WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

ROUTING VIA WAN - NO NAT

0 votes
3,584 views 7 comments
by
We have 1 Wired WAN Link (static ip) this allows access to internet and also to 10.0.0.0/8 network (ISP - BGP routing)

Our local LAN is 172.18.1.0/24

When the traffic goes out from LAN to WAN by default it is NAT'd and this works correctly.

When the traffic goes out from LAN to WAN to a destination ip in the range 10.0.0.0/8 - I do not want it NAT'd and that the destination IP should see the original source ip of 172.18.1.x

I tried to add source NAT rule under Network > Firewall Rules > Traffic Rules > Source NAT:

Protocol: All

Source: From any host in lan

Destination: To IP Range 10.0.0.0/8 in WAN

SNAT: Rewrite to source IP 172.18.1.254

However this will rewrite original source ip to 172.18.1.254 and I can reach the network on 10.0.0.0/8

How can I preserve original IP or disable NAT when traffic goes from Lan:172.18.1.0/24 to Wan:10.0.0.0/8 either NAT is turned off or SNAT preserves source IP?

1 Answer

0 votes
by anonymous
Hello,

you will need to add rule in firewall via terminal.

SSH to router and edit "/etc/config/firewall" file with vi editor.

Find lines about wan zone:

config zone
        option name 'wan'
        option network 'wan ppp wan2'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

Add following line:

        list masq_dest '!10.0.0.0/8'

This should work.
by
Thank you!! That worked.

This is going to be the goto router for all our clients now!
by
Hi

Seem to have come across something strange. While I can reach 10.0.0.0/8 network from any other computer on the network and it does not apply NAT - the issue is if I do ping from the router itself via SSH - I can see the traffic going to 10.0.0.0/8 is NAT'd
by anonymous
Hello,

ping selects your wan address by default as source.

Try to specify source address or interface with ping -I
by
Hi

Yes you are spot on correct. That works.
So perhaps a loopback needs to be added so that traffic from the router can reach 10.0.0.0/8 subnet without getting NAT'd ? Or again perhaps a SNAT rule?
by anonymous
I think SNAT rule should work for this problem.
by
Thanks it did!

Appreciate you helping me out here.
by

Hi Guys

The manual entry in WAN interface in /etc/config/firewall" of list masq_dest '!10.0.0.0/8' gets removed on each reboot - how do I make this persistent.