DaemonForums  

Go Back   DaemonForums > NetBSD > NetBSD General

NetBSD General Other questions regarding NetBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 12th June 2010
maxleonca maxleonca is offline
New User
 
Join Date: Jun 2010
Posts: 3
Thanked 0 Times in 0 Posts
Default Basic NAT trouble for a newbie

Hello everyone,
I'm a Linux user that believes that Linux has become a very configurable brick, but a brick no less.
And searching around I found NetBSD which seems to be way lighter, faster, secure and reliable than Linux but is harder to make the jump that I expected.

I have a K6-2 with 128 RAM that I want to convert to be a home gateway (it works OK with Slackware), now I've installed NetBSD 5.0.2 and installed all the software I needed, well almost.
What is killing me is that the simple stuff seems to be not so simple.
I follow the basics on www dot netbs dot org and still I cannot manage to get the NAT rules straight.

Here they is the problem.
I have two interfaces:
  1. ex0 which is on DHCP from the ISP
  2. vr0 which has an static IP for my home lan

My /etc/ipf.conf looks like this:
Code:
pass in from any to any
pass out from any to any
and my /etc/ipnat.conf is this:
Code:
map vr0 192.168.110.0/24 -> 0/32 proxy port ftp ftp/tcp
map vr0 192.168.110.0/24 -> 0/32 portmap 10000:20000
map vr0 192.168.110.0/23 -> 0/32
But this locks up the box from the net point of view

No please correct me if I'm wrong, but the way I read them is this:

ipf.conf
Forward any traffic from any host to any host and forward any traffic from any host to any host.

ipnat.conf
Grab all 192.168.110.0 subnet requests to the other ip/nic (ex0).


Ohh, I also enabled ip forwarding on /etc/sysctl.conf adding ip.inet.ip.forwarding=1, which is reflected on the output of sysctl -a

I have another mayor problem and is that dnsmasq is not respondig DHCP requests that I can see on tcpdump comming in, but not sure if it might be related. I think not since DHCP on vr0 should answer the requests anyway.



Thanks so much for the help in advanced.
Reply With Quote
  #2   (View Single Post)  
Old 13th June 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,118
Thanked 182 Times in 149 Posts
Default

Since the popularity of pf, the OpenBSD packet filter, which runs on all BSDs, hardly anyone uses ipf anymore and thus hardly anyone remembers how that worked

With pf, your ruleset would be something like
Code:
EXT_IF = ex0 
INT_IF = vr0

nat on $EXT_IF from $INT_IF:network to any -> $EXT_IF

# --- default policy
block log all

pass out quick on $EXT_IF
pass in  quick on $INT_IF
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 17th June 2010
maxleonca maxleonca is offline
New User
 
Join Date: Jun 2010
Posts: 3
Thanked 0 Times in 0 Posts
Default

Hi J65nko,

Thanks for the tip, I follow your example and red a bit about pf, but as strange as it sounds the when I run pf (loading lmk) the machine lock's up both interfaces, so I'm still looking into it.

I'll let you know what I find out.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Basic starter questions ??? dennky OpenBSD Installation and Upgrading 10 5th December 2009 07:21 PM
Basic networking fail. diw OpenBSD General 13 31st March 2009 09:29 AM
mount second hard drive - newbie trouble corneliu FreeBSD General 7 23rd September 2008 10:51 PM
Basic sshd hardening anomie Guides 12 12th September 2008 03:39 AM
need some basic help on ifconfig daemon-dd FreeBSD General 4 29th July 2008 03:21 PM


All times are GMT. The time now is 08:15 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick