0

I am currently having some issues with TCP port reused too often (under 2 minutes) for a source NAT and I was wandering what is the algorithm used to select the IP and port for a SNAT.

Here is some context: I have an entire network (10.0.0.0/8, tons of users) accessing internet through one firewal (it happens to be a Fortigate). We have a public address pool (let's says 1.2.3.0/27) to NAT all these clients IP addresses.

How will my router/firewall decide what IP address to NAT to and what source port to use?

Is this vendor specific? Do you know of any implementation that you could explain to me?

I hope my questions are clear :)

Regards, Pierre

lilorox
  • 1

1 Answers1

0

This totally depends from your device (firewall) configuration/behavior. Eg. with a Linux firewall you can apply this configuration (with -j SNAT) to some matching rules, matching rules can check protocol, src/dst ports, src/dst address, maybe time of the day, etc..

Bertera
  • 101
  • 2
  • Do you know the algorithm used in netfilter? I was also looking for a possible RFC recommanding a way to do it if it exists. – lilorox Mar 22 '13 at 10:28
  • From iptables manpage: _If no port range is specified, then source ports below 512 will be mapped to other ports below 512: those between 512 and 1023 inclusive will be mapped to ports below 1024, and other ports will be mapped to 1024 or above. Where possible, no port alteration will_ In iptables you can specify port range with _--to-source_. Some interesting information in [RFC5382](http://tools.ietf.org/html/rfc5382) – Bertera Mar 24 '13 at 10:09