Seems to be the case that the source port is part of the complaint, and if it's not, your right, no track back. I guessing that the complaining entities are dealing with lots of NATed networks.
Bruce Boardman Networking Syracuse University 315 412-4156 -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Jerry Bucklaew Sent: Thursday, January 15, 2015 1:45 PM To: [email protected] Subject: Re: [WIRELESS-LAN] NAT tracking question Jason, Bruce, It sounds intriguing but I do have one question. This method assumes that you will get the source ip and source port in the request/complaint. How often is that the case as I would assume most request are in the flavor of "this ip was attacking this ip at this time"? Do you ever have the need to track down a user without knowing the source port, as you would have no way to do it (unless you do netflow also). On 01/15/2015 12:29 PM, Jason Wang wrote: > We do the same on a pair of the A10 AX3530's, and it's been working > very well for us. We are currently NAT'ing a /12 of internal addresses > into a /16 of external addresses (~4000 ports per internal IP). When > doing lookups, we just pre-generate a lookup table of the outside IP & > port to the inside IP, although you could also just calculate it on > the fly. > > Jason > > > > On 01/14/2015 02:06 PM, Bruce Boardman wrote: >> We do this with A10 Networks CGN boxes. They have a feature they call >> fixed NAT, which predetermines some number of inside addresses to a >> pool of outside addresses. These mapping are static, so when you get >> a particular inside address you'll always get a particular outside >> address within a defined static port range. If you know one you'll >> know the other. We log the traffic, so we can pretty much look back >> and time correlate use via DHCP and 802.1x. >> >> Bruce Boardman Networking Syracuse University 315 412-4156 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
