SXT Point to Point NAT

glaso · October 17, 2011, 11:11pm

Hi:

I am trying to join two networks but I am having trouble with NAT configuration.

Here is the deal (please check the attached diagram):

I am installing IP cameras for a company, this company has the following internal network 10.211.1.X. They want the cameras to be in a different network so I configured the bridge SXT with 10.211.1.25 on the ethernet side and 192.168.1.10 on the wireless side. The station sxt is configured with the IP 192.168.1.11 on both sides (ethernet and wireless).

The idea is that the cameras should be accessed from within the company using an internal IP plus a port (one port for each camera), so the have to access the camera with 10.211.1.25:85

The IP of the camera (wich is connected to the station SXT via cable) is 192.168.1.150 and is listening to the port 85.

I configured the following NAT rule:

IP>firewall

NAT tab:
Chain: dstnat
dst address: 10.211.1.25
dst Port: 85

Actions tab:
Action: dst-nat
To addresses: 192.168.1.150
To Ports: 85

When I try to access the camera from within the company using http://10.211.1.25:85 , nothing happens. If I change the IP address of the computer to the network 192.168.1.X and I try to reach the camera using http://192.168.1.150:85 it works so it is not a problem with the link itself.

Thanks for your help!!!

sadeghrafie · October 18, 2011, 6:31am

Hi,
What is your configuration on SXT (Bridge)? Did you create a bridge interface and add wlan1 and ether1 to it?

I Have done such configuration In my place for IP camera with MK. I put the first SXT (which is connected to Company LAN) to ap bridge and the other on in station and the NAT rule worked.

glaso · October 18, 2011, 7:35am

Yes I did make the bridge in the station. In fact the bridge works if I access from a 192.168.1.x adress

sadeghrafie · October 18, 2011, 8:41am

It’s better to config such as this;

In first SXT (connected to Company lan) wlan1 wireless mode : ap bridge
don’t create a bridge on this RB. the IP addresses is correct

the second SXT config is right.

your nat rule should work know. I’ve done it before.

glaso · October 18, 2011, 9:49am

Hi:

I can’t use AP bridge mode, because the SXT has level 3 license.

uldis · October 18, 2011, 10:52am

use mode bridge instead of ap-bridge as modes=bridge can be used with level 3 license.

sadeghrafie · October 18, 2011, 12:39pm

I think it must work in bridge mode too. As Wiki says : bridge - Same as ap-bridge, but limited to one associated client, and you have just one client!!!

Would you give me some info for both SXTs:

/ IP firewall nat print detail
/ IP firewall filter print detail
/ IP routes print detail
/ IP address print detail
/ Interface print detail