netbsd-help: Re: gateway with IPNAT

Subject: Re: gateway with IPNAT
To: Vojko Kercan <vojkokercan@gmail.com>
From: matt <stirfrey@gmail.com>
List: netbsd-help
Date: 02/08/2006 20:51:45
Vojko Kercan wrote:
> After reading the manuals, forums and mailing lists...I still haven't
> found what is wrong with my IPNAT configuration. Hopefully...somebody
> will know what I have missed.
>
> Objective: set up a gateway machine to share a single internet connection
> Gateway: NetBSD 3.0 i386
> Clients: Linux, Win
>
> (1) Gateway settings
>
> NIC 1 - rtk1 - connected to ISP via DHCP
> NIC 2 - rtk0 - connected to internal network via switch
>
> /etc/ifconfig.xxN
> rtk1: !dhclient $int
> rtk0: inet 10.0.0.1 netmask 0xffffff00
>
> ifconfig output
> rtk1: inet 213.143.79.9 netmask 0xffffff00 broadcast 213.143.79.255
> rtk0: inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
>
> /etc/ipf.conf
> pass in from any to any
> pass out from any to any
>
> /etc/ipnat.conf
> map rtk1 10.0.0.0/24 -> 213.143.79.9/32 proxy port ftp ftp/tcp
> map rtk1 10.0.0.0/24 -> 213.143.79.9/32 portmap tcp/udp 40000:60000
> map rtk1 10.0.0.0/24 -> 213.143.79.9/32
>
> /etc/sysctl.conf
> net.inet.ip.forwarding=1
>
> /etc/rc.conf
> ipfilter=YES
> ipnat=YES
>
> (2) Client settings
>
> IP: 10.0.0.2
> Gateway: 10.0.0.1
>
> Of course, gateway can access the internet, and ping gateway < - >
> client works OK, yet internet is still not available on client
> machine.
>
> What did I miss?
>
> Many thanx in advance, Vojko.
>
>   
The only thing that jumps out at me is that rtk1 appears to be getting a 
dhcp address. Right? I've never specified it that way so if I'm wrong 
let me know. Anyway, then I see that in your ipnat rules your specifying 
the IP that has been assigned via dhcp. Try changing

map rtk1 10.0.0.0/24 -> 213.143.79.9/32 proxy port ftp ftp/tcp
map rtk1 10.0.0.0/24 -> 213.143.79.9/32 portmap tcp/udp 40000:60000
map rtk1 10.0.0.0/24 -> 213.143.79.9/32

To,

map rtk1 10.0.0.0/24 -> 0/32 proxy port ftp ftp/tcp
map rtk1 10.0.0.0/24 -> 0/32 portmap tcp/udp 40000:60000
map rtk1 10.0.0.0/24 -> 0/32

If nothing else your router will be able to have its IP change and not 
need to be reconfigured.

Also try typing in "sysctl net.inet.ip.forwarding", and make sure that 
it comes back as "1". If not then that setting isn't taking for some 
reason. The last thing you could do is run a tcpdump on your interfaces 
and see if the request is getting passed but blocked or dropped for some 
reason. Also, "ipnat -s" might give some useful information. I don't 
know what most of the info means, but someone else might have an idea.

Matt