RUT360 not forwarding between un-bridged wifi and lan in same firewall 'lan' zone

amas008 · February 7, 2024, 9:35am

I am using a Rut360 on a boat with Raymarine equipment and cameras. As you can see below, I have configured a factory-reset Rut360 to create a wifi0 interface at a static 192.168.2.1/24 address with a DHCP server running. I have modified the ‘lan’ interface to be at a static 198.18.0.1/21 address, and have turned off DHCP on this lan interface. (The Raymarine equipment requires DHCP to be off.) The wifi0 and lan interfaces are NOT bridged. These wifi0 and lan interfaces are both in the lan firewall zone. This is shown below. Most other equipment (except for a hardwired laptop) is disconnected for testing.

Even though the wifi0 and lan interfaces are in the same lan firewall zone, my wifi-connected phone cannot ping the camera on the lan (or connect using http); a traceroute shows the traffic gets to the Rut360, and no further. However, the Rut360 GUI can ping the camera, which suggests the lan firewall zone is not forwarding between the lan and wifi0 interfaces. I have checked that ‘forward’ is allowed for the lan firewall zone,and masquerading is off. I have tried added static routes, and tried moving the wifi0 interface into its own firewall zone. But none of these work; the phone cannot ping the camera. I am stumped.
This is the Rut360 view. There is nothing plugged into the WAN ethernet port. The WAN cell connection is working.

Just to show the switch is working, you can see below that the Rut360 can see the camera and the phone on the expected interfaces:
ARP

IPv4-Address	MAC-Address	Interface
192.168.2.127	EE:44:40:D6:E5:63	wifi0
198.18.0.25	F4:B1:C2:D9:32:28	lan
198.18.0.9	4C:D7:17:46:3B:45	lan

Any suggestions?
Thanks,
Andrew

Daumantas · February 7, 2024, 10:29am

Hello,

The main issue here is that the camera does not have a default gateway configured. The traffic coming from the Android phone will have a source IP address of 192.168.2.127, and it WILL reach the camera, as RUT360 knows that the network is directly connected.
The issue is that since the Android phone is in a different network, the camera will not know where to send the packet back. The RUT360 is able to ping the camera, as it’s in the same network (198.18.0.0/21).
There are a few possible solutions here:

Set the RUT360 (198.18.0.1) as the default gateway on the camera;
Enable masquerading on the LAN zone of RUT360. This way all packets headed to the lan interface will contain the source IP of the RUT360. While this is not the best solution, it will work and is the easiest to configure;

One more note - while using 198.18.0.0/21 network will most likely work, as it uses the public IP address space you could encounter some routing issues with certain websites when the RUT360 is connected to the internet.
Let me know if neither of my suggestions help and I will look into the issue deeper.

Best regards,

amas008 · February 7, 2024, 11:56pm

Thanks for the quick response. I had started wondering about the return path. I will make the suggested changes and see if it fixes things. Much appreciated, Andrew

system · February 22, 2024, 9:36am

This topic was automatically closed after 15 days. New replies are no longer allowed.