Subject: Re: Ipnat.conf redir portmappling
To: John Klos <john@sixgirls.org>
From: Jehun Cho <coolmac@mac.com>
List: port-mac68k
Date: 01/20/2001 19:49:36
Hi everyone!
Thanks to John Klos
Here is My Iici's /etc/*.conf
What is my mistake?
Please let me know that!
coolmac# vi ipnat.conf
map ae0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp
map ae0 192.168.1.0/24 -> 0/32 portmap tcp/udp 10000:65000
map ae0 192.168.1.0/24 -> 0/32
# rdr ae1 0/32 -> 192.168.1.254 portmap tcp/ucp auto
# port mapping
rdr ae0 0.0.0.0/0 port 20 -> 192.168.1.254 port 20 tcp/udp
rdr ae0 0.0.0.0/0 port 21 -> 192.168.1.254 port 21 tcp/udp
rdr ae0 0.0.0.0/0 port 80 -> 192.168.1.254 port 80 tcp/udp
~
coolmac# vi ifconfig.ae1
inet 192.168.1.254 netmask 255.255.255.0
~
coolmac# vi rc.local
# $NetBSD: rc.local,v 1.25.10.2 2000/10/07 20:21:35 hubertf Exp $
# originally from: @(#)rc.local 8.3 (Berkeley) 4/28/94
#
# This file is (nearly) the last thing invoked by /etc/rc during a
# normal boot, via /etc/rc.d/local.
#
# It is intended to be edited locally to add site-specific boot-time
# actions, such as starting locally installed daemons.
#
# An alternative option is to create site-specific /etc/rc.d scripts.
#
echo -n 'starting local daemons:'
# Add your local daemons here.
# ez-ipupdate
/usr/local/bin/ez-ipupdate -d -c /etc/ez-ipupdate.conf
# apache start
/usr/local/apache/bin/apachectl start
#if [ -f /usr/pkg/etc/rc.d/apache ]; then
# /usr/pkg/etc/rc.d/apache start
#fi
echo '.'
#
echo -n 'starting local daemons:'
# Add your local daemons here.
# ez-ipupdate
/usr/local/bin/ez-ipupdate -d -c /etc/ez-ipupdate.conf
# apache setup
/usr/local/apache/bin/apachectl start
#if [ -f /usr/pkg/etc/rc.d/apache ]; then
# /usr/pkg/etc/rc.d/apache start
#fi
echo '.'
coolmac# vi hosts
# $NetBSD: hosts,v 1.5.4.1 2000/08/15 14:37:19 itojun Exp $
#
# Host Database
# This file should contain the addresses and aliases
# for local hosts that share this file.
# It is used only for "ifconfig" and other operations
# before the nameserver is started.
#
#
::1 localhost
127.0.0.1 localhost
192.168.1.254 coolmac
#
# RFC 1918 specifies that these networks are "internal".
# 10.0.0.0 10.255.255.255
# 172.16.0.0 172.31.255.255
# 192.168.0.0 192.168.255.255
~
coolmac# vi inetd.conf
# $NetBSD: inetd.conf,v 1.35.2.4 2000/09/19 19:07:59 fvdl Exp $
#
# Internet server configuration database
#
# @(#)inetd.conf 8.2 (Berkeley) 3/18/94
#
ftp stream tcp nowait root /usr/libexec/ftpd ftpd
-ll
telnet stream tcp nowait root /usr/libexec/telnetd
telne
td
#shell stream tcp nowait root /usr/libexec/rshd rshd
-L
#login stream tcp nowait root /usr/libexec/rlogind
rlogi
nd -L
#exec stream tcp nowait root /usr/libexec/rexecd
rexec
d
#uucpd stream tcp nowait root /usr/libexec/uucpd
uucpd
#nntp stream tcp nowait usenet /usr/libexec/nntpd
nntpd
#finger stream tcp nowait nobody /usr/libexec/fingerd
finge
rd
#ident stream tcp nowait nobody:kmem /usr/libexec/identd
ident
d -l -o -e -N
#tftp dgram udp wait root /usr/libexec/tftpd
tftpd
-l -s /tftpboot
#comsat dgram udp wait root /usr/libexec/comsat
comsa
t
#ntalk dgram udp wait nobody:tty /usr/libexec/ntalkd
ntalkd
#bootps dgram udp wait root /usr/sbin/bootpd
bootp
d
#
# Games
#
#hunt dgram udp wait nobody /usr/games/huntd
huntd
#
# Internal services
#
#tcpmux stream tcp nowait root internal
#echo stream tcp nowait nobody internal
#discard stream tcp nowait nobody internal
#chargen stream tcp nowait nobody internal
#daytime stream tcp nowait nobody internal
#time stream tcp nowait nobody internal
#echo dgram udp wait nobody internal
#discard dgram udp wait nobody internal
#chargen dgram udp wait nobody internal
#daytime dgram udp wait nobody internal
#time dgram udp wait nobody internal
#qotd stream tcp nowait nobody /usr/games/fortune
fortu
ne
#
# Kerberos authenticated services
#
#klogin stream tcp nowait root /usr/libexec/rlogind
rlogi
nd -k
#eklogin stream tcp nowait root /usr/libexec/rlogind
rlogi
nd -k -x
#kshell stream tcp nowait root /usr/libexec/rshd rshd
-k
#
# Services run ONLY on the Kerberos server
#
#kerberos-adm stream tcp nowait root /usr/libexec/kadmind
kadmi
nd
#kpasswd dgram udp nowait root /usr/libexec/kpasswdd
kpass
wdd
#
# The hprop service is run on slave KDCs to receive the database from
# the master KDC.
#hprop stream tcp nowait root /usr/libexec/hpropd
hprop
d
#
# RPC based services
#
#rstatd/1-3 dgram rpc/udp wait:100 nobody:kmem
/usr/libexec/
rpc.rstatd rpc.rstatd
#rusersd/2-3 dgram rpc/udp wait:100 nobody
/usr/libexec/rpc.ruse
rsd rpc.rusersd
#walld/1 dgram rpc/udp wait nobody:tty
/usr/libexec/rpc.rwal
ld rpc.rwalld
#sprayd/1 dgram rpc/udp wait nobody /usr/libexec/rpc.sprayd
rpc.s
prayd
#rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad
rpc.
