port-mac68k: Re: IP/NAT questions

Subject: Re: IP/NAT questions
To: None <port-mac68k@netbsd.org>
From: Tim McNamara <timmcn@mr.net>
List: port-mac68k
Date: 02/16/2001 11:41:57
Well, I'm feeling slow on the uptake getting NAT set up.  It still 
doesn't work.  My NetBSD box can connect to to the Internet via my 
DSL router/hub without any problem.

Here's my configuration thus far (I *think* this is all of it):

/etc/rc.conf
defaultroute="206.11.250.254"  (ISP's gateway)
ipfilter=YES
ipnat=YES
ipmon=NO
auto_ifconfig=YES
net_interfaces=""
flushroutes=YES
dhclient=NO
named=NO
dhcpd=NO

/etc/ifconfig.sn0
inet sugaree netmask 255.255.255.0

/etc/ifaliases  (this was mentioned in the NetBSD FAQs on networking)
192.168.208.2 sn0 255.255.255.0

/etc/ipf.conf
pass in from any to any
pass out from any to any

/etc/ipnat.conf
map sn0 192.168.208.0/24 -> 206.11.250.116/32 portmap tcp/udp 10000:40000
rdr sn0 206.11.250.116/32 port 80 -> 192.168.208.1 port 80

/etc/netstart.local
if [ -f /etc/ipnat.conf ]; then
                echo 'starting IP network address translation (ipnat)...';
                /usr/sbin/ipnat -f /etc/ipnat.conf
fi

/etc/rc.local contains
sysctl -w net.inet.ip.forwarding=1

/etc/hosts
127.0.0.1 localhost onvoy.com
#This machine
206.11.250.116 sugaree sugaree.onvoy.com  (this is a static IP address)
#Some local machines
192.168.208.1 tims-imac tims-imac.onvoy.com
192.168.208.3 pb145b pb145b.pnvoy.com

(I note that in Bob Nestor's setup files the other local machines are 
commented out.  Should this be the case here?  Should the LAN IP 
address of the NetBSD box be included under "some local machines?").

The results of all this are as follows:  as mentioned, I can access 
the Internet via the DSL router/hub with the NetBSD box.  None of the 
other computers (well, tims-imac since pb145b isn't connected to the 
network yet) can access the Internet.  I cannot ping the NetBSD 
machine from the other computer or vice versa.  On the iMac, I have 
the IP address configured to be 192.168.208.1 and the gateway 
configured as 192.168.208.2 (the internal IP address of the NetBSD 
machine); I have left the nameservers and domain blank since I don't 
have named running.

Doing netstat -i results in the following:
Name    MTU    Network       Address                   Ipkts   Terrs 
Opkts  Oerrs   Colls
sn0       1500     <link>          08:00:07:54:ca:34    40118       0 
21318        0         0
sn0       1500     206.11.250    sugaree                    40118 
0     21318        0         0
sn0       1500     192.168.208  192.168.208.2          40118       0 
21318        0         0
lo0        32976   <link> 
1103       0       1103        0         0
lo0        32976   loopback       localhost                    1103 
0       1103        0         0
ppp0*  1500     <link> 
0       0             0        0         0
ppp1*  1500     <link> 
0       0             0        0         0
sl0*      1500     <link> 
0       0             0        0         0
sl1*      1500     <link> 
0       0             0        0         0
tun0*   1500     <link> 
0       0             0        0         0
tun1*   1500     <link> 
0       0             0        0         0
eon0     1500     <link> 
0       0             0        0         0

ifconfig sn0 returns:
sn0:  flags=8863<UP, BROADCAST, NOTRAILERS, RUNNING, SIMPLEX, 
MULTICAST> mtu 1500
inet 206.11.250.116 netmask 0xffffff00 broadcast 206.11.250.255

That's what I know (and I won't pretend to understand most of it). 
Any advice or recommendations are profoundly appreciated!

Tim