1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Static and Dynamic IP´s over the same PPPoE connection

Discussion in 'DD-WRT Firmware' started by Honki, Aug 15, 2005.

  1. Honki

    Honki Network Guru Member

    My Provider gives me 5 Static IP´s an 1 dynamic IP over the same PPPoE connection.

    Now over my Efficient 5835 the PPPoE default have the Dynamic IP with NAT from WAN to LAN. The Static IP´s with "Hostmapping" 1:1 mapped (without NAT) from WAN to LAN.

    How can I make this Static-Mapping on DD-WRT???

    This config worked from fine from LAN-Side like the Efficient 5835:

    ifconfig br0:1 212.202.x.1 netmask 255.255.255.248
    route add -host 212.202.x.1 dev br0:1

    iptables -t nat -I PREROUTING -d 212.202.x.1 -j DNAT --to-destination 212.202.x.1
    iptables -t nat -I POSTROUTING -s 212.202.x.1 -j SNAT --to-source 212.202.x.1
    iptables -t nat -I PREROUTING -d 212.202.x.2 -j DNAT --to-destination 212.202.x.2
    iptables -t nat -I POSTROUTING -s 212.202.x.2 -j SNAT --to-source 212.202.x.2

    But from WAN (Internet) I can´t Ping to the Static-IP´s. I Think the IPtables are incorrect for this solution :sad:
     
  2. 4Access

    4Access Network Guru Member

    Yeah, you're iptables rules need some tweaking. :) But a couple of general questions first:

    1. Do you want the router to provide any firewalling protection for your hosts? I'll assume yes, but I ask because you said you were running without NAT in your previous configuration which means it's possible your PCs were fully exposed to the internet. If they were and you don't mind them being so again then my next question is why are you using a router instead of simply using a switch?! (It would simplify things a lot!)

    2. How many devices behind the router need internet access?

    3. Are you forced to use the DHCP address from your ISP or could you just use the static addresses?
     
  3. Honki

    Honki Network Guru Member

    Thanks for your help :thumbup:

    Thats what I have:

    x1 / x2 PPPoE
    x3 br0
    x4 br0:1


    x1 = default dynamic (DHCP) IP from ISP for example 85.129.x.x.
    x2 = 212.202.x.x/29 smal static subnet from the ISP
    x3 = 192.168.1.0/24 privat Network-LAN
    x4 = 212.202.x.x/29 smal static subnet mapped to LAN

    I need:
    x1 NAT to x3
    x2 map 1:1 on x4

    I don´t need NAT between X2-X4, but I need NAT between x1 and X3.

    I know It´s a "special" Solution - on my Efficient 5835 it works with "Hostmapping" today, but i want to use the QOS from DD-WRT for my VoIP-ATA and I would take away the Efficient Router.

    You could make me happy to help me :cheer:

    Thanks to you

    Honki

    P.S. sorry for my english, I´m german.
     
  4. 4Access

    4Access Network Guru Member

    Ok. Firstly ALL your computers need to be configured with a private IP address. (Yes, even the ones that you want to have a static public 212.202.x.x/29 address need to be assigned a private IP address!)

    Now lets pretend you have a server and you would like it to use the 212.202.100.1 IP address. First you must configure the server with a private IP address such as 10.0.0.10 (This can be done either statically on the server on with a DHCP reservation on the router.) Next you configure the router to convert this IP address to the desired public IP address of 212.202.100.1 using the following iptables rules:

    iptables -t nat -I PREROUTING -i ppp0 -d 212.202.100.1 -j DNAT --to-destination 10.0.0.10
    iptables -t nat -I POSTROUTING -s 10.0.0.10 -j SNAT --to-source 212.202.100.1

    If you weren't using PPPoE you'd want to replace "ppp0" with "vlan1" for v2 or newer hardware or "eth1" for v1 hardware. (Actually you could completely leave out the whole "-i ppp0" parameter and it should still work.)

