[rbak-nsp] Nat does'nt work

Ron Ripley ripleyron at gmail.com
Sun Oct 3 22:32:28 EDT 2010 

You still have conflicting IP addresses; you will need at minimum two separate IP addresses, one for the public interface connecting upstream, and one for the source of the NAT.  Your configuration with 83.142.192.100/32 for the NAT pool and 83.142.192.100/29 is invalid, the public NAT should be 83.142.192.100/32 and 83.142.192.101/xx would be an example of that. 



Ron Ripley | Systems Engineer | 
Sent from my iPad

On 2010-10-03, at 3:10 PM, "Michal Korzeniowski" <misha at iim.pl> wrote:

> Hi Denis
> 
> Thanks for Your suggestions. I (probably) applied them.  Unfortunetly my
> config,  below:
> 
> 
> context BRAS
> !
> !
> no ip domain-lookup
> !
> ip nat pool NAT_pool napt multibind
>  address 83.142.192.100/32
> !
> nat policy NAT_policy
> ! Default class
>  pool NAT_pool BRAS
> !
> interface LAN multibind
>  description BRAS LAN GW
>  ip address 10.11.12.1/24
>  dhcp server interface
>  ip arp proxy-arp
> !
> interface WAN
>  ip address 83.142.192.100/29
> no logging console
> !
> policy access-list NAT_acl
>  seq 10 permit ip 10.11.12.0 0.0.0.255 class CLASS3
>  seq 11 permit ip host 83.142.192.100 class CLASS3
> !
> aaa authentication administrator local
> aaa authentication administrator maximum sessions 1
> aaa authentication subscriber radius global
> !
> !
> subscriber default
>   nat policy-name NAT_policy
>   dhcp max-addrs 1
> !
> ip route 0.0.0.0/0 83.142.192.102
> no service ssh server
> !
> dhcp server policy
>   nak-on-subnet-deletion
>   option subnet-mask 255.255.255.0
>   option domain-name-server 91.189.24.2 83.142.192.2
>   option domain-name mi.pl
>   offer-lease-time 300
>   default-lease-time 900
>   maximum-lease-time 900
>   subnet 10.11.12.0/24
>     option subnet-mask 255.255.255.0
>     option router 10.11.12.1
> !
> !
> !
> end
> 
> 
> still doesn't work :(
> 
> Michal
> 
> 
> 
> 
>> Hi Michal,
>> 
>> Your interface has /24 and addresses in pool overlap this.
>> 
>> Regarding your config in general.
>> In NAT pool we usually put real IP addresses, it allows your private
>> networks to be NATed through real IPs.
>> 
>> 
>> 
>> HIH
>> /denis
>> 
>> -----Original Message-----
>> From: Michal Korzeniowski [mailto:misha at iim.pl]
>> Sent: Friday, October 01, 2010 5:49 PM
>> To: Denis Mikhaylovskiy
>> Cc: misha at iim.pl; redback-nsp at puck.nether.net
>> Subject: RE: [rbak-nsp] Nat does'nt work
>> 
>> 
>>> Second)
>>> Ip address in NAT pool should not overlap with others ip addresses of
>>> interfaces
>> 
>> maybe I think wrong but they are no overlaps:
>> - ip addr of interface is   10.11.12.1
>> - ip addr of pool are       10.11.12.2 to 100
>> 
>> 
>>> ip nat pool NAT_pool napt multibind
>>>  address 10.11.12.2 to 10.11.12.100 <--- why you are using private
>>> space
>>> for NAT ?!?
>> 
>> Which space should I use?
>> My Idea is to distribute the internet "from" one public IP 83.142.192.100
>> to subscribers ( giving them private space 10.11.12.0/24 like simply
>> router from super markt)
>> 
>> 
>> 
>> 
>> 
> 
> 
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp

More information about the redback-nsp mailing list