Page 1 of 1

Strange problem with src-nat

Posted: Fri Oct 08, 2004 11:54 am
by WISP-BG
When I use src-nat to hide all my private network 192.168.x.x/24 behind a range of real IP-adresses, say x.x.x.65 - x.x.x.69, strange things happen - some sites with loging/password (mail, bank-services) frequently loses connection and you must reconnect and loging again.
Any suggestion or help?
Thanks

P.S. Sorry for my bad english :oops:

Posted: Sun Oct 10, 2004 8:44 pm
by [ASM]
Try using multiple outgoing addresses only for free servers. It help with ICQ too :):)

Posted: Sun Oct 10, 2004 8:46 pm
by [ASM]
P.S.: this thing happens because of change of client's outgoing address (on connection NAT-ed through 1 IP and another connetion throught different IP address)

Posted: Sun Oct 10, 2004 9:51 pm
by WISP-BG
Yes, I know that, but I look for some elegant way to solve the problem.

ICQ? A? :)

Re: Strange problem with src-nat

Posted: Tue Oct 12, 2004 4:20 pm
by mag
if you are going to map ranges of different sizes together, it will not work. the ip-address range size have to match.

regards.
 matthias

Posted: Tue Oct 12, 2004 9:36 pm
by WISP-BG
:? Hmm... But it basically works, the problem occur only in websites with user/pass, and not in all sites, just a few. It's no sense using src-nat to map, say 254 private adressess to same range real ones.

Posted: Tue Oct 12, 2004 11:04 pm
by andrewluck
I would nat all of your client PCs out through one of your public IP addresses using port address translation. Use the other IP addresses for incoming connections only.

Regards

Andrew

Posted: Wed Oct 13, 2004 12:22 pm
by mag
i would suggest this too. i.e. masquerading for usual clients, src-/dst-NAT pairs for servers.

regards.
 matthias