Hello community, I'm learning with Teltonika products and have the following question:
I have two different networks on WAN and LAN. I log in from the LAN side and can reach the devices behind the WAN, but if I log in from the WAN side, I can't reach any devices behind the LAN! What's the simplest rule for two-way communication? Thanks.
Hello,
By default, the firewall on our devices disallows traffic from WAN → LAN. In your case, you would need to edit the WAN zone settings in the firewall to allow forwarding to the LAN destination zone and allow input inside on WAN zone as well:
If this still does not allow you to reach devices behind the LAN, you may also need to add a simple static route:
Go to Network → Routing → Static Routes and add a route to the LAN interface, with the target specified as your LAN subnet (e.g. 192.168.1.0/24), via the gateway of your WAN IP address.
Let me know how it goes and if additional assistance is needed.
Best regards,
Hello and thank you for your reply.
Unfortunately, I followed your instructions to the letter, but when I accessed the WAN interface (192.168.110.x), I can't reach any device (192.168.113.x).
The model is RUT 951 with the latest firmware R_00.07.17.1.
These are my WAN and LAN interface settings, and the static route I added.
Hello,
Thanks for the update. From the screenshots you shared, the upstream gateway 192.168.110.1 doesn’t know how to forward traffic to 192.168.113.0/24. The route’s next hop is currently set to the WAN gateway itself, but it should point to the RUT951’s WAN IP (192.168.110.91) so that return traffic for 192.168.113.0/24 is sent back via the RUT951.
In other words, the static route’s gateway should be 192.168.110.91.
Furthermore, to better understand your setup, could you share a simple topology sketch including IP addresses/subnets of the hosts so I can try to replicate the scenario on our side?
Best regards,
Hi,
I changed the IPv4 Gateway to 192.168.110.91, but there’s no change!
Here is what I want to achieve:
192.168.110.x devices must communicate with 192.168.113.x devices and vice versa.
The RUT951 is within a local network and the main ROUTER has an external firewall!
How can I do this please?
Hello,
Thank you for your patience.
I’ve replicated a similar setup on my side, and here’s what needs to be configured so that devices from the 192.168.110.0/24 network can communicate with hosts in the 192.168.113.0/24 network:
On the upper 192.168.110.1/24 router:
- Add a single static route to
192.168.113.0/24 (LAN)via192.168.110.91:
On the 192.168.113.1/24 router (RUT951):
-
Add a single static route to
192.168.110.0/24 (WAN)via192.168.110.1:
-
In the firewall WAN zone settings, make sure LAN zone is added to “Allow forward to destination zones”:
This way, both routers will know how to reach the opposite subnet, and the firewall should allow the traffic to pass between them.
Let me know how it goes.
Best regards,
Hi, Thank you for your patience with me! I replicated the configuration, and on the WAN side, I can only access the Rut951’s web interface (LAN 192.168.113.1). I also tried another Rut951, starting from scratch, but nothing changes. I can’t reach any device connected to the LAN side (192.168.113.0). In the image I’m showing you, I’m trying to reach one of the devices with the IP address 192.168.113.101!! Hoping to resolve the issue, best regards.
Hi, sorry… I’m correcting this… the configuration is working! The device I was trying to reach (192.168.113.101) was another RUT… the other devices are reachable! I just need to test this configuration with Failover/Wireguard. If I run into any difficulties, can I continue on this topic or do I need to open a new one? Thanks so much for your support!!!
Hello @falchi,
Thank you for your correction and update! I’m really glad I could help you with your routing setup.
Regarding any future questions or challenges: if you run into any difficulties with failover, VPN, or any other setup that’s unrelated to the topic discussed here, please create a new thread on the forum, and we’ll be happy to assist you there.
Best regards,
1 Like