We are trying to configure the following setup;
- Teltonika is configured for the 172.16.1.0/24 network
- 2 cameras connected in the 192.168.1.0/24 network
- Teltonika receives requests for 172.16.1.2 and 172.16.1.3 and forwards/translates to 192.168.1.2 and 192.168.1.3
With port forwarding towards 172.16.1.1 it works, however we are unable to do so with NAT. Is this something we can accomplish through CLI?
Could you please clarify if you have configured you WAN interface as LAN?
Also, does RUT955 get internet access from a SIM card?
I would suggest restoring the device configurations to defaults, and do the following:
Set LAN ports to be on the same network as the cameras, i.e. 192.168.1.0/24. For example, 192.168.1.254. Then, configure WAN port with an IP address of 172.16.1.1.
After configuring the LAN and WAN settings, you can proceed to set up NETMAP rules. You can find an example for simiar case in this forum post here. Be sure to adjust the IP addresses to match your specific setup. These rules will handle incoming (prerouting) packets by directing them to the cameras in LAN and outgoing (postrouting) packets by rewriting their source to the 172.16.1.0/24 network.
No, the WAN is NOT configured as LAN. Would it be possible to do so with the WAN configured as LAN?
The RUT995 gets its internet access from the WAN - there is a 4G SIM inside, that acts as a failover to remotely access the RUT955 in case the WAN fails.
Do the NETMAP rules need to be added to Custom Rules?
The NETMAP rules are added to the “Custom Rules” indeed. However, during testing, I would suggest to enter the rules into the iptables manually with the CLI. Just type the rules as shown in the other topic into the CLI. If you mess up, or you want to remove the rules again, enter:
This restarts the firewall, and removes all the manually entered rules. (The rules in “Custom Rules” are not removed).
BTW, you don’t have to use NETMAP to NAT an entire subnet. You should be able to perform the following:
iptables -t nat -I PREROUTING -i eth1 -d 172.16.1.2 -j DNAT --to-destination 192.168.1.2
iptables -t nat -I PREROUTING -i eth1 -d 172.16.1.3 -j DNAT --to-destination 192.168.1.3
iptables -t nat -I POSTROUTING -o eth1 -s 192.168.1.2 -j SNAT --to-source 172.16.1.2
iptables -t nat -I POSTROUTING -o eth1 -s 192.168.1.3 -j SNAT --to-source 172.16.1.3
With eth1 being the WAN interface. You can check this in the interface settings of WAN.
Make sure you set the gateway in the camera’s to your router’s LAN IP. And in the laptop, the gateway should be set to 172.16.1.1 (the WAN address of the router).
edit: LAN ip should be something like 192.168.1.1 or 192.168.1.254 (in the same subnet of the camera’s).
Currently the set-up is looking like this:
Teltonika WAN 172.16.1.1
Teltonika LAN 192.168.1.254
Camera’s 192.168.2 and .3 with .254 as GW
I added the rules you posted.
I can see a ping from 172.16.1.5 to 172.16.1.1 using the tcpdump commands you sent. When I ping to 172.16.1.2 it gives me a destination unreachable. When I checked the tcpdump (using the commands supplied) I don’t see anything coming through.
I changed the command to tcpdump -i eth1 dst 172.16.1.2. Now I still get a destination unreachable on the laptop, but now I see an ARP request in the tcpdump.
Is there anything that I am missing?
Have you also set the GW on the computer to 172.16.1.1?
Can you also verify the interface names eth0 ams eth1? You can see it on the configuration pages of the interface.
If i can find the time, i will try and make a step by step instruction on a factory reset router.
This topic was automatically closed after 15 days. New replies are no longer allowed.