Double port FW / Broadcast

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
ray.rick.mini
DD-WRT Novice


Joined: 16 Mar 2011
Posts: 31

PostPosted: Wed Mar 16, 2011 14:57    Post subject: Double port FW / Broadcast Reply with quote
Hi everybody,
I have a couple of question for you, advanced networking gurus:

1) I have a Buffalo WHR-125g running with last suggested version of dd-wrt, on the WAN side it is connected to my ISP ROUTER. Everything seems ok, but i would like to know the best way for implementing port forwarding with another router on WAN. The ISP router has basically port FW option too, so for now I did a static DHCP lease for my dd-wrt router WAN port, and I forwarded every port on the ISP router to dd-wrt router WAN.
Is there a better way to accomplish this? Like setting a static rule for every rule on dd-wrt?
What about Upnp ? For now it is enabled in every router, but i'm not sure about this.
2) I would like to be able to ping the broadcast address of my LAN, and I would like to know which host is alive, so every living hosts should respond.
For now when i ping the broadcast addr I receive a response from the dd-wrt router only. Clients are Linux/XP & WIN7 machines.
Is there a way to force this beavhior?

My best regards,
Ray
Razz
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 2053

PostPosted: Wed Mar 16, 2011 16:30    Post subject: Reply with quote
I’m going to assume you have a combo dsl modem+router, and you’ve connected a second router to it, and thus introduced a second firewall and second NAT.

The simplest solution is to place the WAN IP address of the second router in the DMZ of the first router. Now all traffic that would otherwise be blocked by the first router is forwarded to the second router.

If possible, the best solution is to place the combo dsl modem+router in “bridge modem”, thus demoting the device to just a modem. That eliminates many of these side effects (double firewall, double NAT, wondering if UPnP will propogate, etc.) and then having to apply “fixups” to address them.

As far as accessing the broadcast IP (x.x.x.255), most routers (including dd-wrt) block access to the broadcast IP from the WAN side, for security reasons. There’s not much you can do about it either (as far as I know). There are workarounds for WOL (which also needs access to the broadcast IP) that may be adaptable to PING. You might want to review those posts.

http://www.dd-wrt.com/phpBB2/viewtopic.php?p=514681
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=506550

What you might find an acceptable alternative for PING is setting up the dd-wrt VPN server (PPTP or OpenVPN). Pretty much anything should be addressable on your own network using the VPN.
ray.rick.mini
DD-WRT Novice


Joined: 16 Mar 2011
Posts: 31

PostPosted: Thu Mar 17, 2011 1:57    Post subject: Reply with quote
eibgrad wrote:
I’m going to assume you have a combo dsl modem+router, and you’ve connected a second router to it, and thus introduced a second firewall and second NAT.

The simplest solution is to place the WAN IP address of the second router in the DMZ of the first router. Now all traffic that would otherwise be blocked by the first router is forwarded to the second router.

If possible, the best solution is to place the combo dsl modem+router in “bridge modem”, thus demoting the device to just a modem. That eliminates many of these side effects (double firewall, double NAT, wondering if UPnP will propogate, etc.) and then having to apply “fixups” to address them.

Hi.Yea, my isp router is a combo device. I got no luck, IsP router interface doesn't provide DMZ, nor bridge mode.It is allowing only basic feature like upnp, port FW , firewall and DynDNS. I shut up the firewall on it, and I leave Upnp on.
I put many rules for forwarding any TCP/UDP port to my dd-wrt router, even if some ports are reserved and blocked by the interface.For now all is going fine, but I will search for a better solution.

Quote:

As far as accessing the broadcast IP (x.x.x.255), most routers (including dd-wrt) block access to the broadcast IP from the WAN side, for security reasons. There’s not much you can do about it either (as far as I know). There are workarounds for WOL (which also needs access to the broadcast IP) that may be adaptable to PING. You might want to review those posts.

http://www.dd-wrt.com/phpBB2/viewtopic.php?p=514681
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=506550

What you might find an acceptable alternative for PING is setting up the dd-wrt VPN server (PPTP or OpenVPN). Pretty much anything should be addressable on your own network using the VPN.

VPN will be my next topic, it seems very cool.
I need to choice beetween this solution or a simple port forwarding beetween port WAN:443 and LAN:22, then with some software like corkscrew I should be able to reach my gateway from everywhere, even if under proxy protected areas.
However, my question for broadcast ping was from the LAN&WLAN side, not the WAN. Do You know something that I can try? I cant figure out if it is a router or client device problem.
thanks
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum