netbsd-help: Re: Problems getting IPNAT to work

Subject: Re: Problems getting IPNAT to work
To: Tim Rightnour <root@garbled.net>
From: William O Ferry <WOFerry+@CMU.EDU>
List: netbsd-help
Date: 06/08/1998 01:14:33
Excerpts from internet.computing.netbsd.netbsd-help: 7-Jun-98 RE:
Problems getting IPNAT .. by Tim Rightnour@garbled.ne 
> Actually, you need two things in your kernel:
>  
> options GATEWAY
> options IPFORARDING
>  
> the latter of which is mentioned in man 4 options, but is not in the 1.3
> GENERIC kernel.. I think they fixed this for 1.3.2, but I'm not sure.. Either
> way.. that should fix things up.

    I verified (using sysctl) that both of these options were already 1
on my system, so this does not appear to be the problem.  I am on the
machine now, so I can be more specific than I was in my last email:

Warp# ifconfig ppp0
[...] inet 207.172.160.171 --> 10.65.41.13 [...]
Warp# route show
[...]
default        10.65.41.13        UG
10.65.41.13    207-172-160-171.s4 UH
[...]
Warp# ipnat -l
List of active MAP/Redirect filters:
map ppp0 192.168.42.0/24  -> 207.172.160.171/32  portmap tcp/udp 10000:40000
map ppp0 192.168.42.0/24  -> 207.172.160.171/32

List of active sessions:
Warp# ipfstat
[all 0's, no matter how much activity I do on other internal machines]

Again the kernel was built with IPFORWARD and GATEWAY set, and both of
the listed sysctl variables were already set to 1.  Any host on the
network is accessible from Warp, but the other internal machines can
only access machines in the network and 207.172.160.171 (but not
10.65.41.13 or any other machines on the internet.

    I am downloading -current sources and will rebuild my libraries /
ipnat foo to make sure that it is not a problem with the kernel/binary
version mismatch.

    If you see any problems with the above I'd greatly appreciate
knowing where I screwed up.  One person told me that I also need to be
running ipf(8), but I have no clue what arguments I would have to give
it, running it by itself seems to have no effect.  Thanks again.

                                                          Will Ferry

------------------------------------------------------------------------
 William O Ferry  <woferry@CMU.EDU> | finger: woferry@Light.RES.CMU.EDU
 http://light.res.cmu.edu/~woferry/ | talk:   finger for online status
------------------------------------------------------------------------