port-i386: RE: NAT Trouble

Subject: RE: NAT Trouble
To: 'Scott Bartram' <scottb@orionsoft.com>
From: Calvin Vette (IT- Borders Online) <CVETTE@borders.com>
List: port-i386
Date: 10/22/1998 13:59:44
I had a similar problem with 1.3.1/1.3.2 with a cable modem and an internal
Ethernet network. I just upgraded to current, but haven't finished the
configuration yet. Is the patch you're talking about included in
current-981008?

> ----------
> From: 	Scott Bartram[SMTP:scottb@orionsoft.com]
> Sent: 	Thursday, October 22, 1998 1:24 PM
> To: 	James Snow
> Cc: 	port-i386@netbsd.org
> Subject: 	Re: NAT Trouble
> 
> 
> Is your setup such that outbound packets are sent via the PPP (serial
> port) link and inbound packets are received on the cable modem? If so, you
> need to patch the NAT code in the kernel. Let me know what version of
> NetBSD you're running and I'll send you a patch.
> 
> scott
> 
> On Thu, 22 Oct 1998, James Snow wrote:
> 
> > 
> > Thanks to everyone who helped me with my com port/modem problem. I've
> > subsequently set up PPP without a hitch, but following the directions
> for
> > NAT has got me stumped.
> > 
> > I've got ipfilter compiled into the kernel., and I have it enabled in
> > /etc/rc.conf. I have an empty /etc/ipf.conf, the following in
> > /etc/netstart.local:
> > 
> >    if [ -f /etc/ipnat.conf ]; then
> >                   echo 'starting IP network address translation
> (ipnat)...';
> >                   /usr/sbin/ipnat -f /etc/ipnat.conf
> >         fi
> > 
> > and the following in /etc/ipnat.conf:
> > 
> > map ppp0 10.0.0.0/24 -> 0/32 portmap tcp/udp 40000:60000
> > map ppp0 10.0.0.0/24 -> 0/32
> > 
> > I'm a little confused about those numbers following the portmap command.
> > Do they represent the range of ports that the machine will resend NATed
> > packets from or the range of ports that a packet to be NATed must be
> > coming from?
> > 
> > Back to the NAT problem though, with the above setup and one of the
> other
> > machines here set to use the NetBSD box as its gateway, nothing happens.
> > The output of ipnat -ls remains as follows:
> > 
> > mapped  in      0       out     0
> > added   0       expired 0
> > inuse   0
> > rules   2
> > List of active MAP/Redirect filters:
> > map ppp0 10.0.0.0/24  -> 0.0.0.0/32  portmap tcp/udp 40000:60000
> > map ppp0 10.0.0.0/24  -> 0.0.0.0/32 
> > 
> > List of active sessions:
> > 
> > I can verify with tcpdump that the client machine is indeed making
> > requests and they are making it to the gateway, but the NAT doesn't seem
> > to see tem at all.
> > 
> > Anyone have any ideas?
> > 
> > 
> > Thanks in advance,
> > James Snow
>