WRT54GLv1.1 and Port Forwarding...

Discussion in 'DD-WRT Firmware' started by philipz1975, Oct 23, 2006.

  1. philipz1975

    philipz1975 LI Guru Member

    Hello,

    Here is my current setup (I have no choice over using the first router):

    Internet-->Router-->WRT54GLv1.1 (DD-WRT v23 SP2 (09/15/06) std)-->LAN

    Router
    WAN: 66.251.63.182
    LAN: 209.239.241.17
    Mask: 255.255.255.248

    WRT54GL
    WAN: 209.239.241.20
    Gateway: 209.239.241.17
    LAN: 192.168.2.106
    Mask: 255.255.255.0

    I am trying to port forward to other PC's on the LAN, but it is not working. Below is list of rules for the WRT54GL. I'm not sure if this is a "double-NAT" problem or something that I am doing wrong. In DD-WRT logs I see the incoming connection as accepted, but it is not being forwarded as expected. Any help or suggestions would be greatly appreciated.

    *mangle
    REROUTING ACCEPT [0:0]
    UTPUT ACCEPT [0:0]
    COMMIT
    *nat
    REROUTING ACCEPT [0:0]
    OSTROUTING ACCEPT [0:0]
    UTPUT ACCEPT [0:0]
    -A PREROUTING -p tcp -m tcp -d 209.239.241.20 --dport 8080 -j DNAT --to-destination 192.168.2.106:80
    -A PREROUTING -p icmp -d 209.239.241.20 -j DNAT --to-destination 192.168.2.106
    -A PREROUTING -p tcp -m tcp -d 209.239.241.20 --dport 23 -j DNAT --to-destination 192.168.2.101:23
    -A PREROUTING -p udp -m udp -d 209.239.241.20 --dport 23 -j DNAT --to-destination 192.168.2.101:23
    -A PREROUTING -p tcp -m tcp -d 209.239.241.20 --dport 25887 -j DNAT --to-destination 192.168.2.105:25887
    -A PREROUTING -p udp -m udp -d 209.239.241.20 --dport 25887 -j DNAT --to-destination 192.168.2.105:25887
    -A PREROUTING -d 209.239.241.20 -j TRIGGER --trigger-type dnat
    -A POSTROUTING -o vlan1 -j MASQUERADE
    COMMIT
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    UTPUT ACCEPT [0:0]
    :logaccept - [0:0]
    :logdrop - [0:0]
    :logreject - [0:0]
    :trigger_out - [0:0]
    :lan2wan - [0:0]
    :grp_1 - [0:0]
    :advgrp_1 - [0:0]
    :grp_2 - [0:0]
    :advgrp_2 - [0:0]
    :grp_3 - [0:0]
    :advgrp_3 - [0:0]
    :grp_4 - [0:0]
    :advgrp_4 - [0:0]
    :grp_5 - [0:0]
    :advgrp_5 - [0:0]
    :grp_6 - [0:0]
    :advgrp_6 - [0:0]
    :grp_7 - [0:0]
    :advgrp_7 - [0:0]
    :grp_8 - [0:0]
    :advgrp_8 - [0:0]
    :grp_9 - [0:0]
    :advgrp_9 - [0:0]
    :grp_10 - [0:0]
    :advgrp_10 - [0:0]
    -A INPUT -p tcp -i vlan1 --dport 22 -j DROP
    -A INPUT -p tcp -i vlan1 --dport 22 -j DROP
    -A FORWARD -i br0 -o br0 -j ACCEPT
    -A FORWARD -m state --state INVALID -j logdrop
    -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1461: -j TCPMSS --set-mss 1460
    -A FORWARD -i br0 -j lan2wan
    -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A FORWARD -p tcp -m tcp -d 192.168.2.101 --dport 23 -j logaccept
    -A FORWARD -p udp -m udp -d 192.168.2.101 --dport 23 -j logaccept
    -A FORWARD -p tcp -m tcp -d 192.168.2.105 --dport 25887 -j logaccept
    -A FORWARD -p udp -m udp -d 192.168.2.105 --dport 25887 -j logaccept
    -A FORWARD -i vlan1 -o br0 -j TRIGGER --trigger-type in
    -A FORWARD -i br0 -j trigger_out
    -A FORWARD -i br0 -m state --state NEW -j logaccept
    -A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequence --log-tcp-options --log-ip-options
    -A logaccept -j ACCEPT
    -A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
    -A logdrop -m state --state INVALID -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
    -A logdrop -j DROP
    -A logreject -j LOG --log-prefix "WEBDROP " --log-tcp-sequence --log-tcp-options --log-ip-options
    -A logreject -p tcp -m tcp -j REJECT --reject-with tcp-reset
    COMMIT
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice