Avatar of abakhrani
abakhrani
 asked on

Maximum number of ips you can NAT

Hi ,

How many Maximum Number of Ips can you NAT on a single pulic ip.

Linux Networking

Avatar of undefined
Last Comment
ravenpl

8/22/2022 - Mon
ravenpl

It's not about count of IPs, but count of concurrent connections.
having one IP you can start 65536 concurrent connections, as source port is 16bit long unsigned integer. In fact first 1024 ports are unusable, so it's safe to say: 64000 connections.
It can be spread across 64000 IPs (each computer has only one connection) or all connections can be utilized by single IP...
Of course if the NAT box starts some connections from same IP - You have to count them into the 64000 pool.
harbor235

FYI,

I would not say the first 1024 ports are not usable, if you have a server running on one of those ports you could certainly use as many as you like of the first 1024 ports. But I do get what you are trying to say.

harbor235 ;}

ASKER CERTIFIED SOLUTION
ravenpl

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
abakhrani

ASKER
Hi all ,
Thank you for your responces,
The reason for asking this queston is that i have a client with a HUawei Firewall and they calim they cant do Nat  on a single public ip . We have to assign then a /25 or more  ips for the firewall to work.
Does this make sence at all ?

All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ravenpl

> they calim they cant do Nat  on a single public ip
And they explained why? Assuming one user may generate 1000 connection (if it has P2P it surely will) You can put ~64 clients behind one IP.

But maybe they want put some servers behind they firewall. Then each server may need separate IP.
abakhrani

ASKER
They only have  One firewall and  about 600 users. I comfortably think this should work behind a single ip.
If not please advice  
ravenpl

600 users - it depends what those users do. As I mentioned above. If every user will spawn some p2p client (like edonkey) and some other stuff it can create 1000 connections - right? For this many clients I would claim 5 IP addresses from my ISP (class of 8 IPs: network, bcast, gateway and 5 IPs for NAT).
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
abakhrani

ASKER
OK so if i get thsi right .. If one user uses edonkey he can possibly take more than 1000 connections and  that means the orther people have a problem accesing that public ip ?
ravenpl

> the orther people have a problem accesing that public ip ?
if there is 60 such users, they can create 60000 connections - right. And that's the limit of NATed connections for one IP. Next users/connections will get connection refused.
For 600 users on one IP there would be average 100 connections available per user. If You consider this enought - fine. I suggest bump the limit to about 500.
There's noe more issue. 600 users - fine. But will all they work at same time?