    NAT will be taking place but it will be a 1:1 translation. All internet traffic from your server will appear to come from 212.202.100.1 and all connections to 212.202.100.1 will be forwarded to your server. As far as everyone on the internet is concerned 212.202.100.1 is your server.

    Note that you will still need to manually configure any necessary inbound traffic rules for connections to the server. For example if you wanted to host a website on the server you'd probably want add the following rule:

    iptables -I FORWARD 2 -d 10.0.0.10 -p tcp --dport 80 -j ACCEPT

    Notice that you specify the private IP address!! Also you might want to add rules like this farther down in your chain than position 2 like I showed in my example.

    Make sense? Let me know how it goes.
     
  5. Honki

    Honki Network Guru Member

    Sorry, i had no time to test it...

    But it will not work :sad:

    From my LAN Network the Public IP is on Air, but from Internet there is no response.

    I think there is no Routing between VLAN an the PPPoE session?!?!
     
  6. 4Access

    4Access Network Guru Member

    Since you're using PPPoE change "vlan1" to "ppp0" in the first rule. Sorry for the mistake.
     
  7. Honki

    Honki Network Guru Member

    OK!

    The "-i br0" in the POSTROUTING roule give me a Error, then i do this:

    iptables -t nat -I PREROUTING -i ppp0 -d 212.202.x.1 -j DNAT --to-destination 10.0.0.1
    iptables -t nat -I POSTROUTING -s 10.0.0.1 -j SNAT --to-source 212.202.x.1
    iptables -I FORWARD 2 -i ppp0 -d 10.0.0.1 -p tcp --dport 80 -j ACCEPT

    But it will not work from the Internet :(

    I can´t Ping the IP an the Webserver behind Port 80 is not Online. from my LAN der Public IP is there !!! (Yes, PPPoE is connect, Ping goes to GOOGLE). With Remote Hostmapping on the Efficient 5835 it works ...

    Any Ideas???
     
  8. 4Access

    4Access Network Guru Member

    What IP address does it report when you visit WhatIsMyIP.com from the 10.0.0.1 PC?

    Could you post the output of the following commands:

    ifconfig
    iptables -L -v -t nat
    iptables -L -v -n
     
  9. Honki

    Honki Network Guru Member

    The IP on WhatIsMyIP.com is the correct Public 212.202.x.x. I think the POSTROUTING roule is OK. At this example the 10.0.0.1 is the WEB-Interface from my Router but is the same think when i do it with the PC there is the Webserver on it.

    I think the trouble is in PREROUTING or other.......

    edit: Oh i have disable the Firewall on DD-WRT to test, but it will not work.

    Here the Posts:

    ~ # ifconfig
    br0 Link encap:Ethernet HWaddr 00:13:10:15:2A:72
    inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:298 errors:0 dropped:0 overruns:0 frame:0
    TX packets:116 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:86503 (84.4 KiB) TX bytes:29576 (28.8 KiB)

    eth0 Link encap:Ethernet HWaddr 00:13:10:15:2A:72
    UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
    RX packets:341 errors:0 dropped:0 overruns:0 frame:0
    TX packets:175 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:97151 (94.8 KiB) TX bytes:33855 (33.0 KiB)
    Interrupt:5 Base address:0x2000

    eth1 Link encap:Ethernet HWaddr 00:13:10:15:2A:74
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:361 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 B) TX bytes:119497 (116.6 KiB)
    Interrupt:4 Base address:0x1000

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
    RX packets:7 errors:0 dropped:0 overruns:0 frame:0
    TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:462 (462.0 B) TX bytes:462 (462.0 B)

    ppp0 Link encap:point-Point Protocol
    inet addr:83.236.x.x P-t-P:213.148.x.x Mask:255.255.255.255
    UP POINTOPOINT RUNNING MULTICAST MTU:1492 Metric:1
    RX packets:21 errors:0 dropped:0 overruns:0 frame:0
    TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:3
    RX bytes:1866 (1.8 KiB) TX bytes:1111 (1.0 KiB)

    vlan0 Link encap:Ethernet HWaddr 00:13:10:15:2A:72
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:298 errors:0 dropped:0 overruns:0 frame:0
    TX packets:139 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:87695 (85.6 KiB) TX bytes:31512 (30.7 KiB)

    vlan1 Link encap:Ethernet HWaddr 00:13:10:15:2A:73
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:43 errors:0 dropped:0 overruns:0 frame:0
    TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:3318 (3.2 KiB) TX bytes:2343 (2.2 KiB)

