On Wed, 21 May 1997, Patrick Welche wrote:

> Eric K. Miller wrote:
> > 
> > Is there any way to use IP Masquerading with NetBSD?
> 
> I think you can do that using ipnat, though I am not sure of the exact
> form of the rule.
> 
> ipnat is definitely integrated into -current and I think is part of
> Darren Reed's ipfilter package which ISTR contains patches for 1.2.
> 
        There is a webpage for ipfilter at:
                http://coombs.anu.edu.au/~avalon/ip-filter.html

        Basically to setup ipnat you should need to:
            a) Have a dual homed host (eg: machine with ethernet and
	       modem)
            b) Number your internal machines on a reserved network
                   (eg 10.x.x.x).
            c) Run 'sysctl -w net.inet.ip.forwarding=1' so it will route.
            d) Ensure /etc/mygate on all other machines contains the
               internal network address of the dual homed host (which in
               the example would be of the form 10.x.x.x.
            e) On the dual homed host create an /etc/ipnat.conf file:
               map ppp0 10.0.0.0/8 -> X.X.X.X/32 portmap tcp/udp
	       10000:20000
                   (Where X.X.X.X is the address of your ppp0 interface,)
            f) On dual attached host ipnat -f /etc/ipnat.conf.

        Then just bring up the ppp link as normal, and try to telnet out
        or web browse from another machine.

        I use my with demand dialing, so telnetting from an internal
        machine will bring the link up automatically :)