>At 11:09 PM -0800 11/4/98, Mark de Jong wrote:
>>Is there anyway to use IP-Nat on NetBSD without the need for two ethernet
>>cards?
>
>That's an interesting question.  Nobody has proposed doing it this way, but
>maybe. . .

Proposed?  Maybe not.  Done?  Yes.  I do it currently with my Sparc running
NetBSD - though not with a cable modem.  I do it with DSL - but the two
should be fairly similar.

>First get everything working with the cable modem to the *BSD Mac under MacOS.
>
>Then get it working under *BSD using DHCP.
>
>Then you get to the unknown part:

>It is possible to have a single interface understand two different IP
>addresses.  I believe man ifaliases is the place to look;  also man
>ifconfig.  It may be possible to have your single interface understand both
>the DHCP address and some local address range like 192.168.1.x.  Make sure
>the default route is through the cable modem (and the corresponding IP
>number).  The machine should route the 192... addresses correctly since
>that is a more specific route than the default.

Exactly.  As far as I can tell, the format of the ifaliases file is exactly
the same as ifconfig.  Also, I don't know if this is necessary, but I did
it anyway - the dhclient.conf file allows a section for aliases in which
one is able to add a static ip as well as the dynamic ip.  In my case, the
ethernet interface is le0 - and the section at the end of my dhclient.conf
is
alias {
  interface "le0";
  fixed-address 10.0.0.25;
  option subnet-mask 255.255.255.0;
      }

ifaliases reads:
10.0.0.25    le0    255.255.255.0

The last part is to setup IPNAT, but that will be easy.  Just use the
examples provided for dialup connections with dynamic addresses as your
guide.  My ipnat.conf currently is very simple -
map le0 10.0.0.0/24 -> 0.0.0.0/32 portmap tcp/udp 20000:40000

I have plans also, as an experiment, to try adding ways to get to other
computers on my network via port translation (i.e. if you go to the dynamic
address:10040 it will bounce you over to... say, port 80 on one of my other
computers).  Could someone else with some NAT experience let me know if
this will be possible?

>As long as the aliases are correctly understood by the system the absence
>of real distinct hardware should not prevent the network code from doing
>what you want.  The ringer for me is what DHCP does.  I have no expeience
>there and no Cable modem to try it out on.

The only real caveat I'd have is that this is very wasteful of local
bandwidth.  If the cable modem truly operates at the advertised 20mb/s, and
your local network is only 10mb/s, the best possible throughput you'll see
from any computer other than the one running NAT is 5mb/s, as every single
packet will be sent out twice - once with its real address and once with
its translated address.  For me, that's no problem - I'm only dealing with
256kb/s.  Even doubled, that's only 1/20 of my total bandwidth.

-Dan