Question

Hi all,

I have a RUTX08, WAN network is 10.0.1.0/24 and LAN is 10.0.2.0/24 .

In LAN I have a host 10.0.2.20 that does not have the default gateway configured. I want to access that device from WAN using 10.0.1.20 as a NAT address. RUTX08 should answer ARP requests for 10.0.1.20 in WAN and redirect traffic to LAN host 10.0.2.20. It should also have masquerading so that host 10.0.2.20 sees the traffic coming from RUTX08's address 10.0.2.1, not from 10.0.1.20 (because of the missing gateway on the host). Returning traffic in WAN should also have 10.0.1.20 as source because hosts in 10.0.1.0/24 are not aware of network 10.0.2.0/24 and RUTX08 is not the default gateway in either networks.

So my question is, what iptables rules should I define in the Custom rules section of RUTX08 config? I tried netmap and snat/dnat but didn't succeed, probably missing something.

Thanks in advance!

Answer 1

Ok I was able to resolve this.

I had forgotten to add a sub-interface to WAN (eth1). I added this to System --> Custom scripts:

ifconfig eth1:1 10.0.1.20 netmask 255.255.255.0 broadcast 10.0.1.255

Then I added this to Network -> Firewall -> Custom rules:

iptables -t nat -I PREROUTING -d 10.0.1.20 -j DNAT --to-destination 10.0.2.20

I also turned on Masquerading for both interfaces in Firewall -> General settings.

Everything's working now. It's also easy to add more NAT addresses by replicating above commands, mutatis mutandis.

Comments

Can you help me using a images whit a step to step?

thanks in advance

---

I have tried to do this, replicating the example that they explain but I still cannot do the 1:1 NAT, The purpose is that the equipment that has IP 10.10.2.20 in the LAN, can ping it through the IP 10.10.1.20 in the WAN

---

This is the images of configuration of rutx08 , maybe I'm missing some steps could you help me complete them