Round-robin NAT: any ideas?

Valeriy sent me a really interesting question:

When you’re using PAT with a NAT address pool, the routers use the lowest IP addresses from the pool as long as possible, using a new address from the pool only when the TCP/UDP ports on the active ones are depleted. This causes problems with services limiting the number of connections from one IP address. Is there any way to make the router use the whole pool for outgoing connections in a round-robin fashion?

Valeriy has already tried rotary pools, but they don’t work with PAT and the ip nat portmap is only useful for VoIP traffic. Any other ideas?


  1. If you have enough addresses for everybody who'd be using the NAT, you can drop "overload" from the configuration (don't use PAT). That will cause internal clients to each get their own address (until the pool is depleted).
  2. If you have enough address space, what the reason to use NAT?
Add comment