port-mac68k: Re: IPNAT question

Subject: Re: IPNAT question
To: None <mjreilly@flashcom.net>
From: Christopher Brown <chrsbrwn@mindspring.com>
List: port-mac68k
Date: 05/29/1999 19:52:08
Matthew Reilly wrote:
> map sn0 192.168.0.0/24 -> 0.0.0.0/32 portmap tcp/udp 10000:40000
> 
> I obviously entered my DSL IP address instead of 0.0.0.0. I can ping the
> Quadra from the PowerMac but not telnet. I want to get rid of the
> monitor and run the Quara headless so I'll need to telnet.  I'm sure
> this must be an IPNAT config prob but I don't know where to start.
> Anyone care to give me a shove it the right direction? I'd be eternally greatful.
> 

Well, first the stupid question: you didn't put anything in
/etc/hosts.deny that would deny access to anything, right? I did this to
myself; took me a while to figure out what was happening, but now I know
to check that first. My hosts.deny / hosts.allow configuration is pretty
strict; I deny everything, and then only explicitly allow connections
from IP numbers I know. Good thing, too...at least once a week I see in
my logs that somebody is probing various ports to see if I left anything
open :)   

My second guess is maybe that you need to redirect incoming connections
from 192.168.0.0/24 on the telnet port to localhost. I'm not sure of the
exact syntax -- check the local documentation, and the ipfilter web
site: <http://coombs.anu.edu.au/ipfilter/>. The only problem with this
is that if you wanted to telnet to an outside machine, you would have to
telnet to your gateway first, and then to the outside machine from the gateway.

Just had another thought...call it the third guess...have you tried
telnetting to your _outside_ ip address, rather than the internal one?
It works either way for me (ie telnet to internal, or telnet to external
address to access gateway), but my configuration is a little different
than yours: I have two ethernet cards. 

Speaking of two cards: I have seen prices of around $30 for used nubus
ethernet adapters. www.macresq.com sometimes has them, and I have seen
them at other used dealers too. Anything with the Sonic chipset (and
maybe others) should work. The advantage of having a second ethernet
card is that you can set up a true firewall; all packets must go
throught the firewall machine, so you can control in exquisite detail
how they get routed. 

-- 
Chris Brown -- Macintosh networking/Web development
<chrsbrwn@mindspring.com> <http://www.mindspring.com/~chrsbrwn>