[pazuzu]

Given a WRT54GS in AP mode, set to DHCP client at the WAN side, 192.168.1.5/16 is its local IP addr and "gateway" is left at 0.0.0.0. How do I configure it so the computers can access the cable modem's web GUI at 192.168.100.1? Right now, I can't ping 192.168.100.1 from the WRT54GS.

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
68.xx.xx.0 * 255.255.255.0 U 0 0 0 vlan1
192.168.0.0 * 255.255.0.0 U 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default c-68-xx-xx-1.hs 0.0.0.0 UG 0 0 0 vlan1

I tried adding this in Advanced Routing, but it doesn't appear in routing table at all
destination: 192.168.100.1
mask: 255.255.0.0
gateway: 192.168.1.5
interface: WAN

[pazuzu]

After adding the following, now I can ping the cable modem from the WRT54GS, but still can't from any computer on the LAN side.

route add -net 192.168.100.1 gw 68.xx.xx.xx netmask 255.255.255.255 dev vlan1

Is this because the WRT54GS sees br0 as the outgoing interface for 192.168.0.0/16 traffic, before it reads the static route above?

Is there any way to keep the gateway IP addr updated in the static route, so I don't have to redo when I get a new IP from the ISP?

[CaScAdE]

You read http://www.dd-wrt.com/wiki/index.php/Access_To_Modem_Configuration did you?

User save startup and save firewall like mentioned there...

[pazuzu]

So in my case, I'd want to:

ip addr add 192.168.100.1/32 dev vlan1 brd +
and click on Save Startup

/usr/sbin/iptables -t nat -I POSTROUTING -o vlan1 -d 192.168.100.1/32 -j MASQUERADE
and click on Save Firewall

richtige?

Is "-I POSTROUTING" used rather than "-A POSTROUTING" so the iptables rule takes precedent in front of "192.168.0.0 * 255.255.0.0 U 0 0 0 br0"? How does iptables figure out the right spot to inject this rule?

[Bird333]

You want to assign an IP to vlan1 that is on the same subnet as your default cable modem IP address. I think 'I' puts the rule in the first position if you don't specify a line number.

[pazuzu]

But vlan1 is the WAN port, how do I assign it another IP addr when it already has one assigned by Comcast DHCP?

Here's the new output after doing what I posted above. Now 192.168.100.1 seems answer from a LAN machine, except it gets redirects to 192.168.1.5--the WRT54GS itself.

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.1 c-68-xx-xx-xx. 255.255.255.255 UGH 0 0 0 vlan1
68.xx.xx.0 * 255.255.255.0 U 0 0 0 vlan1
192.168.0.0 * 255.255.0.0 U 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default bu-10-ubr01.upp 0.0.0.0 UG 0 0 0 vlan1

[pazuzu]

Bump. Still unsolved. I don't want to change my IP addressing scheme (192.168.0.0/16) if there's any other way.

[CaScAdE]

[pazuzu]

So vlan1--the WAN uplink--will have two IP addrs assigned? One by Comcast DHCP--68.x.x.x, and one statically by myself--192.168.100.2?

If so, is this single-link multi-homing? So vlan1 is treated as a physical interface?

[pazuzu]

Update:

~ # ip route
192.168.100.0/24 dev vlan1 proto kernel scope link src 192.168.100.2
68.xx.xx.0/23 dev vlan1 proto kernel scope link src 68.xx.xx.219
192.168.0.0/16 dev br0 proto kernel scope link src 192.168.1.5
127.0.0.0/8 dev lo scope link
default via 68.xx.xx.1 dev vlan1

I still think the problem is "192.168.0.0/16 dev br0 proto kernel scope link src 192.168.1.5" gets processed before "192.168.100.0/24 dev vlan1 proto kernel scope link src 192.168.100.2".