Hello everyone,
I have an RUT142, i assigned the lan port the address 192.168.1.254/24 and the wan port 192.168.2.254/24.
I want to set up a nat so i can ping a device (a plc) which has the address 192.168.1.1/24 connected to lan port from a pc (192.168.2.67/24) connected to the wan port, the nat i want to set up is 192.168.1.1 ----NAT----> 192.168.2.1 , i tried with web ui and with commands but can’t get it work.
Any solutions pls ?
Thanks
Hello,
Thank you for your inquiry.
In your case, adding iptables rules in Network → Firewall → Custom Rules should be sufficient.
Here are the custom rules for NAT:
iptables -t nat -I PREROUTING -d 192.168.2.254 -j DNAT --to-destination 192.168.1.1
iptables -t nat -I POSTROUTING -s 192.168.1.1 -j SNAT --to-source 192.168.2.254
Additionally, more detailed information on setting NAT rules between a LAN device and the WAN interface can be found in this article: RUTX 1-to-1 NAT.
I hope this helps! If you need further assistance, feel free to reach out.
Best regards,
Hello ,
Thank you for your response,
I tried and it worked, however I may have explained my problem badly, I have several devices in the lan side and this solution solves the problem when there is only one, can i do this for more than one device ? (that’s why I wanted to explore the nat)
Thank you.
Best regards
Hello,
Thank you for the clarification. If you’d like to access multiple devices in your LAN, you’ll need to modify the iptables rules to handle entire subnets rather than individual IP addresses. Here’s how you can adjust your rules:
iptables -t nat -I PREROUTING -d 192.168.2.254/24 -j DNAT --to-destination 192.168.1.0/24
iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.254/24
Let me know if you need any additional assistance.
Best regards,
Hello,
Thank you for this information, but how can one device in lan side be reached and not anothers from the wan side ?
Best regards,
Hello,
To reach a specific device in your LAN from the WAN side, you’ll need to modify the iptables
rules to target the exact IP address of that device rather than the entire subnet. Here’s an example of how you can configure the rules for a single device:
iptables -t nat -I PREROUTING -d 192.168.2.254 -j DNAT --to-destination 192.168.1.X
iptables -t nat -I POSTROUTING -s 192.168.1.X -j SNAT --to-source 192.168.2.254
Simply replace 192.168.1.X
with the specific IP address of the LAN device you wish to access. This will ensure that only this particular device is reachable from the WAN.
Alternatively, you may consider using Port Forwarding to access your LAN device from the WAN, which can be a more straightforward method. You can find detailed information on configuring port forwards here: Port Forwarding Guide.
Let me know if you need any further assistance.
Best regards,
This topic was automatically closed after 15 days. New replies are no longer allowed.