0
Votes

NAT Masquerade Exception

 
0
Votes

NAT Masquerade Exception

NAT Masquerade Exception
NAT Masquerade Exception
2024-08-22 21:58:14 - last edited 2024-08-23 08:49:19
Model: ER605 (TL-R605)  
Hardware Version:
Firmware Version:

As per https://community.tp-link.com/en/business/forum/topic/571608, I need to make an exception in the default masquerade rule for another local subnet outside of the local network beyond the ER605. Is this possible yet or is it likely to be?

#1
Options
6 Reply
Re:NAT Masquerade Exception
2024-08-23 00:55:06

Hi @L2K 

Thanks for posting in our business forum.

You can try out the label and search for the keywords. I think you are talking about the same thing as this accepted request.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
#2
Options
Re:NAT Masquerade Exception
2024-08-23 07:55:44

  @Clive_A 

I'm using a software controller and the latest version is currently 5.14.26.1 so looks like I'll have to wait, but I do notice that it seems that thread is saying you can turn NAT on or off entirely, but I am wanting to add an exception for a single subnet, not turn NAT off entirely so not sure if that is *exactly* the same thing as I am requesting?

#3
Options
Re:NAT Masquerade Exception
2024-08-23 08:07:52

Hi @L2K 

Thanks for posting in our business forum.

L2K wrote

  @Clive_A 

I'm using a software controller and the latest version is currently 5.14.26.1 so looks like I'll have to wait, but I do notice that it seems that thread is saying you can turn NAT on or off entirely, but I am wanting to add an exception for a single subnet, not turn NAT off entirely so not sure if that is *exactly* the same thing as I am requesting?

Not entirely, partially disable the NAT?

We are not an open-source system where you can use the CLI to partially disable the NAT. I understand that might be possible on OpenWRT with the iptables or anything similar. W

It has iptables built-in, I think. But I don't think we ever opened the system to users for willingly changing them.

 

Curious, how do you achieve this on the third-party router? This can be split?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
#4
Options
Re:NAT Masquerade Exception
2024-08-23 08:36:30

Clive_A wrote

Hi @L2K 

Thanks for posting in our business forum.

 

Curious, how do you achieve this on the third-party router? This can be split?

  @Clive_A 

 

Using Mikrotik currently so I could just add a !192.168.0.0.16 to the masquerade rule for instance to masquerade everything except for the designated subnet.

#5
Options
Re:NAT Masquerade Exception
2024-08-23 08:49:10

Hi @L2K 

Thanks for posting in our business forum.

L2K wrote

Clive_A wrote

Hi @L2K 

Thanks for posting in our business forum.

 

Curious, how do you achieve this on the third-party router? This can be split?

  @Clive_A 

 

Using Mikrotik currently so I could just add a !192.168.0.0.16 to the masquerade rule for instance to masquerade everything except for the designated subnet.

What would be the name of this feature?

Like the title? Or a different name. I will take a look at it.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
#6
Options
Re:NAT Masquerade Exception
2024-08-23 09:20:21 - last edited 2024-08-23 09:28:39

  @Clive_A

I think the title is pretty close, as a layman. Not sure what the exact term wouold be in the world of network engineering, coming from the Mikrotik world there are so many options for every rule I'm not sure every single option has a specific name.

 

Not sure if my exact setup is unique but I have a double NAT setup where the Omada router WAN is a client of the DMZ network (where all the DNS and web servers are) but all the traffic for these devices just shows up as coming from the Omada router WAN IP so the logs on the web/DNS servers are useless. I just want to not masquerade/NAT the traffic to this DMZ subnet but everything else can be NATted.

 

It wouldn't be a major issue if I just turned NAT off entirely here as I am obviously already on a NATted network but the NAT on the Omada router just keeps the traffic out of the DMZ that isn't destined for the DMZ. The setup we have here is becoming more common in the way we set up networks on smaller client sites where we have this DMZ for some local devices doing analytics/security. Here the network setup is the same but rather than DNS/web servers we have client devices like cameras that need to have their source IP revealed to the analytics servers. Again we could just turn NAT off entirely but I am just trying to keep some seperaton where possible.

#7
Options