VLANs and FW settings, can't internet addresses or nslookup

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
View previous topic :: View next topic  
Author Message
nemzter
DD-WRT Novice


Joined: 04 Sep 2014
Posts: 12
PostPosted: Fri Sep 12, 2014 16:30    Post subject: VLANs and FW settings, can't internet addresses or nslookup Reply with quote
I have vlans and routing working locally on my router/network

But for some odd reason, I can't ping out from vlan6 hosts to the internet

I can ping internally fine and reach my networks fine internally though.

nslookups from vlan6 to my router's main dns server are not working either.

Thanks for looking!

# DDWRT version

DD-WRT v24-sp2 (06/07/14) vpnkong - build 22000M

# FW settings that were added

iptables -I INPUT -i vlan6 -j ACCEPT
iptables -I FORWARD -i vlan6 -o br0 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan6 -o vlan+ -m state --state NEW -j ACCEPT
Back to top View user's profile Send private message
Sponsor
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6870
Location: Romerike, Norway
PostPosted: Sat Sep 13, 2014 7:45    Post subject: Reply with quote
NAT is probably not enabled on VLAN6.

iptables -t nat -A POSTROUTING -i vlan6 -j MASQUERADE
Back to top View user's profile Send private message
nemzter
DD-WRT Novice


Joined: 04 Sep 2014
Posts: 12
PostPosted: Mon Sep 15, 2014 16:18    Post subject: Reply with quote
Per Yngve Berg wrote:
NAT is probably not enabled on VLAN6.

iptables -t nat -A POSTROUTING -i vlan6 -j MASQUERADE


Tried this, but it doesn't work ...

What's odd is that I can ping my local DNS server (192.168.1.1), but can't do any lookups either.
Back to top View user's profile Send private message
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6870
Location: Romerike, Norway
PostPosted: Mon Sep 15, 2014 18:01    Post subject: Reply with quote
192.168.0 is that what you use on vlan6?
What net do you use on vlan1?
Back to top View user's profile Send private message
HalfBit
DD-WRT Guru


Joined: 04 Sep 2009
Posts: 776
Location: AR, USA
PostPosted: Mon Sep 15, 2014 18:14    Post subject: Reply with quote
Can you run "nslookup google.com 192.168.1.1" or "nslookup google.com 208.67.222.222" (specifying the server)?
_________________
R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x
https://pi-hole.net/
https://github.com/DNSCrypt/dnscrypt-proxy
Back to top View user's profile Send private message
nemzter
DD-WRT Novice


Joined: 04 Sep 2014
Posts: 12
PostPosted: Mon Sep 15, 2014 21:07    Post subject: Reply with quote
Per Yngve Berg wrote:
192.168.0 is that what you use on vlan6?
What net do you use on vlan1?


192.168.6.x vlan6
192.168.1.x vlan1 public
Back to top View user's profile Send private message
nemzter
DD-WRT Novice


Joined: 04 Sep 2014
Posts: 12
PostPosted: Mon Sep 15, 2014 21:09    Post subject: Reply with quote
HalfBit wrote:
Can you run "nslookup google.com 192.168.1.1" or "nslookup google.com 208.67.222.222" (specifying the server)?


nslookups hang, but what's odd is that I can ping/ssh to my default gw fine (192.168.1.1)
Back to top View user's profile Send private message
HalfBit
DD-WRT Guru


Joined: 04 Sep 2009
Posts: 776
Location: AR, USA
PostPosted: Mon Sep 15, 2014 21:50    Post subject: Reply with quote
I'm trying to remember how I did it recently.

Maybe I did the following:
1) nslookup then hit enter
2) server 208.67.222.222 then hit enter (this server is OpenDNS.com)
3) google.com then hit enter

I think I was able to get it to run on my Windows 7 laptop following these steps.
_________________
R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x
https://pi-hole.net/
https://github.com/DNSCrypt/dnscrypt-proxy
Back to top View user's profile Send private message
nemzter
DD-WRT Novice


Joined: 04 Sep 2014
Posts: 12
PostPosted: Mon Sep 15, 2014 22:18    Post subject: Reply with quote
HalfBit wrote:
I'm trying to remember how I did it recently.

Maybe I did the following:
1) nslookup then hit enter
2) server 208.67.222.222 then hit enter (this server is OpenDNS.com)
3) google.com then hit enter

I think I was able to get it to run on my Windows 7 laptop following these steps.


Yeah that's right, nslookup fails all the time for me on vlan6
Back to top View user's profile Send private message
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6870
Location: Romerike, Norway
PostPosted: Tue Sep 16, 2014 4:45    Post subject: Reply with quote
Do stations on vlan6 have 192.168.6.1 as their gateway?
Back to top View user's profile Send private message
nemzter
DD-WRT Novice


Joined: 04 Sep 2014
Posts: 12
PostPosted: Tue Sep 16, 2014 16:19    Post subject: Reply with quote
Per Yngve Berg wrote:
Do stations on vlan6 have 192.168.6.1 as their gateway?


GW is actually 192.168.6.254 on vlan6

Pinging from 192.168.6.x hosts to 192.168.1.1 work
SSH from from 192.168.6.x hosts to 192.168.1.1 work
nslookups and internet fail
Back to top View user's profile Send private message
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6870
Location: Romerike, Norway
PostPosted: Wed Sep 17, 2014 5:19    Post subject: Reply with quote
Don't you get a lookup with 192.168.6.254 as dns server?
Back to top View user's profile Send private message
nemzter
DD-WRT Novice


Joined: 04 Sep 2014
Posts: 12
PostPosted: Wed Sep 17, 2014 19:14    Post subject: Reply with quote
Per Yngve Berg wrote:
Don't you get a lookup with 192.168.6.254 as dns server?


192.168.6.254 is just the gateway for vlan6, so nslookups would not work

192.168.1.1 is my main internal DNS server
Back to top View user's profile Send private message
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6870
Location: Romerike, Norway
PostPosted: Thu Sep 18, 2014 4:28    Post subject: Reply with quote
Can you ping the Internet from 192.168.1.1?
Back to top View user's profile Send private message
nemzter
DD-WRT Novice


Joined: 04 Sep 2014
Posts: 12
PostPosted: Fri Sep 19, 2014 17:19    Post subject: Reply with quote
Per Yngve Berg wrote:
Can you ping the Internet from 192.168.1.1?


Yes, that is my router and I can ping out fine
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum