NAT - Source Hash netblock - assigning GW & Broadcast



  • Hi all. Quick question on outbound NAT.
    I need to use "Source Hash" to gaurantee same internal IP always receives same outgoing.
    The only way I understand this can work is with Source#. I have a block of 64 public IP's. First IP is my interface address, 2nd IP is my gateway IP, and obviously last IP is the broadcast. If I use the netblock /26 on the outbound then some internal IP's are assigned the gateway address and broadcast addres..those connections then obviously dont get an internet connection. I then have to resort to breaking the netblock up into smaller /28's and /29's.

    Any suggestions on how I can still achieve source hash while using internal /22 and mapping it to /26 while stopping it assigning out the gateway and broadcast address?
    Thanks!


  • Netgate Administrator

    You can create an Alias with the range of IPs you want and then use that as the translation address in the outbound NAT rule.

    You can create the alias as type hosts add your /26 to it, it will be expanded to all IPs in that subnet. Then edit it and remove the gateway and network addresses. Or any others you don't want to use.

    BUT as you may have found you can only use round-robin with a range of that type. You can use round-robin with sticky addresses though which may be sufficient for your use.

    Steve



  • @stephenw10 Thank you. I used to use it as per your suggestion, but with sticky the client still hets different NATd IP's per new connection which is what I cant have. Has to be source hash Im afraid. Just dont know how else to go about it.


  • Netgate Administrator

    There's no other way I'm aware of I'm afraid. If you need to use source hash you need to use a subnet as the translation so you need to use a set of smaller translation rules.

    Steve


Log in to reply