Double NAT - how to set it up?

Vincent85 · May 13, 2025, 7:27am

Hello everyone,

I’m setting up a RUTx50 to provide access for a small power plant. I’m stuck on one issue. On one of my VLANs, the client wants to be set up in what he calls a “double LAN.” The setup is as follows:

10.x.x.100 > the RUTx VLAN
10.x.x.101 > Port 2 - Client router FW/NAT
10.x.x.114 > a server in 172.x.x.x NATed by x.101 waiting for a connection
10.x.x.201 > Port 4 - Client datalogger who wants to connect to 10.x.x.114

The client router on port 2 requires that all communication going to .114 comes from .100. But I can’t make it work.

I made a NAT rule that says anything going to .114 is to be rewritten to .100, but I can’t even ping .114. i made test on site, i just can’t make it work.

However, when I’m on the RUT CLI, I can ping, and I can also start the connection with telnet on .114.

How can i make that all packet from .201, are like originating from .100 to .100 or .114 eye ?

Vincent85 · May 15, 2025, 9:04am

As my case might be not so well explained, thus receiving not any response.

Doe a NAT rules like that one :

Does it change the source of packets coming from .201 (in direction of .114) to .100 ?

As .114, only accept communication from .100.

Thank you.

MatasR · June 6, 2025, 8:14am

Hello,

It seems that all those LAN devices are in the same network 10.20.30.x. So when .201 tries to send traffic to .114, it does ARP (since it thinks that it is on the same network) and forwards the frame to .114 - there is no routing/SNAT on RUT in this case (RUT acts as a switch in this scenario).

The best option would be to put .114 and .201 into different networks (VLANs). Then, routing would happen, and the router would apply SNAT.

Regards,
M.