Fixing the 'Sleepy NAT' Problem - Mar. 1, 2002

Mar. 1, 2002 - Bug in TCPCFG.NLM in NW51SP4.EXE.
> Result is that NAT Implicit Filtering gets enabled every time you start INETCFG. This will cause inbound traffic to reverse proxies, and (probably) to static NAT to fail. Until a patch/fix is available, be sure to SET NAT DYNAMIC MODE TO PASS THRU=ON, and you should probably do that after any Reinitialize System command.

Dec. 8, 2001 - NAT600D.EXE is available, and should be tried if having NAT issues. (May be later version available as well).

Note: Also see this link (tip #48) for another NAT issue.

February 8, 2001: There are a number of people reporting that NAT will intermittently quit working, in some cases requiring dynamic NAT to be disabled and re-enabled. Symptoms seem to be that dynamic NAT will work fine for several days, then quit working entirely. It may be that dynamic NAT quits working while static NAT continues to work. This problem exists even if NW4SP9, NW50SP6A or NW51SP2A have been applied.

Novell needs additional information on these issues, and TID 10025623 (February 6, 2001) gives some instructions:

FURTHER WARNING (may explain the above):

NETDB loaded manually before TCPIP starts is causing a lot of problems. See THIS LINK for more explanation.

"Information needed if NAT Freezes or hangs (Last modified: 06FEB2001)
Information needed if NAT Freezes or hangs

Support needs to get the following information for every issue of NAT freezing.

1. Can you ping from the private side to the public side?
2. Can you use a browser to get from the private side to a public web site?
3. Can you do a TRACERT from the private side to the public side? i.e. on a WINDOWS machine at the DOS Prompt type: TRACERT
4. Does IP actually get packets sent from the private side of the network? SET TCP IP DEBUG=1 and capture the packets generated in steps 1-3 above in a console.log file.

Other information needed from ALL sites
-Is NAT configured in Dynamic or Static and Dynamic?"

It would be best to open an incident with Novell should you be having this problem, but if you want to post the information in the public forums, the sysops there will try to forward the information for you.

If you ever post a CONFIG.TXT file in the public forums, be sure to edit the file first to remove the SERIAL NUMBER of your server or the sysops will try to delete the message. The sysops will delete messages containing serial numbers as someone might try to use your serial number to buy an upgrade license. (For your own safety, also mask the RCONSOLE PASSWORD which shows up in a config.txt file in the section listing NETINFO.CFG contents).

December, 2000: I have a report from one user in the forums that the NAT.NLM 1.10 (or 1.11) did not help an issue he was having. But his problem went away after he enabled Proxy ARP on the server.

Older information (2000) - NAT sometimes quits working intermittently on a BorderManager server. On NetWare 4.11 servers running BorderManager 2.1, you should be able to fix this with a patch called NAT10.EXE from On other BorderManager installations, you should have a newer version NAT 1.11) included in the latest support packs - it is in NW4SP9, NW50SP6A and NW51SP2A.

I'll mention one other thing, since people for some reason keep doing this. Do NOT connect both NIC's to the same hub! You will get ARP table issues that can look like NAT failures. Same thing with trying to bind two IP addresses and use NAT on a single-NIC server. If you are going to use NAT, you need (at least) two interfaces which are physically on different wire segments. (Or a dial-up interface and a NIC).

Return to the Main Page