Solved: Access a device with fixed IP, wo default gateway from other subnet

Dkrioms · ‎02-17-2025

I have a Fritzbox (8.02) with the 192.168.0.1 and some devices in the subnet 192.168.0.1/24.

All devices can access the Internet via the Fritzbox and communicate with each other.

The Fritzbox and the devices in the subnet 192.168.0.1/24 are connected with an unmanaged switch.

In other words, a simple, classic structure.

I have now received a device (PPC LTE Smart Meter Gateway) with a fixed, unchangeable address 192.168.1.200.

The device with the address 192.168.1.200, let's call it ‘SMGW’, has no default gateway, the network settings of this device cannot be changed.

I would like to be able to access the SMGW from the devices in the subnet 192.168.0.1/24.

I think a Cisco SG250-08 (Firmware Version (Active Image): 2.5.9.54), which I have in my inventory, could help.

However, I have not yet found a suitable configuration.

With my configuration (see below) I can

access the Cisco SG250-08 (192.168.1.1) with the devices in the subnet 192.168.0.1/24.
access a Raspberry in subnet 192.168.1.1/24 (192.168.1.14) with the devices in subnet 192.168.0.1/24.
access the Internet with the devices in the subnet 192.168.0.1/24.
access the Internet with the devices in the subnet 192.168.1.1/24.
access the SMGW (192.168.1.200) with the devices in the subnet 192.168.1.1/24.

I cannot access the SMGW (192.168.1.200) with the devices in the 192.168.0.1/24 subnet.
But that is the target.

Configuration of the Cisco SG250-08:

SG250-08#show run
config-file-header
SG250-08
v2.5.9.54 / RCBS3.1_930_871_120
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
!
unit-type-control-start
unit-type unit 1 network gi uplink none
unit-type-control-end
!
vlan database
vlan 2
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone
voice vlan oui-table add 00036b Cisco_phone
voice vlan oui-table add 00096e Avaya                 
voice vlan oui-table add 000fe2 H3C_Aolynk
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone
voice vlan oui-table add 00e075 Polycom/Veritel_phone
voice vlan oui-table add 00e0bb 3Com_phone
arp timeout 60000
ip dhcp relay address 192.168.1.14
ip dhcp relay enable
bonjour interface range vlan 1-2
hostname SG250-08
username ...
ip ssh server
clock timezone J 1
clock summer-time web recurring eu
no clock source sntp
clock source browser
clock dhcp timezone
!
interface vlan 1
 name "Vlan1"
 ip address 192.168.0.102 255.255.255.0
 no ip address dhcp                                   
!
interface vlan 2
 name "Vlan2"
 ip address 192.168.1.1 255.255.255.0
 ip dhcp relay enable
!
interface GigabitEthernet1
 switchport access vlan 2
 switchport general pvid 2
 switchport trunk native vlan 2
!
interface GigabitEthernet2
 switchport access vlan 2
 switchport general pvid 2
 switchport trunk native vlan 2
!
interface GigabitEthernet3
 switchport access vlan 2
 switchport general pvid 2
 switchport trunk native vlan 2
!
interface GigabitEthernet6                            
 switchport trunk allowed vlan 1,3-4094
!
interface Port-Channel1
 no switchport
 switchport access vlan 2
!
interface Port-Channel2
 no switchport
 switchport access vlan 2
!
interface Port-Channel3
 no switchport
 switchport access vlan 2
!
interface Port-Channel4
 no switchport
 switchport access vlan 2
!
exit
ip default-gateway 192.168.0.1
SG250-08# show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static


S   0.0.0.0/0 [1/4] via 192.168.0.1, 08:11:08, vlan 1                      
C   192.168.0.0/24 is directly connected, vlan 1                           
C   192.168.1.0/24 is directly connected, vlan 2                           

SG250-08#show ip arp
% Unrecognized command
SG250-08#show ip interface


    IP Address        I/F    I/F Status  Type   Directed  Prec Redirect Status 
                             admin/oper         Broadcast                      
------------------ --------- ---------- ------- --------- ---- -------- ------ 
192.168.0.102/24   vlan 1    UP/UP      Static  disable   No   enable   Valid  
192.168.1.1/24     vlan 2    UP/UP      Static  disable   No   enable   Valid  

SG250-08#show interface status               
                                             Flow Link          Back   Mdix
Port     Type         Duplex  Speed Neg      ctrl State       Pressure Mode
-------- ------------ ------  ----- -------- ---- ----------- -------- -------
gi1      1G-Copper    Full    100   Enabled  Off  Up          Disabled On     
gi2      1G-Copper    Full    1000  Enabled  Off  Up          Disabled On     
gi3      1G-Copper    Full    1000  Enabled  Off  Up          Disabled On     
gi4      1G-Copper    Full    100   Enabled  Off  Up          Disabled Off    
gi5      1G-Copper    Full    100   Enabled  Off  Up          Disabled On     
gi6      1G-Copper    Full    100   Enabled  Off  Up          Disabled Off    
gi7      1G-Copper    Full    100   Enabled  Off  Up          Disabled On     
gi8      1G-Copper    Full    1000  Enabled  Off  Up          Disabled On     

                                          Flow    Link        
Ch       Type    Duplex  Speed  Neg      control  State       
-------- ------- ------  -----  -------- -------  ----------- 
Po1         --     --      --      --       --    Not Present 
Po2         --     --      --      --       --    Not Present 
Po3         --     --      --      --       --    Not Present 
Po4         --     --      --      --       --    Not Present 
SG250-08#
SG250-08#show arp

