PDA

View Full Version : v3 nat

tim
03-12-2006, 06:32 AM
Is nat supported in beta 10.

I am watching traffic with the beacon realtime traffic monitor & I do not think nat is working. I am certainly not seeing any natted traffic. Also the iptables report does not seem to be showing the correct stats for the MASQUERADE. But my masq entries are appearing in the iptables -L output okay.
lonnie
03-12-2006, 09:24 AM
We will take a look. I have not upgraded our units to b10 yet so maybe it is time to try it.

Does the System Report show the rules with hits?
tim
03-12-2006, 06:00 PM
Does the System Report show the rules with hits?


Active Devices shows correct traffic for ethx devices & no traffic for wpcix devices

Routing & arp table both look okay

POSTROUTING chain masquerade item shows no traffic

There is traffic for snat items (ipmap)

I would not recomend upgrading to beta10 as beta 9 seems a lot more stable.
tony
03-12-2006, 06:43 PM
Beta 10's NAT is fully functional, and outside of the lack of ping and tcp throughput testing support, is as reliable as beta-9 from our testing, and user feedback.

I would suspect a configuration mishap.

The system report's wpciX traffic counters will always show zero for the time being.
tony
03-12-2006, 06:53 PM
Is nat supported in beta 10.

I am watching traffic with the beacon realtime traffic monitor & I do not think nat is working. I am certainly not seeing any natted traffic. Also the iptables report does not seem to be showing the correct stats for the MASQUERADE. But my masq entries are appearing in the iptables -L output okay.

Can you provide details as to your nat setup, and which interface you are running beacon on?

As a guideline, if you are natting all traffic to ether1, and your clients connect to wpci1, then you will only see the natted traffic if you run beacon on ether1. If you run beacon on wpci1, then the traffic you see will be before any nat, and routing takes place. (eg. you'll see your client's real IP)

The system report iptables hits will look low, but the system will be working properly as the numbers report may only represent new connection counts, and not physical packet counts from the clients.

If you are using ipmap, those rules must be above any masq rule in your nat script.
tim
03-13-2006, 05:16 AM
Can you provide details as to your nat setup, and which interface you are running beacon on?
.

okay I've spotted it :

net = "ether2"
masq from 10.0.0.0/24 to $net

it should have been /8

it all works now !!! Great
tony
03-13-2006, 07:33 AM
I am pleased to see it works. Thank you for the update.