Home/Support/Support Forum/WR31 NAT1:1 between Eth 0 and Eth 1
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

WR31 NAT1:1 between Eth 0 and Eth 1

0 votes
Hi

I need some guidance as to how to set up a DIGI Transport WR31 for the following scenario.

- DIGI connected via IPsec VPN on PPP1 (this is ok and working fine)
- Eth 0 is Set as the LAN for the VPN IP 10.30.10.0/24 (I can see this interface via VPN)
- Eth 1 is Set for a different Subnet 192.168.1.0/24

I would like to be able to NAT between the interfaces so 10.30.10.10 -> 192.168.1.10, so going to address 10.30.10.10 from the VPN will direct me to 192.168.1.10.

Not 100% sure how to do this and if it's actually possible using the firewall? Or would you use static routeing in some way?

Any help/guidance would be very appreciated.

cheers
asked Jan 25, 2018 in Digi TransPort Cellular by 0sm0 New to the Community (4 points)

Please log in or register to answer this question.

2 Answers

0 votes
 
Best answer
I ended up doing it a slightly different way.

Eth 0 became my LAN @ 192.168.1.0/24, eth 1 not used

I set the ipsec 0 Tunnel Negotiation to use 10.30.10.0/24

Then used Jame's Firewall rules for eth 0 and enroute 0

Firewall enabled for Eth 0 and PPP 1

works a treat.

cheers
answered Feb 5, 2018 by 0sm0 New to the Community (4 points)
selected Feb 12, 2018 by 0sm0
0 votes
you could use a firewall rule on the eth 1 interface so it changes the source address to the 10.30.10.10 address

this could cause problems on the traffic coming in on the VPN as if you setup a firewall to change the inbount traffic from 10.30.10.10 it would transfer all traffic so if you have a device on eth 0 it would never get packets


pass in break end on eth 1 from 192.168.1.0/24 to any -> 10.30.10.0/24

pass in break end oneroute X from any to 10.30.10.0/24 -> to 192.168.1.0/24

the X relates to the eroute it is connected to proberbly 0

you need to enable firewall on the eth 1 and eroute and you would need a

pass break end inspect-state

this should cover all the other traffic

you also might need further setting releated to PPP traffic

regards

James
answered Jan 26, 2018 by James.Wilson Veteran of the Digi Community (1,225 points)
...