Vojko Kercan wrote:
> Yes...you are right...rtk1 is getting a DHCP address. I've tried
> changing /etc/ipnat.conf, but it did not yield success.
>
> Here is the output of sysctl, so the forwarding is enabled:
> # sysctl net.inet.ip.forwarding
> net.inet.ip.forwarding = 1
>
> I can't read also the content of tcpdump...so here it is. This is an
> output when I try to ping Google at my client machine.
>
> ------------------------------------------------------------------------------------------
>
> # tcpdump -v
> tcpdump: listening on rtk0, link-type EN10MB (Ethernet), capture size 96 bytes
>
> 19:42:09.393727 IP (tos 0x0, ttl 128, id 115, offset 0, flags [none],
> length: 78) 10.0.0.2.netbios-ns > 10.0.0.255.netbios-ns: [udp sum ok]
> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
>
> 19:42:10.138950 IP (tos 0x0, ttl 128, id 116, offset 0, flags [none],
> length: 78) 10.0.0.2.netbios-ns > 10.0.0.255.netbios-ns: [udp sum ok]
> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
>
> 19:42:10.890086 IP (tos 0x0, ttl 128, id 117, offset 0, flags [none],
> length: 78) 10.0.0.2.netbios-ns > 10.0.0.255.netbios-ns: [udp sum ok]
> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
>
> ------------------------------------------------------------------------------------------
>
> # tcpdump -vv
>
> tcpdump: listening on rtk0, link-type EN10MB (Ethernet), capture size 96 bytes
> 19:45:48.564409 IP (tos 0x0, ttl 128, id 121, offset 0, flags [none],
> length: 78) 10.0.0.2.netbios-ns > 10.0.0.255.netbios-ns: [udp sum ok]
>   
>>>> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
>>>>         
> TrnID=0x803D
> OpCode=0
> NmFlags=0x11
> Rcode=0
> QueryCount=1
> AnswerCount=0
> AuthorityCount=0
> AddressRecCount=0
> QuestionRecords:
> Name=WWW.GOOGLE.COM  NameType=0x00 (Workstation)
> QuestionType=0x20
> QuestionClass=0x1
>
> 19:45:49.310134 IP (tos 0x0, ttl 128, id 122, offset 0, flags [none],
> length: 78) 10.0.0.2.netbios-ns > 10.0.0.255.netbios-ns: [udp sum ok]
>   
>>>> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
>>>>         
> TrnID=0x803D
> OpCode=0
> NmFlags=0x11
> Rcode=0
> QueryCount=1
> AnswerCount=0
> AuthorityCount=0
> AddressRecCount=0
> QuestionRecords:
> Name=WWW.GOOGLE.COM  NameType=0x00 (Workstation)
> QuestionType=0x20
> QuestionClass=0x1
>
> 19:45:50.061238 IP (tos 0x0, ttl 128, id 123, offset 0, flags [none],
> length: 78) 10.0.0.2.netbios-ns > 10.0.0.255.netbios-ns: [udp sum ok]
>   
>>>> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
>>>>         
> TrnID=0x803D
> OpCode=0
> NmFlags=0x11
> Rcode=0
> QueryCount=1
> AnswerCount=0
> AuthorityCount=0
> AddressRecCount=0
> QuestionRecords:
> Name=WWW.GOOGLE.COM  NameType=0x00 (Workstation)
> QuestionType=0x20
> QuestionClass=0x1
>
> ------------------------------------------------------------------------------------------
>
> Here is also ipnat -s output
>
> # ipnat -s
> mapped  in      0       out     0
> added   0       expired 0
> no memory       0       bad nat 0
> inuse   0
> rules   3
> wilds   0
>
> Hopefully this will help.
>
> Vojko
>
>
> On 09/02/06, matt <stirfrey@gmail.com> wrote:
>   
>> Vojko Kercan wrote:
>>     
>>> After reading the manuals, forums and mailing lists...I still haven't
>>> found what is wrong with my IPNAT configuration. Hopefully...somebody
>>> will know what I have missed.
>>>
>>> Objective: set up a gateway machine to share a single internet connection
>>> Gateway: NetBSD 3.0 i386
>>> Clients: Linux, Win
>>>
>>> (1) Gateway settings
>>>
>>> NIC 1 - rtk1 - connected to ISP via DHCP
>>> NIC 2 - rtk0 - connected to internal network via switch
>>>
>>> /etc/ifconfig.xxN
>>> rtk1: !dhclient $int
>>> rtk0: inet 10.0.0.1 netmask 0xffffff00
>>>
>>> ifconfig output
>>> rtk1: inet 213.143.79.9 netmask 0xffffff00 broadcast 213.143.79.255
>>> rtk0: inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
>>>
>>> /etc/ipf.conf
>>> pass in from any to any
>>> pass out from any to any
>>>
>>> /etc/ipnat.conf
>>> map rtk1 10.0.0.0/24 -> 213.143.79.9/32 proxy port ftp ftp/tcp
>>> map rtk1 10.0.0.0/24 -> 213.143.79.9/32 portmap tcp/udp 40000:60000
>>> map rtk1 10.0.0.0/24 -> 213.143.79.9/32
>>>
>>> /etc/sysctl.conf
>>> net.inet.ip.forwarding=1
>>>
>>> /etc/rc.conf
>>> ipfilter=YES
>>> ipnat=YES
>>>
>>> (2) Client settings
>>>
>>> IP: 10.0.0.2
>>> Gateway: 10.0.0.1
>>>
>>> Of course, gateway can access the internet, and ping gateway < - >
>>> client works OK, yet internet is still not available on client
>>> machine.
>>>
>>> What did I miss?
>>>
>>> Many thanx in advance, Vojko.
>>>
>>>
>>>       
>> The only thing that jumps out at me is that rtk1 appears to be getting a
>> dhcp address. Right? I've never specified it that way so if I'm wrong
>> let me know. Anyway, then I see that in your ipnat rules your specifying
>> the IP that has been assigned via dhcp. Try changing
>>
>> map rtk1 10.0.0.0/24 -> 213.143.79.9/32 proxy port ftp ftp/tcp
>> map rtk1 10.0.0.0/24 -> 213.143.79.9/32 portmap tcp/udp 40000:60000
>> map rtk1 10.0.0.0/24 -> 213.143.79.9/32
>>
>> To,
>>
>> map rtk1 10.0.0.0/24 -> 0/32 proxy port ftp ftp/tcp
>> map rtk1 10.0.0.0/24 -> 0/32 portmap tcp/udp 40000:60000
>> map rtk1 10.0.0.0/24 -> 0/32
>>
>> If nothing else your router will be able to have its IP change and not
>> need to be reconfigured.
>>
>> Also try typing in "sysctl net.inet.ip.forwarding", and make sure that
>> it comes back as "1". If not then that setting isn't taking for some
>> reason. The last thing you could do is run a tcpdump on your interfaces
>> and see if the request is getting passed but blocked or dropped for some
>> reason. Also, "ipnat -s" might give some useful information. I don't
>> know what most of the info means, but someone else might have an idea.
>>
>> Matt
>>
>>     
>
>   
Can I see a tcpdump  output from the rtk1 adapter. I believe "tcpdump -i 
rtk1" will do the trick. Check the man page though.

How is your network setup right now? Are you running 2 gateways at the 
same time? On the BSD box disconnect your internal adapter and see if 
you can still ping the outside world. I'm thinking your problem is some 
other configuration error. Wrong gateway on the BSD box or something 
along those lines.

Matt