How to check if NAT is working?
Using two (laptop) computers; iPerf and WireShark, it is possible for almost anyone to determine if NAT is working correctly.
Method
Connect the two computers as shown in the above diagram. The Ethernet switches are optional as some Routers have more than one port on both interfaces.
Make sure both computers have valid IP addresses within each subnet. In some cases, you may have to give the computers a static IP address (if there is no DHCP server present on either network).
If this is a live network (i.e. the system is currently being used), start WireShark on both computers. Assuming the system uses the same IP addresses I show in my cheat sheet and assuming you were testing the Router on Site 1 (in the cheat sheet), on Computer 2, you would want to look at the traffic arriving at and leaving the site. More than likely, there will be all kinds of stuff on the WAN so you will need to use the following filter to only see traffic of interest:
ip.dst == 172.16.0.1 and udp.port == 50000
The above filter only shows traffic destined for 172.16.0.1 on UDP port 50000. Naturally, you would alter the above values to suit your own IP plan. To see outbound traffic on say UDP port 50002, you would use this filter instead:
ip.src == 172.16.0.1 and udp.port == 50002
My cheat sheet shows that the Router on Site 1 should have a NAT rule that forwards UDP port 50000 to 192.168.1.2 (the Master Repeater). So on Computer 1 you would use the following filter in WireShark:
ip.dst == 192.168.1.2 and udp.port == 50000
By changing the above filters, you can confirm that traffic is being NATted correctly to the other repeaters at this site.
If this Router/System is still to be deployed, there needs to be a means to generate traffic on the specified UDP port. iPerf is an excellent (and free) tool for this. iPerf however, uses a command-line interface that might be a little too difficult for some.
By changing the above filters, you can confirm that traffic is being NATted correctly to the other repeaters at this site.
If this Router/System is still to be deployed, there needs to be a means to generate traffic on the specified UDP port. iPerf is an excellent (and free) tool for this. iPerf however, uses a command-line interface that might be a little too difficult for some.
iPerf also needs to be running on both computers - one setup as a server (to receive) and the other setup as a client (to send). The idea here is to see that the traffic arrives at the client end okay.
To generate traffic with iPerf, that can be seen using the above filters, use the following commands:
iperf.exe -c 172.16.0.1 -u -b 1m -t 10 -p 50000 -l 8k -q 2 -f m -i 2
To generate traffic with iPerf, that can be seen using the above filters, use the following commands:
iperf.exe -c 172.16.0.1 -u -b 1m -t 10 -p 50000 -l 8k -q 2 -f m -i 2
iperf.exe -s -u -p 50000 -l 8k -q 2 -f m -i 2
-c makes iPerf run as a client. -s makes it run as a server. You can change the port number by altering the -p value. The -t value sets the duration in seconds.
The -b sets the bandwidth which, as you can see, is set to 1Mbps. In my opinion, this is enough and should present no challenge to a good quality Router.
Understanding the results
If NAT is set up correctly, you should see an inbound packet from the 172.16.0.0 IP space arriving at the Router on UDP port 50000 then arriving at the Master Repeater on exactly the same port. You should also then be seeing this on all sites on the ports used there.
If this is not happening, either NAT is not set up correctly, or you have a dodgy Router.
The same procedure can be used on multi-channel IP site connect systems.
Leave a Comment