NAT consistent internal IP mapping to multiple external IPs

spiros · February 10, 2016, 10:15am

Hi all,

I have setup NAT for a wireless network. I’m using a /21 as private address space and four (4) external IPs. It works, but there is a problem:
The NAT mechanism uses all 4 external IPs (as it should) for the translation and load balances the translations per flow. This means that you can see different flows from one internal IP to be NATed to different external IPs.
10.5.10.196 x.y.61.84 tcp 271870
10.5.10.196 x.y.61.85 tcp 260527
10.5.10.196 x.y.61.84 tcp 248671
10.5.10.196 x.y.61.86 tcp 269582
10.5.10.196 x.y.61.85 tcp 244858

That makes a few applications to break.
Can I do still use the four external IPs and load balance the NAT by internal IP? This way, each internal IP would use a specific one external IP at any one time.

Can I do this?

Thanx,
Sp

jl3128 · February 10, 2016, 3:07pm

I’m not sure how to make the internal hosts stick to a single external NAT address. If you have a /21 and you assume every single one is connected to the outside network (internet), that’s 2046 hosts. With a total of 65,535 possible external NAT (NAT overload/PAT) ports that’s an average of 32 ports per internal hosts. If you have filled up your /21 and your internal hosts don’t need more than 32 “flows” to the outside network, you could probably just use a single outside NAT address.

Boltsie · February 18, 2016, 10:36am

What you could do is to set up wan load-balancing, and then set up rules for where you want specific traffic to go to.

Example:

        rule 80 {
            description "DHCP clients"
            inbound-interface eth0
            interface eth2.1 {
                weight 1
            }
            protocol all
            source {
                address 192.168.0.255-192.168.1.251
            }
        }