LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-22-2014, 08:14 AM   #1
firask317
LQ Newbie
 
Registered: Feb 2012
Posts: 13

Rep: Reputation: Disabled
Source and Destination NAT Problem


Hello everybody,

I am working for an ISP. We have recently added one rule to our Acceptable Use Policy, stating that our network equipment intercepts all outgoing DNS requests and route them back to our local DNS servers.

In order to do this, I have configured my Cisco ASR to set the next hop of all packets destined to UDP port 53 to a Centos 6.4 virtual machine, which simply destination NAT DNS requests to our DNS server. In order to prevent our DNS server from responding back to the original client with its own IP address, I have configured the NAT virtual machine to also source NAT DNS requests, thus ensuring that our DNS server will send DNS replies to the NAT virtual machine in order for it to place the original IP addresses in the DNS replies.

Everything works well for a small number of intercepted DNS queries, but when I intercept a large number of DNS queries, it seems like the NAT virtual machine starts to drop DNS requests. In addition to that the NAT virtual machine responds to ping requests with high delays (400+ msec) and there are also some timed out ping requests.

The strange thing is that I don't see any interesting thing in /var/log/messages and when a large number of of DNS requests is intercepted, the load average on the NAT virtual machine is not high and the memory consumption is below average!

What do you think the problem is? Is it something related to networking buffers?

Thanks in advance for your help!
Firas
 
Old 06-22-2014, 09:31 AM   #2
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 16,945

Rep: Reputation: 2432Reputation: 2432Reputation: 2432Reputation: 2432Reputation: 2432Reputation: 2432Reputation: 2432Reputation: 2432Reputation: 2432Reputation: 2432Reputation: 2432
Nat contacts multiple boxes through one IP by using port addresses. How long each box holds that port I don't know, but when you consider other port restrictions, I imagine you may run out of usable 'ports' when traffic is high.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] match source pattern in destination and substitute in destination usin AWK 123raajesh Linux - Software 7 11-13-2013 04:22 AM
VMWare NAT and static IP in linux guest - destination host unreachable mikeJaneksi Linux - Networking 1 07-23-2012 07:22 AM
How to Destination NAT in Prerouting Hook ? paradox_mgh21 Linux - Kernel 1 12-05-2011 06:12 AM
LXer: Configuring Source And Destination NAT With Firewall Builder LXer Syndicated Linux News 0 12-28-2010 08:50 AM
problem to print source address and destination address jooboo Programming 2 11-26-2003 03:24 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration