Results 1 to 6 of 6
  1. #1
    Newbie KLAATU's Avatar
    Join Date
    Oct 2008
    Location
    Chicago, IL. - Home of the A-Bomb
    Posts
    9

    Default Feature Request - External Nat/pat

    Hi All,

    As you can see by by post under the networking section, Sky-Knight has informed me that you can have an INTERNAL NAT/PAT, but not an EXTERNAL NAT/PAT, so my request would be for an EXTERNAL one. Thanks for all your hard work and development, you have an excellent product, and I believe with some QOS and an External NAT/PAT you could compete with larger vendors......does Cisco sound familiar ?????

    Thanks for the support, it was like lightning !!!!

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    I'm at a loss to even understand a case where you would want to translate in reverse... isn't that was port forwarding is for?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Newbie KLAATU's Avatar
    Join Date
    Oct 2008
    Location
    Chicago, IL. - Home of the A-Bomb
    Posts
    9

    Default

    I'm sorry, I should have watched my wording better. I should have said work with an External "Pool" of Addresses, instead of just a single External address - the Internal NAT/PAT is fine. Why do you need that External "pool"; why not just NAT/PAT Internally and exit thru 1 External IP ???.........For Security and possibly Bandwidth Management from my understanding,

    The State of Illinois ( Who's people are "Router Gods" and members of NANOG.ORG ) assigns us a "pool" of addresses with all ports open on all addresses ( and yes, they're all continually monitored for security by the State ), the ASA NAT/PAT's ( Internally ) thru that External address "Pool" ( in combination with External "Pool" Rules, so that SYN floods, Dos attacks, and whatever else we set, never make it into the Internal network ), and so that at various times when a user goes out to the internet, a different IP and port is selected, this provides some user security and may also prevent bandwidth overload from over 7500+ users hitting a single 10 meg pipe. I'll double-check it with one of our "Router Gods" from the State, as I'll be meeting with one this Friday morning. Then we'll get his point of view.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    So the new feature you're actually requesting is the ability to use ranges in the alias statements on the External?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Newbie KLAATU's Avatar
    Join Date
    Oct 2008
    Location
    Chicago, IL. - Home of the A-Bomb
    Posts
    9

    Default

    Yes.

  6. #6
    Newbie KLAATU's Avatar
    Join Date
    Oct 2008
    Location
    Chicago, IL. - Home of the A-Bomb
    Posts
    9

    Default Just an FYI

    The Maximum # of hosts on a single IP should be no more than 5,000.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2