I've read through similar topics, but nothing seems to be working for me so far.
Fundamentaly, what I want to acheive is this:
I have multiple devices with a fixed unchangable IP (192.168.100.1).
I want to use multiple (1 for each fixed IP device) OpenWrt devices (GL.iNET GL-MT300N-V2) to integrate these into my local network (192.168.1.x).
I want to be able to access each of the fixed IP devices via an intermediate IP for each device on my local network - i.e. 1:1 NAT.
I figured I can configure the WAN port on the 192.168.100.x subnet, and the LAN port on the 192.168.1.x subnet for each router, but I cannot seem to talk to the fixed IP devices from my local network. I've tried using iptable rules and forwarding rules.
Anyone know how to setup such a network?
Should be doable.
But I'd put the WAN interface towards the .1.x side, and the LAN on the 100.1 side.
Then open the ports required in the FW, and forward the traffic to 100.1.
All of them have the same IP 192.168.100.1 or are they .1 , .2 , .3 etc ?
Thanks for the replies, I will try and get to testing soon.
All the fixed IP devices have the same IP 192.168.100.1 set by factory and unchangable.
Utilize the SNAT and DNAT rules like the ones mentioned above.
It might even be possible to set up one OpenWrt router for all devices using VLANs and PBR.
Sorry for the delayed reply, I just got to testing now. Cannot seem to get this to work?
I didn't think the additional interface portion of the link was necessary in my case (or is it?), so I haven't done that part (not sure how it would look in my case).
Any idea why I can't access the device via the intermediate IP? I can ping the device via the router diagnostics via its direct IP.
This is my firewall:
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option name 'lan'
option network 'lan'
config zone
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option name 'wan'
option network 'wan'
config forwarding
option dest 'lan'
option src 'wan'
config forwarding
option dest 'wan'
option src 'lan'
config redirect
option name 'dnat1'
option src 'wan'
option src_dip '192.168.100.1'
option dest 'lan'
option dest_ip '192.168.1.135'
option proto 'all'
option target 'DNAT'
config redirect
option name 'snat1'
option src 'lan'
option src_ip '192.168.1.135'
option src_dip '192.168.100.1'
option dest 'wan'
option proto 'all'
option target 'SNAT'
Swap the IPs in both redirects as 192.168.100.1 should be the destination.
Make sure that 192.168.100.1 is on the LAN side and matches your network config.
The router's LAN IP should be 192.168.100.2 and WAN IP should match the option src_dip.
Thanks for the fast reply.
OK thanks for clarifying about the WAN IP of the router, as I did have that as a different IP.
I still cannot ping the device (I'm actually testing with a simple PC to ensure nothing strange in the device complicates things).
Here is my network:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdfa:c7ba:801d::/48'
config interface 'lan'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option hostname 'GL-MT300N-V2-66c'
option ipaddr '192.168.100.2'
config interface 'wan'
option ifname 'eth0.2'
option proto 'static'
option netmask '255.255.255.0'
option metric '10'
option ipaddr '192.168.1.135'
config device 'wan_dev'
option name 'eth0.2'
option macaddr '94:83:c4:04:a6:6c'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0 6t'
firewall:
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option name 'lan'
option network 'lan'
config zone
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option name 'wan'
option network 'wan'
config forwarding
option dest 'lan'
option src 'wan'
config forwarding
option dest 'wan'
option src 'lan'
config redirect
option name 'dnat_rob'
option src 'wan'
option src_dip '192.168.1.135'
option dest 'lan'
option dest_ip '192.168.100.1'
option proto 'all'
option target 'DNAT'
config redirect
option name 'snat_rob'
option src 'lan'
option src_ip '192.168.100.1'
option src_dip '192.168.1.135'
option dest 'wan'
option proto 'all'
option target 'SNAT'
Specify gateway and DNS on the WAN interface and enable masquerading on the LAN zone.
Thanks heaps for stepping me through it. Specifying a gateway and enabling masquerading did the trick. Able to talk to the device!
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.