Link to home
Start Free TrialLog in
Avatar of abakhrani

asked on

Maximum number of ips you can NAT

Hi ,

How many Maximum Number of Ips can you NAT on a single pulic ip.

Avatar of ravenpl
Flag of Poland image

It's not about count of IPs, but count of concurrent connections.
having one IP you can start 65536 concurrent connections, as source port is 16bit long unsigned integer. In fact first 1024 ports are unusable, so it's safe to say: 64000 connections.
It can be spread across 64000 IPs (each computer has only one connection) or all connections can be utilized by single IP...
Of course if the NAT box starts some connections from same IP - You have to count them into the 64000 pool.
Avatar of harbor235

I would not say the first 1024 ports are not usable, if you have a server running on one of those ports you could certainly use as many as you like of the first 1024 ports. But I do get what you are trying to say.

harbor235 ;}

Avatar of ravenpl
Flag of Poland image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of abakhrani


Hi all ,
Thank you for your responces,
The reason for asking this queston is that i have a client with a HUawei Firewall and they calim they cant do Nat  on a single public ip . We have to assign then a /25 or more  ips for the firewall to work.
Does this make sence at all ?

> they calim they cant do Nat  on a single public ip
And they explained why? Assuming one user may generate 1000 connection (if it has P2P it surely will) You can put ~64 clients behind one IP.

But maybe they want put some servers behind they firewall. Then each server may need separate IP.
They only have  One firewall and  about 600 users. I comfortably think this should work behind a single ip.
If not please advice  
600 users - it depends what those users do. As I mentioned above. If every user will spawn some p2p client (like edonkey) and some other stuff it can create 1000 connections - right? For this many clients I would claim 5 IP addresses from my ISP (class of 8 IPs: network, bcast, gateway and 5 IPs for NAT).
OK so if i get thsi right .. If one user uses edonkey he can possibly take more than 1000 connections and  that means the orther people have a problem accesing that public ip ?
> the orther people have a problem accesing that public ip ?
if there is 60 such users, they can create 60000 connections - right. And that's the limit of NATed connections for one IP. Next users/connections will get connection refused.
For 600 users on one IP there would be average 100 connections available per user. If You consider this enought - fine. I suggest bump the limit to about 500.
There's noe more issue. 600 users - fine. But will all they work at same time?