port-macppc: Re: NAT Question

Subject: Re: NAT Question
To: Daniel Eggert <danieleggert@mac.com>
From: Jeff <jeff@praeclara.com>
List: port-macppc
Date: 10/10/2002 15:38:44
On Thursday, October 10, 2002, at 03:27 PM, Daniel Eggert wrote:

>
> On torsdag, okt 10, 2002, at 17:11 Europe/Copenhagen, Jeff wrote:
>
>>
>>
>> My ipnat question is pretty straightforward.  I know that you're not
>> _supposed_ to do this, but I want to anyway.  How does one (or can 
>> one)
>> use a box with only 1 NIC (and one static IP) to accomplish network
>> address
>> and port forwarding on NetBSD?  I've searched high and low, and I've 
>> read
>> all the docs I could find (there's a _lot_).  But they all explain the
>> ipnat procedure with 2 NICs.
>>
>> Anyone want to point me to a how-to or doc?  Or just tell me?  I'm 
>> pretty
>> sure it's an easy task, as I was able to do it with one or two 
>> commands
>> on OS X
>> and LinuxPPC.
>
> I'm not at all sure, but I can't see, why the following shouldn't 
> work. Put this inside your ipnat.rules (the file for ipnat to read).
>
> map de0 192.168.0.0/16 -> aa.bb.cc.dd/32 portmap tcp/udp 20000:30000
> map de0 192.168.0.0/16 -> aa.bb.cc.dd/32
>
> Where (obviously) you'd replace 'aa.bb.cc.dd' with you external ip and 
> 'de0' with you nic name (run 'ifconfig -a').

I did something quite similar without success:

ipf.conf had pass in from any to any and pass out from any to any.

ipnat.conf had

map bm0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp
map bm0 192.168.1.0/24 -> 0/32 portmap tcp/udp 40000:60000
map bm0 192.168.1.0/24 -> 0/32

I also edited rc.conf to start ipfilter and ipnat.
And I checked to be sure sysctl had ipfrowarding=1
I also added an alias to bm0 (ifconfig bm0 192.168.1.1 alias)

With the above setup, I could ping the netbsd box and ping the 
192.168.x.x box from the NetBSD box.  But the 192.168 box would not go 
out to the net.

I am suspecting it's either a wrong netmask or a wrong device.  I'm 
using pppoe to connect to the internet from the NetBSD box.  The 
results of ifconfig -a show me that
the alias is there for the bm0.  But it also shows that the ppp0 device 
is the one that is assigned the real IP addy via pppoe.

So I'm stumped.  Am I doing to much?  Remember, I only have one NIC on 
the NetBSD box: bm0

Thank you for the reply and for any further advice.
I'm at a loss...

Jeff