USG Flex with Nebula and iptables masquerade
Options
Hi all,
is it possible to use iptables with an USG Flex 200 and Nebula?
My vacuum cleaner Roborock S7 does not respond when client is not in the same subnet/vlan.
CLI would be also ok for me if it is permanent :-)
Thanks!
is it possible to use iptables with an USG Flex 200 and Nebula?
iptables -t nat -A POSTROUTING -s 10.10.20.100 -d 10.10.30.100 -j MASQUERADE
My vacuum cleaner Roborock S7 does not respond when client is not in the same subnet/vlan.
CLI would be also ok for me if it is permanent :-)
Thanks!
0
Accepted Solution
-
Hello @baba
Thanks for sharing captured packets with us. we noticed there is only one-way direction from vlan10 to vlan 30. The 10.10.30.X didn't respond to the initiated host 10.10.10.X host IP, not sure if it is a limitation for the vacuum cleaner, I mean the vacuum cleaner seems to only respond to the source IP which is from the same subnet.IP Client 1 (Server): 10.10.10.X (vlan 10)IP Client 2 (Xiaomi Roborock S7): 10.10.30.X (vlan30)Port 54321 Protocol UDP
Currently, we don't support this similar SNAT behavior just like the masquerade function, thanks again.
0
All Replies
-
Do you mean that phone APP and Roborock S7 must in same subnet for connection?1
-
Hi @baba,Could you share your topology, usage scenario, and purpose with us?It's more clear to understand your requirement. Thanks.0
-
@lalaland yes correctly. The Roborock API is only accessible within the same subnet.
@Zyxel_Jeff
Purpose: The API of the vaccuum cleaner "Xiaomi Roborock S7" is not accessible from other subnets.
Usage scenario: I want to connect to the api at 10.10.30.100:54321/udp (Client 2) from another subnet (Client 1).
Topology: USG Flex 200 -> NWA110AX -> Client 1: Server 10.10.20.100 (vlan20), Client 2: Roborock 10.10.30.100 (vlan30)
Do you need any other information?
Best, baba
0 -
Hello @baba
Could you enable Zyxel support for us(as below) and then tell us your org and site name via private message? We would like to check your settings, thanks.
0 -
-
Hello @baba
Thanks for sharing captured packets with us. we noticed there is only one-way direction from vlan10 to vlan 30. The 10.10.30.X didn't respond to the initiated host 10.10.10.X host IP, not sure if it is a limitation for the vacuum cleaner, I mean the vacuum cleaner seems to only respond to the source IP which is from the same subnet.IP Client 1 (Server): 10.10.10.X (vlan 10)IP Client 2 (Xiaomi Roborock S7): 10.10.30.X (vlan30)Port 54321 Protocol UDP
Currently, we don't support this similar SNAT behavior just like the masquerade function, thanks again.
0
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 76 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 897 Nebula FAQ
- 415 Security FAQ
- 233 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight