NAT Rules OpenWrt

Hi everyone,

I have a problem with the NAT Rules in OpenWrt on Raspberry PI 4.
I want to connect two devices to two Interfaces (USB network adapter) that are in a different IP-range. The first device have the IP-adress 192.168.100.x and the second one have the IP-Adress 192.168.101.x. Now i want to use NAT to translate the packages from 100.x to 101.x and back. See my settings:

Can everyone tell me the right settings for that?
Witch ports I have to use?

Best regards

To translate them into what? What is the problem you are trying to solve here?

I have to send packages from my PC ( to another PC ( but it does not work with this settings.

Both interfaces are in LAN firewall zone, so, if you didn't change it, the intralan forward is allowed.
Both PCs must either use DHCP to get the settings or, if you use static, to configure the gateway for them as well. That is the IP of the OpenWrt in each network, e.g and

Why use NAT? Why not just use the router to... route?


How does it work with to different IP-Ranges?

Just like with every other router, gets from one IP range and sends it to another.


Witch settings I have to use for that?

You don't need to use any setting, it's the default behaviour.

1 Like

Thank´s, but it does not work..

  1. Are you using the as gateway?
  2. The gateway100 doesn't have RX (Receive) packets, so whatever you have connected there is not working.

The default setting of the firewall that is part of Windows will cause the Windows machine to not answer pings. Also the Windows Firewall can be configured to reject foreign RFC1981 ("private IP") LAN IPs but I don't know if that is the default.

1 Like
  1. No that only test name
  2. Thats my problem. So how can I use NAT when I have a Device with IP x.x.101.250 to Gateway101 (only the name of the USB-Interface) and want to ping the device with x.x.100.250 to Gateway100 ?
    Do you know where can be the problem?

That's not how NAT works. NAT takes the address the packet has come from (e.g. a device within a LAN) and rewrites it so it appears to be coming from a different address (most commonly the WAN gateway), then when the response to that packet comes back it does the opposite.

In your situation it's just simple routing. The fact it doesn't work indicates an issue with your network setup. Something is misconfigured. As a starting point it'd be useful to see the content of /etc/config/network and /etc/config/firewall.

permission denied...

Ah, so you're not after help then. Gotcha.

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/firewall
1 Like

That response indicates that you're on the Deutsche Telekom network... or that your intended traffic reached the Deutsche Telekom network.

And the network quite correctly dropped the traffic. This is normal.

This is because IP addresses in the RFC1918 ranges are not permitted on the public Internet; they're for private use only.

You're trying to ping from one computer to another. Are both computers even connected to the OpenWRT router in the first place?

1 Like

The poster was stating that when you enter the command you posted, it says "Permission Denied":

root@OpenWrt# /etc/config/network
-ash: /etc/config/network: Permission denied

The commands were noted by @psherman

cat /etc/config/network


cat /etc/config/firewall

@Jonas23 - you removed a pic:

This shouldn't have been possible - since and networks exist on on the same device - and hence should be a Kernel route. Something's odd here.

I assume the Windows machine does not use the OpenWrt pictured as it's gateway.

I also noticed no RX traffic on that interface.

1 Like