[rbak-nsp] Nat does'nt work

Michał Korzeniowski Michal.Korzeniowski at metrointernet.pl
Fri Oct 29 03:30:13 EDT 2010 

does work!

my working config:


Current configuration:
!
context BRAS
!
 !
!
 no ip domain-lookup
!
 ip nat pool NAT_pool napt multibind
  address 83.142.193.192/32 port-block 1 to 15    <---  this address must be routed in bgp via   83.142.192.100
!
 nat policy NAT_policy
! Default class
  pool NAT_pool BRAS
  timeout tcp 18000
  endpoint-independent filtering udp       <------ thanks Denis :)
!
 interface LAN multibind
  description BRAS LAN GW
  ip address 10.10.8.1/24

  dhcp server interface
  ip arp proxy-arp
!
 interface WAN
  ip address 83.142.192.100/29
 no logging console
!
!
 aaa authentication administrator local
 aaa authentication administrator maximum sessions 1
 aaa authentication subscriber radius global
!
!
 subscriber default
   dhcp max-addrs 1
!
 ip route 0.0.0.0/0 83.142.192.102
 no service ssh server
!
 dhcp server policy
   nak-on-subnet-deletion
   option subnet-mask 255.255.255.0
   option domain-name-server 91.189.24.2 83.142.192.2
   option domain-name xxl.pl<http://xxl.pl/>
   offer-lease-time 300
   default-lease-time 43200
   maximum-lease-time 43200
   subnet 10.10.8.0/24
     option subnet-mask 255.255.255.0
     option router 10.10.8.1

!
!
!
end
--

radius:

#Bin  Laden
00:CI:SC:OS:HI:T1  Auth-Type := Accept
                   Framed-Ip-Address = 10.10.8.12,
                   Framed-Ip-Netmask = 255.255.255.0,
                   Service-Type = Outbound-User,
                   Dhcp-Max-Leases = 1,
                   Qos-Policy-Policing = u_512k,
                   Qos-Policy-Metering = d_100M,
                   Nat-Policy-Name = NAT_policy,
                   Context_Name = BRAS







--
MK



Wiadomość napisana przez Ron Ripley w dniu 2010-10-04, o godz. 04:32:

You still have conflicting IP addresses; you will need at minimum two separate IP addresses, one for the public interface connecting upstream, and one for the source of the NAT.  Your configuration with 83.142.192.100/32 for the NAT pool and 83.142.192.100/29 is invalid, the public NAT should be 83.142.192.100/32 and 83.142.192.101/xx would be an example of that.



Ron Ripley | Systems Engineer |
Sent from my iPad

On 2010-10-03, at 3:10 PM, "Michal Korzeniowski" <misha at iim.pl<mailto:misha at iim.pl>> wrote:

Hi Denis

Thanks for Your suggestions. I (probably) applied them.  Unfortunetly my
config,  below:


context BRAS
!
!
no ip domain-lookup
!
ip nat pool NAT_pool napt multibind
address 83.142.192.100/32
!
nat policy NAT_policy
! Default class
pool NAT_pool BRAS
!
interface LAN multibind
description BRAS LAN GW
ip address 10.11.12.1/24
dhcp server interface
ip arp proxy-arp
!
interface WAN
ip address 83.142.192.100/29
no logging console
!
policy access-list NAT_acl
seq 10 permit ip 10.11.12.0 0.0.0.255 class CLASS3
seq 11 permit ip host 83.142.192.100 class CLASS3
!
aaa authentication administrator local
aaa authentication administrator maximum sessions 1
aaa authentication subscriber radius global
!
!
subscriber default
 nat policy-name NAT_policy
 dhcp max-addrs 1
!
ip route 0.0.0.0/0 83.142.192.102
no service ssh server
!
dhcp server policy
 nak-on-subnet-deletion
 option subnet-mask 255.255.255.0
 option domain-name-server 91.189.24.2 83.142.192.2
 option domain-name mi.pl<http://mi.pl/>
 offer-lease-time 300
 default-lease-time 900
 maximum-lease-time 900
 subnet 10.11.12.0/24
   option subnet-mask 255.255.255.0
   option router 10.11.12.1
!
!
!
end


still doesn't work :(

Michal




Hi Michal,

Your interface has /24 and addresses in pool overlap this.

Regarding your config in general.
In NAT pool we usually put real IP addresses, it allows your private
networks to be NATed through real IPs.



HIH
/denis

-----Original Message-----
From: Michal Korzeniowski [mailto:misha at iim.pl]
Sent: Friday, October 01, 2010 5:49 PM
To: Denis Mikhaylovskiy
Cc: misha at iim.pl<mailto:misha at iim.pl>; redback-nsp at puck.nether.net<mailto:redback-nsp at puck.nether.net>
Subject: RE: [rbak-nsp] Nat does'nt work


Second)
Ip address in NAT pool should not overlap with others ip addresses of
interfaces

maybe I think wrong but they are no overlaps:
- ip addr of interface is   10.11.12.1
- ip addr of pool are       10.11.12.2 to 100


ip nat pool NAT_pool napt multibind
address 10.11.12.2 to 10.11.12.100 <--- why you are using private
space
for NAT ?!?

Which space should I use?
My Idea is to distribute the internet "from" one public IP 83.142.192.100
to subscribers ( giving them private space 10.11.12.0/24 like simply
router from super markt)







_______________________________________________
redback-nsp mailing list
redback-nsp at puck.nether.net<mailto:redback-nsp at puck.nether.net>
https://puck.nether.net/mailman/listinfo/redback-nsp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20101029/9ee96885/attachment-0001.html>

More information about the redback-nsp mailing list