe.net.domain: 5+ A? 
ftp.innet.be. (30) (DF)
20:54:33.767417 [|ip]
20:54:33.934594 [|ip]
20:54:38.602251 ppc8100-80.netlogic.be.32768 > nic.INbe.net.domain: 5+ A? 
ftp.innet.be. (30) (DF)
20:54:39.104161 ppc8100-80.netlogic.be.32768 > nic.INbe.net.domain: 5+ A? 
ftp.innet.be. (30) (DF)
20:54:39.534828 pmpool09-92.innet.be.1077 > ns.INbe.net.domain: 12425+ 
(40)
20:54:40.067308 ns.INbe.net.domain > pmpool09-92.innet.be.1077: 12425* 
1/4/4 (224)
20:54:40.105860 ppc8100-80.netlogic.be.32768 > nic.INbe.net.domain: 5+ A? 
ftp.innet.be. (30) (DF)
20:54:42.106430 ppc8100-80.netlogic.be.32768 > nic.INbe.net.domain: 5+ A? 
ftp.innet.be. (30) (DF)
20:54:46.103543 ppc8100-80.netlogic.be.32768 > nic.INbe.net.domain: 5+ A? 
ftp.innet.be. (30) (DF)
======================/
For me it seems there is no Network Address Translation active. If there 
is a NAT active, what is the output of ipnat -l? What will the List of 
active sessions be? Why is it not working in my configuration?

>> -----8<---------------------------------------
>> My /etc/ipnat.tmp file is :
>                ^^^
>This is a typo, right?  It should be `ipnat.tmpl'...

It's a typo.

>> -----8<---------------------------------------
>> # map all connections from 192.168.32.0/24 to @IPADDR@
>> map @IFACE@ 192.168.32.0/24 -> @IPADDR@/32 portmap tcp/udp 10000:65000
>
>So, you're using NAT to map only connections from the network attached to
>ae1, then?  Also, do you have both Ethernet cards working concurrently?

Yes, and the cards are working concurrently. This is my output from 
netstat -nr
/======================
Routing tables

Internet:
Destination        Gateway            Flags     Refs     Use    Mtu  
Interface
default            194.7.7.7          UG          1       45      -  ppp0
127.0.0.1          127.0.0.1          UH          0        0      -  lo0
192.168.31         link#1             UC          0        0      -  ae0
192.168.31.1       02:60:8c:83:89:29  UHL         1       24      -  lo0
192.168.32         link#2             UC          0        0      -  ae1
192.168.32.96      08:00:07:8e:04:25  UHL         0       60      -  ae1
192.168.32.98      02:60:8c:08:cf:90  UHL         1       54      -  lo0
194.7.7.7          194.7.7.92         UH          1        0      -  ppp0

AppleTalk:
Destination        Gateway            Flags     Refs     Use    Mtu  
Interface
0.0                0.0                U           0       17      -  lo0
97.0               97.139             U           3       31      -  ae1
97.139             0.0                UH          1        4      -  lo0
1000.0             97.1               UG          1      277      -  ae1
======================/

Thanks,
Peter

                            ...
                           (o o)
_______________________oOO__(_)__OOo__________________________________
Francis Peter                 e-mail internet: francisp@innet.be          
Beverijstraat 8                                francisp@knoware.nl      
B 9180 Moerbeke-Waas               CompuServe: 100073,1633
Belgium                       Phone +32 (0) 9 346 67 94