port-amiga: Re: IP translator

Subject: Re: IP translator
To: David Brownlee <abs@anim.dreamworks.com>
From: Net BSD Support <bsd@blkhole.resun.com>
List: port-amiga
Date: 08/03/1997 04:52:20
On Fri, 18 Jul 1997, David Brownlee wrote:

After much work, I believe that I've managed to get a working version of
-current installed.  

uname -a shows:
NetBSD blkhole.resun.com 1.2G NetBSD 1.2G (blkhole) #1: Wed Jul 30
21:09:36 PDT 1997
bin@blkhole.resun.com:/usr/src/sys/arch/amiga/compile/blkhole amiga

I did this by taking the binary snapshot of 1.2D, pulling current,
configuring a new kernel, and recompiling the various pieces of
software.  The system even seems to be reasonably functional.  :-)

After working through various problems, I believe I got a successfully
compiled version of ipf.  The problems that I encountered seemed to be
mostly that make apparently wasn't searching the .PATH variable. (?)
I mucked around with the make files to get them to point to the
correct files for now.

I also found that the base release only defined /dev/ipf.  /dev/ipnat
was missing, so I 'mknod /dev/ipnat c 49 1' to get the device to be
present.  I haven't a clue as to whether this was the correct thing to
do or not.

My network configuration is 'ifconfig -a':

le0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	address: 00:80:10:00:16:d7
	media: manual status: active
	inet 192.156.206.1 netmask 0xffffff00 broadcast 192.156.206.255
lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 32768
	inet 127.0.0.1 netmask 0xff000000 
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
sl2: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
	inet 204.245.6.188 --> 204.245.6.2 netmask 0xffffff00 
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
ppp2: flags=8010<POINTOPOINT,MULTICAST> mtu 1500

Note: I am the registered owner of 192.156.206.00.

I proceeded as follows:

> 	Assuming you can get a static address allocated by your ISP:

Done.  IP = 204.245.6.188.

> 	a) Have a gateway host (eg: machine with local ethernet and either
> 	   a modem or an outgoing ethernet connection)

Done per previous configuration.

> 	b) Setup that machien to talk to the outside world, either using
> 	   ppp on a modem, or a 'standard' ethernet setup.
> 	   (There are other FAQs describing how to do this :)

Done.  PPP link is up an functional.

> 	c) Number your internal machines on a reserved network
> 	       (eg 10.x.x.x
> 		    ethernet address of gateway 10.0.0.1
> 		    ethernet address of 1st local host 10.0.0.2
> 		    etc)

Done.  Not a reserved network, but used my registered IP.

> 	d) Ensure /etc/mygate on all other machines contains the
> 	   internal network address of the gateway (10.0.0.1)

Other machines are Macintoshes running MacTCP.  The gateway on them is
set to 192.156.206.1.

> 	e) On the gateway:
> 	   Create an /etc/ipnat.conf file:
> 	   map EXT 10.0.0.0/8 -> X.X.X.X/32 portmap tcp/udp 10000:20000
> 		(Where EXT is your external (to the world) network interface,
> 		 'ppp0' for a modem over ppp, otherwise sn0, or le0 etc)
> 	        (X.X.X.X is the address of your EXT interface,)
> 	   Run 'ipnat -f /etc/ipnat.conf'.

Done.  ipnat -l shows:

List of active MAP/Redirect filters:
map ppp0 192.156.206.0/24  -> 204.245.6.188/32  portmap tcp/udp 10000:20000

List of active sessions:

>            Run 'sysctl -w net.inet.ip.forwarding=1' (enable routing)

Did not run.  'sysctl net.inet.ip.forwarding' shows:

net.inet.ip.forwarding = 1

> 	Now try to telnet out or web browse from another local machine.

Now the fun begins.  telnetting out gets me nowhere.  After attempting
the telnet, ipnat -s shows:

mapped	in	0	out	0
added	0	expired	0
inuse	0
rules	1

I then tried:

iptest -d ppp0 -s 192.156.206.3 -g 192.156.206.1 -4 primenet.com which
gave:

Device:  ppp0
Source:  192.156.206.3
Dest:    206.165.6.209
Gateway: 192.156.206.1
mtu:     1500
4.1 UDP uh_ulen > packet size - short packets
arp: Undefined error: 0
24
arp: Undefined error: 0
23
arp: Undefined error: 0
22
arp: Undefined error: 0
21
arp: Undefined error: 0
20
arp: Undefined error: 0
19
arp: Undefined error: 0
18
arp: Undefined error: 0
17
arp: Undefined error: 0
16
arp: Undefined error: 0
15
arp: Undefined error: 0
14
arp: Undefined error: 0
13
4.2 UDP uh_ulen < packet size - short packets
arp: Undefined error: 0
24
arp: Undefined error: 0
23
arp: Undefined error: 0
22
arp: Undefined error: 0
21
arp: Undefined error: 0
20
arp: Undefined error: 0
19
arp: Undefined error: 0
18
arp: Undefined error: 0
17
arp: Undefined error: 0
16
arp: Undefined error: 0
15
arp: Undefined error: 0
14
arp: Undefined error: 0
13
4.3.1 UDP sport = 0
arp: Undefined error: 0
0
4.3.2 UDP sport = 1
arp: Undefined error: 0
1
4.3.3 UDP sport = 32767
arp: Undefined error: 0
32767
4.3.4 UDP sport = 32768
arp: Undefined error: 0
32768

4.3.5 UDP sport = 65535
arp: Undefined error: 0
65535
4.4.1 UDP dport = 0
arp: Undefined error: 0
0
4.4.2 UDP dport = 1
arp: Undefined error: 0
1
4.4.3 UDP dport = 32767
arp: Undefined error: 0
32767
4.4.4 UDP dport = 32768
arp: Undefined error: 0
32768
4.4.5 UDP dport = 65535
arp: Undefined error: 0
65535
4.5 UDP 20 <= MTU <= 32

I suspect (and hope) that this is simply a configuration error of some
sort.  I'd greatly appreciate any hints that anybody could provide
that would help me get further.

Thanks in advance,
-- 
  Don Phillips         bsd@blkhole.resun.com
  Research Unlimited
  Escondido, Calif.    My opinions are just that, and no more.