| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| en:dpi:opt_cgnat:сgnat_settings [2025/08/11 10:39] – [NAT 1:1] elena.krasnobryzh | en:dpi:opt_cgnat:сgnat_settings [2026/02/03 07:53] (current) – [Parameters and possible values] elena.krasnobryzh |
|---|
| <code bash>fdpi_ctrl load profile --service 11 --profile.name test_nat --profile.json '{ "nat_ip_pool" : "5.200.43.0/24,5.200.44.128/25", "nat_tcp_max_sessions" : 2000, "nat_udp_max_sessions" : 2000 }'</code> | <code bash>fdpi_ctrl load profile --service 11 --profile.name test_nat --profile.json '{ "nat_ip_pool" : "5.200.43.0/24,5.200.44.128/25", "nat_tcp_max_sessions" : 2000, "nat_udp_max_sessions" : 2000 }'</code> |
| A description of the parameters can be found in the [[en:dpi:opt_cgnat:сgnat_settings#parameters_and_possible_values|table]] below. | A description of the parameters can be found in the [[en:dpi:opt_cgnat:сgnat_settings#parameters_and_possible_values|table]] below. |
| | |
| | White address subnets for CG-NAT are only announced towards inet upon SSG startup and when adding/removing/modifying NAT profiles. |
| |
| <note important>In case a ''login'' is bound to several IPs, the session counter is separate for each IP address.</note> | <note important>In case a ''login'' is bound to several IPs, the session counter is separate for each IP address.</note> |
| </code> | </code> |
| A description of the parameters can be found in the [[en:dpi:opt_cgnat:сgnat_settings#parameters_and_possible_values|table]] below. | A description of the parameters can be found in the [[en:dpi:opt_cgnat:сgnat_settings#parameters_and_possible_values|table]] below. |
| | |
| | Announcement of white addresses for subscribers with 1:1 NAT occurs individually and only after authorization (assignment of service 11 to the subscriber). |
| |
| <note>When specifying a range of external IP addresses, you can specify one or more ranges separated by commas; [[en:dpi:faq:cgnat|also you can dynamically add additional ranges to a previously created pool]].\\ | <note>When specifying a range of external IP addresses, you can specify one or more ranges separated by commas; [[en:dpi:faq:cgnat|also you can dynamically add additional ranges to a previously created pool]].\\ |
| | ''nat_tcp_max_sessions''\\ integer | The maximum number of TCP sessions a subscriber can create.\\ Default: 2000. | | | ''nat_tcp_max_sessions''\\ integer | The maximum number of TCP sessions a subscriber can create.\\ Default: 2000. | |
| | ''nat_udp_max_sessions''\\ integer | The maximum number of UDP sessions a subscriber can create.\\ Default: 2000. | | | ''nat_udp_max_sessions''\\ integer | The maximum number of UDP sessions a subscriber can create.\\ Default: 2000. | |
| | ''nat_type''\\ integer | Sets the type of profile.\\ Choices:\\ ''0'' --- CGNAT;\\ ''1'' --- NAT 1:1. | | | ''nat_type''\\ integer | Sets the type of profile.\\ Choices:\\ ''0'' — CGNAT;\\ ''1'' — NAT 1:1. | |
| | ''nat_ports''\\ string | The range of ports used for translation on external addresses.\\ Default: 1024-65535. | | | ''nat_ports''\\ string | The range of ports used for translation on external addresses.\\ Default: 1024-65535. | |
| |
| ^ fastdpi.conf parameters ^^ | ^ fastdpi.conf parameters ^^ |
| ^ Parameter ^ Value ^ | ^ Parameter ^ Value ^ |
| | ''nat_max_profiles''\\ integer | Maximum number of profiles with pool parameters.\\ Default: 4.\\ Max: 65000 (if sufficient RAM is available). | | | ''nat_max_profiles''\\ integer | Maximum number of profiles with pool parameters.\\ Default: 4.\\ Max: 65000 (if sufficient RAM is available). | |
| | ''nat_exclude_private''\\ integer | Excludes NAT conversion if both addresses are private.\\ Choices:\\ ''0'' --- off ← (default).\\ ''1'' --- Not doing NAT for private addresses (ip_src и ip_dst --- private or in nat_private_cidr).\\ ''2'' --- ip_src — private subject to nat_private_cidr and AS for dst_ip = local.\\ ''4'' --- ip_src — private subject to nat_private_cidr and AS for dst_ip = peer. | | | ''nat_exclude_private''\\ integer | Excludes NAT conversion if both addresses are private.\\ Choices:\\ ''0'' — off ← (default).\\ ''1'' — Not doing NAT for private addresses (ip_src и ip_dst — private or in nat_private_cidr).\\ ''2'' — ip_src — private subject to nat_private_cidr and AS for dst_ip = local.\\ ''4'' — ip_src — private subject to nat_private_cidr and AS for dst_ip = peer. | |
| | ''nat_private_cidr''\\ string | Specifies additional private address ranges in addition to the standard ranges((Standard ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 100.64.0.0/10)).\\ Max: 4 ranges. | | | ''nat_private_cidr''\\ string | Specifies additional private address ranges in addition to the standard ranges((Standard ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 100.64.0.0/10)).\\ Max: 4 ranges. | |
| | ''lifetime_flow''\\ integer | Specifies the short queue time in seconds for TCP SYN, FIN, UDP.\\ Default: 60. | | | ''lifetime_flow''\\ integer | Specifies the short queue time in seconds for TCP SYN, FIN, UDP.\\ Default: 60. | |
| | ''lifetime_flow_long''\\ integer | Specifies the long queue time in seconds for a TCP DATA established connection. SSG controls flags in TCP connections (FIN, RST) when connections are closed and connections are put into a short queue.\\ Default: 300. | | | ''lifetime_flow_long''\\ integer | Specifies the long queue time in seconds for a TCP DATA established connection. SSG controls flags in TCP connections (FIN, RST) when connections are closed and connections are put into a short queue.\\ Default: 300. | |
| | ''nat_whp_lifetime''\\ integer | Specifies the short queue time in seconds for NAT broadcast for TCP SYN, FIN, UDP. This parameter overrides ''lifetime_flow'' for NAT broadcasts only. \\ Default: 75. | | | ''nat_whp_lifetime''\\ integer | Specifies the short queue time in seconds for NAT broadcast for TCP SYN, FIN, UDP. This parameter overrides ''lifetime_flow'' for NAT broadcasts only. \\ Default: 75. | |
| | ''nat_whp_lifetime_long''\\ integer | Specifies the long queue time in seconds for NAT broadcast for a TCP DATA established connection. This parameter overrides ''lifetime_flow_long'' for NAT broadcasts only. SSG controls flags in TCP connections (FIN, RST) when connections are closed and connections are put into a short queue.\\ Default: 375. | | | ''nat_whp_lifetime_long''\\ integer | Specifies the long queue time in seconds for NAT broadcast for a TCP DATA established connection. This parameter overrides ''lifetime_flow_long'' for NAT broadcasts only. SSG controls flags in TCP connections (FIN, RST) when connections are closed and connections are put into a short queue.\\ Default: 375. | |
| | ''nat_transcode_cidr''\\ string\\ //Add in 12.0// | Specifies the CIDR of the operator's public addresses. \\ Only 2 CIDRs can be specified (in case of using more CIDRs, it is acceptable to specify a wider CIDR). The values are used when transcoding public -> private for NAT 1:1. Any public address can be assigned to a private address for NAT 1:1. | | | ''nat_transcode_cidr''\\ string\\ //Add in 12.0// | Specifies the CIDR of the operator's public addresses. \\ Only 2 CIDRs can be specified (in case of using more CIDRs, it is acceptable to specify a wider CIDR). The values are used when transcoding public -> private for NAT 1:1. Any public address can be assigned to a private address for NAT 1:1. | |
| | ''rx_dispatcher''\\ integer \\ //Add in 12.0// | The method of hashing flow by workflow.\\ Choices:\\ ''0'' --- previous method ← (default). ''(IP_SRC+IP_DST)%N ) & IP_MASK''\\ ''1'' --- a method with uniform balancing over an arbitrary number of flows **with** NAT 1:1 support with the requirement to assign specific addresses. ''(CRC(IP_SRC)%N+CRC(IP_DST)%N)%N''\\ ''2'' --- a method with uniform balancing over an arbitrary number of flows **without** NAT 1:1 support with the requirement to assign specific addresses. | | | ''rx_dispatcher''\\ integer \\ //Add in 12.0// | The method of hashing flow by workflow.\\ Choices:\\ ''0'' — previous method ← (default). ''(IP_SRC+IP_DST)%N ) & IP_MASK''\\ ''1'' — a method with uniform balancing over an arbitrary number of flows **with** NAT 1:1 support with the requirement to assign specific addresses. ''(CRC(IP_SRC)%N+CRC(IP_DST)%N)%N''\\ ''2'' — a method with uniform balancing over an arbitrary number of flows **without** NAT 1:1 support with the requirement to assign specific addresses.\\ ''3'' — a method with uniform balancing across any number of streams **with** NAT 1:1 support (support for assigning specific public addresses, without the requirement to assign a specific private address to a subscriber). Supports more than 40 processing streams. | |