Total number of entries: 19


  VLAN    Interface     IP address        HW address          status      
--------------------- --------------- ------------------- --------------- 
vlan 1     gi8        192.168.0.1     dc:39:6f:ad:6a:a6   dynamic         
vlan 1                192.168.0.24    34:36:3b:6c:c3:ee   dynamic         
vlan 1     gi8        192.168.0.25    dc:56:e7:2d:8f:fe   dynamic         
vlan 1     gi8        192.168.0.52    f4:34:f0:44:67:38   dynamic         
vlan 1     gi8        192.168.0.86    58:d3:49:00:e7:25   dynamic         
vlan 1     gi8        192.168.0.87    9c:76:0e:4a:2e:4c   dynamic         
vlan 1     gi8        192.168.0.100   82:c7:49:c6:f0:b3   dynamic         
vlan 1     gi8        192.168.0.101   08:66:98:94:79:2f   dynamic         
vlan 1     gi8        192.168.0.128   00:00:1b:11:37:e2   dynamic         
vlan 1     gi8        192.168.0.169   88:66:5a:f0:53:8f   dynamic         
vlan 1     gi8        192.168.0.170   40:ed:cf:81:7f:76   dynamic         
vlan 2                192.168.1.6     98:5a:eb:cb:f4:5b   dynamic         
vlan 2     gi3        192.168.1.12    c2:39:6f:e5:9d:58   dynamic         
vlan 2     gi3        192.168.1.14    b8:27:eb:9c:42:be   dynamic         
vlan 2                192.168.1.51    4e:1b:63:2a:42:04   dynamic         
vlan 2                192.168.1.85    02:8c:a6:02:01:42   dynamic         
vlan 2                192.168.1.116   0a:f9:c8:20:e8:57   dynamic         
vlan 2                192.168.1.127   7a:9d:7e:42:18:16   dynamic         
vlan 2     gi1        192.168.1.200   00:25:18:b5:ef:68   dynamic         


SG250-08#

On the Fritz!Box I have an active IPv4 route:

Network 192.168.1.0
Subnet mask 255.255.255.0
Gateway 192.168.0.102

What can I do so that I can access the SMGW with the devices in the subnet 192.168.0.1/24 with the fixed address 192.168.1.1 and without a default gateway?

Dkrioms · ‎02-18-2025

Thanks for that!!

I got it to work.

ip route 192.168.1.200 0.0.0.0 192.168.1.14

gave me

SG250-08(config)#ip route 192.168.1.200 0.0.0.0 192.168.1.14
IP mask does not cover the destination address.

But with the netmask 255.255.255.255 instead of 0.0.0.0 it did the trick.

What I did on the raspberry (with some AI support):

To configure NAT (Network Address Translation) or masquerading on a Raspberry Pi for the 192.168.0.0/24 network to its own IP address (192.168.1.14) on the 192.168.1.0/24 network, you need to set up IP forwarding and configure iptables rules. Here's a step-by-step guide:

Step 1: Enable IP Forwarding

Edit the sysctl configuration file to enable IP forwarding:

sudo nano /etc/sysctl.conf

Find the line #net.ipv4.ip_forward=1 and uncomment it (remove the #

net.ipv4.ip_forward=1

Save and exit the file (Ctrl+O, Enter, Ctrl+X).

Apply the changes immediately:

sudo sysctl -p

Step 2: Configure NAT/Masquerading with iptables

1. Add the following iptables rules to enable NAT/masquerading:

-s 192.168.0.0/24: Specifies the source network (192.168.0.0/24).
-o eth0: Specifies the outgoing interface (replace eth0 with the correct interface name, e.g., wlan0 for Wi-Fi).
-j MASQUERADE: Masquerades the traffic, replacing the source IP with the Raspberry Pi's IP (192.168.1.14).

2. Allow forwarding between the two networks:

sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0  -j MASQUERADE
sudo iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT

Replace eth0 with the interface connected to the 192.168.0.0/24 network.
Replace eth1 with the interface connected to the 192.168.1.0/24 network.

Step 3: Save iptables Rules

To make the iptables rules persistent across reboots:

1. Install the iptables-persistent package:

sudo apt update
sudo apt install iptables-persistent

2. Save the current rules:

sudo netfilter-persistent save

Step 4: Verify the Configuration

1. Check the NAT rules:

sudo iptables -t nat -L -n -v

Test connectivity from a device in the 192.168.0.0/24 network to a device in the 192.168.1.0/24 network.

This setup will allow devices in the 192.168.0.0/24 network to access the 192.168.1.0/24 network through the Raspberry Pi, with the Pi performing NAT/masquerading.

View solution in original post

liviu.gheorghe · ‎02-17-2025

Hello @Dkrioms ,

an elegant and simple way to solve this problem would be to configure NAT on the SG250, translating IP's from 192.168.0.0/24 to an IP from 192.168.1.0/24 when a hosts from 192.168.0.0/24 need to communicate with the SMGW and tricking it to believe it's talking to a host on the local 192.168.1.0/24.

Unfortunately the SG250 you have doesn't support NAT.

Another way of doing what you want is to configure a host route on the SG250 for the SMGW pointing at the raspberry pi (192.168.1.14) you mentioned having in the 192.168.1.0/24 network:

ip route 192.168.1.200 0.0.0.0 192.168.1.14

Now configure NAT, or masquerading as linux calls it, on the raspberry pi for the 192.168.0.0/24 network to it's own IP address it has in 192.168.1.0/24 - that is 192.168.1.14 if I understood correctly.

I think that should do the trick.

Regards, LG
*** Please Rate All Helpful Responses ***

Dkrioms · ‎02-18-2025