Subject: Re: Building a gateway
To: NetBSD port i386 <port-i386@netbsd.org>
From: Eric Delcamp <e.delcamp@wanadoo.fr>
List: port-i386
Date: 03/17/1999 02:47:25
Hi !
After some try, no way. But here is my configuration:
root.margo:/etc> ifconfig -a
ep0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:60:08:e7:b7:47
media: Ethernet 10base2
inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
ep1: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:60:97:a9:1c:7e
media: Ethernet 10baseT
inet 164.138.123.227 netmask 0xfffffc00 broadcast 164.138.123.255
lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 32976
inet 127.0.0.1 netmask 0xff000000
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
root.margo:/etc> route show
Routing tables
Internet:
Destination Gateway Flags
default 164.138.120.1 UG
localhost 127.0.0.1 UH
164.138.120.0 link#2 U
ca-bdx-0-1.abo.w 0:e0:52:1:df:9b UH
ca-bdx-3-227.abo 127.0.0.1 UGH
192.168.0.0 link#1 U
cactus 0:60:8:7a:b2:39 UH
root.margo:/etc> netstat -nr
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu
Interface
default 164.138.120.1 UGS 2 12 - ep1
127.0.0.1 127.0.0.1 UH 2 80 - lo0
164.138.120/22 link#2 UC 0 0 - ep1
164.138.120.1 00:e0:52:01:df:9b UHL 1 0 - ep1
164.138.123.227 127.0.0.1 UGHS 0 0 - lo0
192.168 link#1 UC 0 0 - ep0
192.168.0.3 00:60:08:7a:b2:39 UHL 1 67 - ep0
root.margo:/etc> ipnat -l
List of active MAP/Redirect filters:
map ep1 192.168.0.0/24 -> 164.138.123.227/32 proxy port ftp ftp/tcp
map ep1 192.168.0.0/24 -> 164.138.123.227/32 portmap tcp/udp 10000:40000
map ep1 192.168.0.0/24 -> 164.138.123.227/32
List of active sessions:
root.margo:/etc> ipfstat
input packets: blocked 0 passed 0 nomatch 0 counted 0
output packets: blocked 0 passed 0 nomatch 0 counted 0
input packets logged: blocked 0 passed 0
output packets logged: blocked 0 passed 0
packets logged: input 0 output 0
log failures: input 0 output 0
fragment state(in): kept 0 lost 0
fragment state(out): kept 0 lost 0
packet state(in): kept 0 lost 0
packet state(out): kept 0 lost 0
ICMP replies: 0 TCP RSTs sent: 0
Result cache hits(in): 0 (out): 0
IN Pullups succeeded: 0 failed: 0
OUT Pullups succeeded: 0 failed: 0
Fastroute successes: 0 failures: 0
TCP cksum fails(in): 0 (out): 0
Packet log flags set: (0)
none
root.margo:/etc> ps ax
PID TT STAT TIME COMMAND
0 ?? DLs 0:00.01 (swapper)
1 ?? Is 0:00.08 init
2 ?? DL 0:00.01 (pagedaemon)
3 ?? DL 0:00.09 (reaper)
86 ?? Ss 0:00.26 syslogd
88 ?? Is 0:00.11 portmap -l
95 ?? Is 0:00.02 mount_mfs -o async -s 4000 /dev/wd0b /tmp
119 ?? Ss 0:00.05 update 30
121 ?? Ss 0:00.07 cron
124 ?? Is 0:00.11 inetd -l
129 ?? Is 0:00.01 supfilesrv
147 ?? S 0:00.57 telnetd
278 ?? Is 0:00.01 dhclient ep1
280 ?? Is 0:00.12 named
148 p0 Ss 0:00.68 -tcsh
285 p0 R+ 0:00.04 ps -ax
135 E0- RN 4:54.85 ./rc5des -hide
143 E0 Is+ 0:00.07 /usr/libexec/getty Pc ttyE0
144 E1 Is+ 0:00.06 /usr/libexec/getty Pc ttyE1
145 E2 Is+ 0:00.06 /usr/libexec/getty Pc ttyE2
146 E3 Is+ 0:00.06 /usr/libexec/getty Pc ttyE3
So, my default route is OK, my IPNAT rules OK, I have made some tests with
(ping, ftp, http) and ipfstat show NOTHING ! I could post rules, but I have
made a test with an empty ipf.conf file and a fake file, and nothing (if ipf
block something, it should show it in stats, OK ?).
Content of the fake ipf file:
pass in from any to any
pass out from any to any
I don't understand what happend. I read and re-read FAQ, IPNAT doc. Nothing.
Help !
---
Eric Delcamp......................NetBSD i386 & Amiga, BeOS, Windows NT
Merignac..........................Distributed.net : < 6800th (09/03/99)
France............................Magic the Gathering player