This page is part of the LIFE project.
IP Network Address Translation on the NAS
As the PPP tunnel assigns private class A addresses to the user machine and the NAS, the private addresses must be translated to public addresses in order for the user machine to be able to communicate with nodes on the ITS network. This is achieved by adding IPNAT functionality to the NAS. Help on configuring IPNAT was obtained from http://www.viperstrike.com/~lopaka/sysadmin/ipnat-info/ and http://www.neon1.net/misc/firewall.html.
rc.conf
The first step in adding ipnat to the NAS is to add the following lines into its "/etc/rc.conf" file then rebooting the machine. If these attributes are already set, make sure they are enabled.
gateway_enable="YES"
ipnat_enable="YES"
ipnat_program="/sbin/ipnat"
ipnat_rules="/etc/ipnat.rules"
ipnat_flags=""
ipmon_enable="YES"
ipmon_program="/sbin/ipmon"
ipmon_flags="-Ds"
ipnat.rules
The "/etc/ipnat.rules" file is used to specify the private to public (and vice versa) IP address translation. The following lines in the ipnat.rules file translates the private class A IP addresses assigned to the PPP tunnel to the fxp0 interface public IP address.
map fxp0 10.0.4.0/24 -> 136.186.229.238/32 portmap tcp/udp auto #automatic port range used to identify a specific user machine
map fxp0 10.0.4.0/24 -> 136.186.229.238/32
To begin IPNAT accoding to the rules specified enter the following on the NAS command line:
ipnat -C -f /etc/ipnat.rules
| ||||||||||||||||
|