    -----------
    ~ # iptables -L -v -n
    Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination

    107 5055 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
    state RELATED,ESTABLISHED
    0 0 DROP udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0
    udp dpt:520
    0 0 DROP udp -- br0 * 0.0.0.0/0 0.0.0.0/0
    udp dpt:520
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
    udp dpt:520
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.0.0.1
    tcp dpt:80
    0 0 logaccept tcp -- * * 0.0.0.0/0 0.0.0.0/0
    tcp dpt:22
    0 0 DROP icmp -- ppp0 * 0.0.0.0/0 0.0.0.0/0

    2 64 ACCEPT 2 -- * * 0.0.0.0/0 0.0.0.0/0

    28 1872 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
    state NEW
    65 19511 logaccept all -- br0 * 0.0.0.0/0 0.0.0.0/0
    state NEW
    3 445 DROP all -- * * 0.0.0.0/0 0.0.0.0/0


    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination

    0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0

    0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 10.0.0.1
    tcp dpt:80
    0 0 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0
    state INVALID
    0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
    tcp flags:0x06/0x02 tcpmss match 1453:65535 TCPMSS set 1452
    0 0 lan2wan all -- br0 * 0.0.0.0/0 0.0.0.0/0

    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
    state RELATED,ESTABLISHED
    0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 224.0.0.0/4
    udp
    0 0 TRIGGER all -- ppp0 br0 0.0.0.0/0 0.0.0.0/0
    TRIGGER type:in match:0 relate:0
    0 0 trigger_out all -- br0 * 0.0.0.0/0 0.0.0.0/0

    0 0 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0
    state NEW
    53 3118 DROP all -- * * 0.0.0.0/0 0.0.0.0/0


    Chain OUTPUT (policy ACCEPT 143 packets, 12813 bytes)
    pkts bytes target prot opt in out source destination


    Chain advgrp_1 (0 references)
    pkts bytes target prot opt in out source destination


    Chain advgrp_10 (0 references)
    pkts bytes target prot opt in out source destination


    Chain advgrp_2 (0 references)
    pkts bytes target prot opt in out source destination


    Chain advgrp_3 (0 references)
    pkts bytes target prot opt in out source destination


    Chain advgrp_4 (0 references)
    pkts bytes target prot opt in out source destination


    Chain advgrp_5 (0 references)
    pkts bytes target prot opt in out source destination


    Chain advgrp_6 (0 references)
    pkts bytes target prot opt in out source destination


    Chain advgrp_7 (0 references)
    pkts bytes target prot opt in out source destination


    Chain advgrp_8 (0 references)
    pkts bytes target prot opt in out source destination


    Chain advgrp_9 (0 references)
    pkts bytes target prot opt in out source destination


    Chain grp_1 (0 references)
    pkts bytes target prot opt in out source destination


    Chain grp_10 (0 references)
    pkts bytes target prot opt in out source destination


    Chain grp_2 (0 references)
    pkts bytes target prot opt in out source destination


    Chain grp_3 (0 references)
    pkts bytes target prot opt in out source destination


    Chain grp_4 (0 references)
    pkts bytes target prot opt in out source destination


    Chain grp_5 (0 references)
    pkts bytes target prot opt in out source destination


    Chain grp_6 (0 references)
    pkts bytes target prot opt in out source destination


    Chain grp_7 (0 references)
    pkts bytes target prot opt in out source destination


    Chain grp_8 (0 references)
    pkts bytes target prot opt in out source destination


    Chain grp_9 (0 references)
    pkts bytes target prot opt in out source destination


