[rbak-nsp] Nat does'nt work

Denis Mikhaylovskiy denis.mikhaylovskiy at ericsson.com
Sat Oct 2 12:42:07 EDT 2010


Passive FTP works fine.
Please note that SE doesn't support ALG in NAT, for those subscribers who need VPNs you would have to assign real IP for instance.

Cheers,
/denis
________________________________
From: Navin Nepali [mailto:navin_n at yahoo.com]
Sent: Saturday, October 02, 2010 10:44 AM
To: Michal Korzeniowski; Denis Mikhaylovskiy
Cc: redback-nsp at puck.nether.net
Subject: Re: [rbak-nsp] Nat does'nt work

I was wondering if IPSEC VPN and FTP works well if we use NAT?

Before I was also using NAT but the services like VPN, FTP didn't work well as the subscriber increased. The users were not able to connect VPN or FTP.

Thanks

--- On Sat, 10/2/10, Denis Mikhaylovskiy <denis.mikhaylovskiy at ericsson.com> wrote:

From: Denis Mikhaylovskiy <denis.mikhaylovskiy at ericsson.com>
Subject: Re: [rbak-nsp] Nat does'nt work
To: "Michal Korzeniowski" <misha at iim.pl>
Cc: "redback-nsp at puck.nether.net" <redback-nsp at puck.nether.net>
Date: Saturday, October 2, 2010, 11:01 AM
Hi Michal,

Your interface has /24 and addresses in pool overlap this.

Regarding your config in general.
In NAT pool we usually put real IP addresses, it allows your private networks to be NATed through real IPs.



HIH
/denis

-----Original Message-----
From: Michal Korzeniowski [mailto:misha at iim.pl<http://us.mc1127.mail.yahoo.com/mc/compose?to=misha@iim.pl>]
Sent: Friday, October 01, 2010 5:49 PM
To: Denis Mikhaylovskiy
Cc: misha at iim.pl<http://us.mc1127.mail.yahoo.com/mc/compose?to=misha@iim.pl>; redback-nsp at puck.nether.net<http://us.mc1127.mail.yahoo.com/mc/compose?to=redback-nsp@puck.nether.net>
Subject: RE: [rbak-nsp] Nat does'nt work


> Second)
> Ip address in NAT pool should not overlap with others ip addresses of
> interfaces

maybe I think wrong but they are no overlaps:
- ip addr of interface is   10.11.12.1
- ip addr of pool are       10.11.12.2 to 100


>  ip nat pool NAT_pool napt multibind
>   address 10.11.12.2 to 10.11.12.100 <--- why you are using private space
> for NAT ?!?

Which space should I use?
My Idea is to distribute the internet "from" one public IP 83.142.192.100
to subscribers ( giving them private space 10.11.12.0/24 like simply
router from super markt)





_______________________________________________
redback-nsp mailing list
redback-nsp at puck.nether.net<http://us.mc1127.mail.yahoo.com/mc/compose?to=redback-nsp@puck.nether.net>
https://puck.nether.net/mailman/listinfo/redback-nsp


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20101002/a60361b4/attachment.html>


More information about the redback-nsp mailing list