NAT Loopback (port forwarding) fix for builds 15760-19969

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3 ... 7, 8, 9, 10, 11  Next
Author Message
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Wed Sep 12, 2012 15:52    Post subject: Re: Bad argument `2' Reply with quote
Dave Cohen wrote:
The router replied:

Code:
Bad argument `2'

You're not supposed to run the commands, you're supposed to save the commands to your firewall script on the admin->commands page.

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Sponsor
Dave Cohen
DD-WRT Novice


Joined: 07 Sep 2012
Posts: 3

PostPosted: Wed Sep 12, 2012 17:18    Post subject: Reply with quote
Phuzion, I did save the 4 lines there. Later I ran them in the shell hoping to see a more verbose error, because they weren't working for me.

Currenly I'm using this line, modified for my LAN setup:

Code:
iptables -t nat -I POSTROUTING -o br0 -s 10.0.1.0/24 -d 10.0.1.0/24 -j MASQUERADE


Working for me, and I'm pretty happy with the dd-wrt. Thanks.
barryware
DD-WRT Guru


Joined: 26 Jan 2008
Posts: 13049
Location: Behind The Reset Button

PostPosted: Wed Sep 12, 2012 18:42    Post subject: Reply with quote
something in trac about "fix nat_loopback":

http://svn.dd-wrt.com:8000/changeset/19896

maybe these entries will no longer be needed..

_________________
[Moderator Deleted] Shocked
buddee
DD-WRT Guru


Joined: 06 Feb 2010
Posts: 7401
Location: Little Rock

PostPosted: Thu Sep 13, 2012 13:22    Post subject: Reply with quote
barryware wrote:
something in trac about "fix nat_loopback":

http://svn.dd-wrt.com:8000/changeset/19896

maybe these entries will no longer be needed..


+1 /me crosses fingers Smile

_________________
Wireless N Config | Linking Routers | DD-WRT Wiki | DD-WRT Builds | Peacock - Broadcom FAQ

Having problems with port forwarding? Check out Port Forward Troubleshooting for more info.
Dark_Shadow
DD-WRT Guru


Joined: 31 Aug 2009
Posts: 2448
Location: Third Rock from the Sun

PostPosted: Thu Sep 13, 2012 14:17    Post subject: Reply with quote
buddee wrote:
barryware wrote:
something in trac about "fix nat_loopback":

http://svn.dd-wrt.com:8000/changeset/19896

maybe these entries will no longer be needed..


+1 /me crosses fingers Smile
yup +1 here too
_________________
Peacock Thread-FAQ -- dd-wrt Wiki

Testing Multiple Routers -- Bootloader Collection Project -- My Wiki




Joined: 01 Jan 1970
Posts:

PostPosted: Thu Sep 13, 2012 15:40    Post subject: Reply with quote
And another: http://svn.dd-wrt.com:8000/changeset/19933

Very Happy
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Thu Sep 13, 2012 17:23    Post subject: Reply with quote
barryware wrote:
something in trac about "fix nat_loopback":

http://svn.dd-wrt.com:8000/changeset/19896

maybe these entries will no longer be needed..

One can only pray that one of these patches stick. Now that someone is interested in fixing this major bug, we could be one small step closer a stable build.

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Fractal
DD-WRT Guru


Joined: 19 Apr 2010
Posts: 1243

PostPosted: Fri Sep 14, 2012 23:27    Post subject: Reply with quote
phuzi0n wrote:
barryware wrote:
something in trac about "fix nat_loopback":

http://svn.dd-wrt.com:8000/changeset/19896

maybe these entries will no longer be needed..

One can only pray that one of these patches stick. Now that someone is interested in fixing this major bug, we could be one small step closer a stable build.


I just updated my N66U, I will be putting 19946 bins on barrywares ftp within the next 20 minutes..

