Question

Hi guys,

Having an issue with NAT where we need to route all traffic coming across the VPN (from a /24 source range) to the LAN IP address of the RUT to allow connectivity to devices on the VPN.

Currently, the RUT is NOT the default gateway for the site (it will be eventually) thus, any return traffic to the VPN subnet is getting dropped (by the default gateway) - hence, we'd like to NAT all VPN traffic to the LAN IP of the RUT temporarily (providing connectivity) until we can swap out the existing default gateway.

In version 6, we could simply set a SNAT policy for anything on the VPN zone from the source subnet and NAT it to the interface IP on the RUT but with v7 firmware, there is no VPN zone and we're unable to create a SNAT entry (as it prompts for the destination ports which need to remain unchanged)

I've been trying to get an IPtables custom rule working under v7 to emulate the SNAT functionality we had in v6 but unable to get this working at this stage.

Any assistance is appreciated!  Thanks!

-JT

Answer 1

Hi,

For the configuration of a SNAT, you can go to the option Network > Firewall > NAT Rules > Source NAT to create a rule to change the packets' source address and port, like you can see on the following wikipage:

RUT955 Firewall - Teltonika Networks Wiki (teltonika-networks.com)

If you have defined the VPN on the RUT955 and it is active, you should be able to see it on the options from Source zone or Destination zone. Otherwise, you could go to the option Network > Firewall > General settings and check the defined zones or create a new Zone, like you can see on the following wikipage:

RUT955 Firewall - Teltonika Networks Wiki (teltonika-networks.com)

If you the issue remains after checking these options, it would be helpful to have a topology diagram to try to replicate the scenario.

 

Best regards.