Buenas tardes.
tengo problemas con el NAT en equipos cnpilot , al parecer auque tenga la opcion NAT "enable" activada no siempre hace el nat ya que varios paqutes son ruteados sin pasar por el NAT llegando a mi Router core solicitudes con ip de una red LAN (192.168.100.0/24), me di cuenta ya que me han reportando poblemas con la navegacion paginas no abren, lentitud... etc.
Hi,
Checked your screen captures, WAN and LAN configurations looks fine. As per the WAN config, all LAN traffic should be NAT'ed.
For further debugging, can you please share the below details,
* R-Series Device model(R201/R200/R190)
* Device config File (Administration->Mangement->Config File->Download). Need to check any other device config causing the issue.
* Device current firmware
Thanks,
Divakar
si, una disculpa he estando haciendo pruebas tambien.
manejo solo modelos cnPilot R190W y cnPilot R190V , version 4.3.3-R4(201710061355)
-realice pruebas con versiones anteriores y versiones actuales el resultado es el mismo.
Hi ,
I loaded your config in my local setup . Tried with traffic (FTP download, Iperf upload traffic , ping , browsing , video streaming ) , but not seeing the issue . All packets are properly getting translated.
Can you capture packets on WAN interface and send across capture to my mail Id: nsi100@cambiumnetworks.com.
To capture packet go to Administration--> Diagnosis . start capture on WAN port , Stop after 5-10 minutes . Save and send file. I have attached screen capture of tab.
Regards,
Nilesh
Buenas tardes listo.
ya envie el correo
Hi ,
I have received the packet capture , debugging the issue now. Will update you .
Regards,
Nilesh
Holas buenas tardes alguna noticia, encontraron algo con la informacion que se les envio?
We are debugging the issue . Soon we will come up with a solution
Hi ,
From your packet captures , we see that only RST and FIN Packets were not getting NATed . These RST and FIN packets were not belonging to any proper sequence .
TCP connections consist of a specific sequence of packets -- the initial "new connection" packet will be a SYN, the first response from the remote server will be a SYN/ACK, and then your computer will send an ACK to complete the connection, and subsequent packets will flow. When the connection is done, one side will send an ACK/FIN, which is ACK'd by the remote side who then closes their connection the same way. If the router sees the ACK/FIN packet, it will clean up the connection and remove the NAT information from the connection tracking table. Once this happens, any more packets on the same connection will be "invalid" (unless a new connection is opened by starting with the SYN again).
So, the core of the problem is that a client inside the router is sending TCP packets on a connection that has already been closed with an ACK/FIN (or the router saw a RST come through -- which should reset that connection, and winds up causing the router to perform the same cleanup as if a FIN had been seen). After the ACK/FIN or RST, the client should be sending a SYN to start a new connection, which will cause the NAT rule to happen.These RST or FIN packets which are not NATed should not cause any issue . It is not issue with Router , It is working as expected
If you are facing slow browsing or latency in network we need to debug further . Could you open a support ticket with us so that we can debug your issue
muy bien, por ahi estaba mi idea ya tengo un mejor panorama ya que me sucede con aparatos moviles ios android, cuando el aparato bloquea su pantalla este suspende conexiones o las cierra, y al desbloquearlo empesaba a llegar solicitudes sin nat ,
Saludos.
