Discussion in 'Tomato Firmware' started by JelloB, Dec 14, 2009.

  JelloB

    JelloB

    Multiple public IPs on WAN with different port-forwardings


    I have some difficulties getting proper use of my public IP-range with Tomato 1.26 (Hardware: WRT54GS).

    What I want is the following setup:
    1) Use one IP for all 'normal' clients using NAT.
    2) Use another IP for my mailserver, but still using NAT, only forwarding defined ports. This IP has an reverse DNS entry.
    3) Use a third IP, or a fourth ... and so on for some special clients, but again, alwas still using NAT, forwarding only defined ports.

    What I did so far, by searching for this kind of configuration on the net:
    1) I kept my configuration in Basic - Network
    Static IP: A.B.C.9
    Gateway: A.B.C.13
    2) I added the following under Administration - Scripts - Firewall:
    /usr/sbin/ip addr add A.B.C.10/29 dev vlan1
    /usr/sbin/iptables -I FORWARD -d -p tcp -m multiport --dports 25, 110, 995, 143, 993, 80, 443 -j ACCEPT
    /usr/sbin/iptables -t nat  -I PREROUTING 1 -p all -d A.B.C.10  -j DNAT --to
    /usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s -j SNAT --to A.B.C.10
    This (A.B.C.10) is the IP for my mailserver with the rev.DNS entry.
    3) For more servers, I would add similar entrys like:
    /usr/sbin/ip addr add A.B.C.11/29 dev vlan1
    /usr/sbin/iptables -I FORWARD -d -j ACCEPT
    /usr/sbin/iptables -t nat  -I PREROUTING 1 -p all -d A.B.C.11  -j DNAT --to
    /usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s -j SNAT --to A.B.C.11
    Wheras here, as I read on the net, all port should be forwarded to the specific internal IP.

    My current solution works, my mailservers public IP is translated correctly to and from the internal IP, BUT all ports are forwarded to this machine. In the description I read before the --dport option was mentioned to configure the ports, but this doesn't work here.

    I would be very happy if someone could help me with this!

    Greetings, Jello
  JelloB

    JelloB

    Hallo again!

    I'm still hopeful for help regarding this setup. Everything else I tried meanwhile was less successful than my solution mentioned above, where all ports are forwarded.

    How can I have one or more seperate IP addresses for servers, besides the one main address defined in basic setup and still have only specific ports forwareded to the servers?

    Thank you and happy christmas!

