Hi,

Please note that this NAT setup makes a few assumptions. For one, it
assumes that your Internet connection offers dhcp leases. Another is that
it uses Sixgirls servers for ntp (network time) and for DNS. Use these if
you like, or change them if you have closer servers. Also assumed are the
hostname (quadra.databit7.com) and the domain name (sixgirls.org). Change
these to whatever you like.

Maybe soon I'll add PPPoE details. Note that this will work equally well
with NetBSD 1.5 and with NetBSD 1.6; PPPoE is only recommended for
NetBSD 1.6 because 1.6 comes with PPPoE support in-kernel, which is much
faster than userland PPPoE, and Quadras will not keep up with most PPPoE
DSL using userland PPPoE.

Here goes:

Here it is. The ethernet devices used below are typically from a Mac
Quadra, so adapt as necessary. Assume that ae0 (a Nubus card) is the
Internet connection and that sn0 (the motherboard ethernet) is the local
network connection.

First, we tell NetBSD to do certain things at startup in /etc/rc.conf:

rc_configured=YES
sshd=YES
ntpdate=YES             ntpdate_flags="-b -s reva.sixgirls.org"
ipfilter=YES
ipnat=YES
dhcpd=YES               dhcpd_flags="-q sn0 -cf /etc/dhcpd.conf"
dhclient=YES		dhclient_flags="ae0"

Then, we set up the config files for what we're running:

/etc/ifconfig.sn0:
192.168.1.1 netmask 0xffffff00

/etc/ipf.conf:
pass in from any to any
pass out from any to any

/etc/ipnat.conf:
map ae0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp
map ae0 192.168.1.0/24 -> 0/32 portmap tcp/udp 10000:65000
map ae0 192.168.1.0/24 -> 0/32

Then make sure forwarding is on:
echo "net.inet.ip.forwarding=1" >> /etc/sysctl.conf

Finally, set up dhcpd:
touch /var/db/dhcpd.leases

etc/dhcpd.conf:
ddns-update-style none;
subnet 192.168.1.0 netmask 255.255.255.0
{
        max-lease-time 43200;
        option domain-name-servers 216.27.131.50, 64.81.219.34;
        option domain-name "sixgirls.org";
        option broadcast-address 192.168.1.255;
        option subnet-mask 255.255.255.0;
        option routers 192.168.1.1;
        range 192.168.1.50 192.168.1.100;
        authoritative;
}

That's it! Reboot and everything should come up.

However, there are two other things which are optional. One is running
your own local DNS server (make the root servers do more work - they need
to be upgraded anyway!), and the other is resetting the hostname in spite
of dhclient:

Add this to /etc/rc.conf:
named=YES               named_flags="/etc/namedb/named.conf"

Change this line in /etc/dhcpd.conf from:
        option domain-name-servers 216.27.131.50, 64.81.219.34;
to:
        option domain-name-servers 192.168.1.1, 216.27.131.50, 64.81.219.34;

The last option is also related to whether you want local DNS, but you
might want to do it even if you don't want to run local DNS. dhclient
resets the hostname and /etc/resolv.conf, so you may want to change them
back in spite of dhclient. Here's how:

Create /etc/resolv.conf.good:
search sixgirls.org
nameserver 127.0.0.1

Then add this to root's crontab:
@hourly					hostname quadra.databit7.com ; cp
/etc/resolv.good /etc/resolv.conf ; ntpdate -svb reva.sixgirls.org

(Of course, do it as one long line)

ntpdate is necessary if this is an m68k Quadra, because the real time
clock interrupt is such a low priority that it gets skipped often, so the
time can be off by a minute or more per hour.

How's that? Absolutely everything you need to set up an IP NAT that does
DNS and dhcp for the local network!

John Klos
Sixgirls Computing Labs