    Chain lan2wan (1 references)
    pkts bytes target prot opt in out source destination


    Chain logaccept (2 references)
    pkts bytes target prot opt in out source destination

    65 19511 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
    state NEW LOG flags 7 level 4 prefix `ACCEPT '
    65 19511 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0


    Chain logdrop (1 references)
    pkts bytes target prot opt in out source destination

    0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
    state NEW LOG flags 7 level 4 prefix `DROP '
    0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
    state INVALID LOG flags 7 level 4 prefix `DROP '
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0


    Chain logreject (0 references)
    pkts bytes target prot opt in out source destination

    0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
    LOG flags 7 level 4 prefix `WEBDROP '
    0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
    tcp reject-with tcp-reset

    Chain trigger_out (1 references)
    pkts bytes target prot opt in out source destination

    ----------------
    ~ # iptables -L -v -t nat
    Chain PREROUTING (policy ACCEPT 150 packets, 10368 bytes)
    pkts bytes target prot opt in out source destination

    9 1089 DNAT all -- ppp0 any anywhere 212.202.x.1 to:10.0.0.1
    0 0 DNAT tcp -- any any anywhere 83.236.x.x
    tcp dpt:webcache to:10.0.0.1:80
    0 0 DNAT icmp -- any any anywhere 83.236.x.x
    to:10.0.0.1
    4 192 TRIGGER all -- any any anywhere 83.236.x.x
    TRIGGER type:dnat match:0 relate:0

    Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination

    34 2209 SNAT all -- any any 10.0.0.1 anywhere
    to:212.202.x.1
    2 111 MASQUERADE all -- any ppp0 anywhere anywhere

    0 0 RETURN all -- any br0 anywhere anywhere
    PKTTYPE = broadcast
    0 0 MASQUERADE all -- any br0 10.0.0.0/24 10.0.0.0/24


    Chain OUTPUT (policy ACCEPT 34 packets, 2209 bytes)
    pkts bytes target prot opt in out source destination
     
  10. Honki

    Honki Network Guru Member

    Hey 4Access,

    let me not alone :sadbye:

    Any Ideas when you check my last post???
     
  11. 4Access

    4Access Network Guru Member

    Sorry for the delay, I've been "away" from LI for a few days.

    You want to configure the iptables rules to forward the traffic to your server's 10.0.0.x IP address NOT 10.0.0.1 since that's just your router's LAN address.

    Start by rebooting your router to get rid of the misconfigured rules then reread this post above. (I've edited the post to reflect the fact that you are using PPPoE and 10.0.0.X addresses instead of 192.168.1.X addresses.)
     
  12. Honki

    Honki Network Guru Member

    Thanks!

    I´ll test it at the evening after do my job. I tell you back...
     
  13. Honki

    Honki Network Guru Member

    now i do this:

    iptables -t nat -I PREROUTING -i ppp0 -d 212.202.1.101 -j DNAT --to-destination 10.0.0.101
    iptables -t nat -I POSTROUTING -s 10.0.0.101 -j SNAT --to-source 212.202.1.101
    iptables -I FORWARD 2 -d 10.0.0.101 -p tcp --dport 80 -j ACCEPT

    it will not work :sad:

    ~ # ifconfig
    br0 Link encap:Ethernet HWaddr 00:13:10:15:2A:72
    inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:1122 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1068 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:139846 (136.5 KiB) TX bytes:502774 (490.9 KiB)

    eth0 Link encap:Ethernet HWaddr 00:13:10:15:2A:72
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:1504 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1516 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:307538 (300.3 KiB) TX bytes:551356 (538.4 KiB)
    Interrupt:5 Base address:0x2000

    eth1 Link encap:Ethernet HWaddr 00:13:10:15:2A:74
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:255 errors:192 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 B) TX bytes:39181 (38.2 KiB)
    Interrupt:4 Base address:0x1000

