port-mac68k: Re: Cable modem woes...FIXED!...on to ipnat....

Subject: Re: Cable modem woes...FIXED!...on to ipnat....
To: Greg Evans <raisplin@rcn.com>
From: Frederick Bruckman <fb@enteract.com>
List: port-mac68k
Date: 03/01/1999 20:57:00

On Mon, 1 Mar 1999, Greg Evans wrote:

> on 3/1/99 6:59 PM, Dr. Bill Studenmund was rumored to have said...
> 
> >On Mon, 1 Mar 1999, Greg Evans wrote:
> >
> >> Well...had to give it a shot anyway since the mac can't seem to reach the 
> >> router as is...
> >
> >You do have all the right bits compiled in your kernel, don't you (I'm not
> >sure what exactly those bits are right now, I've never gotten ipnat to
> >work for me..)?
> 
> I have no clue, I just reinstalled averyhting and am usingthe GenericSBC 
> kernelthat came with 1.3.3 ;)

You need options GATEWAY and PFIL_HOOKS. 
`sysctl net.inet.ip.forwarding' should say "... = 1". Also try
`/usr/sbin/sysctl -w net.inet.tcp.rfc1323=0', and 
`/sbin/route add 192.168.1.1 localhost -iface'. You would normally put
those two commands in etc/netstart.local. 

Run `ipfstat' to make sure the filter came up; you should expect to
see many packets "passed", and none "blocked." Additionally, you
should have a line in /var/log/messages similar to the following:

Mar  1 13:12:36 corwin /netbsd: IP Filter: initialized.  Default =
pass all, Logging = disabled

If it didn't come up, you would probably get a "device not
configured," and perhaps an error in /var/log/messages. This may be
fixed in 1.3.3, but in 1.3.2(?), you had to `touch /etc/ipf.conf' so
the ipfilter would intialize. You also needed to explicitly enable
ipfilter in rc.conf. In -current, you don't need to do this; it's all
implied by ipnat=YES. Next, `ipnat -l' should echo the rules you
entered in ipnat.conf, something like

List of active MAP/Redirect filters:
map ppp0 192.168.1.0/24 -> 216.164.32.41 portmap tcp/udp 40000:60000
map ppp0 192.168.1.0/24 -> 216.164.32.41 portmap tcp/udp

The "List of active sessions:" should be empty until you start sending
packets to the outside from 192.168.1.1. This is what I see as soon
as a start to open a telnet session from my other box:

List of active sessions:
MAP 192.168.101.2   2051  <- -> 207.229.133.236 40001 [207.229.143.6 23]
MAP 192.168.101.2   32768 <- -> 207.229.133.236 40000 [207.229.143.2 53]

I hope that helps.