since Im quite new on this forum sorry if this question is answered, though I havent found after search.
I have public pool of IP addresses (let`s says /27) on ethernet interface and setup one /24 for customers on WLAN. At the moment all customers using nat (pat) through just one public IP address. Since there is no possibility to using 1-to-1 address translation, how we can offer those 30 addresses from public IP pool (assigned from upstream provider) so they can act as 1-to-1 nat translation but when clients number 31 want to connect nat overload will start?
I dont know if this is a workaround or it’s the best solution but you can:
Assign IP address via DHCP (or radius)
DHCP Server has 1 ip pool range, let’s say 192.168.0.1-192.168.0.29 (pool1)
the IP Pool has a “next-pool” set with ip addresses 10.1.1.1-10.1.1.254 (pool2)
in your /ip firewall nat configuration you can set
chain=srcnat action=src-nat to-addresses=192.168.0.30 src-address=10.1.1.0/24
Your DHCP Server will try to assign to the clients the pool1 addresses until they are available. once there are no ip available, it will try next pool, private ip with nat
I assume you got around 50 customers with an average of 35 online, this solution would be enough i think (and most important, easy)
This example will split all the connections from your private network to 3 different pubblic IP addresses.
Be sure those 3 addresses can reach internet and can be reached; assign them to the pubblic interface.
I must ask the obvious question. If the customers are, in effect, going to get a Public IP, and you have them to give, why use NAT at all? Protect them through the firewall, but just give them the same gateway as you would have. I havent thought this all the way through, but it might even be possible to route them. You might have to do some ‘non-standard’ setups, but if the object is to give them the Public IPs, just give them to them. If there is functionality required before they get the IP, like accounting or something else, Im sure you can make it work.
Just thought I would suggest an out of the box, solution for you…Havent proofed anything, hope it helps anyway. It could be simpler, with the benefit that everything that is NAT sensitive wouldnt be affected. GL.
Currently nating 200 plus customers to one public ip,
Cisco uses nat pools, I just wanted a way to divide up a small subnet of pulic ip’s and have the
private pool of address split up so I don’t have so many private ips nated to one public.
Not sure what the limit of how many private ips can nat to one public ip.
If he has more customers than public IPs, it is understandable. Because there are a limited amount of ports to use for srcnat, if there are lots of customers with many simultaneous connections, you must NAT them to more than one public IP.
Ok, this is possibly one of the easiest things I have done. I was frustrated and was just playing around but this works 100% for me:
This is only an example: I am natting the private range 10.50.0.0/16 to the private range 192.168.1.0/25. In the real world you would use your public address space here.