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
    RX packets:28 errors:0 dropped:0 overruns:0 frame:0
    TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:2486 (2.4 KiB) TX bytes:2486 (2.4 KiB)

    ppp0 Link encap:point-Point Protocol
    inet addr:83.236.x.x P-t-P:213.148.133.44 Mask:255.255.255.255
    UP POINTOPOINT RUNNING MULTICAST MTU:1492 Metric:1
    RX packets:278 errors:0 dropped:0 overruns:0 frame:0
    TX packets:203 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:3
    RX bytes:127075 (124.0 KiB) TX bytes:26054 (25.4 KiB)

    vlan0 Link encap:Ethernet HWaddr 00:13:10:15:2A:72
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:1128 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1216 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:144722 (141.3 KiB) TX bytes:516518 (504.4 KiB)

    vlan1 Link encap:Ethernet HWaddr 00:13:10:15:2A:72
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:374 errors:0 dropped:0 overruns:0 frame:0
    TX packets:300 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:135612 (132.4 KiB) TX bytes:34838 (34.0 KiB)

    -------

    ~ # iptables -L -v -t nat
    Chain PREROUTING (policy ACCEPT 123 packets, 19227 bytes)
    pkts bytes target prot opt in out source destination
    0 0 DNAT all -- ppp0 any anywhere port-212-202-1-101.static.qsc.de to:10.0.0.101
    0 0 DNAT tcp -- any any anywhere port-83-236-x-x.dynamic.qsc.de tcp dpt:webcache to:10.0.0.1:80
    0 0 DNAT icmp -- any any anywhere port-83-236-x-x.dynamic.qsc.de to:10.0.0.1
    2 104 TRIGGER all -- any any anywhere port-83-236-x-x.dynamic.qsc.de TRIGGER type:dnat match:0 relate:0

    Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 SNAT all -- any any WebCam.Honk-LAN anywhere to:212.202.1.101
    17 960 MASQUERADE all -- any ppp0 anywhere anywhere

    Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination

    -------

    ~ # iptables -L -v -n
    Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    193 18388 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    0 0 DROP udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
    0 0 DROP udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
    9 468 ACCEPT tcp -- * * 0.0.0.0/0 10.0.0.1 tcp dpt:80
    0 0 logaccept tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
    0 0 DROP icmp -- ppp0 * 0.0.0.0/0 0.0.0.0/0
    1 32 ACCEPT 2 -- * * 0.0.0.0/0 0.0.0.0/0
    1 73 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
    13 1171 logaccept all -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
    2 104 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.0.0.101 tcp dpt:80
    0 0 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
    12 624 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 tcpmss match 1453:65535 TCPMSS set 1452
    173 23213 lan2wan all -- br0 * 0.0.0.0/0 0.0.0.0/0
    344 142K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 224.0.0.0/4 udp
    2 96 TRIGGER all -- ppp0 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
    17 960 trigger_out all -- br0 * 0.0.0.0/0 0.0.0.0/0
    17 960 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
    58 2004 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy ACCEPT 193 packets, 65335 bytes)
    pkts bytes target prot opt in out source destination

    Chain advgrp_1 (0 references)
    pkts bytes target prot opt in out source destination

    Chain advgrp_10 (0 references)
    pkts bytes target prot opt in out source destination

    Chain advgrp_2 (0 references)
    pkts bytes target prot opt in out source destination

    Chain advgrp_3 (0 references)
    pkts bytes target prot opt in out source destination

    Chain advgrp_4 (0 references)
    pkts bytes target prot opt in out source destination

    Chain advgrp_5 (0 references)
    pkts bytes target prot opt in out source destination

    Chain advgrp_6 (0 references)
    pkts bytes target prot opt in out source destination

    Chain advgrp_7 (0 references)
    pkts bytes target prot opt in out source destination

    Chain advgrp_8 (0 references)
    pkts bytes target prot opt in out source destination

    Chain advgrp_9 (0 references)
    pkts bytes target prot opt in out source destination

    Chain grp_1 (0 references)
    pkts bytes target prot opt in out source destination

