Community discussions

MikroTik App
 
WISP-BG
just joined
Topic Author
Posts: 19
Joined: Sat May 29, 2004 9:50 am
Location: Sofia, Bulgaria

Strange problem with src-nat

Fri Oct 08, 2004 11:54 am

When I use src-nat to hide all my private network 192.168.x.x/24 behind a range of real IP-adresses, say x.x.x.65 - x.x.x.69, strange things happen - some sites with loging/password (mail, bank-services) frequently loses connection and you must reconnect and loging again.
Any suggestion or help?
Thanks

P.S. Sorry for my bad english :oops:
 
User avatar
[ASM]
Member Candidate
Member Candidate
Posts: 284
Joined: Sun Jun 06, 2004 12:59 am
Location: Sofia, Bulgaria
Contact:

Sun Oct 10, 2004 8:44 pm

Try using multiple outgoing addresses only for free servers. It help with ICQ too :):)
 
User avatar
[ASM]
Member Candidate
Member Candidate
Posts: 284
Joined: Sun Jun 06, 2004 12:59 am
Location: Sofia, Bulgaria
Contact:

Sun Oct 10, 2004 8:46 pm

P.S.: this thing happens because of change of client's outgoing address (on connection NAT-ed through 1 IP and another connetion throught different IP address)
 
WISP-BG
just joined
Topic Author
Posts: 19
Joined: Sat May 29, 2004 9:50 am
Location: Sofia, Bulgaria

Sun Oct 10, 2004 9:51 pm

Yes, I know that, but I look for some elegant way to solve the problem.

ICQ? A? :)
 
User avatar
mag
Member
Member
Posts: 376
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Re: Strange problem with src-nat

Tue Oct 12, 2004 4:20 pm

if you are going to map ranges of different sizes together, it will not work. the ip-address range size have to match.

regards.
 matthias
 
WISP-BG
just joined
Topic Author
Posts: 19
Joined: Sat May 29, 2004 9:50 am
Location: Sofia, Bulgaria

Tue Oct 12, 2004 9:36 pm

:? Hmm... But it basically works, the problem occur only in websites with user/pass, and not in all sites, just a few. It's no sense using src-nat to map, say 254 private adressess to same range real ones.
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 700
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Tue Oct 12, 2004 11:04 pm

I would nat all of your client PCs out through one of your public IP addresses using port address translation. Use the other IP addresses for incoming connections only.

Regards

Andrew
 
User avatar
mag
Member
Member
Posts: 376
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Wed Oct 13, 2004 12:22 pm

i would suggest this too. i.e. masquerading for usual clients, src-/dst-NAT pairs for servers.

regards.
 matthias

Who is online

Users browsing this forum: Google [Bot], Kanzler and 75 guests