I need some guidance as to how to set up a DIGI Transport WR31 for the following scenario.
- DIGI connected via IPsec VPN on PPP1 (this is ok and working fine)
- Eth 0 is Set as the LAN for the VPN IP 10.30.10.0/24 (I can see this interface via VPN)
- Eth 1 is Set for a different Subnet 192.168.1.0/24
I would like to be able to NAT between the interfaces so 10.30.10.10 -> 192.168.1.10, so going to address 10.30.10.10 from the VPN will direct me to 192.168.1.10.
Not 100% sure how to do this and if it’s actually possible using the firewall? Or would you use static routeing in some way?
Any help/guidance would be very appreciated.
you could use a firewall rule on the eth 1 interface so it changes the source address to the 10.30.10.10 address
this could cause problems on the traffic coming in on the VPN as if you setup a firewall to change the inbount traffic from 10.30.10.10 it would transfer all traffic so if you have a device on eth 0 it would never get packets
pass in break end on eth 1 from 192.168.1.0/24 to any -> 10.30.10.0/24
pass in break end oneroute X from any to 10.30.10.0/24 -> to 192.168.1.0/24
the X relates to the eroute it is connected to proberbly 0
you need to enable firewall on the eth 1 and eroute and you would need a
pass break end inspect-state
this should cover all the other traffic
you also might need further setting releated to PPP traffic
I ended up doing it a slightly different way.
Eth 0 became my LAN @ 192.168.1.0/24, eth 1 not used
I set the ipsec 0 Tunnel Negotiation to use 10.30.10.0/24
Then used Jame’s Firewall rules for eth 0 and enroute 0
Firewall enabled for Eth 0 and PPP 1
works a treat.