We created a previous case, but this has been closed in the meantime.
We are trying to configure the following; remotely access devices connected to the RUT955 LAN from the RUT955 WAN by translating the destination from WAN to LAN.
e.g. laptop A (172.16.1.20) pings 172.16.1.3 (camera B), which is sent to the RUT955 - the RUT955 then translates/NAT this to 192.168.1.3 (camera B)
LAPTOP A: 172.16.1.20 (DG: 172.16.1.1)
RUT955 WAN: 172.16.1.1/24
RUT955 LAN: 192.168.1.1/24
CAMERA A: 192.168.1.2 (DG: 192.168.1.1)
CAMERA B: 192.168.1.3 (DG: 192.168.1.1)
We have tried by adding the following rules, but it seems the NAT isn’t working.
iptables -t nat -I PREROUTING -i eth1 -d 172.16.1.2 -j DNAT --to-destination 192.168.1.2
iptables -t nat -I PREROUTING -i eth1 -d 172.16.1.3 -j DNAT --to-destination 192.168.1.3
iptables -t nat -I POSTROUTING -o eth1 -s 192.168.1.2 -j SNAT --to-source 172.16.1.2
iptables -t nat -I POSTROUTING -o eth1 -s 192.168.1.3 -j SNAT --to-source 172.16.1.3
Using tcpdump we can see the pings towards 172.16.1.3 entering the RUT955, but then nothing happens.
Any suggestions on what we need to change or add?
The rules look fine. Could you please clarify if you put those rules in Network → Firewall → Custom rules? Make sure that you do not put
# before each rule.
Could you please share a screenshot of your routing table? This can be found in Status → Routes → Static → IPV4-Routes table. If there are any public IPs, please hide those before sharing a screenshot.
Yes, the rules are added to Custom Rules - no # infront of the rules.
Below you can find the routing table.
A ping from 172.16.1.10 (connected on WAN) towards 192.168.1.3 works (I guess that’s just routing), but towards 172.16.1.3 doesn’t seem to get forwarded to the default gateway (RUT955).
A ping from 172.16.1.10 (connected on LAN) towards 172.16.1.3 also doesn’t work.
You are trying to ping a device which is on the same network as your PC, so it assumes that it can reach it via MAC address (does ARP). Since the device is on another network, it does not get its MAC and drops the packet. It sends packets via default gateway when they are for other networks. On your PC, add a route to 172.16.1.3 via 172.16.1.1.
route add 172.16.1.3 mask 255.255.255.255 172.16.1.1
This topic was automatically closed after 15 days. New replies are no longer allowed.