Technical Information Document
Updated & enhanced NAT.NLM - TID2960638 (last modified 24MAY2002)
2960638 2960638
associated file

Click filename to download:
nat600d.exe; 104382 bytes; Date/Time: 05-24-2002/03:12PM

abstract

This patch contains the latest NAT.NLM for NetWare 4.2, 5.1 and 6.0

installation

1. Back up old NAT.NLM by renaming to another extension.
2. Copy NAT.NLM to the SYS:\SYSTEM directory.
3. Reboot the server.

issue

This NAT.NLM provides a number of new commands that will help troubleshoot and often solve NAT hang problems:
1. SET nat periodic cleanup time
- this command sets the periodic cleanup time for NAT in MINUTES (default = 3 MINUTES). Dropping this down to 1 minute can help free up slots in the TCP connection table when the NAT server has a lot of users going through it.

2. _dumpnattcp
- this command dumps the contents of the TCP connection table to the sys:\etc\nattcp.log. The information dumped includes the following from the NAT connection:

SRC IP Address | Orig private Port | Translated public Port | Dest IP Address |Dest Port | State | LAT(Sec)

where:

- SRC IP Address is the source IP address of workstation on the private network
- Orig private Port is the TCP source port of the TCP session on the private network (1025 - 65535 range)
- Translated public Port is the TCP source port of the TCP session on the public network (55000 - 60000 range)
- Dest IP Address is the destination IP address of the request (will remain the same on both the private and public side of the NAT router)
- Dest Port is the destination TCP port for the request (will remain the same on both the private and public side of the NAT router)
- State is the state of the session as far as the NAT TCP connection table is concerned. There are 8 possible states that are represented by the various bits enabled

CS_WAITING_FOR_SYN_ACK (1<<0) // waiting for ack to syn
CS_SEEN_SYN_ACK (1<<1) // seen the syn ack
CS_WAITING_FOR_ADJUST_ACK (1<<2) // waiting for adjustment ack
CS_WAITING_FOR_PRV_FIN_ACK (1<<3) // waiting for fin ack from prv
CS_WAITING_FOR_PUB_FIN_ACK (1<<4) // waiting for fin ack from pub
CS_SEEN_PRV_FIN_ACK (1<<5) // seen the prv fin ack
CS_SEEN_PUB_FIN_ACK (1<<6) // seen the pub fin ack
CS_FTP_DATA_CONNECTION (1<<7) // FTP Data connection
CS_WAITING_FOR_PUB_SYN (1<<8) // waiting pub syn after "PORT"

A typical connection would have a state of 00000010. This implies that the only flag that is enabled is the CS_SEEN_SYN_ACK which indicates that we've seen the SYN ACK from the remote TCP server and have probably successfully established the connection. This state is totally valid.

This is the key field as far as troubleshooting is concerned. If the CS_WAITING_FOR_PUB_FIN_ACK or CS_WAITING_FOR_PRV_FIN_ACK flags are enabled for more than 2 minutes, then an issue with the closing of the connections may be taking place.

- LAT(Sec) specifies the amount of time the connection has been active for.

contents 

Self-Extracting File Name:  nat600d.exe

Files Included       Size   Date         Time    Version   Checksum

\
       NAT.NLM     468847   10-24-2001   12:25AM
   NAT600D.TXT       4052   05-24-2002   03:12PM
Document Title: Updated & enhanced NAT.NLM
Document ID: 2960638
Creation Date: 06NOV2001
Modified Date: 24MAY2002
Document Revision: 4
Novell Product Class: NetWare
Novell Product and Version: NetWare 4.2
NetWare 5.1
NetWare 6

Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.