port-mac68k: RE: ip-masq? nah, use IP NAT

Subject: RE: ip-masq? nah, use IP NAT
To: None <port-mac68k@netbsd.org>
From: John Pertalion <pertalion@boone.net>
List: port-mac68k
Date: 06/26/2000 22:39:53
Hello,

I just set up ppp and ipnat on my Q650 running 1.3.3  My ipnat is pretty
much the same as what Chris has outlined here.  I set up ppp using this web
page, http://www2.giganet.net/~mark/NetBSD/ppp.html  My only gotcha was not
having defaultroute setup correctly in rc.conf, I had to change it to blank.
Make sure the settings for ipfilter and ipnat exist and are set to YES while
you're in there.  The ipfilter rules could probably be better, but I haven't
started learning about that yet.

I got the ppp connection going first and used Lynx for a day. Then I got
ipnat going.  All the windows machines on our home network now access the
internet through the old Quadra which is also running Samba.  When you get
it running, you'll wonder why you didn't do it sooner.

John Pertalion
Boone, NC USA

-----Original Message-----
From: port-mac68k-owner@netbsd.org
[mailto:port-mac68k-owner@netbsd.org]On Behalf Of Chris Tucker
Sent: Monday, June 26, 2000 4:00 PM
To: Samad
Cc: port-mac68k@netbsd.org
Subject: Re: ip-masq? nah, use IP NAT


NAT: Network Address Translation.
Supposedly, it's better than ipmasq.

Here's how I did it:
in the /etc directory, make a file called ipf.conf
put this inside it:
pass in from any to any
pass out from any to any

in ipf.rules, put
pass in from any to any
pass out from any to any

in ipnat.rules put
map ppp0 192.168.2.0/24 -> 0/32 portmap tcp/udp 10000:20000
map ppp0 192.168.2.0/24 -> 0/32

(^^^ well that's how *I* did it anyway..where my little ethernet lan uses
the class C address of 196.168.2.x. I used 192.168.2.1 for my NAT box.)

then in your /etc/rc.local file put

# add your local daemons here, following the startup models in /etc/rc
echo -n 'starting ipnat:'
ipnat -CF -f /etc/ipnat.rules

And I think that should do it. I just hobbled this stuff together, and it
works but I have no idea how secure or insecure it is. You'll also have to
figure out how to get PPP to work, which was an arduous and painful
experience for me *grin*. There are PPP "kits" out there which may be of
assistance.

-Chris



On Mon, 26 Jun 2000, Samad wrote:

> Hey everyone,
> I have three computers - two of them are G3s running MacOS. The other
> computer is a Mac IIvx running NetBSD. All computers are networked via
> Ethernet to a hub. I have a PPP connection from a 33.6K modem. I would
like
> to setup PPP on the NetBSD box. Then I would like to be able to share that
> internet connection to the other computers. I know it sounds stupid to
share
> a ~3K connection, but it is greatly needed, especially on a IIvx. I heard
> this can be done with ip-masq. Does anyone know of any tutorials on how to
> setup ip-masq (not only on the server, but also for the clients)? If
ip-masq
> shouldn't be used in this situation, what should? Thanks.
> Samad
>
>