Redirecting in "ethernet bridge" mode

Discussion in 'Tomato Firmware' started by krzyk, Mar 18, 2009.

  1. krzyk

    Hi all,

    i have a question about wireless ethernet bridge mode (I think it's called like that) in Tomato. I am now succesfully using this mode in the following configuration:

    Router A: Provides internet and accepts wifi connections from various PCs.
    Router B: In Wifi ethernet bridge mode, connected to router A, and providing access to the network for a couple of "strange" LAN machines.

    I don't know anything about the bridge mode (I guess it's similar to WDS, but the router B acts as an access point to network created by routera A).

    The problem I have now is following:
    One of the LAN machines connected to router B has a software that connects to a fixed external IP and port over internet (basically it's a shoutcast radio station, if that matters). Now, I want to redirect the outgoing traffic from that machine to that particular IP over that particular port to one of my local wifi machines connected to Router A. And I'm not sure how to achieve that in the "ethernet bridge" mode.

    As far as I was able to check on QOS details, Tomato GUI shows no connections to that particular IP address, even if it's in use. Actually it shows absolutely no "External" IPs on the list, so I guess that all traffic is permanently redirected to router A (as I see only connections to router A).

    Now, will I be able to configure the redirection on router B using iptables? If so, examples .

  2. krzyk

    Solution (at least partial)

    Ok, I was able to figure out first steps.
    It works, when the following is configured on Router A:

    iptables -t nat -A PREROUTING -d <external_ip> -p tcp --dport <port> -j DNAT --to-destination <internal_ip>
    iptables -t nat -A POSTROUTING -d <internal_ip> -p tcp --dport <port> -j SNAT --to-source <external_ip>
    iptables -t nat -A PREROUTING -d <external_ip> -p udp --dport <port> -j DNAT --to-destination <internal_ip>
    iptables -t nat -A POSTROUTING -d <internal_ip> -p udp --dport <port> -j SNAT --to-source <external_ip>
    I wasn't sure, so i redirected TCP & UDP.

    This of course raised further questions:

    1. How to change the port I am redirecting to? Currently traffic to port, let's say 8888 goes to the internal machine on port 8888. How to change redirect the traffic to internal port 8000 for example?

    2. Is it possible to configure such redirection on Router B (so the "ethernet bridge")?


    Edit: Found here an answer to #2 above :frown:
    Too bad I need to switch, as I need both:
    - routing/redirection on secondary router
    - all machines in one subnet with full conectivity
