port-sparc: Using NAT for local network/dynamic IP ppp gateway

Subject: Using NAT for local network/dynamic IP ppp gateway
To: NetBSD-Sparc <port-sparc@netbsd.org>
From: Tim Walls <tim.walls@pa.press.net>
List: port-sparc
Date: 04/10/2000 11:13:43

Hi all,

I have a question about using NAT, to which the answer will probably
be RTFM (or RTFF,) so I guess part of the question is which manual/faq
should I be reading :-).

Anyway, I have a NetBSD-1.4.2/Sparc box which acts as a small 'server'
for a few machines on a local network, running variously Windoze and
NetBSD.

The machines on the local network all have local IP addresses in the
10.10.10.0 network, and I have bolted a modem to the sparc and managed
to get pppd working to connect to an ISP which does dynamic IP allocation
(horrible I know, but I'd have to pay for an ISP which does things
properly.)

What I want to do is use NAT on the Sparc to portmap the local machines
IPs to give them Internet access through the PPP connection.

Anyway, I seem to be having problems with ipnat.  Doing 'ipnat -f'
comes up with some errors along the lines of 'kernel memory address
invalid' (I'll check the exact error when I get home.)

Undeterred by the error, I gave it a try anyway :-).  I produced
a nat file looking like:
 
  map ppp0 10.10.10.0/24 0/32 portmap tcp/udp auto
  map ppp0 10.10.10.0/24 0/32

(As per the 'BASIC.NAT' file in usr/local/share/ipf.)

Putting that through ipnat unfortunately causes the sparc's network
to die totally.  This makes debugging a total bugger, because I don't
have a serial console on it ('cos the Modem is stuck in the serial
port, & I don't have a Sun A/B splitter on it yet - I know, I'll get
that fixed <grin>.)[1]


So...  After that ramble, the questions are...

  o. Do I need anything special in the kernel config to make ipnat
     work properly - I have options GATEWAY, and pseudo-devices
     bpfilter and ipfilter.

  o. Do I need to recompile ipnat if I have a recompiled
     kernel (the kern source & userland are both 1.4.2)

  o. Do the map lines above look approximately correct?

  o. Is there a FAQ for doing what I want to do using BSD type
     NAT stuff?  I've found FAQs for Linux IP masquerading, but
     that just looks like a hack for people who don't have
     proper NAT <grin>.

Thanks a lot!
Tim.


[1] I do have a Sun keyboard (so the console is going to the
    framebuffer not the serial port,) but I don't have a Sun monitor,
    and there is no way my ancient Amiga monitor would deal with Sun's
    wacky refresh rates even if I had the adapter...

-- 
Tim Walls