NAT subnet real ip



  • Good day! Please help with this problem: There is a pool of white addresses. There are many private subnets, each on its Vlan. Needs to be done so that each private ip always nat on what that white one address from the pool, but used all the addresses from a pool of white addresses.

    Example:
    REAL ip subnet - 194.4.78.48 / 28
    Private ip pool 1 - 172.16.0.0/12
    Private ip pool 2 - 192.168.0.0/16

    OPT1 interface to an upstream provider

    Create a rule:

    Firewall: NAT: Outbound

    Interface Source Source Port Destination Destination Port NAT Address          NAT Port  Static Port Description
      OPT1    172.16.0.0/12    *      *                    *          194.4.78.48 / 28      *                NO
      OPT1    192.168.0.0/16  *      *                    *            194.4.78.48 / 28      *                NO

    In the settings you can select such options:

    Pool Options
    Only Round Robin types work with Host Aliases. Any type can be used with a Subnet.

    • Round Robin: Loops through the translation addresses.
    • Random: Selects an address from the translation address pool at random.
    • Source Hash: Uses a hash of the source address to determine the translation address, ensuring that the redirection address is always the same for a given source.
    • Bitmask: Applies the subnet mask and keeps the last portion identical; 10.0.1.50 -> xxx50.
    • Sticky Address: The Sticky Address option can be used with the Random and Round Robin pool types to ensure that a particular source address is always mapped to the same translation address.

    I chose Source Hash but does not work the way I want. All the same issues a new IP from a pool of white on the new TCP Connect.

    The problem is that recently changed the algorithm's ex.ua issuing citations for download, now they have it all your own unique ip and as a result when you click on the download button there is an error on the page and a page is refreshed.

    Can you please tell how to configure NAT. Thank you!


Log in to reply