WRT54G: IP NATting and forwarding at the same time.

Discussion in 'Networking Issues' started by reb00tz, Jan 11, 2005.

  1. reb00tz

    reb00tz Network Guru Member

    Hi all,

    Just a quick question on my new WRT54G v2.2 w/HyperWRT (thanks, Avenger20!) v2.0b4...

    I've put the box into gateway mode, meaning it NATs all connections coming in from br0, and I've placed an extra route using the web interface to enable communication with 2 other public IPs on br0.

    Therefore, traffic bound for the 2 (fixed) public IPs will be sent correctly to br0 from WAN (due to the route). But traffic OUT onto the WAN from the 2 fixed public IPs gets NATted no matter what.

    I need some help in getting the correct setup to simply forward any packets from the 2 fixed IPs w/o NATting them first, while still NATting any other packets bound for the WAN from br0.


    P.S. I'm totally clueless with ipchains, and I can't seem to find any "nat" chain in the WRT54G... So, where/when does the NATting happen?
  2. reb00tz

    reb00tz Network Guru Member

    I think I'm going to answer my own question... :roll:

    Hopefully this works...

    I'd just insert a rule before the NAT tables to simply ACCEPT packets from the two public IPs and pass them onward:

    iptables -t nat -I PREROUTING -i br0 -s -j ACCEPT

    Will go try tonight. I'll post back the results...

    Anyone willing to give some pointers in the meantime before I muck up my router? :cry:
  3. reb00tz

    reb00tz Network Guru Member

    OK. I just answered my question...

    Added two rules:

    iptables -t nat -I PREROUTING -i ppp+ -d -j ACCEPT
    iptables -t nat -I POSTROUTING -o ppp+ -s -j ACCEPT

    With this added route through the web interface:

    Subnet: Gateway: N/A Interface: br0

    Of course, I'll have to add a permanent route on my two PCs with the fixed IPs.

    route add -p MASK

    So now, my WRT54G is working wonderfully, NATting for everyone else except the 2 fixed IPs.

    Hope this helps others as well.
  4. reb00tz

    reb00tz Network Guru Member


    It appears that initially, the setup on the laptop(s) worked... Then, on next reboot/resume, the whole thing ground to a halt...

    I discovered it was purely because of the permanent fixed route (route add)... Once I deleted that fixed route, it all went fine.

    Although from what I know of (wired) networking, this shouldn't work, it just does. Tested with multiple reboots and hibernate/resumes...

    It seems that once the wireless connection is first established, the IP stack on WinXP SP2 (which is used on both laptops) already knows about my WRT54G HyperWRT IP address, and so does not need any forwarding rules, even though the address of the WRT54G is not even on the same subnet!

    If anyone has any thoughts/explainations, please feel free to drop me a note, because from all my experiences in wired networks, this kind of defies the laws of standard routing -- it appears to be more of a RIP situation.

    P.S. In all the above posts, the is a phoney address (or, to be precise, a subnet). It is meant to represent my (four) public IP addresses. And the address is also phoney, meant to represent my class C (private) IP address of my WRT54G on the LAN interface (a.k.a. br0).

    P.P.S. Just in case you're reading this and you're REALLY lost: I am using the WRT54G to establish my ADSL PPPoE connection, with my ADSL modem/router placed in full-bridged mode -- hence the "ppp+" interface arguments in the iptables commands above.

    Hope this helps someone... If it does, please do say so... Otherwise, I wouldn't bother updating my own thread! :roll:

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice