tengo problemas con el NAT en equipos cnpilot , al parecer auque tenga la opcion NAT "enable" activada no siempre hace el nat ya que varios paqutes son ruteados sin pasar por el NAT llegando a mi Router core solicitudes con ip de una red LAN (192.168.100.0/24), me di cuenta ya que me han reportando poblemas con la navegacion paginas no abren, lentitud... etc.
I loaded your config in my local setup . Tried with traffic (FTP download, Iperf upload traffic , ping , browsing , video streaming ) , but not seeing the issue . All packets are properly getting translated.
Can you capture packets on WAN interface and send across capture to my mail Id: nsi100@cambiumnetworks.com.
To capture packet go to Administration--> Diagnosis . start capture on WAN port , Stop after 5-10 minutes . Save and send file. I have attached screen capture of tab.
From your packet captures , we see that only RST and FIN Packets were not getting NATed . These RST and FIN packets were not belonging to any proper sequence .
TCP connections consist of a specific sequence of packets -- the initial "new connection" packet will be a SYN, the first response from the remote server will be a SYN/ACK, and then your computer will send an ACK to complete the connection, and subsequent packets will flow. When the connection is done, one side will send an ACK/FIN, which is ACK'd by the remote side who then closes their connection the same way. If the router sees the ACK/FIN packet, it will clean up the connection and remove the NAT information from the connection tracking table. Once this happens, any more packets on the same connection will be "invalid" (unless a new connection is opened by starting with the SYN again). So, the core of the problem is that a client inside the router is sending TCP packets on a connection that has already been closed with an ACK/FIN (or the router saw a RST come through -- which should reset that connection, and winds up causing the router to perform the same cleanup as if a FIN had been seen). After the ACK/FIN or RST, the client should be sending a SYN to start a new connection, which will cause the NAT rule to happen.These RST or FIN packets which are not NATed should not cause any issue . It is not issue with Router , It is working as expected
If you are facing slow browsing or latency in network we need to debug further . Could you open a support ticket with us so that we can debug your issue
muy bien, por ahi estaba mi idea ya tengo un mejor panorama ya que me sucede con aparatos moviles ios android, cuando el aparato bloquea su pantalla este suspende conexiones o las cierra, y al desbloquearlo empesaba a llegar solicitudes sin nat ,