[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPF IPNAT OpenBSD 2.3 Alpha



At 23:04 07/05/98 -0700, you wrote:
>Hi,
>
>	I have one of those DecAXP33s w/ OpenBSD 2.3 installed on it, I
>heard that IPF and IPNAT are busted in the alpha distrib.  What I want is
>OpenBSD as the box that is connected to the InterNet and routing the
>internet to the Linux/OS2/Windows/Dos boxens that inhabit my hovel... You
>know, like Linux's IPMASQ.
>
>	Can what I want be done?

Yes. I've done that at home, where i have 2 i386, one with openbsd22 and
another
one with win95. I connect to the internet(ppp) with the openbsd box and run
ipnat.

First, your kernel must have the 'option GATEWAY'. Recompile it with that.
Second, ensure that in /etc/rc.conf you have 'ipfilter=YES'.

Now, for a basic configuration, put that in your /etc/ipf.rules
-------cut here------------
pass in from any to any
pass out from any to any
--------cut here-----------

I'll assume that you have something similar (a private network, like 10/8 or
192.168/16, and 1 ip number in the internet). Although, you can easily change
it for your needs.

This is your /etc/nat.rules
-------cut here-----------
map ppp0 10.0.0.0/24 -> ppp0/32
-------cut here-----------

Change the first 'ppp0' for your interface, and the second 'ppp0' for the ip
number you have. If you have a dynamic ppp connection like mine, it'll work
fine.
Remember, of course, to change the 10.0.0.0/24 with your private network
number.

I think that's all i've done. Oh, and after the connection is established,
run:
#ipnat -CF -f /etc/nat.rules

NOTE: Since you mentioned linux's ip masq, this all would be similar to
running:
#ipfwadm -F -p deny
#ipfwadm -F -a m -S 10.0.0.0/24 -D 0.0.0.0/0


I guess this can help. You can find more info at
http://coombs.anu.edu.au/ipfilter/

And, of course, the man pages for ipnat and ipf.


Regards,

	Gustavo Henrique