Internet Access on PC behind router

Discussion in 'Tomato Firmware' started by supaJ, Jan 20, 2008.

  supaJ

    supaJ LI Guru Member


    I have the following internet configuration;
    Tel line--->Adsl Usb Modem(>Windows XP(in bridge mode,>Wireless Router(Wan Side - PPPoE, Lan -> Internet Clients(192.168.0.x)

    I am using WRT54GL with tomato 1.07 installed. How can I access the internet on the Windows XP machine operating in bridge mode on the WAN side of the router?

    Thanks in advance for your cooperation.

  mstombs

    mstombs Network Guru Member

    You won't like this - but I recommend you pick up a cheap adsl modem off ebay or similar a Speedtouch 5x6v6 with an Ethernet port would make things a lot easier...
  supaJ

    supaJ LI Guru Member

    Why can't I? It works the other way around, i.e., I can control remotely the bridged Windows XP machine( from the LAN(192.168.0.x) by using the following WAN UP script;

    ifconfig vlan1:0 netmask
    /usr/sbin/iptables -I POSTROUTING -t nat -o vlan1 -d -j MASQUERADE

    Can't I alter the routing table or something to get the bridged XP PC on the internet?

    Thanks for the reply.

  mstombs

    mstombs Network Guru Member

    Its Linux so I'm 110% it can. I don't know how you setup the winxp machine in bridge - I guess it already specifies the router as Gateway? You need to punch a hole in the normal firewall functions which keep WAN and LAN separate.

    The router needs to be told to allow the PC to talk to it on its WAN, so you need something like

    /usr/sbin/iptables -I PREROUTING -t nat -i vlan1 -s -j ACCEPT

    You then need to tell it to allow routing through the FORWARD path

    /usr/sbin/iptables -I FORWARD -s -j ACCEPT

    then hope the router sends the traffic out to the internet via the ppp tunnel using the existing MASQUERADE command, and remembers how to route the traffic back.

    The route table should be OK because the secondary IP address on vlan1 will have added the route to the XP bridge machine.

    If the above works you should probably tighten up the rules to only allow the single specific IP on the WAN port to connect to the internet on the ppp port.
  supaJ

    supaJ LI Guru Member

    Your suggestion worked. You're damn good 'mstombs'.

    I use the built-in 'Bridge Connections' feature of Windows XP.

    I used the following commands as specified by you.
    /usr/sbin/iptables -I PREROUTING -t nat -i vlan1 -s -j ACCEPT
    /usr/sbin/iptables -I FORWARD -s -j ACCEPT

    The bridge was given this address:
    DNS: ISP

    The internal DNS would not work. I had to specify my ISP's DNS
    to lookup IP addresses.

    I seem to have a little issue with speed but it's probably my ISP. ADSL speed here is quite erratic(Line Attentuation ~ 52dB).

    Hey, thanks a million.

  mstombs

    mstombs Network Guru Member

    To use the router DNS proxy you'd also have to add a similar ACCEPT rule to the INPUT chain - dnsmasq is a local process on the router.

    Watch out for obscure faults - re-using the same physical connections could be working with lots of errors?

    I've seen something similar before with a bridged modem, has to bounce mail/ timeserver requests off an internal router - I don' recall it being very satisfactory though.
