on 3/1/99 9:57 PM, Frederick Bruckman was rumored to have said...

>On Mon, 1 Mar 1999, Greg Evans wrote:
>
>> on 3/1/99 6:59 PM, Dr. Bill Studenmund was rumored to have said...
>> 
>> >On Mon, 1 Mar 1999, Greg Evans wrote:
>> >
>> >> Well...had to give it a shot anyway since the mac can't seem to
reach the 
>> >> router as is...
>> >
>> >You do have all the right bits compiled in your kernel, don't you (I'm
not
>> >sure what exactly those bits are right now, I've never gotten ipnat to
>> >work for me..)?
>> 
>> I have no clue, I just reinstalled averyhting and am usingthe
GenericSBC 
>> kernelthat came with 1.3.3 ;)
>
>You need options GATEWAY and PFIL_HOOKS. 
>`sysctl net.inet.ip.forwarding' should say "... = 1". 

ok that matches up...


>Also try
>`/usr/sbin/sysctl -w net.inet.tcp.rfc1323=0', 

this returned

net.inet.tcp.rfc1323: 1 -> 0

Care to explain exactly what this one is for me.....???


>and 
>`/sbin/route add 192.168.1.1 localhost -iface'. You would normally put
>those two commands in etc/netstart.local. 

this returned 

writing to routing socket: File exists
add host 192.168.1.1: gateway localhost: file exists

>
>Run `ipfstat' to make sure the filter came up; you should expect to
>see many packets "passed", and none "blocked." Additionally, you
>should have a line in /var/log/messages similar to the following:
>
>Mar  1 13:12:36 corwin /netbsd: IP Filter: initialized.  Default =
>pass all, Logging = disabled

have  aline exactly like that except that corwin is replaced by krakatau


>
>If it didn't come up, you would probably get a "device not
>configured," and perhaps an error in /var/log/messages. This may be
>fixed in 1.3.3, but in 1.3.2(?), you had to `touch /etc/ipf.conf' so
>the ipfilter would intialize. You also needed to explicitly enable
>ipfilter in rc.conf. 

ipfilter=YES ;)

>In -current, you don't need to do this; it's all
>implied by ipnat=YES. Next, `ipnat -l' should echo the rules you
>entered in ipnat.conf, something like

I believe this is where the problem lies...when I do a ipnat -l, I get:

List of active MAP/Redirect filters:

List of active sessions:

obviously _not_ what I should be seeing.....

(please send any responses to gevans@hcvn.com as I will be trying to
keepthe un*x box connected)
>
>List of active MAP/Redirect filters:
>map ppp0 192.168.1.0/24 -> 216.164.32.41 portmap tcp/udp 40000:60000
>map ppp0 192.168.1.0/24 -> 216.164.32.41 portmap tcp/udp
>
>The "List of active sessions:" should be empty until you start sending
>packets to the outside from 192.168.1.1. This is what I see as soon
>as a start to open a telnet session from my other box:
>
>List of active sessions:
>MAP 192.168.101.2   2051  <- -> 207.229.133.236 40001 [207.229.143.6 23]
>MAP 192.168.101.2   32768 <- -> 207.229.133.236 40000 [207.229.143.2 53]
>
>I hope that helps.
>
>