Posted: Tue Jun 26, 2012 23:06 Post subject: Re: NAT Loopback fix for 15760 and higher, (Port forward iss
Irrational86 wrote:
Working perfectly on a Netgear WNDR3700v1 running DD-WRT v24-sp2 (06/14/11) std - build 17201
Darn, I have exactly the same build on the same router (albeit v2). I know the port forwarding works because my friend can get in. But even after adding the 4 line script it does NOT work for me from within my firewall. I rebooted the router from the admin screen after I added the script - that's all that's needed, right?
Addition: Problem solved. There is another router inthe network between the main router and my PC, and even though it is set up as a switch and is not routing it seems that some settings still interfered. I turned off endpoint filtering and SPI on that device and now everything seems to work as intended. I'd have to test that with these settings and without the script on the main router it won't work to see whether I had a problem there in the first place - for now I am just happy it works! _________________ Best regards,
Rich
=============================
Rich Kleinhenz
www.beautifulhandmadepens.com
=============================
Last edited by scubaman on Thu Jun 28, 2012 13:54; edited 1 time in total
This may have already been asked, but I'm running 3 routers in my config, An E4200 V1 as the main one, a E2500 as a Wireless Access Point, and a WRT54GS V7.2 as a repeater bridge. All are obviously on the same subnet, and all computers can see each other.
Question is, do I need to run this script on all three of the routers? I have it running on the main one, and it worked before, but after flashing a newer firmware on the E2500, I seem to be having problems. I wonder if since the same SSID is used on the E4200 and the E2500 (for roaming) that if I'm connected to the E2500 (which doesn't run the script) the loopback isn't taking effect.
Posted: Fri Jul 13, 2012 18:12 Post subject: Re: NAT Loopback fix for 15760 and higher, (Port forward iss
Irrational86 wrote:
phuzi0n wrote:
I spent some time thinking about the best way to fix loopback. Despite some bad documentation throwing me off before, I found that it's possible to mark traffic destined to the WAN IP and then only masquerade the marked traffic. This should allow loopback to work for all local interfaces without causing problems when ebtables is loaded.
Save the following commands to the Firewall Script on the Administration->Commands page to fix loopback.
insmod ipt_mark
insmod xt_mark
iptables -t mangle -A PREROUTING -i ! `get_wanface` -d `nvram get wan_ipaddr` -j MARK --set-mark 0xd001
iptables -t nat -A POSTROUTING -m mark --mark 0xd001 -j MASQUERADE
The one known caveat is that badly written QoS scripts will prevent it from working but that's a problem with the scripts that needs to be fixed...
Posted: Fri Sep 07, 2012 6:13 Post subject: Bad argument `2'
I've tried to follow the trac issue and some of the numerous long threads related to this issue. The iptables code is gobbledygook to me. I'm just a normal human being who thought dd-wrt would be better than my router's built-in firmware. I didn't expect to spend hours tracking down an esoteric bug that seems to affect just about everybody.
From the trac issue, I tried:
Code:
insmod ipt_mark
insmod xt_mark
iptables -t mangle -A PREROUTING -i ! `get_wanface` -d `nvram get wan_ipaddr` -j MARK --set-mark 0xd001
iptables -t nat -A POSTROUTING -m mark --mark 0xd001 -j MASQUERADE
The router replied:
Code:
Bad argument `2'
I'm using DD-WRT v24-sp2 (06/08/12) std (SVN revision 19342)
I tried this longer command, rather than the one-liner, because the trac issue implies that it should not have side-effects. Now I don't even know if any of the commands succeeded. This is pretty tough for a dd-wrt newbie.