Expose devices of LAN to WAN with IP of WAN network

Hello,
we are currently working on a network with two RUTX11 routers providing a wifi network (as mesh). Within the environment we have three mobile robots using RUTX11 routers to connect to the wifi network. Unfortunately the network addresses behind the local RUTX11 routers are preconfigured by the manufacturer and can’t be adopted by us. We can simply change the settings of the routers with the IP addresses 192.168.1.1.

Issue:
We want to access the local devices of the robots from our “main” network. Since port forwarding allows only forwarding of the e.g. SSH port to only one device, this is no real option for us. Configuration of the firewall to allow traffic from WAN (wifi) to LAN will lead to multiple devices with the same IP address within the main network.

What we tried:
We tried to configure NAT rules within the RUTX11 of the router 192.168.2.230 interface to guide traffic addressed to e.g. 192.168.2.231 to the local IP 192.168.1.200. But it seems the router is not forwarding any information to the local device.

Questions:
Is it in general possible to configure the router in such a way, that we access the local devices from our main network without P conflicts?
Is NAT the right way to go in this case?

Help would be highly appreciated! Thanks in advance!

Hello,

Thank you for reaching out to us. To address your concern, I recommend implementing iptables rules to efficiently redirect incoming traffic to specific IP addresses. For instance, reaching the first 192.168.1.0/24 subnet by 192.168.3.0/24, second by 192.168.4.0/24, and last by 192.168.5.0/24.

Topology:

Firstly, access your main router’s WebUI and proceed to the Network section. From there, navigate to Routing and then Static Routes. Add three new routes accordingly. You can utilize the suggested subnets or choose alternative ones, ensuring they remain unused within your network.

It should look something like this:

Make sure that you choose lan for the interface and for the IPv4-Gateway write WAN IPs that you get from the main 192.168.2.0/24 subnet.

You can read more about static routes on our Teltonika Networks wiki page:

Next, proceed to connect to each router within the 192.168.1.0/24 subnet and configure iptables rules. To do that, connect to the WebUI and navigate to Network → Firewall → Custom Rules. By adding them here you will make sure that rules are executed each firewall restart.

Iptables rules should look something like this:

iptables -t nat -A PREROUTING -d 192.168.3.1 -j DNAT --to-destination 192.168.1.1
iptables -t nat -A PREROUTING -d 192.168.3.10 -j DNAT --to-destination 192.168.1.10
iptables -t nat -A PREROUTING -d 192.168.3.12 -j DNAT --to-destination 192.168.1.12
iptables -t nat -A PREROUTING -d 192.168.3.200 -j DNAT --to-destination 192.168.1.200

Ensure to save your changes by clicking the “Save” button once you’ve completed the configuration. Don’t forget to change 192.168.3.x IPs on other routers to 192.168.4.x and 192.168.5.x, or others that you chose to use for your configuration.

You can read more about Custom Rules on our wiki page:

This should help you reach each device without any IP conflicts. If you have any further questions or require additional assistance regarding this matter, please feel free to reach out to us.

Best regards,
Gytis

Thank you for your detailed explanations and instructions to solve the issue.
Your setup worked for me, but in addition I was required to add IP aliases to the WIFI interface. Otherwise the router was not reacting to the requests from the WAN network.
Best regards,
Vince

This topic was automatically closed after 24 days. New replies are no longer allowed.