Subject: Re: ipnat/ipf problem
To: Jordan Hayashi <periwinkles0@gmail.com>
From: Malte Dehling <mdehling@math.ruhr-uni-bochum.de>
List: port-sparc
Date: 03/21/2005 17:48:03
--BOKacYhQ+x31HxR3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Mar 20, 2005 at 04:12:24AM -0500, Jesse Sayre wrote:
> /etc/sysctl.conf
> ---
> net.inet.ip.forwarding=3D1
> ---
>=20
> Do you have that set? Just set up a SS5 myself as a simple nat router and
> spent hours banging my head on the keyboard to find that as my problem, h=
ope
> your not going through the same trouble I did.
>=20
> ----- Original Message -----=20
> From: "Jordan Hayashi" <periwinkles0@gmail.com>
> To: <port-sparc@NetBSD.org>
> Sent: Sunday, March 20, 2005 2:09 AM
> Subject: ipnat/ipf problem
>=20
>=20
> > I am having some trouble getting ipnat/ipf to work correctly. The
> > machine doing NAT is a SS20. There are two interfaces in use: onboard
> > (le0, 172.16.0.1), and quad ethernet sbus (hme0, 10.2.0.228). Both
> > interfaces are connection to the same network, if that matters (I
> > wanted to do some testing).
> >
> > I am attempting to use le0 as the internal interface, and hme0 as the
> external.
> >
> > I have tried this with a blank ipf.conf file, and also some very basic
> > configurations. Below is ipnat.conf:
> >
> > # cat /etc/ipnat.conf
> > map hme0 172.16.0.0/16 -> 0/32 proxy port ftp ftp/tcp
> > map hme0 172.16.0.0/16 -> 0/32 portmap tcp/udp 10000:40000
> > map hme0 172.16.0.0/16 -> 0/32
> >
> > A few things -- ICMP and DNS lookups -- seem to work fine. However,
> > most anything else (ie: HTTP) will appear to connect, but then receive
> > nothing afterward. I do see the sessions appear in "ipnat -l". For
> > example:
> >
> > List of active sessions:
> > MAP 172.16.0.10 1122 <- -> 10.2.0.228 10003 [66.35.250.151 80]
> >
> > I have tried many different things with ipf.conf, ie: keep state. I
> > think the problem may be with ipnat, but am kind of lost. Any
> > pointers?
> >
> > Thank you!
> >
>=20
>=20
I have a SparcStation 20 running as router here, it has two network
interfaces: le0 (onboard) and hme0 (sbus card).
All I had to do to get the SS20 to route all traffic from one network
(192.168.1/24) to another (192.168.0/24) was:
1) Set 'net.inet.ip.forwarding=3D1' in /etc/sysctl.conf .
2) Put 'map le0 from 192.168.1.0/24 to any -> 0/32' in /etc/ipnat.conf .
3) Enable ipnat in /etc/rc.conf ('ipnat=3DYES'.)
4) # sysctl -w net.inet.ip.forwarding=3D1 && /etc/rc.d/ipnat restart
--=20
Malte Dehling
Mail: mdehling [at] math.ruhr-uni-bochum.de
Website: http://mdehling.ath.cx/
PGP: 2586 A3BF B438 E68E 2B85 C4EA C5A7 AD96 C865 03D2
--BOKacYhQ+x31HxR3
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (NetBSD)
iD8DBQFCPvq/xaetlshlA9IRAvjwAJoC9HU6CA0gHRxsAQo+htAW45in0QCdHedC
0dbKON0ikAUpoV4QAtg1LJk=
=RjDO
-----END PGP SIGNATURE-----
--BOKacYhQ+x31HxR3--