netbsd-help: Re: gateway with IPNAT

Subject: Re: gateway with IPNAT
To: matt <stirfrey@gmail.com>
From: Vojko Kercan <vojkokercan@gmail.com>
List: netbsd-help
Date: 02/09/2006 19:47:37
Yes...you are right...rtk1 is getting a DHCP address. I've tried
changing /etc/ipnat.conf, but it did not yield success.

Here is the output of sysctl, so the forwarding is enabled:
# sysctl net.inet.ip.forwarding
net.inet.ip.forwarding =3D 1

I can't read also the content of tcpdump...so here it is. This is an
output when I try to ping Google at my client machine.

---------------------------------------------------------------------------=
---------------

# tcpdump -v
tcpdump: listening on rtk0, link-type EN10MB (Ethernet), capture size 96 by=
tes

19:42:09.393727 IP (tos 0x0, ttl 128, id 115, offset 0, flags [none],
length: 78) 10.0.0.2.netbios-ns > 10.0.0.255.netbios-ns: [udp sum ok]
NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

19:42:10.138950 IP (tos 0x0, ttl 128, id 116, offset 0, flags [none],
length: 78) 10.0.0.2.netbios-ns > 10.0.0.255.netbios-ns: [udp sum ok]
NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

19:42:10.890086 IP (tos 0x0, ttl 128, id 117, offset 0, flags [none],
length: 78) 10.0.0.2.netbios-ns > 10.0.0.255.netbios-ns: [udp sum ok]
NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

---------------------------------------------------------------------------=
---------------

# tcpdump -vv

tcpdump: listening on rtk0, link-type EN10MB (Ethernet), capture size 96 by=
tes
19:45:48.564409 IP (tos 0x0, ttl 128, id 121, offset 0, flags [none],
length: 78) 10.0.0.2.netbios-ns > 10.0.0.255.netbios-ns: [udp sum ok]
>>> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
TrnID=3D0x803D
OpCode=3D0
NmFlags=3D0x11
Rcode=3D0
QueryCount=3D1
AnswerCount=3D0
AuthorityCount=3D0
AddressRecCount=3D0
QuestionRecords:
Name=3DWWW.GOOGLE.COM  NameType=3D0x00 (Workstation)
QuestionType=3D0x20
QuestionClass=3D0x1

19:45:49.310134 IP (tos 0x0, ttl 128, id 122, offset 0, flags [none],
length: 78) 10.0.0.2.netbios-ns > 10.0.0.255.netbios-ns: [udp sum ok]
>>> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
TrnID=3D0x803D
OpCode=3D0
NmFlags=3D0x11
Rcode=3D0
QueryCount=3D1
AnswerCount=3D0
AuthorityCount=3D0
AddressRecCount=3D0
QuestionRecords:
Name=3DWWW.GOOGLE.COM  NameType=3D0x00 (Workstation)
QuestionType=3D0x20
QuestionClass=3D0x1

19:45:50.061238 IP (tos 0x0, ttl 128, id 123, offset 0, flags [none],
length: 78) 10.0.0.2.netbios-ns > 10.0.0.255.netbios-ns: [udp sum ok]
>>> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
TrnID=3D0x803D
OpCode=3D0
NmFlags=3D0x11
Rcode=3D0
QueryCount=3D1
AnswerCount=3D0
AuthorityCount=3D0
AddressRecCount=3D0
QuestionRecords:
Name=3DWWW.GOOGLE.COM  NameType=3D0x00 (Workstation)
QuestionType=3D0x20
QuestionClass=3D0x1

---------------------------------------------------------------------------=
---------------

Here is also ipnat -s output

# ipnat -s
mapped  in      0       out     0
added   0       expired 0
no memory       0       bad nat 0
inuse   0
rules   3
wilds   0

Hopefully this will help.

Vojko


On 09/02/06, matt <stirfrey@gmail.com> wrote:
> Vojko Kercan wrote:
> > After reading the manuals, forums and mailing lists...I still haven't
> > found what is wrong with my IPNAT configuration. Hopefully...somebody
> > will know what I have missed.
> >
> > Objective: set up a gateway machine to share a single internet connecti=
on
> > Gateway: NetBSD 3.0 i386
> > Clients: Linux, Win
> >
> > (1) Gateway settings
> >
> > NIC 1 - rtk1 - connected to ISP via DHCP
> > NIC 2 - rtk0 - connected to internal network via switch
> >
> > /etc/ifconfig.xxN
> > rtk1: !dhclient $int
> > rtk0: inet 10.0.0.1 netmask 0xffffff00
> >
> > ifconfig output
> > rtk1: inet 213.143.79.9 netmask 0xffffff00 broadcast 213.143.79.255
> > rtk0: inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
> >
> > /etc/ipf.conf
> > pass in from any to any
> > pass out from any to any
> >
> > /etc/ipnat.conf
> > map rtk1 10.0.0.0/24 -> 213.143.79.9/32 proxy port ftp ftp/tcp
> > map rtk1 10.0.0.0/24 -> 213.143.79.9/32 portmap tcp/udp 40000:60000
> > map rtk1 10.0.0.0/24 -> 213.143.79.9/32
> >
> > /etc/sysctl.conf
> > net.inet.ip.forwarding=3D1
> >
> > /etc/rc.conf
> > ipfilter=3DYES
> > ipnat=3DYES
> >
> > (2) Client settings
> >
> > IP: 10.0.0.2
> > Gateway: 10.0.0.1
> >
> > Of course, gateway can access the internet, and ping gateway < - >
> > client works OK, yet internet is still not available on client
> > machine.
> >
> > What did I miss?
> >
> > Many thanx in advance, Vojko.
> >
> >
> The only thing that jumps out at me is that rtk1 appears to be getting a
> dhcp address. Right? I've never specified it that way so if I'm wrong
> let me know. Anyway, then I see that in your ipnat rules your specifying
> the IP that has been assigned via dhcp. Try changing
>
> map rtk1 10.0.0.0/24 -> 213.143.79.9/32 proxy port ftp ftp/tcp
> map rtk1 10.0.0.0/24 -> 213.143.79.9/32 portmap tcp/udp 40000:60000
> map rtk1 10.0.0.0/24 -> 213.143.79.9/32
>
> To,
>
> map rtk1 10.0.0.0/24 -> 0/32 proxy port ftp ftp/tcp
> map rtk1 10.0.0.0/24 -> 0/32 portmap tcp/udp 40000:60000
> map rtk1 10.0.0.0/24 -> 0/32
>
> If nothing else your router will be able to have its IP change and not
> need to be reconfigured.
>
> Also try typing in "sysctl net.inet.ip.forwarding", and make sure that
> it comes back as "1". If not then that setting isn't taking for some
> reason. The last thing you could do is run a tcpdump on your interfaces
> and see if the request is getting passed but blocked or dropped for some
> reason. Also, "ipnat -s" might give some useful information. I don't
> know what most of the info means, but someone else might have an idea.
>
> Matt
>