[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NAT'ing & stuff like that
- To: misc@openbsd.org
- Subject: Re: NAT'ing & stuff like that
- From: Ian Morrison <ian@darq.net>
- Date: Wed, 6 Jan 1999 15:34:36 +0000
- References: <19981231172834Z82726-18396+2@mmi.oz.net>
Hi..
I've seen lots of stuff on the openbsd misc list talking about NAT.
Cutting a long story short, I've been dropped in the shit and need to
get an openbsd box natting for a network of macs (using 192.168.1.x
addresses).
I'm normally quite quick to pick stuff up, but I can't find any examples
that are very relevant to me. It's the stress I'm sure - every 45 mins
the client is on the phone wanting to know where their connectivity is.
Anyway, here's the drill:
15 macs (192.168.1.2 - 192.168.1.16) are connected on a hub.
1 linux box (192.168.1.1) was ip masqing for the other machines,
connecting to my office.
The linux box is broken, so I've got an OpenBSD box (called gate) ready to go here - i386, 2 network cards (xl0 and xl1) etc. But I can't figure out what I
need to do. I've read the ipnat man page's about a dozen times to no
avail. I'm just not sure about the network masks etc. I'm getting
confused because I'm on a 32 address subnet ( /27) and the fake network
is a class C ( /24 ?).
My /etc/ipnat.rules read:
map xl0 192.168.1.0/24 -> xl1/27 portmap tcp/udp 10000:20000
and my /etc/ipf.rules are default. I've enabled both in /etc/rc.conf and
am using the 2.4 GENERIC#56 i386 from my 2.4 cd's. From the gate
machine, although it doesn't translate any addresses from what I can
tell, I can ping the fake ip machines, and real machines on the net. I
think my problem is that I just don't get the syntax of ipnat, and I'm
not sure exactly what I want to achieve (in technical terms) - I just
want the fake address macs to be able to work as if they had a real
address. I don't know how to translate that idea into subnets and ports.
To make matters more complex, i'm not sure if i need to recompile the
kernel (although having read /usr/share/ipf/nat.2 I guess i have to).
I'll do it anyway to kill some time :) bah...
Any help would be gratefully recieved. I'm getting desperate now :)
I hope that can make some sense to people.
ian
--
[darq#]-[ian@darq.net] what have i become? my sweetest friend
[http://www.darq.net/] everyone i know goes away in the end
PGP signature