I have the following scenario: my router has a WAN IP 192.168.2.100 and LAN IP 192.168.0.1
I also have a server on the LAN with IP 192.168.0.100 listening on port 8085 that has to be available from the WAN. I have already set-up a destination NAT to redirect 192.168.2.100:8085 to 192.168.0.100:8085.
However, because of reasons that are out of my control, the server cannot answer to requests whose source IP is outside of 192.168.0.0/24. What I would like to implement is to change the source IP of all requests coming from the WAN to a fake IP in the LAN, let’s say 192.168.0.10 and let the router perform the source adresse translation.
I have tried many source NAT rules, but none of them work as they should. Most examples include a src-address field, which is unknown in this case.
What would be the proper way to implement this behavior ?
I have added another small server with a mock apache-based website to my LAN to try to isolate the problem.
After setting a simple dnat I can access the server from the WAN. However it stops being accessible when I enable the source nat rule.
When I run nmap, it displays the port as “filtered”
The address in to-addresses can’t be too fake, because server will see traffic coming from it and it will try to send responses there. And since the address is in local subnet, it must respond to ARP requests. Easy fix is to add it to router as second address on same interface where you have 192.168.0.1.