rquotad
#
# IPv6 services.
# The only difference with the above is "tcp6" instead of "tcp".
# Be sure to enable both "tcp" and "tcp6" when you need service for
# both IPv4/v6. Consult inetd(8) for details.
#
#ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd
-ll
#telnet stream tcp6 nowait root /usr/libexec/telnetd
telne
td
#shell stream tcp6 nowait root /usr/libexec/rshd rshd
-L
#login stream tcp6 nowait root /usr/libexec/rlogind
rlogi
nd -L
#finger stream tcp6 nowait nobody /usr/libexec/fingerd
finge
rd
#tftp dgram udp6 wait root /usr/libexec/tftpd
tftpd
-l -s /tftpboot
#kpasswd dgram udp6 nowait root /usr/libexec/kpasswdd
kpass
wdd
#
# IPv6 RPC services.
#
#rstatd/1-3 dgram rpc/udp6 wait:100 root
/usr/libexec/
rpc.rstatd rpc.rstatd
#rusersd/2-3 dgram rpc/udp6 wait:100 root
/usr/libexec/
#rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad
rpc.rquotad
#
# IPv6 services.
# The only difference with the above is "tcp6" instead of "tcp".
# Be sure to enable both "tcp" and "tcp6" when you need service for
# both IPv4/v6. Consult inetd(8) for details.
#
#ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd
-ll
#telnet stream tcp6 nowait root /usr/libexec/telnetd
telnetd
#shell stream tcp6 nowait root /usr/libexec/rshd rshd
-L
#login stream tcp6 nowait root /usr/libexec/rlogind
rlogind -L
#finger stream tcp6 nowait nobody /usr/libexec/fingerd
fingerd
#tftp dgram udp6 wait root /usr/libexec/tftpd
tftpd -l -s /tftpboot
#kpasswd dgram udp6 nowait root /usr/libexec/kpasswdd
kpasswdd
#
# IPv6 RPC services.
#
#rstatd/1-3 dgram rpc/udp6 wait:100 root
/usr/libexec/rpc.rstatd rpc.rstatd
#rusersd/2-3 dgram rpc/udp6 wait:100 root
/usr/libexec/rpc.rusersd rpc.rusersd
coolmac# vi rc.conf
# $NetBSD: rc.conf,v 1.85.2.8 2000/10/02 03:29:38 lukem Exp $
#
# see rc.conf(5) for more information.
#
# Use program=YES to enable program, NO to disable it. program_flags are
# passed to the program on the command line.
#
# Load the defaults in from /etc/defaults/rc.conf (if it's readable).
# These can be overriden below.
#
if [ -r /etc/defaults/rc.conf ]; then
. /etc/defaults/rc.conf
fi
# If this is not set to YES, the system will drop into single-user mode.
#
rc_configured=YES
dhclient=YES
dhclient_flags=ae0
ipnat=YES
# Add local overrides below
hostname="coolmac"
domainname="dyndns.org"
~
coolmac# vi dhclient.conf
send host-name "kr-netbsd.dyndns.org";
send dhcp-client-identifier "kr-netbsd";
request subnet-mask, broadcast-address, routers, domain-name-servers;
timeout 60;
retry 60;
select-timeout 5;
script "/etc/dhclient-script";
lease {
interface "ae0";
option host-name "kr-netbsd.dyndns.org";
option domain-name "dyndns.org";
option domain-name-servers 127.0.0.1;
renew 2 2002/1/1 00:00:01;
rebind 2 2002/1/1 00:00:01;
expire 2 2002/12/31 00:00:01;
}
~
>> I use NetBSD 1.5 on Mac Iici
>> I have 2 Ethernet card
>> ae0 is DHCP Client by cable modem and ae1(192.168.1.254) is connect to Hub
>>
>> But I can't connect to My Apache server and ftp server from My Office
>
> If you'd like to map ports from the cable modem's IP, do this:
>
> map ae0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp
> map ae0 192.168.1.0/24 -> 0/32 portmap tcp/udp 10000:65000
> map ae0 192.168.1.0/24 -> 0/32
> rdr ae0 0.0.0.0/0 port 20 -> 192.168.1.66 port 20 tcp/udp
> rdr ae0 0.0.0.0/0 port 21 -> 192.168.1.66 port 21 tcp/udp
> rdr ae0 0.0.0.0/0 port 80 -> 192.168.1.66 port 80 tcp/udp
>
> The "rdr"s map ftp (ports 20 and 21; I don't know if 20 is really
> necessary) and port 80 to 192.168.1.66; you could change that to whatever
> internal IP you want.
>
> If you can't talk to ftp or Apache that's running on the IIci, then it
> could be that Apache and inetd need to be started after you get the DHCP
> lease. Try rehupping them.
>
> Otherwise, send your rules so we can see if there's something wrong with
> them.
>
> John Klos
>
--
Rock Will Never DIE!!
coolmac@mac.com
coolnext@mac.com (NeXTMail OK!!)
http://homepage.mac.com/coolmac