Well, the following statements are groundless, just my thoughts... I understand your fear, but it could be like that in case of some kind of proxy, when router opens a new socket for each outgoing connection, so you're limited by ~65k sockets per IP.
But I think, port exhaustion will never happen for you with NAT, just because ConnTrack tracks 4 ip:port pairs (src, dst, natted src and natted dst), and nothing prevents it from natting two requests to different servers by one src-ip:src-port. For example, router ip is 1.2.3.4, client C1 establishes connection to server S1, and C2 - to S2. Router can src-nat both connections to 1.2.3.4:5678, and create two conntrack entries: (C1 -> S1; 1.2.3.4:5678 -> S1) and (C2 -> S2; 1.2.3.4:5678 -> S2). Now, when returning packet has destination = 1.2.3.4:5678 and source = S1, then packet should be sent to C1, and so on. 2012/6/6 Kenny Kant <[email protected]> > I agree that masquerade "overloads" the outside address. I guess what I am > asking here is how can I monitor the "port-overload" usage of this > masquerade. In the past when we have done customer NAT on cisco we would > always have a pool of addresses to NAT to on the outside interface. The > thought being that if we ran out of ports for the customers then it would > begin doing translations onto the another address of the pool. At some > point the number of customers to a single masquerade could case issues with > port exhaustion.. is there way to monitor this counter or aspect through a > log ..etc on the Tik? > > thanks guys..I hope I am making this clear.. I appreciate all responses. > > Kenny > > > > On Thu, May 17, 2012 at 11:19 AM, Chupaka <[email protected]> wrote: > > > Masquerade uses single address, not pool :) > > > > -- > > Подпись: > > (добавляется в конце всех исходящих писем) > > > > > > > > 2012/5/17 Kenny Kant <[email protected]> > > > > > We have recently implemented a large PAT/Masquerade for our customers. > > How > > > can one monitor the nat pool for exhaustion? > > > > > > Thanks gang! > > > -------------- next part -------------- > > > An HTML attachment was scrubbed... > > > URL: < > > > > > > http://www.butchevans.com/pipermail/mikrotik/attachments/20120516/39150dfa/attachment.html > > > > > > > _______________________________________________ > > > Mikrotik mailing list > > > [email protected] > > > http://www.butchevans.com/mailman/listinfo/mikrotik > > > > > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > > > RouterOS > > > > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > URL: < > > > http://www.butchevans.com/pipermail/mikrotik/attachments/20120517/42ef0724/attachment.html > > > > > _______________________________________________ > > Mikrotik mailing list > > [email protected] > > http://www.butchevans.com/mailman/listinfo/mikrotik > > > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > > RouterOS > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://www.butchevans.com/pipermail/mikrotik/attachments/20120606/1cd72826/attachment.html > > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20120606/414f12c7/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
