I bought a seeed router with OpenWRT in hopes of setting up a 1:1 NAT on the two ports of the device.
I have a network on 192.168.50.xxx attached to one port. I have a single device at 192.168.125.001 on the second port. I'd like to make the device available on the network at 192.168.50.100.
Is this possible?
Thank you
Yes - with the WAN port assigned the IP 192.168.50.100, add the following firewall config to the OpenWrt:
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option name 'seeed'
option proto 'all'
option dest_ip '192.168.125.1'
Thank you @lleachii for the response.
That doesn't seem to do the whole trick.
Here is the current firewall config:
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option fullcone '1'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'ACCEPT'
list network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include 'zerotier'
option type 'script'
option path '/etc/zerotier.start'
option reload '1'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config include 'gowebdav'
option type 'script'
option path '/var/etc/gowebdav.include'
option reload '1'
config include 'luci_app_ipsec_server'
option type 'script'
option path '/var/etc/ipsecvpn.include'
option reload '1'
config include 'passwall'
option type 'script'
option path '/var/etc/passwall.include'
option reload '1'
config include 'passwall_server'
option type 'script'
option path '/var/etc/passwall_server.include'
option reload '1'
config include 'luci_app_pptp_server'
option type 'script'
option path '/var/etc/pptpd.include'
option reload '1'
config include 'socat'
option type 'script'
option path '/var/etc/socat.include'
option reload '1'
config include 'ssr_mudb_server'
option type 'script'
option path '/var/etc/ssr_mudb_server.include'
option reload '1'
config rule 'kms'
option name 'kms'
option target 'ACCEPT'
option src 'wan'
option proto 'tcp'
option dest_port '1688'
config include 'openclash'
option type 'script'
option path '/var/etc/openclash.include'
option reload '1'
config include 'shadowsocksr'
option type 'script'
option path '/var/etc/shadowsocksr.include'
option reload '1'
config include 'mia'
option type 'script'
option path '/etc/mia.include'
option reload '1'
config rule 'openvpn'
option name 'openvpn'
option target 'ACCEPT'
option src 'wan'
option proto 'tcp udp'
option dest_port '1194'
config zone 'vpn'
option name 'vpn'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option masq '1'
option network 'vpn0'
config forwarding 'vpntowan'
option src 'vpn'
option dest 'wan'
config forwarding 'vpntolan'
option src 'vpn'
option dest 'lan'
config forwarding 'lantovpn'
option src 'lan'
option dest 'vpn'
config include 'unblockmusic'
option type 'script'
option path '/var/etc/unblockmusic.include'
option reload '1'
config include 'softethervpn'
option type 'script'
option path '/usr/share/softethervpn/firewall.include'
option reload '1'
config include 'v2ray_server'
option type 'script'
option path '/var/etc/v2ray_server.include'
option reload '1'
config include 'wrtbwmon'
option type 'script'
option path '/etc/wrtbwmon.include'
option reload '1'
config zone 'docker'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option name 'docker'
list network 'docker'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option name 'seeed'
option proto 'all'
option dest_ip '192.168.125.1'
Here is the network config:
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
option ula_prefix 'fd95:27c5:3e18::/48'
option packet_steering '1'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option device 'br-lan'
option ipaddr '192.168.160.99'
config interface 'wan'
option device 'eth1'
option proto 'static'
option ipaddr '192.168.160.98'
config interface 'vpn0'
option proto 'none'
option device 'tun0'
config interface 'docker'
option device 'docker0'
option proto 'none'
option auto '0'
config device
option type 'bridge'
option name 'docker0'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
I'm sorry @lleachii , it looks like my original post and my testing used different ip addresses.
In my test setup.
lan port is 192.168.160.99
wan port is 192.168.160.98
device is connected to wan port with ip 192.168.125.1
I took the default config for this router and added:
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option name 'seeed'
option proto 'all'
option dest_ip '192.168.125.1'
as i am trying to make that device connected to the wan port available at 192.168.160.98 (in this test setup).
my development machine is connected to the lan port with an ip address of 192.168.160.200. I am trying ping and/or connect to the device at 192.168.160.98 (which would NAT to 192.168.125.1?)
???
LAN cannot be numbered the same as WAN.
???
Where is the 192.168.125.0 network???