Page 1 of 1
Strange problem with src-nat
Posted: Fri Oct 08, 2004 11:54 am
When I use src-nat to hide all my private network 192.168.x.x/24 behind a range of real IP-adresses, say x.x.x.65 - x.x.x.69, strange things happen - some sites with loging/password (mail, bank-services) frequently loses connection and you must reconnect and loging again.
Any suggestion or help?
P.S. Sorry for my bad english :oops:
Posted: Sun Oct 10, 2004 8:44 pm
Try using multiple outgoing addresses only for free servers. It help with ICQ too :):)
Posted: Sun Oct 10, 2004 8:46 pm
P.S.: this thing happens because of change of client's outgoing address (on connection NAT-ed through 1 IP and another connetion throught different IP address)
Posted: Sun Oct 10, 2004 9:51 pm
Yes, I know that, but I look for some elegant way to solve the problem.
ICQ? A? :)
Re: Strange problem with src-nat
Posted: Tue Oct 12, 2004 4:20 pm
if you are going to map ranges of different sizes together, it will not work. the ip-address range size have to match.
Posted: Tue Oct 12, 2004 9:36 pm
Hmm... But it basically works, the problem occur only in websites with user/pass, and not in all sites, just a few. It's no sense using src-nat to map, say 254 private adressess to same range real ones.
Posted: Tue Oct 12, 2004 11:04 pm
I would nat all of your client PCs out through one of your public IP addresses using port address translation. Use the other IP addresses for incoming connections only.
Posted: Wed Oct 13, 2004 12:22 pm
i would suggest this too. i.e. masquerading for usual clients, src-/dst-NAT pairs for servers.