05-03-2008 12:18 AM - edited 03-05-2019 10:44 PM
I have an issue when I have a game query for servers that it creates a NAT rules for each server in the list i'm assuming. I'm running 2621 connected to a DSL Modem. The router will almost lock up creating and deleting NAT rules. Is there something that sticks out in this config? I had this working will with DHCP parm for fa0/1 and IP ROUTE also with DHCP. Its only with the static ISP that I switched to.
interface FastEthernet0/0
description Local Network
bandwidth 1200
ip address [ROUTERIP] 255.255.255.0
no ip proxy-arp
ip nat inside
duplex auto
speed 100
!
interface FastEthernet0/1
description connected to Internet
ip address [ISPSTATIC] 255.255.255.252
no ip proxy-arp
ip nat outside
duplex auto
speed auto
!
ip nat log translations syslog
ip nat inside source list 7 interface FastEthernet0/1 overload
ip nat inside source static tcp [WEBSERVERIP] 80 interface FastEthernet0/1 80
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 [ISPGATEWAY]
05-08-2008 04:43 PM
Are you sure it isn't the logging of individual translations that is choking the router?
You're not specifying any port numbers in access-list 7 are you?
05-09-2008 06:32 AM
access-list 7 permit 192.168.1.0 0.0.0.255
This issue didn't happen with the same setup with cable. I watched the debug when I had cable and it didn't create all these NAT rules. I connected the DSL modem to a old netgear with defaults and it works great. I must be missing something.
05-09-2008 07:03 AM
There doesn't appear to be anything wrong with your NAT configuration.
If you are generating more NAT translations than before (Cisco router/cable ISP), the question may be why is your system connecting to more external hosts? A change in application setup, newer version?
When you say "debug", are you actually referring to CLI debug commands, or that you are logging NAT translations to syslog?
Are you comparing the NetGear's "performance" to the Cisco's performance (with debugging and NAT logging enabled), or are you saying that the NetGear doesn't generate as many NAT translations?
An earlier post (Nov. 2007) shows that you did not have a static NAT to an internal web server.
What portion of the NAT translations relate to connections to that server?
Perhaps you could post a partial output of "sh ip nat translations". If you wish, you can replace the inside-global-ip of each translation for your privacy.
05-09-2008 07:21 AM
I have the cisco debugging to console. Which I had with cable also. Its pretty easy to reproduce. It happens during a game for explain when it queries for a list of servers. It seems to be creating a NAT rule for each.
05-09-2008 07:36 AM
I'm not familiar with gaming, or the queries for lists of servers. Is the list that is built, not a list of servers that your application has successfully connected too?
A NAT translation will be built for every server you connect to.
If the number of translations in the table is an issue (as opposed to the rate of new translations), perhaps you should timeout old translations earlier with the following command:
ip nat translation tcp-timeout
As far as the debug goes, it does impose a load on the device, and I hope you don't keep debugging enabled all the time.
05-10-2008 12:55 AM
I had another test to try since my switch from Dynamic to Static IPs. I tried a Wii and it wouldn't stay connected. I'm not sure why browser based requests and pings work well. I switched to using a belkin router and works great. Wii then worked perfectly and so did all other applications.
05-10-2008 05:08 AM
That doesn't move us closer to resolving the issue though.
I was hoping you would have responded with the info asked for (sh ip nat translations) so we could determine whether your gaming was tunneled through port 80; whether you were using HTTP inspection (not shown in your partial config), and if so, how it was being used.
Likewise, how many of the translations were attributable to the internal web server, given that you have not indicated whether that port forwarding is also configured on the Belkin router.
05-09-2008 07:03 AM
access-list 7 permit 192.168.1.0 0.0.0.255
This issue didn't happen with the same setup with cable. I watched the debug when I had cable and it didn't create all these NAT rules. I connected the DSL modem to a old netgear with defaults and it works great. I must be missing something.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide