Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » packet dropped: cannot perform NAT

Messages: 1
Karma: 0
Send a private message to this user
Yesterday we upgraded to 6.5.0 -- now today clients which connect are having DNS issues. We are using DHCP with DNS forwarding, and the same settings we have used for years (since WinRoute 4.x).

In the debug log, we do get this showing up:

{pktdrop} packet dropped: cannot perform NAT, no NAT address (from LAN Ethernet, proto:UDP, len:63, ip/port:xx.xx.xx.xx(source IP):xxxxx -> xx.xx.xx.xx(firewall IP):53, udplen:35)

If I enable DNS messages in the debug log, it appears the DNS query works, but it can't return the answer to the client:

{dns} Querying server, query id=13434
{dns} DnsResolver: DNS name resolved from cache as
{dns} Reply from id 13434.
{dns} Got answer from, id=13434
{dns} Host not found
{pktdrop} packet dropped: cannot perform NAT, no NAT address (from LAN Ethernet, proto:UDP, len:63, (etc)

We have rebooted, cleared the DNS cashe, disabled the cache all to no avail.

In case the traffic policy for DNS is corrupt, I created a new one and put it above the current policy:

source: interface connected to ethernet (local) LAN
dest: any
service: DNS
action: permit
translation: NAT

Any ideas on what now causes the "cannot perform NAT, no NAT address" message in the debug logs?

So far the only circumvention we have found is to put an explicit DNS server in the client PCs instead of using DHCP for the DNS entry. But we don't want to have to visit each PC to do that.
Previous Topic: Yahoo and Hotmail
Next Topic: Can not block FTP,POP3 without authentication
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 09:34:27 CET 2017

Total time taken to generate the page: 0.00417 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.