[RESOLVED] NAT with multi LANs subnet

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
Rapetou
DD-WRT Novice


Joined: 17 Dec 2007
Posts: 46

PostPosted: Tue Feb 28, 2012 6:02    Post subject: [RESOLVED] NAT with multi LANs subnet Reply with quote
Hello all,

Has you can see in my profile, I do not POST really often in this forum... I usually review and read on different topics and usually find what I need but tonight it's a bit different. I've spent several hours and read several post related to NAT configuration and others but nothing sounds like the issue I'm having...

I'm actually using DD-WRT v24 SP2 build 17798 (Special version from DD-WRT for Buffalo Tech) with a Buffalo WZR-HP-G300NH router.

My config is quiet simple. The Buffalo is configured as a Gateway with direct connection to ISP cable modem (DHCP). On the LAN side I use three differents subnets. The configuration is as follow:

Buffalo Main IP: 192.168.100.1/24
Static route : 192.168.92.0/24 GW: 192.162.100.2
Static route : 192.168.10.0/24 GW: 192.168.100.2

The second router (192.168.100.2) is a L3 switch using VLANs (No NAT activated)(OmniSwitch 6850-P24)

Unfortunately, the WEB access works only for the main subnet. I can't reach the web from the "92" & "10" subnets. I made some test and research and finally discovered that the issue comes from the "NATING"... But now I'm out of resource and rely on you guys to find the solution... Embarassed

Here is the extract from the router related to NAT:

Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere modemcablexxx.xxx.xxx.xxxmc.videotron.ca tcp dpt:81 to:192.168.100.1:443
DNAT icmp -- anywhere modemcablexxx.xxx.xxx.xxx.mc.videotron.ca to:192.168.100.1
TRIGGER 0 -- anywhere modemcablexxx.xxx.xxx.xxx.mc.videotron.ca TRIGGER type:dnat match:0 relate:0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT 0 -- 192.168.100.0/24 anywhere to:xxx.xxx.xxx.xxx
RETURN 0 -- anywhere anywhere PKTTYPE = broadcast

(WAN IP removed from config) Apparently, the SNAT doesn't include the 192.168.92.0 & 192.168.10.0 subnets and this seams to be the source of my issues... Now, how can I add them to activate the NATing on these?

Let me know if you would need more details...

Thanks in advance for your support... Rolling Eyes

Rapetou


Last edited by Rapetou on Sat Mar 10, 2012 14:20; edited 1 time in total
Sponsor
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17619
Location: Hesse/Germany

PostPosted: Tue Feb 28, 2012 12:16    Post subject: Reply with quote
no need for iptables. where are your static routes?
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
Rapetou
DD-WRT Novice


Joined: 17 Dec 2007
Posts: 46

PostPosted: Tue Feb 28, 2012 13:07    Post subject: Reply with quote
They are created in the Setup -> Advanced Routing section.
Rapetou
DD-WRT Novice


Joined: 17 Dec 2007
Posts: 46

PostPosted: Tue Feb 28, 2012 22:42    Post subject: Reply with quote
on the main gateway side:

192.168.92.0/24 192.168.100.2
192.168.10.0/24 192.168.100.2
Default GW 0.0.0.0/0 Public gateway (Dynamic)

On the second LAN router (192.168.100.2)

VLAN 12 192.168.92.0/24 192.168.92.1
VLAN 11 192.168.10.0/24 192.168.10.1
VLAN 1 192.168.100.0/24 192.168.100.1
Default gateway 0.0.0.0/0 192.168.100.1
Rapetou
DD-WRT Novice


Joined: 17 Dec 2007
Posts: 46

PostPosted: Wed Feb 29, 2012 19:34    Post subject: Reply with quote
Guys,

Is this something impossible to accomplish with DD-WRT software?

I still wait for some insights.

Let me know... Many thanks in advance!!!
Rapetou
DD-WRT Novice


Joined: 17 Dec 2007
Posts: 46

PostPosted: Fri Mar 02, 2012 4:13    Post subject: Reply with quote
I can't believe I'm the only one having this issue....
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Sat Mar 03, 2012 0:02    Post subject: Reply with quote
Yes this is a VERY annoying change in recent builds. DD-WRT used to NAT all traffic going out the WAN port but now it only NAT's for the LAN subnet. Add this to your firewall script on the admin->commands page to use the old functionality.

iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Rapetou
DD-WRT Novice


Joined: 17 Dec 2007
Posts: 46

PostPosted: Sat Mar 03, 2012 13:54    Post subject: Reply with quote
It works!!!!

Thank you so much phuzi0n!!!

That's bad that DD-WRT developers have removed it without advice....

They should had add it as an option in the GUI....

Thanks Again!!!!

Rapetou
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum