USG Flex with Nebula and iptables masquerade
Hi all,
is it possible to use iptables with an USG Flex 200 and Nebula?
My vacuum cleaner Roborock S7 does not respond when client is not in the same subnet/vlan.
CLI would be also ok for me if it is permanent :-)
Thanks!
is it possible to use iptables with an USG Flex 200 and Nebula?
iptables -t nat -A POSTROUTING -s 10.10.20.100 -d 10.10.30.100 -j MASQUERADE
My vacuum cleaner Roborock S7 does not respond when client is not in the same subnet/vlan.
CLI would be also ok for me if it is permanent :-)
Thanks!
0
Accepted Solution
-
Hello @baba
Thanks for sharing captured packets with us. we noticed there is only one-way direction from vlan10 to vlan 30. The 10.10.30.X didn't respond to the initiated host 10.10.10.X host IP, not sure if it is a limitation for the vacuum cleaner, I mean the vacuum cleaner seems to only respond to the source IP which is from the same subnet.IP Client 1 (Server): 10.10.10.X (vlan 10)IP Client 2 (Xiaomi Roborock S7): 10.10.30.X (vlan30)Port 54321 Protocol UDP
Currently, we don't support this similar SNAT behavior just like the masquerade function, thanks again.
See how you've made an impact in Zyxel Community this year!
0
All Replies
-
Do you mean that phone APP and Roborock S7 must in same subnet for connection?1
-
Hi @baba,Could you share your topology, usage scenario, and purpose with us?It's more clear to understand your requirement. Thanks.
See how you've made an impact in Zyxel Community this year!
0 -
@lalaland yes correctly. The Roborock API is only accessible within the same subnet.
@Zyxel_Jeff
Purpose: The API of the vaccuum cleaner "Xiaomi Roborock S7" is not accessible from other subnets.
Usage scenario: I want to connect to the api at 10.10.30.100:54321/udp (Client 2) from another subnet (Client 1).
Topology: USG Flex 200 -> NWA110AX -> Client 1: Server 10.10.20.100 (vlan20), Client 2: Roborock 10.10.30.100 (vlan30)
Do you need any other information?
Best, baba
0 -
Hello @baba
Could you enable Zyxel support for us(as below) and then tell us your org and site name via private message? We would like to check your settings, thanks.
See how you've made an impact in Zyxel Community this year!
0 -
-
Hello @baba
Thanks for sharing captured packets with us. we noticed there is only one-way direction from vlan10 to vlan 30. The 10.10.30.X didn't respond to the initiated host 10.10.10.X host IP, not sure if it is a limitation for the vacuum cleaner, I mean the vacuum cleaner seems to only respond to the source IP which is from the same subnet.IP Client 1 (Server): 10.10.10.X (vlan 10)IP Client 2 (Xiaomi Roborock S7): 10.10.30.X (vlan30)Port 54321 Protocol UDP
Currently, we don't support this similar SNAT behavior just like the masquerade function, thanks again.
See how you've made an impact in Zyxel Community this year!
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight