[rbak-nsp] NAT Logging

Tomas Lynch tomas.lynch at gmail.com
Wed Oct 30 15:40:17 EDT 2013 

Rafal,

Problem is with keywords at the ip nat pool, you are using multibind and
must use paired-mode. Here is a complete config that was tested on a SE1200
SEOS 11.x:

context local
!
 nat logging-profile LOGGING_PROF
  transport-protocol udp
  export-version v9
  source 10.10.10.10 port 2055
  destination 1.1.1.1 context local port 2055
  dscp ef
!
! the following can be at any context including local
!
 ip nat pool NAT_POOL napt paired-mode logging
  paired-mode subscriber over-subscription 100 port-limit 1000
  logging-profile LOGGING_PROF context local
  address 192.168.208.0/28
!
 nat policy NAT_POLICY enhanced
! Default class
  pool NAT_POOL cgnat
  timeout abandoned 3600
  endpoint-independent filtering tcp
  endpoint-independent filtering udp
  inbound-refresh udp
  icmp-notification




On Wed, Oct 30, 2013 at 10:58 AM, Golem <golem at mtm-info.pl> wrote:

> Hello
>
> Im trying to setup NAT logging, this is how my config looks:
>
> context routerek
>
>
>  nat logging-profile LogowanieNAT
>   transport-protocol udp
>   export-version v9
>   source 11.0.0.33 port 5000
>   destination 11.0.0.1 port 5000
>
>
>  ip nat pool ip_test_lan1_nat napt multibind logging
>   logging-profile LogowanieNat
>   address 178.214.29.1/32 port-block 1 to 15
>   address 178.214.29.2/32 port-block 1 to 15
>
>
>   nat policy ip_test_lan1_nat_policy enhanced
> ! Default class
>   pool ip_test_lan1_nat routerek
>   timeout tcp 18000
>   inbound-refresh udp
>   icmp-notification
> !
>  interface loop1 loopback
>   ip address 11.0.0.33/27
>    ip source-address radius flow-ip
>  no logging console
> !
> !
> ....
> (config truncated)
>
>
>
> NAT does work , there is internet access etc, but collector 11.0.0.1
> (linux)
> not receiving any packets on port 5000, tcpdump doesn't show anything.
> How to debug Nat logging ? debug nat all - doesn't show anything useful
> about logging.
> Do I need setup some additional config like flow collector/flow profile
> for nat logging
> to make it working ?
>
> Rafal
>
>
>
>
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20131030/8eed0464/attachment.html>

More information about the redback-nsp mailing list