Re: Network Address Translation

[Jeff Thieleke <thieleke%ix.netcom.com@localhost>]

> In article <199801120744.IAA18365%analytik.analytikerna.se@localhost>,
>       "Håkan Thörngren" <hth%analytik.analytikerna.se@localhost> writes:
> > map ppp0 n.n.n.n/24 -> 0/32
> 
> That won't work.

That will work, and it is the recommended way of doing it on dynamic PPP.

Here is my ipnat.conf for a situation similiar to Håkan's - 10.0.0.0/8 
represents my internal
network, and 0/32 is for my dynamic IP address on the PPP interface.
  
map ppp0 10.0.0.0/8 -> 0/32 portmap tcp/udp 50000:60000
map ppp0 10.0.0.0/8 -> 0/32 

(hmm...I might have to adjust those ports once I get a new 1.3A kernel, but you 
get the idea)


 
> > I have also tried to replace 0 with my dynamically allocated IP address
> > on ppp0, and the IP address for the other side of ppp0, ...
> 
> That's the right way. You can use "/etc/ppp/ip-up" and "/etc/ppp/ip-down"
> to let this happen automatically.

Why bother?  

I understand that you should run 'ipf -y' to refresh ipf's idea of the current 
IP address,
so you could put that in your ip-up.  However, I have never had to use it, YMMV.

 
> > ... but it just won't work.  What am I missing?
> 
> IP forwarding needs to be activated to get IP NAT to work. So you have
> either to turn it on via "sysctl" or better compile a kernel with
> the "GATEWAY" option turned on.


In addition, I believe you need IP Filter enabled (ipf -E) for ipnat to work.  



Jeff Thieleke