1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Port forwarding in 3 legs WDS - only the first is accessible from internet?

Discussion in 'Tomato Firmware' started by Skeptic, Feb 3, 2013.

  1. Skeptic

    Skeptic Serious Server Member

    At a friends farm I have set up 3 WRT54GL's running Tomato 1.28 in WDS+AP mode. The 3 were configured like A<-->B<--->C . The routers have fixed addesses (A) is (B) is and (C) is The ADSL modem feeding A forwards port 7410-7430 TCP and UDP to (A) and its firewall is open for the port range.

    In (A) port forwarding is set like this (both protocols on all):
    7422 -> port 22
    7412 -> port 22
    7411 -> port 22
    7414 -> port 80 This unit is a PLS having a simple web server.

    When operating from my home I can log into (A) using
    ssh -p7422 root@ -L 8888:localhost:80
    and I can use the web interface at (A).
    I can ping the other routers as well as a PLS plugged into (C) using busybox on (A).
    The PLS has a fixed IP number of I can ping that one as well from the busybox prompt of (A).
    I can NOT ssh into (B) or (C).
    ssh -p7411 root@ -L 8888:localhost:80
    ssh -p7412 root@ -L 8888:localhost:80

    I can NOT get the web page from the PLS by writing

    I do not know why this does not work from internet.

    At the farm everything seems to work fine!!

    What is wrong in my configuration?
    Please help!


    The configurations are according to WDS examples except there are no encryption yet.

    (A) config:
    IP Address =
    DHCP Server = enabled
    Wireless Mode = Access Point + WDS
    SSID = Svean
    Channel = 6
    Security = Disabled
    WDS = Link With
    MAC Address = 58:6D:8F:94:12:BF (B)

    (B) and (C) config except for IP and MAC config:
    Type = Disabled
    IP Address =
    Default Gateway = (the 1st router's IP address)
    Static DNS = (the 1st router's IP address or any DNS server)
    DHCP Server = Disabled (the 1st router handles it)
    Wireless Mode = Access Point + WDS
  2. mvsgeek

    mvsgeek Addicted to LI Member

    For SSH access, this works for me :

    (A) is
    (B) is
    (C) is

    (A) Port Forwarding :

    61524 -->
    61525 -->

    (A) Admin page ---> SSH Daemon :

    Enable at Startup - checked
    Remote Access - checked
    Remote Port - 61521
    Remote Forwarding - checked
    Port - 22
    Allow Password Login - unchecked
    Authorized Keys - blahblahblah

    (B) SSH Daemon : Same as (A), except for remote port - 61524
    (C) SSH Daemon : Same as (A), except for remote port - 61525

    I can then SSH to A, B, & C from the WAN using VX ConnectBot on my Android smartphone :

    (A) : root@my.wan.ip.addr:61521
    (B) : root@my.wan.ip.addr:61524
    (C) : root@my.wan.ip.addr:61525
  3. Skeptic

    Skeptic Serious Server Member

    Thanks, this solved my problems for accessing the routers. In Admin page of (B) and (C) I have to add what you indicated!

    But why is the PLS which is defined in (A)'s Basic | Static DHCP as
    00:10:70:04:64:4E PLS
    Why cannot I access this from the internet using in my browser?
    In Port Forwarding | Basic at (A) I have
    On Both 7414 80

    Are there any iptables missing rule?

  4. mvsgeek

    mvsgeek Addicted to LI Member

    Some questions...

    1. What does the PLS acronym mean?:confused:
    2. What OS does the PLS device run?
    3. Is there a firewall on the PLS device?
    4. If the PLS device is attached to (C), what happens when you forward port 7414 on (B) and (C)?
  5. Skeptic

    Skeptic Serious Server Member

    Sorry, PLS is Norwegian. It is called a PLC in English - a Programmable Controller. In my case the PLC is the controller of a cooled storage for vegetables. Modern PLC's often have a web-page where parameters are accessible. The owner may watch and alter temperature or humidity settings.
    I do not know its OS. I believe the PLS runs a small RT kernel like freeRTOS with a TCP/IP stack and a simple web server.

    I believed that the 3 WDS routers acted as a single router in this regard - whether the device was plugged in at (A) or (C) should not matter much. However point 4 in your questions is a good starting point for me when I return to the farm. I will test this and report back.
    I will also change the ssh configuration as you showed me.

    Thanks for your help!

Share This Page