1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What setting is pooched?

Discussion in 'Tomato Firmware' started by LitlJay, Aug 1, 2010.

  1. LitlJay

    LitlJay Networkin' Nut Member

    I have a WRT54G V3 running Tomato 1.28. My cable ISP provides me with 5 static IP's, of which I have assigned one to the router and set the other 4 up on 1:1 NAT to 4 internal addresses.

    In advanced->Routing->Miscellaneous I have the mode set to router and all of my 1:1 NAT's work perfectly. So do 2 wireless clients that get their addresses via static DHCP.

    The problem is that wired DHCP clients can not access the web! I can take one of the 2 laptops and plug it in to a wired connection/disable its wifi card and web will no longer work. Desktops using wired DHCP connections have no web...

    UNLESS

    I switch the router to gateway mode. Then all clients have perfect web access and all but one of the 1:1 NAT's fail to respond to external pings, along with the web services running on them failing completely!

    What am I missing?

    TIA

    J
     
  2. Dagger

    Dagger Networkin' Nut Member

    You said the laptop have static DHCP assignments when connected via wireless right? I'm assuming those static IPs are one of your 5 public IPs.

    When you are connecting via cable I'm guessing your DHCP pool is of the private variety (i.e. 192.168.x.x)...

    When in router mode... public IPs can be routed to and from the internet but private IPs cannot. Basically, Gateway mode turns on NAT so that private IPs can use the WAN's public IP to use the internet.
     
  3. LitlJay

    LitlJay Networkin' Nut Member

    Let me give you a little more detail and maybe you can tell me what will work.

    External static IP 1 is assigned to the router. It works fine and responds to pings always, whether I have it in gateway or router mode.

    External static IP 2 is 1:1 natted to the static IP of one of the NIC's in a win2k3 server. This NIC handles RDP, file sharing, and DNS for the internal network and serves up RDP, imap, smtp, http, and ftp to the outside via the external static IP. In router mode it works fine. If I switch to gateway mode to enable my dhcp clients (besides the 2 laptops) it stops responding to pings from the outside and the web services all die (although they still work from the inside via the nic's internal address).

    External static IP 3 is 1:1 natted to the static IP of the other NIC in the win2k3 server. This NIC exists only for RRAS/VPN. Like static IP 1, it works fine no matter whether the router is in router or gateway mode.

    External static IP's 4 and 5 are 1:1 natted to 2 laptops whose wifi nic's always get the same address from the router via static DHCP. They also always work, no matter what mode the router is in. I have noticed that they never respond to pings from the outside, but this is probably an element of OS firewalls and not the router's configuration.

    What I need is for my other DHCP clients to have web access and all of the static IP's to work as expected. What do I need to do?

    Thanks for the help,

    J
     
  4. Dagger

    Dagger Networkin' Nut Member

    How exactly are you doing this "1:1" natting?

    What are the IP/MASK/GATEWAY settings of the wireless laptops receiving static DHCP assignments? What are the IP/MASK/GATEWAY setting for the non-static DHCP pool?

    Usually a router requires that each interface is in a unique network. NAT can work around that requirement, but it's unusual.

    It sounds like you want two local area networks. One network using your public IPs and another network using private IPs. Each network would need a gateway address on it's own network, so I'm trying to figure out what each network is using for a gateway.

    Technically, the router is routing regardless of whether you have it in Router mode or Gateway mode. The difference is that Gateway mode uses NAT to hide the internal network.
     
  5. LitlJay

    LitlJay Networkin' Nut Member

    Administration->scripts->WAN Up:
    Code:
    WANIF=`nvram get wan_iface`
    WANMASK=`nvram get wan_netmask`
    ifconfig $WANIF:1 69.59.95.183 netmask $WANMASK broadcast 192.59.95.255
    ifconfig $WANIF:2 69.59.95.195 netmask $WANMASK broadcast 192.59.95.255
    ifconfig $WANIF:3 69.59.95.196 netmask $WANMASK broadcast 192.59.95.255
    ifconfig $WANIF:4 69.59.95.202 netmask $WANMASK broadcast 192.59.95.255
    
    and
    Administration->scripts->Firewall:
    Code:
    iptables -t nat -I PREROUTING -d 69.59.95.183 -j DNAT --to-destination 10.0.1.2
    iptables -t nat -I POSTROUTING -s 10.0.1.2 -j SNAT --to-source 69.59.95.183
    iptables -t nat -I PREROUTING -d 69.59.95.195 -j DNAT --to-destination 10.0.1.3
    iptables -t nat -I POSTROUTING -s 10.0.1.3 -j SNAT --to-source 69.59.95.195
    iptables -t nat -I PREROUTING -d 69.59.95.196 -j DNAT --to-destination 10.0.1.10
    iptables -t nat -I POSTROUTING -s 10.0.1.10 -j SNAT --to-source 69.59.95.196
    iptables -t nat -I PREROUTING -d 69.59.95.202 -j DNAT --to-destination 10.0.1.11
    iptables -t nat -I POSTROUTING -s 10.0.1.11 -j SNAT --to-source 69.59.95.202
    
    IP:10.0.1.10 and 10.0.1.11
    SM: 255.255.255.0
    GW: 10.0.1.1
    IP: 10.0.1.100-149
    SM: 255.255.255.0
    GW: 10.0.1.1

    Actually, it is vital that they be on the same network.

    Based on this, gateway mode is what I need, but something may not be right in my scripts that is shutting out my server.

    Thanks again for the help,

    J
     
  6. Dagger

    Dagger Networkin' Nut Member

    Ok... that makes more sense now.

    Gateway mode is what you need to service the private network addresses. It looks like your configuration changes might be getting changed as the service starts up or something... have you tried using "sleep" to delay your scripts?
     
  7. LitlJay

    LitlJay Networkin' Nut Member

    I doubt the WAN up script is hurting anything. It is mainly there to keep my ISP happy because they need mac addresses for each IP.

    I tried having the firewall script sleep for 30 and 60 seconds and rebooting the router. The most vital one (69.59.95.183) is dead.

    Still looking for ideas,

    J
     
  8. Dagger

    Dagger Networkin' Nut Member

    As an exeriment, can you move the 69.59.95.183 related script lines to the end of the scripts? See if the problem follows the machine or if the problem is related to the beginning of the script somehow...
     
  9. LitlJay

    LitlJay Networkin' Nut Member

    oddly, after changing it to gateway mode and not tampering with the router for a few hours, everything seems to be working fine. I don't know if adding the sleep=30 line to my firewall script has anything to do with it, but the other dhcp clients are working fine and all but the 2 external ip's that are assigned to laptops are responding to pings nicely, as well as the web services responding properly.

    Thanks for the help. What do you suppose that delay was about?

    J
     
  10. Dagger

    Dagger Networkin' Nut Member

    It usually takes the network some time to settle when you are dealing with dynamic routing protocols... but I don't think that's the case here, not on your local router anyway... your ISPs router might be a different story though.
     
  11. LitlJay

    LitlJay Networkin' Nut Member

    Well, the external IP has failed again, with no changes being made. It seems to only work temporarily. I can make a good guess. As I said earlier, my ISP wants a specific mac address requesting each of my static IP's. They filled in some dummy addresses to get my WAN up script to work. Maybe that isn't good enough??? How can I use those ifconfig lines to spoof a mac for each address? I know there is a switch I can add, but I don't know it.

    thanks for all of the feedback and help,

    J
     

Share This Page