This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

CloudNAT connection logging doesn't show post-NAT outgoing port number?

Posted on 02-07-2024 02:48 AM
jogu
New Member
Reply posted on --/--/---- --:-- AM

We are experiencing an issue where a client claims that some of our outgoing HTTPS connections aren't reaching their network, so have enabled cloud NAT logging. However the `nat_port` information in the logging does not seem to contain the after-NAT source port number that was used for the connect to the destination IP - and that information doesn't seem to be anywhere in the log.

e.g. in this example the `nat_port` is 900,  which clearly isn't the actual outgoing port as the documentation says CloudNAT will not use outgoing port numbers less than 1024, and checking the connection on the destination machine shows a different port number - one that is not present anywhere in the log message. Is this a bug in the logging or is there some way to map this port number to the actual one?

 

 

 

{
  "insertId": "17adxbyfg56ttg",
  "jsonPayload": {
...
    "connection": {
      "dest_ip": "18.229.116.174",
      "dest_port": 443,
      "src_port": 57836,
      "src_ip": "10.72.0.13",
      "nat_ip": "35.196.44.185",
      "protocol": 6,
      "nat_port": 900
    }
  },
  "resource": {
    "type": "nat_gateway"
  },
  "timestamp": "2024-02-07T10:27:20.729294750Z",
...
}

 

 

1 2 260
Topic Labels
2 REPLIES 2
Top Labels in this Space
Top Solution Authors
View all