How to NAT UDP broadcast packets

Answered Question
Feb 26th, 2010
User Badges:

Hello,


I'm experiencing a bit of an issue here. I am using static NAT to convert 172.20.0.0/24 into 172.21.0.0/24 on a Cisco 2811 router through FE0/0. On FE0/1, I have 192.168.0.0/24 subnetwork attached.


Here's what the objective is: A host on 172.20.0.0/24 (say, 172.20.0.5) is sending broadcast packets via UDP port 6000. The mainframe is on FE0/1 with an IP address of 192.168.0.35/24. This mainframe needs to receive the broadcast packets from the 172.20.0.5 host, but NAT needs to occur *first* on 172.20.0.5 so that it looks like the source address of the broadcast packet is really coming from 172.21.0.5/24. This is because the mainframe already has another interface on another 172.20.0.0/24 subnet (i.e., we're dealing with overlapping subnets here).


So far, I'm able to forward the broadcast packets to the 192.168.0.0/24 subnet by using ip forward-protocol udp 6000 (globally) and ip directed-broadcast (on the FE interfaces). I've also added an ip helper-address 192.168.0.255 statement to the FE0/0 interface.


Again, I can get the UDP:6000 packets to forward, but the source address is showing up as the original 172.20.0.5 instead of the NAT'ed address of 172.21.0.5.


Any suggestions would be very helpful. Even if I have to deploy additional hardware to make it work, that's OK too. I just can't use the original subnet, I have to NAT it somehow.


Thanks a bunch!

Correct Answer by ohassairi about 7 years 3 months ago

1-can you paste your NAT config?

2-as a bad solution you can cascade the  second NIC (172.20) switch  to the switch connecting c2811 to your server. so that the broadcast will come to the second interface :-)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
ohassairi Sun, 02/28/2010 - 00:18
User Badges:
  • Silver, 250 points or more

1-can you paste your NAT config?

2-as a bad solution you can cascade the  second NIC (172.20) switch  to the switch connecting c2811 to your server. so that the broadcast will come to the second interface :-)

mrmajedkhalifa Sun, 02/28/2010 - 19:23
User Badges:

Thank you for your suggestion. And yes, I believe your suggestion would have solved the issue, though a bit sloppily, as you intended, though.


As it turns out, I believe I solved the problem through a modification of the "ip helper-address" statement. For some strange reason (I'm sure someone knows the answer to this reason), if I use "ip helper-address ", then IOS does not apply NAT to the source address. However, if I use "ip helper-address ", then it does use NAT correctly. Strange eh? Well, I changed my "ip helper-address" statement to point to my mainframe, and it's working like a champ now.


Hopefully this thread will surface in a Google search for the next person to come across such an oddity.


Thx again, folks!

ohassairi Sun, 02/28/2010 - 21:08
User Badges:
  • Silver, 250 points or more

i think you are using static nat (one to one)

so if you use: "ip helper-address ",  may be there is no static nat entry for this broadcast address. so nat will not occur.

Actions

This Discussion

Related Content