Set up a Wired Router to get access to devices on the LAN side that do not have a default gateway set using Network Address Translation (NAT) for One-to-One (1:1)
4.16 or higher
This document provides step by step procedures to set up communication to the LAN side of a wired router to devices that do not have a default gateway. For example, a plant floor has a wired router at various locations. Each device behind the wired router has the same LAN subnet i.e. 192.168.10.0/24 and no default gateway set on any device. Remote access to devices in that LAN will be problematic since all traffic outside of that LAN’s subnet will get dropped due to the lack of a configured default gateway. This document solves that problem by using a combination of Aliases, NAT, and Masquerading.
Part 1 - Setting up Alias on Eth0
In this example, we will use the following setup:
o WAN: 192.168.24.0/21,
o LAN: 192.168.10.0/24
Edit where needed to fit your network topology.
- Go to Networking – Interfaces – eth0 (WAN)
- Click Add under Interface Aliases
Set the following:
o Sub-Interface: 10
o IP Address: Enter IP in same network as WAN. Example: 192.168.31.47
o Subnet Mask: Enter correct subnet. Example: 255.255.248.0
Note: For additional devices on the LAN side, add additional Aliases for those devices
To set the IP address on the RAM, choose either DHCP, if a DHCP server is available on the WAN side or enter a static IP and subnet mask for Eth0. This example uses DHCP and therefore the RAM will obtain an IP address dynamically from the available DHCP Server.
When done entering all information, click Apply
Part 2 - Setting up NAT Rule
Go to Network – Firewall – Masquerade/NAT/DMZ Rules
Under NAT (One-To-One) Rules, click Add
Add the following Rule:
o Original Destination Address: Enter previously configured Alias. Ex. 192.168.31.47
o New Destination Address: Enter destination host IP on LAN side. Ex. 192.168.10.50
o Select Protocol: All
o Source network via Whitelist: default
Note: For additional devices on LAN side, add additional NAT rules for those devices.
Part 3 - Setting up Masquerade Rule
Here we set up masquerade rules to NAT the source subnet on the WAN side of Wired Router.
While on same screen as NAT rules, under Masquerade Rules, click Add
Enter the following:
o Original Source Subnet: Enter the WAN side’s network subnet. Ex. 192.168.24.0/21
o Interface: eth1