1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

1 to 1 Nat Support in Tomato?

Discussion in 'Tomato Firmware' started by PGalati, May 9, 2012.

  1. PGalati

    PGalati Network Guru Member

    Any plans to implement multi public IP support with 1 to 1 translation in tomato?
     
  2. PGalati

    PGalati Network Guru Member

  3. waeking

    waeking Networkin' Nut Member

    Is there a way to create a vlan2:1 that can pull a dhcp ip address from the isp and then 1:1 nat with an internal ip.
     
  4. waeking

    waeking Networkin' Nut Member

    My modem supports having more that one ip address as I can put a switch in between the modem and router and pull upto 8 ip address. However that are dynamic. Is there a way to have tomato pull more that one dynamic address so that I may setup 1:1 nat? I can use dyndns or similar services to update the ip's as necessary.

    I just can't seem to find the correct command line for dynamic. There are static ip tutorials every where. I am stumped.
     
  5. mstombs

    mstombs Network Guru Member

  6. waeking

    waeking Networkin' Nut Member

    Thanks that is a great starting point. There is a part of the code that I am not sure about.
    1. Code:
      udhcpc -i vlan2 -s /jffs/wan2up.sh -H wrt54gs
      the "wrt54gs" where can I find out what I need for the asus rt n16 EDIT: -H hostname. I figured that one out.
    2. I want to get multiple dynamic ips on port 5. I don't want to use port 4 and 5. Will this script pull multple ips from one port. I can't find a part where it is polling port 4 in the script.
    3. Could a person potentially create wan2-wan8 with this script?
     
  7. mstombs

    mstombs Network Guru Member

    I don't even know if you need the hostname...
    I was expecting you would call udhcpc with vlan2:0 for example, the use the script to bring up the port with ifconfig, and then do some other fancy routing or iptables to make use of the new Ip received.
     
  8. waeking

    waeking Networkin' Nut Member

    Thanks again. ran into another snag. udhcpc goes by mac address. So vlan2 and vlan2:0 have the same mac. Therefore udhcpc will only renew vlan2 and will not touch vlan2:0..... I have tried to change the mac of vlan2:0 with a new one. I get the error "ifconfig: SIOCSIFHWADDR: Device or resource busy" if I change vlan2 mac address the vlan2:0 changes simultaneously. Any ideas?

    I tried to create vlan2:0 with this: ifconfig vlan2:0 10.10.10.10 hw ether 08:00:69:02:01:FC but the mac address is overrided to match vlan2
     
  9. mstombs

    mstombs Network Guru Member

    Sorry I don't think there is any standard way to have multiple MAC addresses on a physical Ethernet connection, so the Broadcom Linux drivers probably don't support it. But since you could use a second port as its own vlan then use a switch to combine the outputs there may well be a way. I wonder how the MLPPP project did something similar to enable channel bonding on a single wan connection, I think they defined a secondary bridge br1 for the second connection?
     
  10. waeking

    waeking Networkin' Nut Member

    hmmm just thinking out loud here. I am starting to get beyond my expertise now. Could we create br1, then add vlan2 and vlan3 to the same. Will vlan3 pull an ip from vlan2?

    OR is there a way to create an other virtual interface. ie: veth0, veth1 with a its own mac address. Then add to br1 that can pull an ip from vlan2? (might have to modify kernel)

    EDIT: ip link add veth is what I am thinking
     
  11. waeking

    waeking Networkin' Nut Member

    I am still looking into this. I think there might be a way. If with the new virtual wireless you can create wl0.1 with it's own mac then we could create something for wlan0.1 or vlan0.1 with its own mac address. Then the udhcpc could request a second ip for the new mac address. My problem is that I don't know how wl0.1 was created..... or how to script this. I think that the wlan2up.sh is in the correct direction but first vlan2.0 needs to be created ie ifconfig vlan2:0 192.168.254.254 hw ether 00:00:00:00:00:01 but change the hw as per how the wl0.1 was done.

    Please help.
     
  12. mstombs

    mstombs Network Guru Member

    Wireless uses Broadcom wl commands, I don't see equivalent for the Ethernet ports, maybe need a patch to "robocfg"

    Can you do what you want in a Linux PC, this old post suggest not

    http://forums.fedoraforum.org/showthread.php?t=47037

    You definitely would need the Ethernet driver to communicate using different MAC addresses on the same physical port to fool the modem.
     
  13. waeking

    waeking Networkin' Nut Member

    down at the very bottom it says that you may be able to request a new dhcp based on clientid. I cannot use udhcp -i vlan2:0 --clientid-none -c ED:ED:99:88:64:EE as the -c does not work. however is there a place where udhcpc reads the udhcpc clientid or mac address from?
     
  14. TheWickerman666

    TheWickerman666 Network Newbie Member

    This is what I did (1:1 NAT), and it works flawlessly:
    Resources:
    1. https://cogo.wordpress.com/2009/11/29/11-nat-with-a-linksys-wrt54gl-router-with-tomato-firmware/
    2. http://www.dd-wrt.com/wiki/index.php/One-to-one_NAT
    3. To calculate [BROADCAST_IP]: http://www.subnet-calculator.com

    Goto Tools>Commands, run/execute command "
    Code:
    ifconfig
    " to find actually what vlan is WAN interface, in my case it was vlan2.
    Calculate [BROADCAST_IP], from Resource#3 using your ISP provided static [PublicIP] & [NETMASK]

    Objective: need Class A static IP (this one you get from your ISP, for $$$) = [PublicIP] with netmask=[NETMASK]; on server / cascade router that has [LANIP]=192.168.2.95

    Procedure:
    1. In the tomato web config page goto,
    Administration>Scripts>Init:

    Code:
    sleep 5
    ## Add ip addresses ##
    ifconfig vlan2:1 [PublicIP] netmask [NETMASK] broadcast [BROADCAST_IP]

    Click 'Save' at the bottom.

    2. then goto,
    Administration>Scripts>Firewall:

    Code:
    ## To destination LANIP ##
    iptables -t nat -I PREROUTING -p all -d [PublicIP] -j DNAT --to-destination 192.168.2.95
    ## From source LANIP ##
    iptables -t nat -I POSTROUTING -p all -s 192.168.2.95 -j SNAT --to-source [PublicIP]
    ## Accept all tcp/udp ports ##
    iptables -I FORWARD -d 192.168.2.95 -j ACCEPT

    Click 'Save' at the bottom.

    3. Then either restart/reboot the tomato router
    OR
    goto Tools>Command run/execute the following in the exact sequence:

    Code:
    ifconfig vlan2:1 [PublicIP] netmask [NETMASK] broadcast [BROADCAST_IP]
    then
    Code:
    service firewall restart

    Results:
    That's it, you now have 1:1 NAT. Enjoy!
    Summary:
    You can repeat the procedure if you want to forward (i.e. NAT) more PublicIPs to your LANIPs.
    Please post your feedback/experience for others to improve/ponder upon.

    Thanks.
     
    Last edited: Sep 18, 2015

Share This Page