    Chain grp_10 (0 references)
    pkts bytes target prot opt in out source destination

    Chain grp_2 (0 references)
    pkts bytes target prot opt in out source destination

    Chain grp_3 (0 references)
    pkts bytes target prot opt in out source destination

    Chain grp_4 (0 references)
    pkts bytes target prot opt in out source destination

    Chain grp_5 (0 references)
    pkts bytes target prot opt in out source destination

    Chain grp_6 (0 references)
    pkts bytes target prot opt in out source destination

    Chain grp_7 (0 references)
    pkts bytes target prot opt in out source destination

    Chain grp_8 (0 references)
    pkts bytes target prot opt in out source destination

    Chain grp_9 (0 references)
    pkts bytes target prot opt in out source destination

    Chain lan2wan (1 references)
    pkts bytes target prot opt in out source destination

    Chain logaccept (2 references)
    pkts bytes target prot opt in out source destination
    13 1171 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

    Chain logdrop (1 references)
    pkts bytes target prot opt in out source destination
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

    Chain logreject (0 references)
    pkts bytes target prot opt in out source destination
    0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp reject-with tcp-reset

    Chain trigger_out (1 references)
    pkts bytes target prot opt in out source destination


    Any new Idea´s??? :cry:
     
  14. 4Access

    4Access Network Guru Member

    Why did you suddenly start using a different static WAN IP address??? In your first posts you were using "212.202.x.1" but in your most recent post you show 212.202.1.101 and you said you only have 5 static IP addresses... You can't arbitrarily pick what ever address you want, you have to use the addresses your ISP assigns you.
     
  15. Honki

    Honki Network Guru Member

    OK, i have it :cheer: - here is the solution:

    nvram set rc_startup="
    ifconfig br0:1 212.202.x.1 netmask 255.255.255.248
    "
    nvram set rc_firewall="
    iptables -t nat -I PREROUTING -i ppp0 -d 212.202.x.1 -j DNAT --to-destination 192.168.1.1
    iptables -t nat -I PREROUTING -i ppp0 -d 212.202.x.2 -j DNAT --to-destination 212.202.x.2
    iptables -t nat -I POSTROUTING -s 212.202.x.2 -j SNAT --to-source 212.202.x.2
    iptables -I FORWARD -d 212.202.x.2 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -d 212.202.x.3 -j DNAT --to-destination 212.202.x.3
    iptables -t nat -I POSTROUTING -s 212.202.x.3 -j SNAT --to-source 212.202.x.3
    iptables -I FORWARD -d 212.202.x.3 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -d 212.202.x.4 -j DNAT --to-destination 212.202.x.4
    iptables -t nat -I POSTROUTING -s 212.202.x.4 -j SNAT --to-source 212.202.x.4
    iptables -I FORWARD -d 212.202.x.4 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -d 212.202.x.5 -j DNAT --to-destination 212.202.x.5
    iptables -t nat -I POSTROUTING -s 212.202.x.5 -j SNAT --to-source 212.202.x.5
    iptables -I FORWARD -d 212.202.x.5 -j ACCEPT
    iptables -t nat -I PREROUTING -i ppp0 -d 212.202.x.6 -j DNAT --to-destination 212.202.x.6
    iptables -t nat -I POSTROUTING -s 212.202.x.6 -j SNAT --to-source 212.202.x.6
    iptables -I FORWARD -d 212.202.x.6 -j ACCEPT
    "
    nvram commit
    reboot

    I do this, because i would like to have the "Hostmap"-Effekt on LAN-Side. It´s very helpfull for me to have second LAN-Subnet. I know that with this solution all Firewall rules in the Subnet are disabled (sometimes usefull for public FTPserver, second Router etc.)! But for Firewall-NAT i use the dynamic IP on PPPoE-Session with default LAN-Route.

    Thanks 4Access, thanks for your help! :clap:
    Oh, by the Way, i change the Public IP-Adresses in all my posts to hide them and this is what you had seen...
     

Share This Page