1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can't get 1:1 NAT working with MIPSR2 beta 16

Discussion in 'Tomato Firmware' started by thisisjjd, Jun 16, 2010.

  1. thisisjjd

    thisisjjd Networkin' Nut Member

    Hi everyone,

    I have had a Linksys WRT54GL running Tomato v1.27.1798 for quite a while and have been happy with it.

    I have two public static IP addresses I'm using and I've had it working with the WRT54GL by setting the first IP address up in the GUI and the second using the cmd line as follows:

    ifconfig vlan1:2 <2nd public IP> netmask 255.255.255.0 broadcast <public IP broadcast>
    iptables -t nat -I PREROUTING -p all -d <2nd public IP> -j DNAT --to-destination <internal IP>
    iptables -t nat -I POSTROUTING -p all -s <internal IP> -j SNAT --to-source <2nd public IP>
    iptables -I FORWARD -p tcp -d <internal IP> --dport 8080 -j ACCEPT
    iptables -I FORWARD -p tcp -d <internal IP> --dport 22 -j ACCEPT
    iptables -I FORWARD -p tcp -d <internal IP> --dport 80 -j ACCEPT

    This has worked fine. The problem is that I just upgraded to a Netgear WNR3500L, installed tomato-K26USB-1.27.9047MIPSR2-beta16-Ext and the same thing doesn't work!

    I changed "vlan1:2" above to "vlan2:2" as that appears to be the WAN port on the WNR3500L.

    But after doing the above commands, connections from the outside do not get forwarded to the internal IP. I've used iptables -L and iptables -t nat -L to inspect the rules and I can't figure out why it's not working.

    Does anyone have any idea why this wouldn't work with the latest tomato and what I can do to get my 2nd external IP working?

    Thanks,

    --Jim--
     
  2. teddy_bear

    teddy_bear Network Guru Member

  3. thisisjjd

    thisisjjd Networkin' Nut Member

    Thanks, teddy_bear, I'll give that a try and report back.

    --Jim--
     
  4. thisisjjd

    thisisjjd Networkin' Nut Member

    teddy_bear:

    I've now tried Tomato v1.27.9045 MIPSR2-beta11 K26 USB Ext and the results are the same as beta16 -- the 1:1 NAT doesn't work.

    Is there any other information I could provide you that would help with debugging this?

    --Jim--
     
  5. mstombs

    mstombs Network Guru Member

    In the Firewall tab check the setting of "NAT loopback" if "enabled" it has the potential to break such rules with an SNAT in nat POSTROUTING, "disabled" or "forwarded only" should be fine. I have a feeling the default has changed back from "forwarded only" to "enabled" at some point...
     
  6. teddy_bear

    teddy_bear Network Guru Member

    The default is still "forwarded only"... But you're right - this is the thing to verify.
     
  7. thisisjjd

    thisisjjd Networkin' Nut Member

    It is set to "Forwarded only" in both the original WRT54 and on the new WNR3500L.
     
  8. thisisjjd

    thisisjjd Networkin' Nut Member

    I still cannot get this to work. :confused:

    I have tried two additional things:

    I tried following the instructions for setting up 1:1 NAT at the following website (with tomato beta 11) and observed the same (failing) results: http://www.remoteroot.net/2007/07/18/1-1-nat-with-dynamic-napt-on-a-linksys-wrt54g/

    And finally, I loaded DD-WRT on the Netgear and also observed the same (failing) results. I used the netgear-recommended DD-WRT from myopenrouter.org. It was dd-wrt.v24-14311_NEWD-2_K2.6_big.rar who's uname claims it is running a 2.6.24.111 kernel.

    I'm starting to wonder if it's something in the 2.6 kernel causing the problem seeing as how it didn't work in beta11, beta16 or in dd-wrt (all using 2.6) but works on my WRT54 (using 2.4).

    Has anyone had success with multiple static external IP addresses and an open router with 2.6 kernel?

    Thanks,

    --Jim--
    :confused:
     

Share This Page