RUT140 1:1 NAT Troubles

NETWORKING SOLUTIONS
1

Hi, I need to configure a RUT140 (FW RUT14X_R_00.07.12.3) router to NAT two devices, A and B, from LAN into WAN and vice-versa. The router’s WAN interface has a static IP 10.0.1.50 and the LAN interface has a static IP 10.0.2.4.

The LAN side devices, A and B, have IPs 10.0.2.1 and 10.0.2.2, both have the gateway address assigned to 10.0.2.4, so as depicted here:

PLC
PLC547×276 25.8 KB

My devices A and B are connected, I can ping them from the router, but the network address translation does not work, as when I ping from a device on WAN side (via addresses 10.0.1.51 and 10.0.1.52), no response comes.

Ping
Ping380×205 9.09 KB

Topology
Topology1477×201 10.9 KB

I tried to add the NAT rules with the web interface and also with the custom iptables rules below:

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.

############################################
# 1. PREROUTING (DNAT): WAN -> LAN
############################################
# Forward traffic destined for 10.0.1.51 to 10.0.2.1
iptables -t nat -A PREROUTING -i eth0.2 -d 10.0.1.51 -j DNAT --to-destination 10.0.2.1

# Forward traffic destined for 10.0.1.52 to 10.0.2.2
iptables -t nat -A PREROUTING -i eth0.2 -d 10.0.1.52 -j DNAT --to-destination 10.0.2.2

############################################
# 2. POSTROUTING (SNAT): LAN -> WAN
############################################
# When 10.0.2.1 goes out eth0.2, make it appear from 10.0.1.51
iptables -t nat -A POSTROUTING -o eth0.2 -s 10.0.2.1 -j SNAT --to-source 10.0.1.51

# When 10.0.2.2 goes out eth0.2, make it appear from 10.0.1.52
iptables -t nat -A POSTROUTING -o eth0.2 -s 10.0.2.2 -j SNAT --to-source 10.0.1.52

############################################
# 3. FORWARD: Allow the traffic
############################################
# Forward traffic to/from device A
iptables -A FORWARD -i eth0.2 -o br-lan -d 10.0.2.1 -j ACCEPT
iptables -A FORWARD -o eth0.2 -i br-lan -s 10.0.2.1 -j ACCEPT

# Forward traffic to/from device B
iptables -A FORWARD -i eth0.2 -o br-lan -d 10.0.2.2 -j ACCEPT
iptables -A FORWARD -o eth0.2 -i br-lan -s 10.0.2.2 -j ACCEPT

Nothing seems to work. When I try to ping from the WAN interface, no traffic is recorded on the LAN side, unlike when I ping the device IPs directly from the router, so I know that there is a problem in the router at least.

What am I doing wrong or forgetting?

Best regards,

2

The problem was solved when I created a new and different WAN interface for each mapped WAN IP.

3

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.