NAT Loopback (port forwarding) fix for builds 15760-19969

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3 ... 6, 7, 8, 9, 10, 11  Next
Author Message
bmupton
DD-WRT User


Joined: 16 Mar 2011
Posts: 111
Location: Saskatoon, SK, Canada

PostPosted: Tue Apr 17, 2012 22:54    Post subject: Reply with quote
TX CS Aggie wrote:
Forgive the stupidity but, how do I test to see if the NAT Loopback is fixed?


Try accessing a local service using your public IP:port (Make sure the port is forwarded)
Sponsor
rizla7
DD-WRT User


Joined: 11 May 2012
Posts: 224

PostPosted: Mon May 14, 2012 16:36    Post subject: gateway mode Reply with quote
there is something just wrong about gateway mode. it should loop back all private address ranges. i've seen it send packets destined to reserved ranges through the WAN, that are not on the router's subnet (ie: another subnet on your network)..

this is just wrong...
streppuiu
DD-WRT Novice


Joined: 26 May 2012
Posts: 5

PostPosted: Sun May 27, 2012 6:57    Post subject: Reply with quote
The 4 line script fixed this problem on my linksys e3200 running v.18946 big.
Unknown_Guy
DD-WRT Novice


Joined: 30 Mar 2009
Posts: 2

PostPosted: Sun Jun 10, 2012 10:36    Post subject: Reply with quote
DIR-300 build 19342

Only the one-liner worked
Mage
DD-WRT Novice


Joined: 20 May 2011
Posts: 4

PostPosted: Tue Jun 12, 2012 22:34    Post subject: Reply with quote
Unknown_Guy wrote:
DIR-300 build 19342

Only the one-liner worked


Neither the 4 liner nor the 1 liner works for me on e4200 since March. I just tried the latest June 8 build.

This was my last attempt. I think tis is ridiculous. Goodbye, DD-WRT. Time to flash back the stock firmware.
PatchDog
DD-WRT Novice


Joined: 15 Oct 2007
Posts: 16
Location: Houston

PostPosted: Sun Jun 24, 2012 18:02    Post subject: Reply with quote
Quote:
insmod ipt_mark
insmod xt_mark
iptables -t mangle -A PREROUTING -i ! `get_wanface` -d `nvram get wan_ipaddr` -j MARK --set-mark 0xd001
iptables -t nat -A POSTROUTING -m mark --mark 0xd001 -j MASQUERADE


This worked for me on Asus RT-N16 w/ mega - build 18024

It did either break the PPTP connection or routing to a remote DD-WRT router.

Any ideas?

_________________
Thanks,
Patchdog
scubaman
DD-WRT Novice


Joined: 02 Jan 2012
Posts: 4

PostPosted: Tue Jun 26, 2012 23:06    Post subject: Re: NAT Loopback fix for 15760 and higher, (Port forward iss Reply with quote
Irrational86 wrote:
Working perfectly on a Netgear WNDR3700v1 running DD-WRT v24-sp2 (06/14/11) std - build 17201


Darn, I have exactly the same build on the same router (albeit v2). I know the port forwarding works because my friend can get in. But even after adding the 4 line script it does NOT work for me from within my firewall. I rebooted the router from the admin screen after I added the script - that's all that's needed, right?

Addition: Problem solved. There is another router inthe network between the main router and my PC, and even though it is set up as a switch and is not routing it seems that some settings still interfered. I turned off endpoint filtering and SPI on that device and now everything seems to work as intended. I'd have to test that with these settings and without the script on the main router it won't work to see whether I had a problem there in the first place - for now I am just happy it works!

_________________
Best regards,
Rich
=============================
Rich Kleinhenz
www.beautifulhandmadepens.com
=============================


Last edited by scubaman on Thu Jun 28, 2012 13:54; edited 1 time in total
euphos
DD-WRT Novice


Joined: 18 Jan 2012
Posts: 19
Location: WI

PostPosted: Thu Jun 28, 2012 12:54    Post subject: Reply with quote
This may have already been asked, but I'm running 3 routers in my config, An E4200 V1 as the main one, a E2500 as a Wireless Access Point, and a WRT54GS V7.2 as a repeater bridge. All are obviously on the same subnet, and all computers can see each other.

Question is, do I need to run this script on all three of the routers? I have it running on the main one, and it worked before, but after flashing a newer firmware on the E2500, I seem to be having problems. I wonder if since the same SSID is used on the E4200 and the E2500 (for roaming) that if I'm connected to the E2500 (which doesn't run the script) the loopback isn't taking effect.
onix
DD-WRT User


Joined: 22 Oct 2006
Posts: 170

PostPosted: Sun Jul 01, 2012 2:32    Post subject: Testing loopback Reply with quote
bmupton wrote:
TX CS Aggie wrote:
Forgive the stupidity but, how do I test to see if the NAT Loopback is fixed?


