netbsd-help: Re: NetBSD Gateway with dynamic IP

Subject: Re: NetBSD Gateway with dynamic IP
To: None <netbsd-help@NetBSD.org>
From: David Lord <david@lordynet.org>
List: netbsd-help
Date: 02/09/2007 00:59:21

On 8 Feb 2007, at 14:49, Paul Newhouse wrote:

> Manuel Bouyer <bouyer@antioche.eu.org> wrote:
> 
> >  On Thu, Feb 08, 2007 at 11:25:00AM -0300, daniel veiga wrote:
> >  > Hello,
> 
> >  > 
> >  > My ipnat.conf is
> >  > map ex0 192.168.1.0/24 -> 0/32 portmap tcp/udp
> >  > 40000:60000
> >  > map ex0 192.168.1.0/24 -> 0/32
> >  > i tried to put vr0 and does not work to.
> 
> I can barely get my ipnat running so I probably have this all wrong but,
> my ipnat.conf looks more like:
> 
>   map vr0 192.168.1.3/32 -> 0.0.0.0/32 proxy  port ftp ftp/tcp
>   map vr0 192.168.1.3/32 -> 0.0.0.0/32 portmap tcp/udp 40000:60000
>   map vr0 192.168.1.3/32 -> 0.0.0.0/32
> 
> Presuming ipnat is running on the 192.168.1.1 machine and vr0 IS the
> external interface.
> 
> It seems to work on 3.0.1 (and previously on 1.5A).

For dialout I have similar to:
map ppp0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp
map ppp0 192.168.1.0/24 -> 0/32 portmap tcp/udp 40000:60000
map ppp0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp

and adsl with fixed ips:
map le0 192.168.1.0/24 -> 81.187.61.68/32 proxy port ftp ftp/tcp
map le0 192.168.1.0/24 -> 81.187.61.68/32 portmap tcp/udp 40000:60000
map le0 192.168.1.0/24 -> 81.187.61.68/32 proxy port ftp ftp/tcp

You need at least a minimal ipf.conf and start that before ipnat.

NetBSD 3.1.0 but rulesets have been almost same since 1.5, only 
ipfilter commands now slightly different.

David