Enjoy,

Fractal
Denis.Didenko
DD-WRT Novice


Joined: 17 Sep 2012
Posts: 8

PostPosted: Fri Sep 21, 2012 18:51    Post subject: Reply with quote
Works for ASUS RT-N13U rev.B1
(Releases: 03-19-12-r18777 and 07-20-12-r19519)

Code:

insmod ipt_mark
insmod xt_mark
iptables -t mangle -A PREROUTING -i ! `get_wanface` -d `nvram get wan_ipaddr` -j MARK --set-mark 0xd001
iptables -t nat -A POSTROUTING -m mark --mark 0xd001 -j MASQUERADE


Thank's
serouja
DD-WRT Novice


Joined: 18 Jul 2012
Posts: 7

PostPosted: Tue Oct 02, 2012 9:38    Post subject: Reply with quote
neither 4lines or 1line or all together is working on my E4200 with 19545 Kong mode. please advice.

thanks a lot.
Skagnatti
DD-WRT Novice


Joined: 10 Oct 2012
Posts: 2

PostPosted: Wed Oct 10, 2012 2:34    Post subject: Thanks Reply with quote
Worked immediately on my E4200, build 18000 big.

Now able to view my security cameras again from smartphone.

Much appreciated! Smile




Joined: 01 Jan 1970
Posts:

PostPosted: Wed Oct 10, 2012 3:00    Post subject: Reply with quote
Worth noting the loopback fix is no longer required for builds 19933+. I'm on 20086 now and everything's working quite well.
s0nlxaftrsh0ck
DD-WRT Novice


Joined: 06 Oct 2012
Posts: 10

PostPosted: Thu Oct 11, 2012 3:26    Post subject: Reply with quote
i tried all 4 lines and it seems its working however im still not able to get a port forward going.

I'm trying to get a connection to a few of my games from other people. Like Borderlands 2 and Terraria. I port forwarded it correctly and i've been testing out terraria by trying to connect to it myself. And all it never gets into the game. I have the server window showing me who is connecting. And i've checked nMap and it says my port is open.

is there anything else im not doing? i'm on a E4200 running a 18777 build big.

edit: i've also did a reset after i saved the script to my firewall.
DancesWithWords
DD-WRT Novice


Joined: 29 Sep 2012
Posts: 3

PostPosted: Thu Oct 11, 2012 16:35    Post subject: Re: NAT Loopback fix for 15760 and higher, (Port forward iss Reply with quote
phuzi0n wrote:
I spent some time thinking about the best way to fix loopback. Despite some bad documentation throwing me off before, I found that it's possible to mark traffic destined to the WAN IP and then only masquerade the marked traffic. This should allow loopback to work for all local interfaces without causing problems when ebtables is loaded.

Save the following commands to the Firewall Script on the Administration->Commands page to fix loopback.

insmod ipt_mark
insmod xt_mark
iptables -t mangle -A PREROUTING -i ! `get_wanface` -d `nvram get wan_ipaddr` -j MARK --set-mark 0xd001
iptables -t nat -A POSTROUTING -m mark --mark 0xd001 -j MASQUERADE

If you have a block of static IP's using 1:1 NAT then you also need to add another iptables rule to cover your IP block. Edit the bolded netblock to be your static IP block.

iptables -t mangle -A PREROUTING -i ! `get_wanface` -d 1.1.1.0/24 -j MARK --set-mark 0xd001


The one known caveat is that badly written QoS scripts will prevent it from working but that's a problem with the scripts that needs to be fixed...

Other ways to fix the loopback problem can be found in this bug ticket:
http://svn.dd-wrt.com:8000/ticket/1868



I tried this with my new cisco e3200 running ddwrt v19342 it failed. I'm try to forward to port 80 ie. my webserver.
morganjayp
DD-WRT Novice


Joined: 15 Oct 2012
Posts: 4

PostPosted: Mon Oct 15, 2012 7:11    Post subject: Reply with quote
madman999 wrote:

1 Line Fix-(worked on 2 of my Asus RT-N16 and reported by atleast one other person to have worked on an Asus RT-N66U)

iptables -t nat -A POSTROUTING -j MASQUERADE

Don;t forget to hit apply and if it does work, then save startup or save firewall so it remains after a reboot.


Is this verified to be safe, security-wise? It won't break anything? The four-line fix works fine for me for loopback. The problem is that access to port-forwards from the WAN isn't working. This one line fixes that AND access from the lan to loopback, but I don't trust it...
Goto page Previous  1, 2, 3 ... 7, 8, 9, 10, 11  Next Display posts from previous:    Page 8 of 11
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum