NAT Loopback Static Routes Syntax Question

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
jalanmac
DD-WRT Novice


Joined: 20 Sep 2006
Posts: 38

PostPosted: Mon Aug 20, 2012 19:33    Post subject: NAT Loopback Static Routes Syntax Question Reply with quote
I have a question about the syntax for adding static routes to firmware more recent than 15760. I was configuring an E2500 for a business to replace their WRT-54GTM that had been working well for at least a year using 14853. I successfully flashed the E2500 with 19342 (using a 30-303-30) and configured it with the same GUI configuration as the old WRT had. Unfortunately the two static routes that were required to pull pictures and data from a separate location into an internal sales tool didn't work - all the rest of the router seemed to be working fine. I backed the E2500 down to 18777 (another 30-30-30) and tried again to reconfigure and had no luck. While troubleshooting I remembered the NAT loopback discussion and so I added Phuzi0n's script to solve the NAT loopback issue

Quote:
I spent some time thinking about the best way to fix loopback. Despite some bad documentation throwing me off before, I found that it's possible to mark traffic destined to the WAN IP and then only masquerade the marked traffic. This should allow loopback to work for all local interfaces without causing problems when ebtables is loaded.

Save the following commands to the Firewall Script on the Administration->Commands page to fix loopback.

insmod ipt_mark
insmod xt_mark
iptables -t mangle -A PREROUTING -i ! `get_wanface` -d `nvram get wan_ipaddr` -j MARK --set-mark 0xd001
iptables -t nat -A POSTROUTING -m mark --mark 0xd001 -j MASQUERADE


Bus suspect that I wasn't able to properly configure the final two statements needed:

Quote:
If you have a block of static IP's using 1:1 NAT then you also need to add another iptables rule to cover your IP block. Edit the bolded netblock to be your static IP block.

iptables -t mangle -A PREROUTING -i ! `get_wanface` -d 1.1.1.0/24 -j MARK --set-mark 0xd001


The static routes I need to insert are 10.128.0.0 - 255.240.0.0 to the gateway and 42.0.0.0 - 255.0.0.0 to the gateway.

I tried several different commands but was unable to get them to work properly - any help in this situation would be greatly appreciated.

Thanks
Sponsor
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Tue Aug 21, 2012 0:32    Post subject: Reply with quote
You shouldn't need loopback unless you're trying to access those networks via port forwards from the router's WAN IP to those networks. Even then you should only need the first group of iptables rules, the 2nd set is if you have multiple IP's assigned to the WAN interface.

You could check the output of these commands via telnet/ssh (not the gui!!!) and see if anything is different between the old router's config and the new router's config.

route -n
iptables -vnL FORWARD
iptables -t nat -vnL POSTROUTING


A more detailed rundown of how exactly everything is connected would help.

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum