, "port-mac68k <port-mac68k@netbsd.org>
From: Bob Nestor <rnestor@augustmail.com>
List: port-mac68k
Date: 02/16/2001 20:52:35
Tim McNamara wrote:
>At 5:43 PM -0600 2/16/2001, Bob Nestor wrote:
>>Tim McNamara wrote:
>>
>>>Well, I'm feeling slow on the uptake getting NAT set up. It still
>>>doesn't work. My NetBSD box can connect to to the Internet via my
>>>DSL router/hub without any problem.
>>>
>>>Here's my configuration thus far (I *think* this is all of it):
>>>
>>>/etc/rc.conf
>>>defaultroute="206.11.250.254" (ISP's gateway)
>>
>>If you are still connecting your NetBSD system to your DSL router/hub
>>rather than directly to your incoming DSL line then your default gateway
>>is the router/hub. As I recall that address in your configuration is
>>192.168.1.1
>
>The router- a Flowpoint 2200- is stuck in bridge mode as configured
>by the ISP and is transparent , so as far as I know it has no
>identifiable IP address. It has a built-in 4 port Ethernet hub and a
>line out for the line loop to the DSLAM. There is also a "serial"
>port using an RJ45 e-net lack for accessing the router, which would
>be my only possibility for configuring the router directly.
>
OK, my mistake. For some reason I thought you were using a LinkSys. I
don't know anything about the Flowpoint, so I'm probably wrong. But, if
you only have one IP address and your Flowpoint isn't like a LinkSys then
one of your systems needs to be running something like NAT and all others
connected to it. If that's what you're trying to do then you either need
two ethernet interfaces on the NetBSD box or you need to configure it
such that it acts like it's got two interfaces. Something like:
Internet <---> NetBSD <-----> system_1
|--> system_2
|--> system_3
The NetBSD box has two IP address, one internal and one external. It has
to be configured such that IP traffic from your other systems gets NAT'd
to the external IP address. The trick is to only NAT the IP traffic that
needs to get to the Internet and _not_ NAT the traffic that is going
between your in-house systems. To do this you define your interior
network such that the systems are all in one sub-net, except for the
NetBSD system. On my system I did this by assigning an IP addres of
192.168.1.16 to my NetBSD system and addresses 192.168.1.1 - 192.168.1.14
to my other systems. The netmask for my sub-net is 255.255.255.248, so I
can NAT the Ip traffic for everything excpet the NetBSD system itself.
It doesn't need to have it's IP traffic NAT'd because it has a direct
connect to the Internet.
Taking system_2 for example, it's IP address will be 192.168.1.1, netmask
of 255.255.255.248 and gateway of 192.168.1.16. Any IP traffic from it
that isn't for the 192.168.1 sub-net will be directed to 192.168.1.16,
the NetBSD system. My ipnat.conf rule contains:
map sn0 192.168.1.1/28 -> 0.0.0.0/32 proxy port 21 ftp/tcp
map sn0 192.168.1.1/28 -> 0.0.0.0/32 portmap tcp/udp 1025:65535
map sn0 192.168.1.1/28 -> 0.0.0.0/32
>All of my LAN addresses are 192.168.208.x using .1 for the iMac, .2
>for the NetBSD box and .3 for my PowerBook 145B when I get that
>working again. I don't have any idea what if any internal IP address
>the router would have or if I need to specify it since it's
>functioning as a bridge rather than as a real router.
>
This will work if you don't need the iMac or PowerBook to have access to
the Internet. They should be able to talk to your in-house systems
though.
>The DSL line comes into the house and into the DSL port on the
>router. The NetBSD box and the Mac OS box are both connected to one
>of the four ports in the built-in Ethernet hub on the router, since I
>only have one Ethernet port on either machine. Under Mac OS, Open
>Transport is manually configured to have an IP address of
>206.11.250.116, using netmask 255.255.255.0 and a gateway of
>206.11.250.254 which is the ISP's router connected to the DSLAM. So
>I need to have the NetBSD box be the exposed host on the Internet
>using my static IP address, plus be the gateway to get packets off of
>and into the LAN. Since I have one Ethernet port (at least
>currently, I could buy one if it would make this much easier) that
>means that sn0 has to do double duty with two IP addresses- one real
>one for the outside world and one internal one for the LAN.
>
>> >/etc/ifconfig.sn0
>>>inet sugaree netmask 255.255.255.0
>>>
>>I don't think this is correct. It should be:
>>
>> 192.168.1.3 netmask 255.255.255.0
>
>I think that when I put that in (using 192.168.208.2 being the
>address I was planning on for the NetBSD box within the LAN), the
>system could not access the Internet or have any connectivity within
>the LAN. Getting this right could be the heart of the problem,
>though. The configuration I am currently using in /etc/ifconfig.sn0
>is in accordance with the diagrams on Henry Hotz's site.
>
>OK, so the external IP address (206.11.250.116, static IP assigned by
>my ISP) is specified in /etc/hosts. Does it NOT need to be specified
>in /etc/ifconfig.sn0? /etc/ifconfig.sn0 should be used to specify
>the LAN-side IP address and not the external address?
>
The sn0 interface in your case needs to be configured with the IP address
supplied by your ISP and with an alias for your in-house network. In my
system my single interface looks like:
sparky% ifconfig -a -A
sn0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu
1500
address: 08:00:20:1a:39:bb
media: Ethernet 10baseT
status: active
inet 216.87.137.76 netmask 0xfffffff8 broadcast 216.87.137.79
atalk 65280.248 range 1-65534 phase 2 broadcast 65280.248
inet alias 192.168.1.16 netmask 0xffffff00 broadcast 192.168.1.255
>> >/etc/ifaliases (this was mentioned in the NetBSD FAQs on networking)
>>>192.168.208.2 sn0 255.255.255.0
>>>
>>You only need this if you want to replace your DSL router/hub with the
>>NetBSD box or if you want to configure your intranet (your side of the
>>router/hub) such that your NetBSD box is supporting things like DNS,
>>Netatalk, Samba, etc.
>
>Ah, that's why no one mentioned it. When I put it in, the LAN-side
>interface did appear in netstat -i whereas it hasn't with any other
>configuration thus far. Didn't make any difference that I could see
>in terms of functioning.
>
It depends on what you want to do. If you want all three of your systems
to access the Internet then I think you're missing some subtle details in
your NetBSD setup. Your in-house sub-net doesn't have a way of moving
your IP traffic from the 192.168.208.2 "interface" to the ISP assigned IP
address interface. They're both the same interface and the NetBSD system
doesn't know how to forward the packets.
>>I'd sugget you start with trying to get just the NetBSD system working
>>with minimal network setup/changes first. Then add things to that one
>>step at a time. I've got a feeling you have two or three configurations
>>in mind and you're trying to pick and choose options for each to merge
>>into your setup.
>
>I am trying to get the *simplest* setup that will allow both my iMac
>and my NetBSD box to access the Internet via my xDSL router. For
>that reason I've avoided using dhcp, named etc. The current setup
>does allow the NetBSD machine to access the Internet but does not yet
>do any actual NAT, and the iMac and NetBSD box can't talk to each
>other. However, at this point I am just baffled and clearly lack
>enough knowledge to make this work. I can certainly continue to use
>poor man's networking and just plug in whichever computer I want to
>use at a given time!
Well, what you're trying to do isn't really straight-forward. I spend a
few weeks playing with it until I came up with a configuration that works
on a single ethernet interface. If you're trying to do the same thing
I'd suggest you just copy the configuration files from my site and change
insert your ISP assigned address where appropiate. You should be able to
use 192.168.208 in place of 192.168.1, but I think you'll need to setup a
sub-net similar to what I did to get things working as you'd like.
-bob