Try accessing a local service using your public IP:port (Make sure the port is forwarded)


Test Loopback: http://www.dd-wrt.com/wiki/index.php/Port_Forwarding_Troubleshooting#Test_Loopback

_________________
WRT54GL v1.1 - DD-WRT v24-sp2 (04/07/12) vpn-small (SVN revision 18946M NEWD Eko)
WZR-HP-AG300H - DD-WRT v24-sp2 (04/18/14) std (SVN revision 23919)
Daave311
DD-WRT Novice


Joined: 30 Mar 2012
Posts: 3

PostPosted: Fri Jul 13, 2012 18:12    Post subject: Re: NAT Loopback fix for 15760 and higher, (Port forward iss Reply with quote
Irrational86 wrote:
phuzi0n wrote:
I spent some time thinking about the best way to fix loopback. Despite some bad documentation throwing me off before, I found that it's possible to mark traffic destined to the WAN IP and then only masquerade the marked traffic. This should allow loopback to work for all local interfaces without causing problems when ebtables is loaded.

Save the following commands to the Firewall Script on the Administration->Commands page to fix loopback.

insmod ipt_mark
insmod xt_mark
iptables -t mangle -A PREROUTING -i ! `get_wanface` -d `nvram get wan_ipaddr` -j MARK --set-mark 0xd001
iptables -t nat -A POSTROUTING -m mark --mark 0xd001 -j MASQUERADE

The one known caveat is that badly written QoS scripts will prevent it from working but that's a problem with the scripts that needs to be fixed...

Other ways to fix the loopback problem can be found in this bug ticket:
http://svn.dd-wrt.com:8000/ticket/1868


Working perfectly on a Netgear WNDR3700v1 running DD-WRT v24-sp2 (06/14/11) std - build 17201

Thanks phuzi0n!


That also did the trick for me...WNDR3700v2 Build 18777 v24-SP2(03/19/12)

Thanks guys!
B73C
DD-WRT Novice


Joined: 17 Jul 2012
Posts: 1

PostPosted: Tue Jul 17, 2012 4:36    Post subject: Worked Reply with quote
I too am running DD-WRT v24-sp2 (03/19/12) mini - build 18777 on my new E4200 that I purchased about a week ago.

I put the 4-line code in my firewall commands and it's worked a treat.

Thanks a bunch. I was worried that I'd have to go back to stock...
packrat73
DD-WRT Novice


Joined: 14 Jan 2011
Posts: 3

PostPosted: Sat Jul 21, 2012 13:59    Post subject: Reply with quote
Also having a problem using wnr2000 netgear. Using

Firmware: DD-WRT v24-sp2 (12/08/11) mini build 17990M
Tried both firewall scripts and neither worked. Anything else we can try?

Thanks.
tavus
DD-WRT Novice


Joined: 24 Aug 2012
Posts: 11

PostPosted: Fri Aug 24, 2012 20:06    Post subject: Reply with quote
packrat73 wrote:
Also having a problem using wnr2000 netgear. Using

Firmware: DD-WRT v24-sp2 (12/08/11) mini build 17990M
Tried both firewall scripts and neither worked. Anything else we can try?

Thanks.


Same here none worked same build different router tho.

Is this fix present on any stable build for Netgear WNDR3400 N600 V1?
tavus
DD-WRT Novice


Joined: 24 Aug 2012
Posts: 11

PostPosted: Sat Aug 25, 2012 4:33    Post subject: Reply with quote
davidstoll wrote:
This trick doesn't work for me, but like phuzi0n mentioned (and referenced by a link) in the very first first post, there are other methods.

This much more simple one worked for me:
iptables -t nat -I POSTROUTING -o br0 -s 192.168.0.0/24 -d 192.168.0.0/24 -j MASQUERADE

My network is 192.168.0.x rather than 192.168.1.x

E3000 build 15943M (v24-sp2 (12/19/10) mega)


This worked excelent for my configuration in fixing the loopback issue.

Netgear WNDR3400 N600 V1 build 18946 big-nv64k

THANKS! Very Happy
Dave Cohen
DD-WRT Novice


Joined: 07 Sep 2012
Posts: 3

PostPosted: Fri Sep 07, 2012 6:13    Post subject: Bad argument `2' Reply with quote
I've tried to follow the trac issue and some of the numerous long threads related to this issue. The iptables code is gobbledygook to me. I'm just a normal human being who thought dd-wrt would be better than my router's built-in firmware. I didn't expect to spend hours tracking down an esoteric bug that seems to affect just about everybody.

From the trac issue, I tried:

Code:

insmod ipt_mark
insmod xt_mark

iptables -t mangle -A PREROUTING -i ! `get_wanface` -d `nvram get wan_ipaddr` -j MARK --set-mark 0xd001
iptables -t nat -A POSTROUTING -m mark --mark 0xd001 -j MASQUERADE


The router replied:

Code:
Bad argument `2'


I'm using DD-WRT v24-sp2 (06/08/12) std (SVN revision 19342)

I tried this longer command, rather than the one-liner, because the trac issue implies that it should not have side-effects. Now I don't even know if any of the commands succeeded. This is pretty tough for a dd-wrt newbie.

[/code]
Goto page Previous  1, 2, 3 ... 6, 7, 8, 9, 10, 11  Next Display posts from previous:    Page 7 of 11
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum