Re: npf questions/experience migrating from ipf on NetBSD8

[yancm%sdf.org@localhost]

> yancm%sdf.org@localhost wrote:
>>> After recompiling an GENERIC NetBSD 8_Stable kernel with npf
>>> pseudo-device, I could ping the internet from the console, but
>>> not from machines attached to my lan...
>>> Here are some diagnostics...
>>> # npfctl list -n
>>Is empty... no NAT taking place I can tell?
>
> How have you configured the machines on the lan ?

As you point out below, 192.168.1.0/24 this is the map rule with ipf:
map wm0 192.168.1.0/24 -> 0/32 portmap tcp/udp 6970:65535

The internal router interface is 192.168.1.1 (bge0)

This is a working (for > 10 years) ipnat/ipf setup...

>>I even tried a simple, promiscuous ruleset and that also fails to NAT?
>>
>># npfctl show
>># filtering:    active
>># config:       loaded
>>
>>procedure "log"
>>
>>map wm0 dynamic any -> 10.1.10.10 pass family inet4 from 192.168.1.0/24 #
>>id="1"
>
> You seem to be using 192.168.1.0/24 for your lan, where does 10.1.10.10
> come into the equation ?
>
> I'm guessing that wm0 is your external interface, what is the IPv4
> address ?

Yeah...oddball setup...the "external", to the NetBSD router
interface, really is 10.1.10.10 (wm0).

10.1.10.1 (the only other member of this intermediate local net)
is the Comcast router and it is bidirectionally routing
10.1.10.1 to and from a dynamic ip...

This part works fine, or at least does under ipnat/ipf...