Not a port forward problem but loopback NAT doesn't work

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
kioske
DD-WRT Novice


Joined: 07 Mar 2011
Posts: 42

PostPosted: Mon Mar 07, 2011 7:32    Post subject: Not a port forward problem but loopback NAT doesn't work Reply with quote
I have a Netgear WNR834B and used to have an older build (more than a year ago, mini) and decided to upgrade to the latest (build 16214 mini). I've a dyndns account and been using it flawlessly since this update. The thing is, the loopback port forwarding seems to be broken after the update. I mean I cannot connect to my local net servers thru dyndns address (which resolves to my external IP). I haven't tried but I'm sure it would work from outside of my network.

I looked for a similar problem in the forums with no avail. Is there any way I can use my dyndns address to access my local services or should I switch back to the old build
Sponsor
frater
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 2777

PostPosted: Mon Mar 07, 2011 11:27    Post subject: Reply with quote
Put this in your rc_firewall:
Code:
LANIP=`nvram get lan_ipaddr`
set ${LANIP//./ }
iptables -t nat -A POSTROUTING -s $1.$2.$3.0/24 -d $1.$2.$3.0/24 -o br0 -j MASQUERADE


You can also hardcode it if you know the network range of your LAN.

Code:
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 192.168.1.0/24 -o br0 -j MASQUERADE

_________________
Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge

DD-WRT v24-sp2 vpn (c) 2010 NewMedia-NET GmbH
Release: 12/16/10 (SVN revision: 15758M)
kt_haddock
DD-WRT Guru


Joined: 25 Dec 2009
Posts: 710

PostPosted: Mon Mar 07, 2011 12:43    Post subject: Reply with quote
Can't you do like this:

Code:
LANIP=`nvram get lan_ipaddr`/`nvram get lan_netmask`
set ${LANIP//./ }
iptables -t nat -I POSTROUTING -o br0 -s $1.$2.$3.0 -d $1.$2.$3.0 -j MASQUERADE

OR
Code:
LAN=`nvram get lan_ipaddr`/`nvram get lan_netmask`
iptables -t nat -I POSTROUTING -o br0 -s $LAN -d $LAN -j MASQUERADE

_________________
[I prefer answere in whole sentence]
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Mon Mar 07, 2011 16:04    Post subject: Reply with quote
frater wrote:
Put this in your rc_firewall:
Code:
LANIP=`nvram get lan_ipaddr`
set ${LANIP//./ }
iptables -t nat -A POSTROUTING -s $1.$2.$3.0/24 -d $1.$2.$3.0/24 -o br0 -j MASQUERADE


You can also hardcode it if you know the network range of your LAN.

Code:
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 192.168.1.0/24 -o br0 -j MASQUERADE

You're over-complicating it a bit. Iptables will calculate the network address using the supplied IP/netmask without you having to do any extra work.

kt_haddock wrote:
Can't you do like this:

Code:
LANIP=`nvram get lan_ipaddr`/`nvram get lan_netmask`
set ${LANIP//./ }
iptables -t nat -I POSTROUTING -o br0 -s $1.$2.$3.0 -d $1.$2.$3.0 -j MASQUERADE

OR
Code:
LAN=`nvram get lan_ipaddr`/`nvram get lan_netmask`
iptables -t nat -I POSTROUTING -o br0 -s $LAN -d $LAN -j MASQUERADE

Not the first one but yes to the second one.

Please just see the bug ticket for all the info you need.
http://svn.dd-wrt.com:8000/ticket/1868

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
frater
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 2777

PostPosted: Mon Mar 07, 2011 16:18    Post subject: Reply with quote
Yes you can...

I just tested it.
It's syntactically incorrect (the LAN-address is not a network address), but this gets corrected by the tool iptables.

Yours is actually better as it also works with a different subnetmask.
Code:
LAN=`nvram get lan_ipaddr`/`nvram get lan_netmask`
iptables -t nat -I POSTROUTING -o br0 -s $LAN -d $LAN -j MASQUERADE


The other example with 'set ${LANIP//./ }' is incorrect.

_________________
Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge

DD-WRT v24-sp2 vpn (c) 2010 NewMedia-NET GmbH
Release: 12/16/10 (SVN revision: 15758M)
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum