I have a site-to-site vpn from AWS to my teltonika router Rut11x, i need to let a host from AWS to go througth internet via the teltonika router to get a service that can only be reachvia the teltonika router.
The VPN is al ready up and i can access AWS from the LAN of the teltonika but now i need a Server on the AWS side to go througth the mobile netwrok to a service.
the VPN is passing via the copper WAN port and the Service that i need to reach is over the WAN MOBILE PORT, i have all ready created added a firewall rule to permit the trafffico from the VPN to go to the wan but apparently it does not nat the AWS server ip before sending the traffic is there a way to do this?
Hello!
Yes, you need to configure Source NAT (SNAT) or Masquerading on your Teltonika RUT11x. In the router’s firewall/NAT settings, create a rule where the source interface is your VPN, the destination is your TxTag Toll mobile WAN, and the source IP is the AWS host’s private IP. Choose “Masquerade” as the SNAT action. Ensure a firewall rule permits traffic from the VPN to the WAN. This will translate the AWS host’s IP to the mobile WAN’s public IP, allowing internet access.
thanks for the reply. @James015Sims
this is the nat rule>
i did it with mascarade.
!
!
and this is the firewall rule>
!
!
that what i had but i change the nat with mascarade insted of SNAT, but still the AWS SRV cant reach the server on the mobile network.
does the configuration makes sense?
Hello,
Just wanted to check, was the initially described issue with the setup resolved? Typically, for this type of scenario to work, you actually don’t need any additional firewall NAT or traffic rules. Enabling masquerading on the LAN zone (Network → Firewall → Zones) alone should be sufficient to allow outbound connections and replies from the mobile network side:
Let me know if it’s working now or further assistance is needed.
Best regards,
