I have read a lot of topics on this site already but i have not found a definitive solution to my problem yet.
I have multiple networks with the same ip adresses (172.16.0.0/24). I want to add a router (RUTX08) to each of these networks, after which is want te set up NAT on every router to translate to another ip range (10.128.x.0/24).
i have checked out these posts:
the wiki on 1 to 1 nat
But I cannot get it to work.
i have tried to add the following to the firewall custom rules:
iptables -t nat -I PREROUTING -s 10.128.1.0/24 -j NETMAP --to 172.16.0.0/24
iptables -t nat -I POSTROUTING -s 172.16.0.0/24 -j NETMAP --to 10.128.1.0/24
However, I am not able to ping from, for example, 10.128.1.59 to 10.128.1.58 (which is a device with ip address 172.16.0.58 on the LAN of the RUTX08).
I think there might be some problems with assigning the correct IP Addresses to the WAN and LAN port.
See the picture below of what I am trying to achieve. I think it is very similar to the problem in this post.
Each network will have its own router to do the NAT.
I am able to ping to the WAN port of the router from the 10.128.0.0/16 network.
Do I have to add static routes to the router as well? Maybe i messed up the firewall settings already, I might start with a fresh factory reset of the RUTX08. Do I need to change the zone settings?
I had added the LAN interface to the forward of destination and source of the WAN zone.
Does the Masquerading flag needs to be set on or off? I am guessing off…
My exact plan:
I have network (NW1) with a PLC with ip address 172.16.0.100/24 and some kind of server with ip 172.16.0.1/24 and a rutx with lan ip address 172.16.0.254.
and another network (NW2) with a PLC with ip address 172.16.0.100/24 and another server with ip 172.16.0.1/24 and a rutx with lan ip address 172.16.0.254.
I want to reach both PLC’s and servers from 1 computer in a different network 10.128.0.0/16.
Now I want NW1 to be translated to 10.128.1.0 and NW2 to be translated to 10.128.2.0. My idea is that, when both routers are set up correctly for NATting, i can ping to 10.128.1.100, and get a response from the PLC in NW1. That PLC will not know that the ping request was sent by a device in the 10.128.x.x network, it will think it is coming from a 172.16.1.x ip address.
I think that is where the problem occurs. But my knowledge of iptables and so on is too little to fully comprehend the problem I am facing. How does the PLC for example know to which ip the ping(icmp) packet has to be returned to?
I found this link which clarifies the pre and post routing a little bit, but it does provide me with enough knowledge to find my pain point.
Some side info: At the moment I only have 1 RUT connected to 1 PLC (172.16.0.100) through the LAN interface (172.16.0.254) and I am trying to ping that PLC from my computer (10.128.1.128) through the WAN interface (10.128.1.254). Maybe I have also made a mistake in forwarding the traffic between the LAN and WAN interface. This could be done using iptables as well I think.
So what I am looking for at this moment: Which rules to enter in the iptables and correctly forwarding/routing WAN to LAN and vice versa in order to ping that PLC.
Thanks a lot for taking the time to look into my problem! At least I am learning
I think the network traffic is not correctly transferred between the LAN and the WAN.
I am now trying to ping 172.16.0.100 from the 10.128.0.0 network by using the following rule. But I cannot get it to work