USG Flex with Nebula and iptables masquerade
Master Member
is it possible to use iptables with an USG Flex 200 and Nebula?
iptables -t nat -A POSTROUTING -s 10.10.20.100 -d 10.10.30.100 -j MASQUERADE
My vacuum cleaner Roborock S7 does not respond when client is not in the same subnet/vlan.
CLI would be also ok for me if it is permanent :-)
Thanks!
Accepted Solution
-
Hello @baba
Thanks for sharing captured packets with us. we noticed there is only one-way direction from vlan10 to vlan 30. The 10.10.30.X didn't respond to the initiated host 10.10.10.X host IP, not sure if it is a limitation for the vacuum cleaner, I mean the vacuum cleaner seems to only respond to the source IP which is from the same subnet.IP Client 1 (Server): 10.10.10.X (vlan 10)IP Client 2 (Xiaomi Roborock S7): 10.10.30.X (vlan30)Port 54321 Protocol UDP
Currently, we don't support this similar SNAT behavior just like the masquerade function, thanks again.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0
Zyxel Employee
All Replies
-
Do you mean that phone APP and Roborock S7 must in same subnet for connection?1
-
Hi @baba,Could you share your topology, usage scenario, and purpose with us?It's more clear to understand your requirement. Thanks.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0 -
@lalaland yes correctly. The Roborock API is only accessible within the same subnet.
@Zyxel_Jeff
Purpose: The API of the vaccuum cleaner "Xiaomi Roborock S7" is not accessible from other subnets.
Usage scenario: I want to connect to the api at 10.10.30.100:54321/udp (Client 2) from another subnet (Client 1).
Topology: USG Flex 200 -> NWA110AX -> Client 1: Server 10.10.20.100 (vlan20), Client 2: Roborock 10.10.30.100 (vlan30)
Do you need any other information?
Best, baba
0 -
Hello @baba
Could you enable Zyxel support for us(as below) and then tell us your org and site name via private message? We would like to check your settings, thanks.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0 -
baba said:Hi all,
is it possible to use iptables with an USG Flex 200 and Nebula?iptables -t nat -A POSTROUTING -s 10.10.20.100 -d 10.10.30.100 -j MASQUERADE
Hi @baba
Currently, we don't support this feature, thanks.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0 -
Hello @baba
Thanks for sharing captured packets with us. we noticed there is only one-way direction from vlan10 to vlan 30. The 10.10.30.X didn't respond to the initiated host 10.10.10.X host IP, not sure if it is a limitation for the vacuum cleaner, I mean the vacuum cleaner seems to only respond to the source IP which is from the same subnet.IP Client 1 (Server): 10.10.10.X (vlan 10)IP Client 2 (Xiaomi Roborock S7): 10.10.30.X (vlan30)Port 54321 Protocol UDP
Currently, we don't support this similar SNAT behavior just like the masquerade function, thanks again.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0
Ally Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
