Hi, I have several devices in network 10.10.43.X and one PLC ET200s with ip 192.168.1.32… I want to translate ip of this PLC that it will be accesible as ip 10.10.43.32. PLC (192.168.1.32) is connected to lan, and network (10.10.43.X) to wan. I tried to do it similar as in solution: RUT300 as a PC-PLC router
I cannot even ping the device. I run out of ideas what might be wrong, so I ask for help.
My setting as on pictures
Hello,
Thank you for reaching out.
To achieve your desired setup, adding DNAT and SNAT rules to the firewall should be sufficient.
The rules would look as follows:
iptables -t nat -A PREROUTING -i wan -d 10.10.43.32 -j DNAT --to-destination 192.168.1.32
iptables -t nat -A POSTROUTING -o lan -s 192.168.1.32 -j SNAT --to-source 10.10.43.32
Steps to Apply Rules
- Go to Network → Firewall → Custom Rules in the router’s WebUI.
- Add the above
iptablescommands to the Custom Rules section. - Save the changes.
Please test the setup after applying these rules, and let us know if further assistance is required.
Best regards,
Could you try applying the following rules to see if they make any difference?
iptables -t nat -I PREROUTING -d 10.10.43.32 -j DNAT --to-destination 192.168.1.32
iptables -t nat -I POSTROUTING -s 192.168.1.32 -j SNAT --to-source 10.10.43.32
Let us know if this helps or if further assistance is needed.
I tried and don’t see any difference
Hi, @automatyk3
I had a custumer at oct/2024, that try to use ?NAT to do what you are trying to do.
I am not a PCL engineer… and because I just have a few hours to help him… I choose to build a route network /29 for the ( three) small PLC and /25 for the " main " PLC.
It worked… and I build this network, over WiFi with RUT200.
small PLC
“main” PLC
I don’t know your network/project.
But… The solution that I provide to the customer, maybe will solve the problem.
Let’s start from a factory default reset condition.
After setting the password and changed to Advanced menu you must:
Set Wan side with the Static IP Address 10.10.43.32. Up to you to decide the subnet.
Set Lan side with the Static IP Address 192.168.1.200 (or the free address you prefer). Up to you to decide the subnet.
Do not touch the firewall rules/setting. No need
Add Port forward rule as follows (supposig you must connect to ET200s with S7 protocol which works on Port 102).
Name: Test
Protocol: TCP + UDP
Source Zone: Wan
External port: 102
Internal zone: Lan
Internal Ip address: 192.168.1.32
Move to Advanced settings of the port forward rule
Enable NAT loopback: Off (this is mandatory!!!)
Save&Apply
On PLC you must set the Gateway to the Router’s Lan Ip Address (192.168.1.200). If the PLC’s GW does not match the router address it will not work.
That’s it.
Notes:
There is no way to ping the PLC because the aswer will always come from the router but if you test the communication it will work.
Remember that the address you must use to read/write data will be the router’s wan ip address: 10.10.43.32
This approach works 100% but needs the PLC Gw to be adapted.
The only way to avoid the PC GW to be adapted is that the router switches the sender IP with its own Lan IP so the PLC sees that the message must be replied to something in its class (thus no need for a gateway).
Tried several solution with custom NAT rules proposed by many guys in even different forums but none of them was working.
As I wrote in my old enquiries if someone with all the stuff on its desk can get it work will be appreciated.
Anyway, the Port Forward method is working and in the meanwhile I am using it without troubles.
Regards.
@pippo it worked, thanks a lot!
I am glad to have been helpful.
Regards.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.