* Behaviour of "-j SNAT --persistent"
@ 2011-07-19 17:35 Pedro Ribeiro
2011-07-19 20:34 ` Marek Kierdelewicz
0 siblings, 1 reply; 3+ messages in thread
From: Pedro Ribeiro @ 2011-07-19 17:35 UTC (permalink / raw)
To: netfilter
I'm trying to implement a near dynamic NAT IP assignment where a pool of
public addresses are used to map a bigger range of private addresses
(NETMAP target can't be used as it need both pre and post NAT blocks to
have the same size).
The internal networks are about 32 C-Class sized networks (/24) and the
public block is an /22 (1024 addresses).
Because this networks are in general very "calm" I would expect that
only about 500~700 hosts will be active at any time and the
internal/external mapping will be near 1:1 most of the time.
The "PAT" behaviour will only be needed when the public addresses pool
were exhausted and some start to be shared by multiple internal users.
The behaviour I'm observing in this moment is:
312 Internal IPs are using NAT
264 Public addresses from the pool are in use
Why is the netfilter code reusing the IPs from the pool when there are a
lot of addresses available?
The command line I'm using to configure this example is:
# Linux 2.6.36
iptables -t nat -A POSTROUTING -o eth1 \
-j SNAT --to-source 192.100.196.0-192.100.199.255 --persistent
# This IPs aren't the real ones, only an example!!!
TIA
--
Best regards,
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Pedro Ribeiro
IPLNet - Rede de dados e comunicações
Instituto Politécnico de Lisboa (IPL)
Mail: mailto:pribeiro AT net.ipl.pt
VoIP: sip:pribeiro AT net.ipl.pt
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Behaviour of "-j SNAT --persistent"
2011-07-19 17:35 Behaviour of "-j SNAT --persistent" Pedro Ribeiro
@ 2011-07-19 20:34 ` Marek Kierdelewicz
2011-07-19 20:55 ` Jan Engelhardt
0 siblings, 1 reply; 3+ messages in thread
From: Marek Kierdelewicz @ 2011-07-19 20:34 UTC (permalink / raw)
To: pribeiro; +Cc: netfilter
Hi,
>I'm trying to implement a near dynamic NAT IP assignment where a pool
>of public addresses are used to map a bigger range of private
>addresses (NETMAP target can't be used as it need both pre and post
>NAT blocks to have the same size).
Give DNETMAP a try:
http://cat.piasta.pl/dnetmap/
Best regards,
Marek Kierdelewicz
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Behaviour of "-j SNAT --persistent"
2011-07-19 20:34 ` Marek Kierdelewicz
@ 2011-07-19 20:55 ` Jan Engelhardt
0 siblings, 0 replies; 3+ messages in thread
From: Jan Engelhardt @ 2011-07-19 20:55 UTC (permalink / raw)
To: Marek Kierdelewicz; +Cc: pribeiro, netfilter
On Tuesday 2011-07-19 22:34, Marek Kierdelewicz wrote:
>Hi,
>
>>I'm trying to implement a near dynamic NAT IP assignment where a pool
>>of public addresses are used to map a bigger range of private
>>addresses (NETMAP target can't be used as it need both pre and post
>>NAT blocks to have the same size).
>
>Give DNETMAP a try:
>http://cat.piasta.pl/dnetmap/
Wasn't xt_DNETMAP in xtables-addons anyway? :)
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-07-19 20:55 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-07-19 17:35 Behaviour of "-j SNAT --persistent" Pedro Ribeiro
2011-07-19 20:34 ` Marek Kierdelewicz
2011-07-19 20:55 ` Jan Engelhardt
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.