Problems with NAT and UDP

Unanswered Question
Mar 26th, 2010

hi Everyone,

I'm running a Cisco 3620 with two interfaces, a FE and an ADSL WIC, and I'm noticing some unexpected behaviour with NAT(ing) some UDP ports, here are the config rules in question:

ip nat inside source static udp 192.168.100.26 14000 interface Dialer1  14000

ip nat inside source static udp 192.168.100.26 14001 interface Dialer1  14001

ip nat inside source static udp 192.168.100.26 14001 interface Dialer1  14002


when I receive traffic through those ports, I see the following in

show ip nat translations | include 14000


udp 64.7.136.227:1038     192.168.100.26:14000  67.163.252.29:62564    67.163.252.29:62564
udp 64.7.136.227:1039     192.168.100.26:14000   67.163.252.29:62564   67.163.252.29:62564
udp 64.7.136.227:1040      192.168.100.26:14000  67.163.252.29:62564   67.163.252.29:62564
udp  64.7.136.227:1041     192.168.100.26:14000  67.163.252.29:62564    67.163.252.29:62564
udp 64.7.136.227:1042     192.168.100.26:14000   67.163.252.29:62564   67.163.252.29:62564
udp 64.7.136.227:1043      192.168.100.26:14000  67.163.252.29:62564   67.163.252.29:62564
udp  64.7.136.227:1044     192.168.100.26:14000  67.163.252.29:62564    67.163.252.29:62564
udp 64.7.136.227:14000    192.168.100.26:14000   ---                   ---

How can I make this NAT static so that every host originates from port 14000 rather then a dynamic one that is being assigned now?

Any help is greatly appreaciated.


Aleks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Paolo Bevilacqua Fri, 03/26/2010 - 12:33

I don't think you can do so that any source port is changed to a signle one for static transaltions.

If you want you host to originate source port 14000, configure it for doing that.

a.todorovic Sat, 03/27/2010 - 23:22

Perhaps I wasn't clear enough in what I needed it to do, here's a show ip nat translations for another (working) NAT
(d) port on the same router:

tcp 64.7.136.227:6667     192.168.100.199:6667  xxx.xxx.xxx.xxx:54375 xxx.xxx.xxx.xxx:54375
tcp 64.7.136.227:6667     192.168.100.199:6667  xxx.xxx.xxx.xxx:50183  xxx.xxx.xxx.xxx:50183
tcp 64.7.136.227:6667     192.168.100.199:6667  xxx.xxx.xxx.xxx:50891  xxx.xxx.xxx.xxx:50891
tcp 64.7.136.227:6667     192.168.100.199:6667  xxx.xxx.xxx.xxx:60443   xxx.xxx.xxx.xxx:60443
tcp 64.7.136.227:6667     192.168.100.199:6667  xxx.xxx.xxx.xxx:2897     xxx.xxx.xxx.xxx:2897
tcp 64.7.136.227:6667     192.168.100.199:6667  xxx.xxx.xxx.xxx:51890    xxx.xxx.xxx.xxx:51890

Notice how the forwarded port is the same on the router interface (64.7.136.227:6667) accross all of the connections that have connected. Now this NAT rule behaves as it should, same syntax used as for the one I originally posted

ip nat inside source static tcp 192.168.100.199 6667 interface Dialer1 6667

the only difference is that this one gets properly assigned to the requested port, whereas these rules

ip nat inside source static udp 192.168.100.26 14000 interface  Dialer1  14000

ip nat inside source static udp 192.168.100.26  14001 interface Dialer1  14001

ip nat inside source static udp  192.168.100.26 14001 interface Dialer1  14002

have a dynamically assigned port on (64.7.136.227) interface, as the show ip nat translations shows:

udp 64.7.136.227:1038     192.168.100.26:14000  67.163.252.29:62564     67.163.252.29:62564
udp 64.7.136.227:1039     192.168.100.26:14000    67.163.252.29:62564   67.163.252.29:62564
udp 64.7.136.227:1040       192.168.100.26:14000  67.163.252.29:62564   67.163.252.29:62564

Basically how do I get the three rules to behave the same way as the one on top does...

Thank you,

Aleks

Lee Shouse Wed, 04/07/2010 - 19:13

Your example shows the app accessing your network from the outside isn't even hitting your ports correctly. Try fixing that first. And I don't know if you meant to do it, but you've got the same outside port trying to be two separate inside ports.  What exactly are  you trying to accomplish?

Actions

This Discussion