Subject: Re: NAT, Alpha, no luck
To: William J. Coldwell <billc@warped.com>
From: Paul Goyette <paul@whooppee.com>
List: port-alpha
Date: 05/05/1998 04:13:45
Bill,
This may be a dumb question, but why are you rewriting the addresses to
have a 0/32 as their source address?
I'm running NAT just fine on my mac68k and i386 boxes, and in both cases
my rewrite rule looks like this:
ppp0 = external network 205.162.63.134/32
ep0 = internal network 209.182.147.65/29, alias 172.16.1.1/16
/etc/ipnat.conf
map ppp0 172.16.249.206/32 -> 209.182.147.67/32
172.16.249.206 is a laptop from work that I'd rather not screw up by
changing its address all the time, so NAT translates its address to one
that is allocated to me by my ISP from the /29 block.
On Tue, 5 May 1998, William J. Coldwell wrote:
> I am stumped at trying to have an Alpha do NAT. The weird thing is that I
> can get it to get pings across from the internal network to the outside,
> but nothing else (traceroute doesn't even work).
>
> So, I offer unto thee, the following:
>
> NetBSD-1.3.1 GENERIC on a Digital Multia 166MHz (oh the pain!)
> de0 is the external network (208.163.50.xxx)
> de1 is the internal network (192.168.1.1)
>
> IPFILTER=ON (had to touch /etc/ipf.conf to make it happy)
> sysctl -w net.inet.ip.forwarding=1
> ipnat -f /etc/nat.rules
>
> nat.rules:
> map de0 192.168.1.0/24 -> 0/32 portmap tcp/udp 1024:65535
> map de0 192.168.1.0/24 -> 0/32
>
> I can ping anywhere from the internal machines. Everything fails,
> including resolving to the nameservers outside of the internal network.
>
> ipnat -l shows the 'right things' with mappings, and with things like me
> trying to resolv something.. I see port 53 from the nameserver, to the
> internal machine.. but it doesn't appear _at_ the internal machine (like
> it's not getting transmitted across de1).
>
> Is ipf/nat 64bit clean? Am I missing something obvious? Something
> non-obvious that the wonderful complete and cleverly-written documentation
> did not point out?
>
> Cheers,
> --billc
>
>
>
-----------------------------------------------------------------------------
| Paul Goyette | Public Key fingerprint: | E-mail addresses: |
| Network Engineer | 0E 40 D2 FC 2A 13 74 A0 | paul@whooppee.com |
| and kernel hacker | E4 69 D5 BE 65 E4 56 C6 | paul.goyette@ascend.com |
-----------------------------------------------------------------------------