| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| en:dpi:opt_cgnat:сgnat_settings [2024/11/29 10:33] – elena.krasnobryzh | en:dpi:opt_cgnat:сgnat_settings [2025/09/03 08:58] (current) – [NAT 1:1] elena.krasnobryzh |
|---|
| <code bash>fdpi_ctrl load profile --service 11 --profile.name test_nat --profile.json '{ "nat_ip_pool" : "5.200.43.0/24,5.200.44.128/25", "nat_tcp_max_sessions" : 2000, "nat_udp_max_sessions" : 2000 }'</code> | <code bash>fdpi_ctrl load profile --service 11 --profile.name test_nat --profile.json '{ "nat_ip_pool" : "5.200.43.0/24,5.200.44.128/25", "nat_tcp_max_sessions" : 2000, "nat_udp_max_sessions" : 2000 }'</code> |
| A description of the parameters can be found in the [[en:dpi:opt_cgnat:сgnat_settings#parameters_and_possible_values|table]] below. | A description of the parameters can be found in the [[en:dpi:opt_cgnat:сgnat_settings#parameters_and_possible_values|table]] below. |
| | |
| | White address subnets for CG-NAT are only announced towards inet upon SSG startup and when adding/removing/modifying NAT profiles. |
| |
| <note important>In case a ''login'' is bound to several IPs, the session counter is separate for each IP address.</note> | <note important>In case a ''login'' is bound to several IPs, the session counter is separate for each IP address.</note> |
| |
| <note>When specifying a range of external IP addresses, you can specify one or more ranges separated by commas; [[en:dpi:faq:cgnat|also you can dynamically add additional ranges to a previously created pool]].\\ | <note>When specifying a range of external IP addresses, you can specify one or more ranges separated by commas; [[en:dpi:faq:cgnat|also you can dynamically add additional ranges to a previously created pool]].\\ |
| You can exclude reserved addresses from the range (according to the classless addressing convention, these are gateway and broadcast addresses) by adding the "~" symbol to the range definition at the end of the ''cidr'' definition, for example ''5.200.43.0/24~''.</note> | You can exclude reserved addresses from the range (according to the classless addressing convention, these are gateway and broadcast addresses) by adding the "~" symbol to the range definition at the end of the ''cidr'' definition, for example ''5.200.43.0/24~''.\\ :!: Temporary restriction: each of the individual pools in the total pool list must contain at least as many public addresses as the number of worker threads.</note> |
| |
| ===== NAT 1:1 ===== | ===== NAT 1:1 ===== |
| </code> | </code> |
| A description of the parameters can be found in the [[en:dpi:opt_cgnat:сgnat_settings#parameters_and_possible_values|table]] below. | A description of the parameters can be found in the [[en:dpi:opt_cgnat:сgnat_settings#parameters_and_possible_values|table]] below. |
| | |
| | Announcement of white addresses for subscribers with 1:1 NAT occurs individually and only after authorization (assignment of service 11 to the subscriber). |
| |
| <note>When specifying a range of external IP addresses, you can specify one or more ranges separated by commas; [[en:dpi:faq:cgnat|also you can dynamically add additional ranges to a previously created pool]].\\ | <note>When specifying a range of external IP addresses, you can specify one or more ranges separated by commas; [[en:dpi:faq:cgnat|also you can dynamically add additional ranges to a previously created pool]].\\ |
| You can exclude reserved addresses from the range (according to the classless addressing convention, these are gateway and broadcast addresses) by adding the "~" symbol to the range definition at the end of the cidr definition, for example 5.200.43.0/24~\\ :!: Temporary restriction: each of the individual pools in the total pool list must contain at least as many public addresses as the number of worker threads.</note> | You can exclude reserved addresses from the range (according to the classless addressing convention, these are gateway and broadcast addresses) by adding the "~" symbol to the range definition at the end of the ''cidr'' definition, for example ''5.200.43.0/24~''.</note> |
| |
| ===== NAT Service Management ===== | ===== NAT Service Management ===== |
