Tag NAT traffic?

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
View previous topic :: View next topic  
Author Message
fractal5
DD-WRT Novice


Joined: 11 Jan 2014
Posts: 23
PostPosted: Sun Aug 28, 2016 16:55    Post subject: Tag NAT traffic? Reply with quote
I need to tag port forwarded traffic. Is this possible to do at all?

The simplified version of my setup is as follows:

One TPLINK TL-WDR3600 running dd-wrt which forwards port 80 into my LAN to IP 10.0.0.4.

I want this port forwarded traffic to IP 10.0.0.4 be tagged with VLAN ID 42 (doesn't have to be 42, I'm using 42 as an example).

Note that there is only one physical LAN port involved on the dd-wrt router, everything is going over one cable to another switch on the network. This separate switch has multiple hosts, most of which will send untagged traffic. Only the traffic going between 10.0.0.4 and the dd-wrt device should be tagged.

It would probably have been simpler if I could use a separate port to do the tagging on, e.g. using port 1 for untagged and port 2 for tagged. But I have just one physical cable and I'm using just one physical port. Some traffic should be tagged, some traffic should not be tagged, based on the port forwarding.

Anything related to WLAN can be ignored completely.

How is this done in dd-wrt? Can it be done?

My approach so far has been to create a VLAN and get a specific interface for this VLAN, and then simply make iptables forward traffic to this interface, which should then get tagged automatically.

To do this I've tried to create a VLAN br0.42 and then do:

Code:

ifconfig br0.42 up 10.0.0.2


I verify that I can reach 10.0.0.2 from my test machine on the LAN, so the br0.42 interface is up and responding.

Code:

iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to 10.0.0.4:80
iptables -I FORWARD -p tcp -d 10.0.0.4 --dport 80 -j ACCEPT -o br0.42


-o should make it direct packets to the specified interface, in this case my tagged br0.42.

However, this doesn't do anything. If I omit -o, then everything gets sent from 10.0.0.1, and it doesn't get tagged.

I've looked at among others https://www.dd-wrt.com/wiki/index.php/Switched_Ports and various guides, but no guide specifies how to do this, and it is hard to apply other guides that deal with VLAN in other ways.

If anyone with a little knowledge or experience with VLAN's could chime in and give me a suggestion I'd be grateful. Thanks.
Back to top View user's profile Send private message
Sponsor
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum