Hi,
i setup a working OpenVPN server on OpenWRT 19.07 on a TL-WDR3600
I need to access devices on lan (192.168.1.0/24) but my remote lan is (192.168.1.0/24) too.
I try to add those commands : https://www.linuxtopia.org/Linux_Firewall_iptables/x4471.html
iptables -t nat -A PREROUTING -d 10.8.1.0/24 -j NETMAP --to 192.168.1.0/24
I get this message : iptables v1.8.3 (legacy): unknown option "--to"
I need your help !
Thank you
Hi,
I discover there is a NETMAP extension to use with iptables on Openwrt !
Does someone know how to load module with iptables.
I try to put iptables -m with no success.
iptables v1.8.3 (legacy): Couldn't load match `iptables-mod-dnetmap':No such file or directory
Thank you.
Have you installed both iptables-mod-dnetmap and kmod-ipt-dnetmap ?
Is the module loaded in lsmod?
Yes, i have installed the both extensions with opkg and the module is not loaded in lsmod.
What can i do for now, i'am lost 
Thank you for your help.
Load it first to verify it is working and then add it in /etc/modules.d/ to be available in the next boot.
I don't know how to load it ! i got this file on /usr/lib/iptables : libxt_DNETMAP.so
What is the output of opkg files kmod-ipt-dnetmap ; echo ; opkg files iptables-mod-dnetmap ?
Package kmod-ipt-dnetmap (4.14.171+2.14-8) is installed on root and has the following files:
/etc/modules.d/ipt-dnetmap
/lib/modules/4.14.171/xt_DNETMAP.ko
Package iptables-mod-dnetmap (2.14-8) is installed on root and has the following files:
/usr/lib/iptables/libxt_DNETMAP.so
You can load the module with insmod or modprobe. Or you can reboot the router and it will be loaded on next boot.
I reboot the router and have the same issue when i type the command. I dont know what i have to put after iptables -m (my command)
If you run again the lsmod, can you see xt_DNETMAP loaded?
Yes xt_DNETMAP is loaded but how to use it ?
Try it this way:
iptables -t nat -A PREROUTING -d 10.8.1.0/24 -j DNETMAP --prefix 192.168.1.0/24
It worked for me at least.
Thank you so much ! But why you change --too to --prefix ? i don't understand !
Without module installed i got this answer :
iptables v1.8.3 (legacy): unknown option "--prefix"
Well, you'll definitely need the module and apparently this is the correct syntax for this version of NETMAP. Don't ask, I was googling for half an hour to find it, everyone was using the --to with NETMAP, but apparently DNETMAP is different.
Ok, thank you again.
Now, i can try to go to the next step using iptables commands !
Hi All,
I come back after few days, making lot of tests from some treats,
I just got one time a response from a natted IP, but i can't reproduce the conditions of this little success
I don't know if DNETMAP is really working like NETMAP, i will make some try on Ubuntu Server.
Hi,
Thank you for your reply,
I make a test with a simple DNAT rule to change the destination address and it works directly !
10.8.1.173 is the "virtual ip" and 192.168.15.173 is the real host on lan side.
iptables -t nat -A PREROUTING -d 10.8.1.173/32 -j DNAT --to-destination 192.168.15.173
and if i type :
iptables -t nat -F PREROUTING
iptables -t nat -A PREROUTING -d 10.8.1.0/24 -j DNETMAP --prefix 192.168.15.0/24
nothing happen.
there is an exemple here with NETMAP
Does DNETMAP works really ?
Again you are looking at NETMAP, while this is DNETMAP.
Check the 3rd example from the ubuntu manpage link I posted above. It seems to be using DNETMAP on both PRE and POSTROUTING.