Question

Hi All,

I have a very minimalistic client device connected to wifi LAN on a RUT955. The device has no concept of
%defaultroute. or any capability for static routing - its a <<really>>  c**p design! - but its one of a kind. 

It was designed to sit in a flat subnet and remote access was never envisioned. Now we need to access it 
via OpenVPN.

"on paper" this should be very easy  - Port forwards with Source NAT:

From any IP in openVPN (192.168.VPN.x) where destination port is 50000 and protocol is UDP 
Set Source IP to {IP of Wifi LAN interface}
forward to LAN IP 192.168.LAN.y

that way the device always sees packets from the LAN default gateway IP and can reply to them, the
RUT955 then sorts out the NATing . Shouldnt be too hard .

Maybe I'm getting old ? or the virus lockdown is softening my brain? :-) but I cannot get this to work 

So two questions:

1) Should this be possible from the GUI please ? or do I have to talk directly to iptables as a custom rule?
2) Could someone provide a worked example screenshot please ?

Many thanks

Regards 

BB 

Answer 1

Hello,

Source NAT and Port Forwarding rules should suffice. Maybe you could share them (Both SNAT and Port Forwards) so I can take a look?

Also simple topology drawing would be great.

In WebUI you can find:

SNAT in Network > Firewall > Traffic Rules > Source NAT

Port Forward in Network > Firewall > Port Forward

Tinkering with IPTABLES should not be necessary for this

Regards

Comments

Hi Peasant

Many thanks - Im working away at present on a customer site - bear with me a day or two

---

Ok - here is the topology - IP address ranges changed to protect the innocent :-)

I look at the drawing and see it should be so simple - but I cannot make it work !

Regards 

BB

---

Hello,

Did you test the same topology but without using VPN?

Could you try reacreating it with SNAT and DNAT rules with WAN connection istead of VPN?