Very Computer

I have been trying in vain for 2 days to setup IPNAT for a small firm
here, but it doesn't seem to be fully functional.
Originally, I couldn't ping the external ip address of obsd from the
clients, so i setup nat and configured the clients to use the obsd box
as the default gateway, great, now i can ping the external (real
internet) ip addy. So i tried pinging www.yahoo.com,,,,, nothing.
I have read the faq, in fact i followed it to a tee, i read various
other howto's on sites out there, still they all say the same thing, I
am sure I have it right, but no joy

My internal is 192.168.1.1 - the client i was using was 192.168.1.10
and  the external is a real ip
so in ipnat.rules i have     map 192.168.0.0/16 -> <inet addy>/24

is this ok?

My routing table shows the correct dr for my domain and also the dns
servers
It also shows the 2 links   -   link#1 and link#2  and they look fine
too
Is it possible that the main router could be blocking me? I asked if the
ip was registered on the router, he said 'yes it is'.
I am so down over this, the slightest help would be greatly appreciated

Let me know what info you need to see and I'll paste it if you need :))

Thanks people :)

Mark

Hi!,

Quote:> I have been trying in vain for 2 days to setup IPNAT for a small firm
> here, but it doesn't seem to be fully functional.

> Originally, I couldn't ping the external ip address of obsd from the
> clients, so i setup nat and configured the clients to use the obsd box
> as the default gateway, great, now i can ping the external (real
> internet) ip addy. So i tried pinging www.yahoo.com,,,,, nothing.
> I have read the faq, in fact i followed it to a tee, i read various
> other howto's on sites out there, still they all say the same thing, I
> am sure I have it right, but no joy

Okay, if you can ping real IP addresses which are outside of your network, you
might want to check to make sure that you have a valid domain name server
address on your clients.  This will enable them to point in the right
direction to get the right IP numbers for outside sites.

Quote:> My internal is 192.168.1.1 - the client i was using was 192.168.1.10
> and  the external is a real ip so in ipnat.rules i have     map
> 192.168.0.0/16 -> <inet addy>/24

If you are using just the 192.168.1.x network, I would suggest that you do
something like: 192.168.1.0/24 rather than /16.  As for your NAT rules, what
are you using ipchains or iptables.

For ipchains it should be something like this:

/sbin/ipchains -A forward -i eth0 -s 192.168.1.0/24 -d 0.0.0.0/0 -j MASQ

The above assumes that eth0 is the interface which is connected to the outside
network.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+

Thanks for the reply :)

The client is set to the same dns server as the obsd box, the obsd box resolves
just fine, it can

Quote:

> > My internal is 192.168.1.1 - the client i was using was 192.168.1.10
> > and  the external is a real ip so in ipnat.rules i have     map
> > 192.168.0.0/16 -> <inet addy>/24

> If you are using just the 192.168.1.x network, I would suggest that you do
> something like: 192.168.1.0/24 rather than /16.

yes, i can see that :) I will transpose that, The subnet mask the internal
machines are using is 255.255.0.0, should I change this to 255.255.255.0 and use
/32 all through the mappings? Would this be an easier start? I think the higher
level domain is using that, thats what unix admin told me.

Quote:> As for your NAT rules, what
> are you using ipchains or iptables.

I'm using IPFilter, and I have
    allow in from any to any
    allow out from any to any

just till its working ;)

the internal card is dc0 and the external card is fxp0, would the two different
network cards have anything to do with it?
It really does seem as though the NAT is functioning fine, because if i have
empty rules for nat, then i can't ping the ext. nic.
I am really frustrated, as this is my first REAL install and I feel like I am
showing myself up.

Thanks so much for the help Dean :)))

Mark

On Thu, 26 Jul 2001 16:54:06 +1000, Dean Thompson

This is an linux usenet group, not BSD. Maybe you should go direct
your query to the correct usenet group.

I thought this looked like a BSD thing, I guess it screamed it soon as
I saw ipnat.

-
Michael

Hi!,

Quote:> The client is set to the same dns server as the obsd box, the obsd box
> resolves just fine, it can

>>> My internal is 192.168.1.1 - the client i was using was 192.168.1.10
>>> and  the external is a real ip so in ipnat.rules i have     map
>>> 192.168.0.0/16 -> <inet addy>/24

>> If you are using just the 192.168.1.x network, I would suggest that you do
>> something like: 192.168.1.0/24 rather than /16.

> yes, i can see that :) I will transpose that, The subnet mask the internal
> machines are using is 255.255.0.0, should I change this to 255.255.255.0
> and use /32 all through the mappings? Would this be an easier start? I
> think the higher level domain is using that, thats what unix admin told me.

Personally, if you only are using one network of the 192.168.x.y network
range, then I would change everything over to 255.255.255.0 (/24) rather than
the 255.255.0.0.  If you were using more than one network together (ie.
greater than 253 hosts) then I would consider using a bigger subnet mask, but
I don't think I would move to the 255.255.0.0 subnet mask for that either.

Quote:> > As for your NAT rules, what are you using ipchains or iptables.

> I'm using IPFilter, and I have
>     allow in from any to any
>     allow out from any to any

> just till its working ;)

> the internal card is dc0 and the external card is fxp0, would the two
> different network cards have anything to do with it?

I don't think so.  If both the cards are configured correctly, your IP
forwarding and NAT should work like a charm.

Quote:> It really does seem as though the NAT is functioning fine, because if i
> have empty rules for nat, then i can't ping the ext. nic.
> I am really frustrated, as this is my first REAL install and I feel like I
> am showing myself up.

Okay, so if you add each rule to the ipfilter one by one, which rule does the
system break on ?

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+