error NAT

Buenas tardes.

tengo  problemas con el NAT en equipos cnpilot  , al parecer auque tenga la opcion NAT "enable" activada no  siempre hace el nat ya que varios paqutes son  ruteados sin pasar por el NAT llegando a mi Router core  solicitudes con ip de una red LAN (, me di cuenta ya que  me han reportando  poblemas con la navegacion paginas no abren, lentitud... etc.


Checked your screen captures, WAN and LAN configurations looks fine. As per the WAN config, all LAN traffic should be NAT'ed.

For further debugging, can you please share the below details,

* R-Series Device model(R201/R200/R190)

* Device config File (Administration->Mangement->Config File->Download). Need to check any other device config causing the issue.

* Device current firmware



si, una disculpa he estando haciendo pruebas tambien.

manejo solo  modelos cnPilot R190W y cnPilot R190V  , version 4.3.3-R4(201710061355) 


-realice pruebas con  versiones anteriores y versiones actuales el resultado es el mismo.

Hi ,

I loaded your config in my local setup . Tried with traffic  (FTP download, Iperf  upload traffic , ping , browsing , video streaming ) , but not seeing the issue . All packets are properly getting translated.

Can you capture packets on WAN interface and send across capture to my mail Id: 

To capture packet go to Administration--> Diagnosis . start capture on WAN port , Stop after 5-10 minutes . Save and send file. I have attached screen capture of tab.



Buenas tardes listo.

ya envie el correo

Hi ,

I have received the packet capture , debugging the issue now. Will update you .



Holas buenas tardes alguna noticia, encontraron algo con la informacion que se les envio?

We are debugging the issue . Soon we will come up with a solution 

Hi , 

 From your packet captures , we see that only RST and FIN Packets were not getting NATed . These RST and FIN packets were not belonging to any proper sequence . 

TCP connections consist of a specific sequence of packets -- the initial "new connection" packet will be a SYN, the first response from the remote server will be a SYN/ACK, and then your computer will send an ACK to complete the connection, and subsequent packets will flow. When the connection is done, one side will send an ACK/FIN, which is ACK'd by the remote side who then closes their connection the same way. If the router sees the ACK/FIN packet, it will clean up the connection and remove the NAT information from the connection tracking table. Once this happens, any more packets on the same connection will be "invalid" (unless a new connection is opened by starting with the SYN again).
So, the core of the problem is that a client inside the router is sending TCP packets on a connection that has already been closed with an ACK/FIN (or the router saw a RST come through -- which should reset that connection, and winds up causing the router to perform the same cleanup as if a FIN had been seen). After the ACK/FIN or RST, the client should be sending a SYN to start a new connection, which will cause the NAT rule to happen.These RST or FIN packets which are not NATed should not cause any issue . It is not issue with Router , It is working as expected 

If you are facing slow browsing or latency in network we need to debug further . Could you open a support ticket with us so that we can debug your issue 

1 Like

muy bien, por ahi  estaba mi idea ya tengo un mejor panorama ya que me sucede con aparatos moviles ios android, cuando el aparato  bloquea su pantalla  este suspende conexiones  o las cierra, y al desbloquearlo  empesaba a llegar  solicitudes sin nat ,