I’m trying to use Hass.io on a Rpi3 as a sort of a NAT router - getting LAN/internet access on wifi and serving DHCP on the ethernet port and I managed to configure it that way using a combo of the DHCP add-on and nmcli commands. However I’d like to access services on some of the devices connected to the eth0 port (like web) from the devices in the LAN area.
Turns out hassio comes with iptables so I thought this shouldn’t be very difficult. Lets say my wifi IP is 192.168.1.10, my eth0’s IP is 10.0.0.1 serving dhcp .2-.10 and I want to access port 80 on 10.0.0.5 by talking to port 11080 on 192.168.1.10:
# cat /proc/sys/net/ipv4/ip_forward
1
so forwarding should be an option.
iptables -I FORWARD 1 -p tcp -m state --state NEW,RELATED,ESTABLISHED --dport 80 -d 10.0.0.5 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d 192.168.1.10 --dport 11080 -j DNAT --to-destination 10.0.0.5:80
iptables -t nat -A POSTROUTING -p tcp -m tcp -s 10.0.0.5 --sport 80 -j SNAT --to-source 192.168.1.10
unfortunately this doesn’t work. port 11080 is not open on the hassio ‘public’ ip and although I can see some packets logged in the iptbales FORWARD rule I can’t reach the device at 10.0.0.5.
Any idea what I’m doing wrong?
Thx in advance