need help with dual wan configuration on wrt610n v2

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
m00nman
DD-WRT User


Joined: 14 Jan 2009
Posts: 406
Location: AB, Canada

PostPosted: Tue Mar 30, 2010 6:58    Post subject: need help with dual wan configuration on wrt610n v2 Reply with quote
Hello everybody,

I have set-up a dual wan on my wrt610n v2 with one WAN being my cable modem, and the other WAN being:
a dd-wrt router connected in CB mode to another router wirelessly.

The problem is, when I disconnect my cable modem, I can access remote router's GUI but not the internet.

EXAMPLE.:
Cable <-/- MY WRT610 --> CB --> Remote router -/-> INTERNET

where
--> = connection
-/-> = no connection

My guess is that there is no route specified how to get to internet from WAN2 since the scripts I'm using were written for direct WAN2 connection. I'm no iptables guru so I need some help here.

I used this guide to configure dual WAN: http://roadrunnerguide.com/dualwan_610n_jffs.html

EDIT: iptables -L -t nat output:
Code:
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DNAT       udp  --  anywhere             CABLE-72-53-11-3.cia.com udp dpt:58888 to:192.168.1.122:58888
DNAT       tcp  --  anywhere             CABLE-72-53-11-3.cia.com tcp dpt:58888 to:192.168.1.122:58888
keep_state  0    --  anywhere             anywhere           
keep_state  0    --  anywhere             anywhere           
keep_state  0    --  anywhere             anywhere           
DNAT       tcp  --  anywhere             CABLE-72-53-11-3.cia.com tcp dpt:ssh to:192.168.1.1:22
DNAT       icmp --  anywhere             CABLE-72-53-11-3.cia.com to:192.168.1.1
DNAT       tcp  --  anywhere             CABLE-72-53-11-3.cia.com tcp dpt:4899 to:192.168.1.122:4899
DNAT       tcp  --  anywhere             CABLE-72-53-11-3.cia.com tcp dpt:8000 to:192.168.1.122:8000
TRIGGER    0    --  anywhere             CABLE-72-53-11-3.cia.com TRIGGER type:dnat match:0 relate:0
DNAT       tcp  --  anywhere             192.168.0.102       tcp dpt:4899 to:192.168.1.122:4899
DNAT       tcp  --  anywhere             192.168.0.102       tcp dpt:8000 to:192.168.1.122:8000
DNAT       icmp --  anywhere             192.168.0.102       to:192.168.1.1
TRIGGER    0    --  anywhere             192.168.0.102       TRIGGER type:dnat match:0 relate:0
DNAT       tcp  --  anywhere             192.168.0.102       tcp dpt:4899 to:192.168.1.122:4899
DNAT       tcp  --  anywhere             192.168.0.102       tcp dpt:8000 to:192.168.1.122:8000
DNAT       icmp --  anywhere             192.168.0.102       to:192.168.1.1
TRIGGER    0    --  anywhere             192.168.0.102       TRIGGER type:dnat match:0 relate:0
DNAT       tcp  --  anywhere             192.168.0.102       tcp dpt:4899 to:192.168.1.122:4899
DNAT       tcp  --  anywhere             192.168.0.102       tcp dpt:8000 to:192.168.1.122:8000
DNAT       icmp --  anywhere             192.168.0.102       to:192.168.1.1
TRIGGER    0    --  anywhere             192.168.0.102       TRIGGER type:dnat match:0 relate:0

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
keep_state  0    --  anywhere             anywhere           
SPOOF_ETH1  0    --  anywhere             anywhere           
SPOOF_ETH2  0    --  anywhere             anywhere           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
keep_state  0    --  anywhere             anywhere           
keep_state  0    --  anywhere             anywhere           
keep_state  0    --  anywhere             anywhere           

Chain SPOOF_ETH1 (1 references)
target     prot opt source               destination         
SNAT       0    --  anywhere             anywhere            to:72.53.11.3

Chain SPOOF_ETH2 (1 references)
target     prot opt source               destination         
SNAT       0    --  anywhere             anywhere            to:192.168.0.102

Chain keep_state (7 references)
target     prot opt source               destination         
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
RETURN     0    --  anywhere             anywhere           
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
RETURN     0    --  anywhere             anywhere           
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
RETURN     0    --  anywhere             anywhere           

_________________

Nethear R6300 v2 - Latest Kong dd-wrt always
Linksys E3000 - Latest dd-wrt always
Asus RT-N56U - OpenWRT trunk
Sponsor
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Tue Mar 30, 2010 7:23    Post subject: Reply with quote
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=421150#421150
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
m00nman
DD-WRT User


Joined: 14 Jan 2009
Posts: 406
Location: AB, Canada

PostPosted: Tue Mar 30, 2010 10:01    Post subject: Reply with quote
How come I could access remote router through WAN2?

I'm guessing Gigabit switches will never be fully supported then.

_________________

Nethear R6300 v2 - Latest Kong dd-wrt always
Linksys E3000 - Latest dd-wrt always
Asus RT-N56U - OpenWRT trunk
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Tue Mar 30, 2010 10:25    Post subject: Reply with quote
Post the output from these commands and maybe we'll see.

ifconfig

route -n

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
m00nman
DD-WRT User


Joined: 14 Jan 2009
Posts: 406
Location: AB, Canada

PostPosted: Wed Mar 31, 2010 20:41    Post subject: Reply with quote
Code:
root@DD-WRT:~# ifconfig
br0       Link encap:Ethernet  HWaddr 00:25:9C:47:2B:C8
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:6198987 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5358804 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1812120929 (1.6 GiB)  TX bytes:3301601018 (3.0 GiB)

br0:0     Link encap:Ethernet  HWaddr 00:25:9C:47:2B:C8
          inet addr:169.254.255.1  Bcast:169.254.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1

eth0      Link encap:Ethernet  HWaddr 00:25:9C:47:2B:C8
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10758839 errors:8 dropped:0 overruns:0 frame:4
          TX packets:8040296 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1249372005 (1.1 GiB)  TX bytes:2712547007 (2.5 GiB)
          Interrupt:4 Base address:0x2000

eth1      Link encap:Ethernet  HWaddr 00:25:9C:47:2B:CA
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:204723 errors:1 dropped:0 overruns:0 frame:26325140
          TX packets:358614 errors:408 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:16185760 (15.4 MiB)  TX bytes:443633192 (423.0 MiB)
          Interrupt:3 Base address:0x1000

eth2      Link encap:Ethernet  HWaddr 00:25:9C:47:2B:CB
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7753042 errors:0 dropped:0 overruns:0 frame:76638
          TX packets:7193609 errors:937 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2678103402 (2.4 GiB)  TX bytes:649857891 (619.7 MiB)
          Interrupt:6 Base address:0x8000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
          RX packets:1509 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1509 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:146390 (142.9 KiB)  TX bytes:146390 (142.9 KiB)

vlan1     Link encap:Ethernet  HWaddr 00:25:9C:47:2B:C8
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:187875 errors:0 dropped:0 overruns:0 frame:0
          TX packets:335343 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:10143388 (9.6 MiB)  TX bytes:302983276 (288.9 MiB)

vlan2     Link encap:Ethernet  HWaddr 00:25:9C:47:2B:C9
          inet addr:72.53.11.3  Bcast:72.53.11.127  Mask:255.255.255.128
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10547047 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7698050 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1042026392 (993.7 MiB)  TX bytes:2407277349 (2.2 GiB)

vlan3     Link encap:Ethernet  HWaddr 00:25:9C:47:2B:C8
          inet addr:192.168.0.102  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:23892 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6898 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3534355 (3.3 MiB)  TX bytes:2284762 (2.1 MiB)




Code:

root@DD-WRT:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
72.53.11.0      0.0.0.0         255.255.255.128 U     0      0        0 vlan2
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 vlan3
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 br0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         72.53.11.1      0.0.0.0         UG    0      0        0 vlan2

_________________

Nethear R6300 v2 - Latest Kong dd-wrt always
Linksys E3000 - Latest dd-wrt always
Asus RT-N56U - OpenWRT trunk
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Thu Apr 01, 2010 0:28    Post subject: Reply with quote
Interesting, perhaps the newer gigabit switches finally have functional VLAN's (iirc 1 person reported so with a wrt320n)...

However, the files in the dual WAN kit are intended for a k2.4 and I don't think they're compatible with your k2.6 build, particularly the iptables executable that it has to add support for the random match. There may be some other stuff missing in k2.6 as well.

If you look at the ifconfig output you'll see that only a few MB has transferred on vlan3 while a few gigabytes has transferred on vlan2. If you run the command below it will likely error.

/jffs/iptables -t mangle -vnL

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
m00nman
DD-WRT User


Joined: 14 Jan 2009
Posts: 406
Location: AB, Canada

PostPosted: Thu Apr 01, 2010 4:25    Post subject: Reply with quote
Yeah, i knew that from before, that's why I did not use the iptables that came with the kit. I changed all the scripts to use iptables from /usr/sbin. That's why I got things semi-working.

Do all routes look fine to you? or i need to change something to make it work (as double nat?)

The accumulated traffic to vlan3 is traffic to remote webgui. I did browse it for a bit.

_________________

Nethear R6300 v2 - Latest Kong dd-wrt always
Linksys E3000 - Latest dd-wrt always
Asus RT-N56U - OpenWRT trunk
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Thu Apr 01, 2010 5:09    Post subject: Reply with quote
The dd-wrt iptables does not include the RANDOM matcher as I said above. You would need to get a copy of iptables that is compiled to include it and that is compatible with the exact kernel version you have.

That is only the default routing table which I wanted to see to determine if the VLAN was working. Dual WAN makes use of policy based routing with multiple routing tables for each policy.

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
tokoam
DD-WRT Novice


Joined: 18 Mar 2010
Posts: 10

PostPosted: Thu Apr 01, 2010 5:52    Post subject: Reply with quote
this would be awsome if we could figure it out as i am also intrested in dual wan for the 610
m00nman
DD-WRT User


Joined: 14 Jan 2009
Posts: 406
Location: AB, Canada

PostPosted: Thu Apr 01, 2010 7:35    Post subject: Reply with quote
If only somebody could compile iptables as phuzi0n described... I emailed author of the guide, maybe he'll be able to help. Or maybe devs can do that... Sad
_________________

Nethear R6300 v2 - Latest Kong dd-wrt always
Linksys E3000 - Latest dd-wrt always
Asus RT-N56U - OpenWRT trunk
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum