<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">does work!<div><br></div><div>my working config:</div><div><br></div><div><br></div><div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">Current configuration:</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">!</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">context BRAS</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">!</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> !</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">! </div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> no ip domain-lookup</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">!</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> ip nat pool NAT_pool napt multibind</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> address 83.142.193.192/32 port-block 1 to 15 <--- this address must be routed in bgp via 83.142.192.100</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">!</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> nat policy NAT_policy</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">! Default class</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> pool NAT_pool BRAS</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> timeout tcp 18000 </div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> endpoint-independent filtering udp <------ thanks Denis :)</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">!</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> interface LAN multibind</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> description BRAS LAN GW</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> ip address 10.10.8.1/24</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "><br></div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> dhcp server interface</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> ip arp proxy-arp</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">!</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> interface WAN</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> ip address 83.142.192.100/29</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> no logging console</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">!</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">!</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> aaa authentication administrator local </div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> aaa authentication administrator maximum sessions 1</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> aaa authentication subscriber radius global </div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">!</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">!</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> subscriber default</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> dhcp max-addrs 1</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">!</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> ip route 0.0.0.0/0 83.142.192.102</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> no service ssh server</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">!</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> dhcp server policy</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> nak-on-subnet-deletion</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> option subnet-mask 255.255.255.0</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> option domain-name-server 91.189.24.2 83.142.192.2</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> option domain-name <a href="http://xxl.pl/">xxl.pl</a></div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> offer-lease-time 300</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> default-lease-time 43200</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> maximum-lease-time 43200</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> subnet 10.10.8.0/24</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> option subnet-mask 255.255.255.0</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> option router 10.10.8.1</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; "> </div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">!</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">!</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">!</div><div style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">end</div><span class="Apple-style-span" style="color: rgb(0, 0, 128); font-family: Arial; font-size: 13px; ">--</span></div><div><br></div><div>radius:</div><div><br></div><div><div>#Bin Laden </div><div>00:CI:SC:OS:HI:T1 Auth-Type := Accept </div><div> Framed-Ip-Address = 10.10.8.12, </div><div> Framed-Ip-Netmask = 255.255.255.0, </div><div> Service-Type = Outbound-User, </div><div> Dhcp-Max-Leases = 1, </div><div> Qos-Policy-Policing = u_512k, </div><div> Qos-Policy-Metering = d_100M, </div><div> Nat-Policy-Name = NAT_policy, </div><div> Context_Name = BRAS </div><div> </div></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br><div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div style="margin-top: 0cm; margin-right: 0cm; margin-bottom: 0.0001pt; margin-left: 0cm; font-size: 12pt; font-family: 'Times New Roman'; "><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy; ">--<o:p></o:p></span></font></div><div style="margin-top: 0cm; margin-right: 0cm; margin-bottom: 0.0001pt; margin-left: 0cm; font-size: 12pt; font-family: 'Times New Roman'; "><font class="Apple-style-span" color="#000080" face="Arial" size="3"><span class="Apple-style-span" style="font-size: 13px; ">MK</span></font></div><div style="margin-top: 0cm; margin-right: 0cm; margin-bottom: 0.0001pt; margin-left: 0cm; font-size: 12pt; font-family: 'Times New Roman'; "><font class="Apple-style-span" face="Helvetica"><span class="Apple-style-span" style="font-size: medium; "><font class="Apple-style-span" color="#000080" face="Arial" size="3"><span class="Apple-style-span" style="font-size: 13px; "><br></span></font></span></font></div></div></div></span></div><br class="Apple-interchange-newline"></div><br><div><div>Wiadomość napisana przez Ron Ripley w dniu 2010-10-04, o godz. 04:32:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div>You still have conflicting IP addresses; you will need at minimum two separate IP addresses, one for the public interface connecting upstream, and one for the source of the NAT. Your configuration with 83.142.192.100/32 for the NAT pool and 83.142.192.100/29 is invalid, the public NAT should be 83.142.192.100/32 and 83.142.192.101/xx would be an example of that. <br><br><br><br>Ron Ripley | Systems Engineer | <br>Sent from my iPad<br><br>On 2010-10-03, at 3:10 PM, "Michal Korzeniowski" <<a href="mailto:misha@iim.pl">misha@iim.pl</a>> wrote:<br><br><blockquote type="cite">Hi Denis<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Thanks for Your suggestions. I (probably) applied them. Unfortunetly my<br></blockquote><blockquote type="cite">config, below:<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">context BRAS<br></blockquote><blockquote type="cite">!<br></blockquote><blockquote type="cite">!<br></blockquote><blockquote type="cite">no ip domain-lookup<br></blockquote><blockquote type="cite">!<br></blockquote><blockquote type="cite">ip nat pool NAT_pool napt multibind<br></blockquote><blockquote type="cite">address 83.142.192.100/32<br></blockquote><blockquote type="cite">!<br></blockquote><blockquote type="cite">nat policy NAT_policy<br></blockquote><blockquote type="cite">! Default class<br></blockquote><blockquote type="cite">pool NAT_pool BRAS<br></blockquote><blockquote type="cite">!<br></blockquote><blockquote type="cite">interface LAN multibind<br></blockquote><blockquote type="cite">description BRAS LAN GW<br></blockquote><blockquote type="cite">ip address 10.11.12.1/24<br></blockquote><blockquote type="cite">dhcp server interface<br></blockquote><blockquote type="cite">ip arp proxy-arp<br></blockquote><blockquote type="cite">!<br></blockquote><blockquote type="cite">interface WAN<br></blockquote><blockquote type="cite">ip address 83.142.192.100/29<br></blockquote><blockquote type="cite">no logging console<br></blockquote><blockquote type="cite">!<br></blockquote><blockquote type="cite">policy access-list NAT_acl<br></blockquote><blockquote type="cite">seq 10 permit ip 10.11.12.0 0.0.0.255 class CLASS3<br></blockquote><blockquote type="cite">seq 11 permit ip host 83.142.192.100 class CLASS3<br></blockquote><blockquote type="cite">!<br></blockquote><blockquote type="cite">aaa authentication administrator local<br></blockquote><blockquote type="cite">aaa authentication administrator maximum sessions 1<br></blockquote><blockquote type="cite">aaa authentication subscriber radius global<br></blockquote><blockquote type="cite">!<br></blockquote><blockquote type="cite">!<br></blockquote><blockquote type="cite">subscriber default<br></blockquote><blockquote type="cite"> nat policy-name NAT_policy<br></blockquote><blockquote type="cite"> dhcp max-addrs 1<br></blockquote><blockquote type="cite">!<br></blockquote><blockquote type="cite">ip route 0.0.0.0/0 83.142.192.102<br></blockquote><blockquote type="cite">no service ssh server<br></blockquote><blockquote type="cite">!<br></blockquote><blockquote type="cite">dhcp server policy<br></blockquote><blockquote type="cite"> nak-on-subnet-deletion<br></blockquote><blockquote type="cite"> option subnet-mask 255.255.255.0<br></blockquote><blockquote type="cite"> option domain-name-server 91.189.24.2 83.142.192.2<br></blockquote><blockquote type="cite"> option domain-name <a href="http://mi.pl/">mi.pl</a><br></blockquote><blockquote type="cite"> offer-lease-time 300<br></blockquote><blockquote type="cite"> default-lease-time 900<br></blockquote><blockquote type="cite"> maximum-lease-time 900<br></blockquote><blockquote type="cite"> subnet 10.11.12.0/24<br></blockquote><blockquote type="cite"> option subnet-mask 255.255.255.0<br></blockquote><blockquote type="cite"> option router 10.11.12.1<br></blockquote><blockquote type="cite">!<br></blockquote><blockquote type="cite">!<br></blockquote><blockquote type="cite">!<br></blockquote><blockquote type="cite">end<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">still doesn't work :(<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Michal<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><blockquote type="cite">Hi Michal,<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Your interface has /24 and addresses in pool overlap this.<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Regarding your config in general.<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">In NAT pool we usually put real IP addresses, it allows your private<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">networks to be NATed through real IPs.<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">HIH<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">/denis<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">-----Original Message-----<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">From: Michal Korzeniowski [mailto:misha@iim.pl]<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Sent: Friday, October 01, 2010 5:49 PM<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">To: Denis Mikhaylovskiy<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Cc: <a href="mailto:misha@iim.pl">misha@iim.pl</a>; <a href="mailto:redback-nsp@puck.nether.net">redback-nsp@puck.nether.net</a><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Subject: RE: [rbak-nsp] Nat does'nt work<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Second)<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Ip address in NAT pool should not overlap with others ip addresses of<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">interfaces<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">maybe I think wrong but they are no overlaps:<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">- ip addr of interface is 10.11.12.1<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">- ip addr of pool are 10.11.12.2 to 100<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">ip nat pool NAT_pool napt multibind<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">address 10.11.12.2 to 10.11.12.100 <--- why you are using private<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">space<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">for NAT ?!?<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Which space should I use?<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">My Idea is to distribute the internet "from" one public IP 83.142.192.100<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">to subscribers ( giving them private space 10.11.12.0/24 like simply<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">router from super markt)<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">_______________________________________________<br></blockquote><blockquote type="cite">redback-nsp mailing list<br></blockquote><blockquote type="cite"><a href="mailto:redback-nsp@puck.nether.net">redback-nsp@puck.nether.net</a><br></blockquote><blockquote type="cite"><a href="https://puck.nether.net/mailman/listinfo/redback-nsp">https://puck.nether.net/mailman/listinfo/redback-nsp</a><br></blockquote></div></blockquote></div></div><div><div><br></div></div></body></html>