First of all, a bit of background. My home network is based on the old 10base2 connection. There is a server doing firewalling and NAT (among providing some services). There are also several workstations; mine has two NICs, one integrated in the motherboard, which only supports 10baseT (so I can't use it for my home network), and one plugged in a PCI slot. This network is class C, using 192.168.1.0/24 IPs.
Last week, I got an old Macintosh Performa 630. Fortunately, it has an integrated NIC, but only with a 10baseT connector, so I can't connect it to my home network (directly). The easiest solution I found is an UTP cross-over cable to connect the Mac to my workstation (plugged to the unused on-board NIC). I have configured this mini-network as a class C, using 192.168.2.0/24 IPs.
Everything fine so far, but I wanted the Mac to have access to the home network and also direct access to the Internet. My first thought was to set up a NAT service in my workstation, but I felt that it was not needed at all (as one has full control over class C networks).
Instead, I have gone through a more complex path (complex because I never did it before; now looks quite simple ;). The first step is to enable IP forwarding in the workstation, so that packets coming from vr0 (the on-board NIC, connected to the Mac) are redirected to ne0 (the PCI NIC, connected to the home network). Using NetBSD, the exact command is: sysctl -w net.inet.ip.forwarding=1
.
With this in place, packets can go to other machines, but they don't know how to return responses. So the next step is to play with the routing tables. As I only need the server to "know" how to access the Mac (I don't care about all other PCs in the network... they are running Windows ;), I used the route
command by hand, issuing: route add 192.168.2.0/24 dawn.local
. This means: "to access the 192.168.2.0/24 subnet, send packets to the dawn.local machine", being dawn.local my workstation's name. I guess there are more elegant ways to achieve this, but this works for me.
The Mac now has full access to my workstation and the server (i.e., to the machine doing NAT for the Internet). But... I still had problems accessing the Internet itself. It took a while to figure out what was going on, but at last I found it: I was missing to add a new rule in the NAT table, to tell it to also translate packets coming from the 192.168.2.0/24 subnet. Adding the rule to ipnat.conf
fixed this.
That's all! The Mac can now access both networks transparently. BTW, the instructions above are for a NetBSD system using IP Filter (the default firewall and NAT program). The steps required to achieve the same goals in a Linux box should be very similar.