port-mac68k: Re: How-to IP NAT (masquerading)

Subject: Re: How-to IP NAT (masquerading)
To: Scott Reynolds <scottr@og.org>
From: Francis Peter <francisp@innet.be>
List: port-mac68k
Date: 07/21/1997 11:23:40
97/07/20 20:30 Scott Reynolds

>On Sun, 20 Jul 1997, Francis Peter wrote:
>
>> If I use the command ipnat -l, I can't see any active sessions:
>> /======================
>> List of active MAP/Redirect filters:
>> map ppp0 192.168.32.0/24 -> 194.7.7.92/32 portmap tcp/udp 10000:65000
>> 
>> List of active sessions:
>> [...]
>> For me it seems there is no Network Address Translation active.
>
>Did you realize that you need to enable ip_filter before NAT works?
>Edit the appropriate flag in /etc/rc.conf to start ipf, and create
>an appropriate filter configuration file.  My /etc/ipf.conf looks like
>this:
>
>---8<-----
>pass in from any to any
>pass out from any to any
>---8<-----
>
>This isn't documented particularly well, apparently.  Perhaps someone
>should file a PR about this, if they can confirm it...
>
>> If there 
>> is a NAT active, what is the output of ipnat -l? What will the List of 
>> active sessions be? Why is it not working in my configuration?
>
>It should look something like this:
>
>List of active MAP/Redirect filters:
>map ppp0 10.0.0.0/24  -> 206.242.16.156/32  portmap tcp/udp 1025:65535
>
>List of active sessions:
>MAP 10.0.0.2        1058  <- -> 206.242.16.156  1027  [199.249.167.180 88] 
>1198 0 d56d
>MAP 10.0.0.2        1058  <- -> 206.242.16.156  1026  [199.249.167.180 
>750] 1190 0 d56c
>
>> Yes, and the cards are working concurrently. This is my output from 
>> netstat -nr
>
>Excellent... I'll note that you're only enabling NAT on one of those
>networks, though.  I assume this was intentional.
>
>--scott
>
>

Thank you Scott, it is working now. Some applications like Anarchie 
aren't working. If I trey to connect to a server on the internet, I get 
an error like this one: 
/===============================
20 atlantis FTP server (Version wu-2.4(8) Sun May 28 15:48:44 EDT 1995) 
ready.
USER anonymous
331 Guest login ok, send your complete e-mail address as password.
PASS *****
230 Guest login ok, access restrictions apply.
PWD
257 "/" is current directory.
MACB E
500 'MACB E': command not understood.
TYPE A
200 Type set to A.
CWD /pub/updates
250 CWD command successful.
PORT 192,168,32,96,8,17
200 PORT command successful.
LIST
425 Can't build data connection: Connection timed out.
===============================/
What are your experiences with ipnat in the sense of what is working and 
what isn't working?
At the moment connecting to the mail server is OK and using Netscape is 
also OK even if you are connecting to a FTP server.
The purpose of my second ethernet card is to set-up a connection to a 
cable modem. For this I need some information on how to set-up the NetBSD 
system to connect to the DHCP server of the ISP. The next step is getting 
ipnat configured to route between ae0 and ae1 instead of routing between 
ae1 and ppp0.

Peter



                            ...
                           (o o)
_______________________oOO__(_)__OOo__________________________________
Francis Peter                 e-mail internet: francisp@innet.be          
Beverijstraat 8                                francisp@knoware.nl      
B 9180 Moerbeke-Waas               CompuServe: 100073,1633
Belgium                       Phone +32 (0) 9 346 67 94