I'm trying to implement a near dynamic NAT IP assignment where a pool of
public addresses are used to map a bigger range of private addresses
(NETMAP target can't be used as it need both pre and post NAT blocks to
have the same size).
The internal networks are about 32 C-Class sized networks (/24) and the
public block is an /22 (1024 addresses).
Because this networks are in general very "calm" I would expect that
only about 500~700 hosts will be active at any time and the
internal/external mapping will be near 1:1 most of the time.
The "PAT" behaviour will only be needed when the public addresses pool
were exhausted and some start to be shared by multiple internal users.
The behaviour I'm observing in this moment is:
312 Internal IPs are using NAT
264 Public addresses from the pool are in use
Why is the netfilter code reusing the IPs from the pool when there are a
lot of addresses available?
The command line I'm using to configure this example is:
# Linux 2.6.36
iptables -t nat -A POSTROUTING -o eth1 \
-j SNAT --to-source 192.100.196.0-192.100.199.255 --persistent
# This IPs aren't the real ones, only an example!!!
TIA
--
Best regards,
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Pedro Ribeiro
IPLNet - Rede de dados e comunicações
Instituto Politécnico de Lisboa (IPL)
Mail: mailto:pribeiro AT net.ipl.pt
VoIP: sip:pribeiro AT net.ipl.pt
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
