RUT995 local forwarding


We are trying to configure the following setup;

  • Teltonika is configured for the network
  • 2 cameras connected in the network
  • Teltonika receives requests for and and forwards/translates to and

With port forwarding towards it works, however we are unable to do so with NAT. Is this something we can accomplish through CLI?

Kind regards,


Could you please clarify if you have configured you WAN interface as LAN?

Also, does RUT955 get internet access from a SIM card?

I would suggest restoring the device configurations to defaults, and do the following:

Set LAN ports to be on the same network as the cameras, i.e. For example, Then, configure WAN port with an IP address of

After configuring the LAN and WAN settings, you can proceed to set up NETMAP rules. You can find an example for simiar case in this forum post here. Be sure to adjust the IP addresses to match your specific setup. These rules will handle incoming (prerouting) packets by directing them to the cameras in LAN and outgoing (postrouting) packets by rewriting their source to the network.

Kind Regards,

Hi AndezjJ,

No, the WAN is NOT configured as LAN. Would it be possible to do so with the WAN configured as LAN?

The RUT995 gets its internet access from the WAN - there is a 4G SIM inside, that acts as a failover to remotely access the RUT955 in case the WAN fails.

Do the NETMAP rules need to be added to Custom Rules?


Hi Tom,

The NETMAP rules are added to the “Custom Rules” indeed. However, during testing, I would suggest to enter the rules into the iptables manually with the CLI. Just type the rules as shown in the other topic into the CLI. If you mess up, or you want to remove the rules again, enter:

/etc/init.d/firewall restart

This restarts the firewall, and removes all the manually entered rules. (The rules in “Custom Rules” are not removed).

BTW, you don’t have to use NETMAP to NAT an entire subnet. You should be able to perform the following:

iptables -t nat -I PREROUTING -i eth1 -d -j DNAT --to-destination
iptables -t nat -I PREROUTING -i eth1 -d -j DNAT --to-destination
iptables -t nat -I POSTROUTING -o eth1 -s -j SNAT --to-source
iptables -t nat -I POSTROUTING -o eth1 -s -j SNAT --to-source

With eth1 being the WAN interface. You can check this in the interface settings of WAN.

Make sure you set the gateway in the camera’s to your router’s LAN IP. And in the laptop, the gateway should be set to (the WAN address of the router).

edit: LAN ip should be something like or (in the same subnet of the camera’s).


Hi Matthijs,

Currently the set-up is looking like this:

Teltonika WAN
Teltonika LAN
Camera’s 192.168.2 and .3 with .254 as GW

I added the rules you posted.

I can see a ping from to using the tcpdump commands you sent. When I ping to it gives me a destination unreachable. When I checked the tcpdump (using the commands supplied) I don’t see anything coming through.

I changed the command to tcpdump -i eth1 dst Now I still get a destination unreachable on the laptop, but now I see an ARP request in the tcpdump.


Is there anything that I am missing?


Have you also set the GW on the computer to

Can you also verify the interface names eth0 ams eth1? You can see it on the configuration pages of the interface.

If i can find the time, i will try and make a step by step instruction on a factory reset router.


This topic was automatically closed after 15 days. New replies are no longer allowed.