1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WRT54GLv1.1 and Port Forwarding...

Discussion in 'DD-WRT Firmware' started by philipz1975, Oct 23, 2006.

  1. philipz1975

    philipz1975 LI Guru Member

    Hello,

    Here is my current setup (I have no choice over using the first router):

    Internet-->Router-->WRT54GLv1.1 (DD-WRT v23 SP2 (09/15/06) std)-->LAN

    Router
    WAN: 66.251.63.182
    LAN: 209.239.241.17
    Mask: 255.255.255.248

    WRT54GL
    WAN: 209.239.241.20
    Gateway: 209.239.241.17
    LAN: 192.168.2.106
    Mask: 255.255.255.0

    I am trying to port forward to other PC's on the LAN, but it is not working. Below is list of rules for the WRT54GL. I'm not sure if this is a "double-NAT" problem or something that I am doing wrong. In DD-WRT logs I see the incoming connection as accepted, but it is not being forwarded as expected. Any help or suggestions would be greatly appreciated.

    *mangle
    REROUTING ACCEPT [0:0]
    UTPUT ACCEPT [0:0]
    COMMIT
    *nat
    REROUTING ACCEPT [0:0]
    OSTROUTING ACCEPT [0:0]
    UTPUT ACCEPT [0:0]
    -A PREROUTING -p tcp -m tcp -d 209.239.241.20 --dport 8080 -j DNAT --to-destination 192.168.2.106:80
    -A PREROUTING -p icmp -d 209.239.241.20 -j DNAT --to-destination 192.168.2.106
    -A PREROUTING -p tcp -m tcp -d 209.239.241.20 --dport 23 -j DNAT --to-destination 192.168.2.101:23
    -A PREROUTING -p udp -m udp -d 209.239.241.20 --dport 23 -j DNAT --to-destination 192.168.2.101:23
    -A PREROUTING -p tcp -m tcp -d 209.239.241.20 --dport 25887 -j DNAT --to-destination 192.168.2.105:25887
    -A PREROUTING -p udp -m udp -d 209.239.241.20 --dport 25887 -j DNAT --to-destination 192.168.2.105:25887
    -A PREROUTING -d 209.239.241.20 -j TRIGGER --trigger-type dnat
    -A POSTROUTING -o vlan1 -j MASQUERADE
    COMMIT
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    UTPUT ACCEPT [0:0]
    :logaccept - [0:0]
    :logdrop - [0:0]
    :logreject - [0:0]
    :trigger_out - [0:0]
    :lan2wan - [0:0]
    :grp_1 - [0:0]
    :advgrp_1 - [0:0]
    :grp_2 - [0:0]
    :advgrp_2 - [0:0]
    :grp_3 - [0:0]
    :advgrp_3 - [0:0]
    :grp_4 - [0:0]
    :advgrp_4 - [0:0]
    :grp_5 - [0:0]
    :advgrp_5 - [0:0]
    :grp_6 - [0:0]
    :advgrp_6 - [0:0]
    :grp_7 - [0:0]
    :advgrp_7 - [0:0]
    :grp_8 - [0:0]
    :advgrp_8 - [0:0]
    :grp_9 - [0:0]
    :advgrp_9 - [0:0]
    :grp_10 - [0:0]
    :advgrp_10 - [0:0]
    -A INPUT -p tcp -i vlan1 --dport 22 -j DROP
    -A INPUT -p tcp -i vlan1 --dport 22 -j DROP
    -A FORWARD -i br0 -o br0 -j ACCEPT
    -A FORWARD -m state --state INVALID -j logdrop
    -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1461: -j TCPMSS --set-mss 1460
    -A FORWARD -i br0 -j lan2wan
    -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A FORWARD -p tcp -m tcp -d 192.168.2.101 --dport 23 -j logaccept
    -A FORWARD -p udp -m udp -d 192.168.2.101 --dport 23 -j logaccept
    -A FORWARD -p tcp -m tcp -d 192.168.2.105 --dport 25887 -j logaccept
    -A FORWARD -p udp -m udp -d 192.168.2.105 --dport 25887 -j logaccept
    -A FORWARD -i vlan1 -o br0 -j TRIGGER --trigger-type in
    -A FORWARD -i br0 -j trigger_out
    -A FORWARD -i br0 -m state --state NEW -j logaccept
    -A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequence --log-tcp-options --log-ip-options
    -A logaccept -j ACCEPT
    -A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
    -A logdrop -m state --state INVALID -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
    -A logdrop -j DROP
    -A logreject -j LOG --log-prefix "WEBDROP " --log-tcp-sequence --log-tcp-options --log-ip-options
    -A logreject -p tcp -m tcp -j REJECT --reject-with tcp-reset
    COMMIT
     

Share This Page