port-macppc: Re: Does NAT only work with PPP?

Subject: Re: Does NAT only work with PPP?
To: Henry B. Hotz <hotz@jpl.nasa.gov>
From: Bill Studenmund <wrstuden@zembu.com>
List: port-macppc
Date: 01/19/2001 12:50:58
On Fri, 19 Jan 2001, Henry B. Hotz wrote:

> OK that's probably not the right question since there must be a bunch 
> of DSL'ers who are doing something similar.  I'm trying to use NAT on 
> an Mac 7500 with a PCI D-Link Ehternet card as well as the built-in. 
> Modifying one of the example files I now have:
> 
> macbsd# ipnat -l
> List of active MAP/Redirect filters:
> map rtk0 192.168.5.0/24  -> 137.78.218.53/32  portmap tcp/udp 40000:60000
> map rtk0 192.168.5.0/24  -> 137.78.218.53/32
> map rtk0 192.168.5.0/24  -> 137.78.218.53/32  proxy port ftp ftp/tcp
> 
> List of active sessions:
> macbsd# uname -a
> NetBSD macbsd 1.5_ALPHA NetBSD 1.5_ALPHA (GENERIC) #8: Thu Jun 22 
> 10:44:11 PDT 2000     matt@yosemite.local:/other/kobj/macppc/GENERIC 
> macppc
> macbsd# ifconfig -a
> rtk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>          address: 00:50:ba:43:d2:77
>          media: Ethernet autoselect (100baseTX full-duplex)
>          status: active
>          inet 137.78.218.53 netmask 0xffffff00 broadcast 137.78.218.255
>          inet6 fe80::250:baff:fe43:d277%rtk0 prefixlen 64 scopeid 0x1
> mc0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>          address: 00:a0:40:20:f6:61
>          media: Ethernet manual
>          inet 192.168.5.1 netmask 0xffffff00 broadcast 192.168.5.255
>          inet6 fe80::2a0:40ff:fe20:f661%mc0 prefixlen 64 scopeid 0x2
> lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 32972
>          inet 127.0.0.1 netmask 0xff000000
>          inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
>          inet6 ::1 prefixlen 128
> ....
> 
> I can ping this box from either interface, but I can't ping through 
> it from the 192.168.. subnet on mc0.  I'm fairly sure that I tried 
> pinging the 137.78.218.53 address from there as well and it worked. 
> (Will double check.)
> 
> Either I'm doing something obvious and stupid or else I just need to 
> upgrade to 1.5.  I wanted to get a similar box working on the subnet 
> first, but I can't do the install there the way I intended without 
> getting NAT going first.

That should be working. Except for the ftp proxy line and the different
external IP, it looks like my setup. Do you have net.inet.ip.forwarding=1
set in /etc/sysctl (assuming a 1.5 /etc setup) ?

Take care,

Bill