Posted: Thu May 31, 2012 15:11 Post subject: HELP - Netgear WNDR4000 - Double NAT / Port Forward
First let me say I am new to ddwrt - and excellent work. I have used tomato for many years and have decided to give ddwrt a try on my new router purchase.
My Environment
A Netgear WNDR4000 running ddwrt big (dd-wrt.v24-18946_NEWD-2_K2.6_big-nv64k.bin). I have installed optware using the instructions at
http://www.dd-wrt.com/wiki/index.php/Optware,_the_Right_Way I have a double Nat setup - My WAN IP starts with 172.* - This cannot be changed - no point in wasting space with the why, no DMZ option either. I do have a public static IP but my ddwrt router cannot see it.
My Issue
This has not been an issue with other setups (tomato) so I know it can be done successfully, however currently no external requests can get to my internal servers. Internal requests work just fine so I know the servers are up, etc. dmesg shows a [DROP INVALID WAN] over and over, I'm not at home right now or I'd post it. The port forwards in iptables are present (nothing special atm - just 22, 80, and 443). It appears that ddwrt marks any request appearing to be from a private network arriving on the WAN port as INVALID and then drops it..... I desperately need to disable this feature. A cool checkbox in the web interface would be nice but I have no qualms about ssh'ing in.
I *need* this to work (part of my income) or i have to abandon ddwrt, currently my old tomato router is doing the grunt work but that needs to be replaced for other unrelated reasons. I will list iptables (iptables -nvL) later this evening but I thought I'd get this post out there in case anyone knows this off the top of their head and just hasnt had an opportunity to post it in the forums - any insight or ideas are very welcome. Thanks in advance
Last edited by lifeisgoodenjoy on Fri Jun 01, 2012 13:31; edited 1 time in total
as promised above, i have attached the output of iptables. Any ideas? Has double NAT'd gateway been neutered from ddwrt?
I'm guessing it would just be extra rules added to the iptables but i dont know enough about iptables. I'd be happy to donate to something/someone if it resolves this quickly...