Firewall rule | NAT | dnat | forwarding ip


I want to forward (temporally) all my traffic from one IP to a destination IP in a different network on the some OpenWrt router (TP link archer C7 v5). =>
My "lan" network
My "Iot_zone" network

I tried this rule firework rule, but even a ping is not working:

> config nat
>         option src_ip ''
>         option dest_ip ''
>         option name 'HAOS_NAT'
>         option target 'ACCEPT'
>         list proto 'all'
> config forwarding
>         option dest 'iot_zone'
>         option src 'lan'

It is not clear what do you want to achieve.
If you want to forward all traffic destined to into then you need a DNAT.

uci add firewall redirect
uci set firewall.@redirect[-1].dest='lan'
uci set firewall.@redirect[-1].src='iot_zone'
uci set firewall.@redirect[-1].target='DNAT'
uci set firewall.@redirect[-1].name='test'
uci add_list firewall.@redirect[-1].proto='all'
uci set firewall.@redirect[-1].src_dip=''
uci set firewall.@redirect[-1].dest_ip=''
uci set firewall.@redirect[-1].reflection='0'
uci commit firewall
service firewall restart

If this is not what you want to do, explain it in a more clear way.

1 Like

Hey thanks for your response.Yes that is exactly what I'm looking for:
I wanted to forward all traffic destined to into

I did not know that DNAT has been placed under port forwarding in luci, but the config files firewall looks easy to understand.

But it not really working, unfortunately:
The DNAT is not working for device in the same Network (IOT
But it is working for device which are in a different Network.

I guess messages within the same Network are not really been routed. (even for WIFI devices)
So this firewall rule can not work in this case unfortunately .

Yes, exactly.


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.