port-mac68k: RoadRunner and NetBSD, was Re: IP-Nat

Subject: RoadRunner and NetBSD, was Re: IP-Nat
To: Armen Babikyan , patriot <patriot@primenet.com>
From: Brad Salai <bsalai@servtech.com>
List: port-mac68k
Date: 07/14/1998 11:04:18
I recently got road runner working on a Mac running MacOS.

Has anyone had any experience setting up a netbsd box to be the DHCP
client, and to do IP-NAT to a lan?

I know there is a Linux perl script that is said to handle RoadRunner
login, I know we have a DHCP client. so ti seems like all the pieces are
present.

If I can get this working, and I have to build another NetBSD box first,
I'd be glad to assemble all information I receive and/or develope and make
it available.

Brad

At 1:58 AM -0400 7/14/98, Armen Babikyan wrote:
>>I sure can.  I can try it again.  To get the gateway/firewall
>>functionality do I need fwtk??
>>If I do then that is the problem.  When it says to go into it and start
>>making configurations where you go into several files and then change
>>them the thing that you need to change is missing from all of the files.
>>I got the installer directly from the group that holds fwtk.  When would
>>I need the fwtk and how safe would it be to run NetBSD without it?
>
>IP-NAT and FWTK are two different things. I don't remember my experiences
>with trying to install FWTK, but they weren't very good (i.e.
>unsuccessful.)  Honestly, I don't know much about FWTK, so I have no
>business commenting on it.
>
>In terms of security measures, IP-NAT works fine. Basically as my HOWTO
>says, any computer on your internal network has a fake IP address, meaning
>computers on the real internet can't access it unless they are able to get
>onto your NetBSD gateway system and subsequently log in/use other computers
>on your network.  In short, I usually don't give accounts on my NetBSD
>system, and when I do, make sure the person is responsible enough not to go
>around doing annoying things.
>
>If you just want to get more than one computer on the internet through one
>phone line and with a regular dialup ppp account (which offers your only 1
>ip) I'd say your best bet is IP-NAT.
>
>Again, that web page address: http://radon.moof.ai.mit.edu/~armenb/ipnat.html
>
>On a side note, something I've noticed that is lacking in NetBSD's NAT
>capabilities is all the features in Linux's IP-MASQ. It works a lot like
>IP-NAT (based on it?) but has all kinds of cool functions like forwarding
>ports to machines inside your LAN and still maintaining source addresses.
>Anyone else know if  NetBSD is planning on implementing anything that
>resembles linux's ipfwadm?
>
>thanks,
>
>  - a


Stephen B. Salai                            Phone (716) 325-5553
Cumpston & Shaw                             Fax    (716) 262-3906
Two State Street                            email bsalai@tmonline.com
Rochester, NY 14614