Community discussions

MikroTik App
 
KimC
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 95
Joined: Sun Jun 06, 2004 3:16 pm
Location: Denmark

Full NAT for 1000 users

Thu Mar 16, 2006 9:02 pm

Hello guys !

If I want to make a full nat for 1000 users (we have plenty of global ip's), then how should I do this the smart way (like the NAT on 2003-server).

I perfectly understand the netmap-feature, but adding 1000 /32 adresses doesn't seem to be smart...

And no, we do not want to expose our quite complex infrastructure to the public net, so making the lan global is not an option.

Regards
KimC
 
User avatar
aitsecurity
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Thu Mar 16, 2006 12:28 am
Location: venezuela

Re: Full NAT for 1000 users

Fri Mar 17, 2006 2:51 am

Hello guys !

If I want to make a full nat for 1000 users (we have plenty of global ip's), then how should I do this the smart way (like the NAT on 2003-server).

I perfectly understand the netmap-feature, but adding 1000 /32 adresses doesn't seem to be smart...

And no, we do not want to expose our quite complex infrastructure to the public net, so making the lan global is not an option.

Regards
KimC

i have a little question, in NAT and PAT, share the public IP, my question is about performance, because 1000 user go to out with unique public IP

really no have problem about this, no need example two public IP and segment the user 500 user and other segment with 500 user ?
 
devrim
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Fri Sep 02, 2005 12:37 am

Fri Mar 17, 2006 2:06 pm

You may use "same" action as descripbed http://www.mikrotik.com/docs/ros/2.9/ip/nat


/ip firewall nat add chain=srcnat src-address=192.168.0.0/16 action=same to-addresses=xxx.xxx.xxx.100-xxx.xxx.xxx.254

devrim
 
KimC
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 95
Joined: Sun Jun 06, 2004 3:16 pm
Location: Denmark

Fri Mar 17, 2006 8:42 pm

We are actually NATting to these users today - but not with Mikrotik (using Windows server). We want to simplify the setup... And performance is not a problem at all.

But in order to do this with Mikrotik, you need to add 1000 global adresses to the public interface. This is errorprone and not elegant at all.

Any suggestions ???
 
changeip
Forum Guru
Forum Guru
Posts: 3806
Joined: Fri May 28, 2004 5:22 pm

Sat Mar 18, 2006 1:01 am

See devrim's post above... you can do it without adding each ip.
 
KimC
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 95
Joined: Sun Jun 06, 2004 3:16 pm
Location: Denmark

Sun May 14, 2006 10:50 am

On 2.9.23 I have made many attempts to make nat with action=same work without adding the many external adresses. Here are my results:

address, internal interface: 192.168.10.1/24
address, external interface: 10.76.20.10/24

src-nat:
chain=srcnat out-interface=Uplink src-address=192.168.10.0/24 action=same to-addresses=10.76.20.10-10.76.20.20 to-ports=0-65535 same-not-by-dst=yes

THIS DOES NOT WORK

- however, if you add the 9 extra adresses (10.76.20.11 to 10.76.20.20) either as /24 or as /32 (I'm not sure what's correct), the setup works immediately.

This may not be a real problem, as adding many adresses can be done with a simple script, BUT when trying, disaster strikes: Adding 1000 /32 or /24 addresses to an interface results in lockup of all interfaces. Only way in is the serial interface.

So, please help me correct this setup - or let us agree, that we found another bug, that MT will fix in due time.

Thanks in advance !
 
devrim
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Fri Sep 02, 2005 12:37 am

Sun May 14, 2006 10:14 pm

KimC don't use to-addresses with same action..
 
KimC
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 95
Joined: Sun Jun 06, 2004 3:16 pm
Location: Denmark

Sun May 14, 2006 11:02 pm

Please, Devrim

I don't understand what you ar saying. I just followed your previous post:

/ip firewall nat add chain=srcnat src-address=192.168.0.0/16 action=same to-addresses=xxx.xxx.xxx.100-xxx.xxx.xxx.254

Who is online

Users browsing this forum: McSee and 173 guests