Page 1 of 1

Strange problem with src-nat

Posted: Fri Oct 08, 2004 11:54 am
When I use src-nat to hide all my private network 192.168.x.x/24 behind a range of real IP-adresses, say x.x.x.65 - x.x.x.69, strange things happen - some sites with loging/password (mail, bank-services) frequently loses connection and you must reconnect and loging again.
Any suggestion or help?

P.S. Sorry for my bad english :oops:

Posted: Sun Oct 10, 2004 8:44 pm
by [ASM]
Try using multiple outgoing addresses only for free servers. It help with ICQ too :):)

Posted: Sun Oct 10, 2004 8:46 pm
by [ASM]
P.S.: this thing happens because of change of client's outgoing address (on connection NAT-ed through 1 IP and another connetion throught different IP address)

Posted: Sun Oct 10, 2004 9:51 pm
Yes, I know that, but I look for some elegant way to solve the problem.

ICQ? A? :)

Re: Strange problem with src-nat

Posted: Tue Oct 12, 2004 4:20 pm
by mag
if you are going to map ranges of different sizes together, it will not work. the ip-address range size have to match.


Posted: Tue Oct 12, 2004 9:36 pm
:? Hmm... But it basically works, the problem occur only in websites with user/pass, and not in all sites, just a few. It's no sense using src-nat to map, say 254 private adressess to same range real ones.

Posted: Tue Oct 12, 2004 11:04 pm
by andrewluck
I would nat all of your client PCs out through one of your public IP addresses using port address translation. Use the other IP addresses for incoming connections only.



Posted: Wed Oct 13, 2004 12:22 pm
by mag
i would suggest this too. i.e. masquerading for usual clients, src-/dst-NAT pairs for servers.