If you know the port number they connect to, you can mimick the part under the AIM and put the correct port in there....as well as the IRC ports....what that does is makes sure those ports always go out the same interface, so the connections wouldnt get interrupted.
Just add that block of code underneath the AIM one...and your IRC should be better.
I actually did this and replicated the ports, but all the clients kept disconnecting anyway. I use Pidgin and I'm on aim/msn/yahoo/gtalk and they would all cycle disconnecting and also all my irc servers I'm connected to. The irc servers I connect to are on 6660 and 9999.
This works! I used it on my v24 sp1. Nothing else I have tried using through jffs has worked, but following the guide below did it! I have 13.9mb of space so fitting the below code was easy.
I now get 2.4mb/sec down and 250K/sec up. One thing though is that my IM clients disconnect all the time and my IRC client too.
jbarbieri wrote:
Well, I think I got it figured out for people who do not have any JFFS space.
First, log into the router and do a
nvram show
and look for a line like the following:
size: 24756 bytes (8012 left)
You have to have at least 6300 left in order for this to work.
Under admin>commnads, put this in the box:
Code:
#!/bin/sh
echo '#!/bin/sh
# udhcpc script edited by Tim Riker <Tim@Rikers.org>
[ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1
if [ -n "$router" ] ; then
echo "deleting routers"
# while route del default gw 0.0.0.0 dev $interface ; do
# :
# done
# for i in $router ; do
# route add default gw $i dev $interface
# done
echo "$router"
fi
echo -n > $RESOLV_CONF
[ -n "$domain" ] && echo search $domain >> $RESOLV_CONF
for i in $dns ; do
echo adding dns $i
echo nameserver $i >> $RESOLV_CONF
done
nvram set wan2_ifname=$interface
nvram set wan2_gateway=$router
nvram set wan2_ipaddr=$ip
nvram set wan2_netmask=$subnet
nvram set wan2_broadcast=$broadcast
nvram commit
ifconfig $(nvram get wan2_ifname) $(nvram get wan2_ipaddr) netmask $(nvram get wan2_netmask) up
;;
esac
ip rule add lookup main prio 32766
ip rule add lookup default prio 32767
ip rule add from $(nvram get wan_ipaddr) table 100 prio 100
ip rule add fwmark 0x100 table 100 prio 101
ip rule add from $(nvram get wan2_ipaddr) table 200 prio 200
ip rule add fwmark 0x200 table 200 prio 201
ip route flush table 100
ip route flush table 200
for TABLE in 100 200
do
ip route | grep link | while read ROUTE
do
ip route add table $TABLE to $ROUTE
done
done
ip route add table 100 default via $(nvram get wan_gateway)
ip route add table 200 default via $(nvram get wan2_gateway)
ip route delete default
ip route add default scope global equalize nexthop via $(nvram get wan_gateway) dev $(nvram get wan_ifname) nexthop via $(nvram get wan2_gateway) dev $(nvram get wan2_ifname)
and click save as startup.
Then, in the blank box again, type in:
Code:
#!/bin/sh
ip rule flush
ip rule add lookup main prio 32766
ip rule add lookup default prio 32767
ip rule add from $(nvram get wan_ipaddr) table 100 prio 100
ip rule add fwmark 0x100 table 100 prio 101
ip rule add from $(nvram get wan2_ipaddr) table 200 prio 200
ip rule add fwmark 0x200 table 200 prio 201
ip route flush table 100
ip route flush table 200
for TABLE in 100 200
do
ip route | grep link | while read ROUTE
do
ip route add table $TABLE to $ROUTE
done
done
ip route add table 100 default via $(nvram get wan_gateway)
ip route add table 200 default via $(nvram get wan2_gateway)
ip route delete default
ip route add default scope global equalize nexthop via $(nvram get wan_gateway) dev $(nvram get wan_ifname) nexthop via $(nvram get wan2_gateway) dev $(nvram get wan2_ifname)
if [ "$STATE" = "on" ]; then
if [ "$PROTO" = "both" ]; then
iptables -A PREROUTING -t nat -p udp -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
else
iptables -A PREROUTING -t nat -p $PROTO -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
fi
fi
done
iptables -A PREROUTING -t nat -p icmp -d $(nvram get wan2_ipaddr) -j DNAT --to $(nvram get lan_ipaddr)
if [ $(nvram get remote_management) -eq 1 ]; then
iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $(nvram get http_wanport) -j DNAT --to $(nvram get lan_ipaddr):$(nvram get http_lanport)
fi
if [ $(nvram get dmz_enable) -eq 1 ]; then
DMZ_IP=$(nvram get lan_ipaddr | sed -r 's/[0-9]+$//')$(nvram get dmz_ipaddr)
iptables -A PREROUTING -t nat -d $(nvram get wan2_ipaddr) -j DNAT --to $DMZ_IP
fi
iptables -A PREROUTING -t nat --dest $(nvram get wan2_ipaddr) -j TRIGGER --trigger-type dnat
iptables -A FORWARD -i $(nvram get wan2_ifname) -o $(nvram get lan_ifname) -j TRIGGER --trigger-type in
#DD-WRT END
$IPTABLES -F POSTROUTING -t nat
$IPTABLES -t mangle -N ETH1
$IPTABLES -t mangle -F ETH1
$IPTABLES -t mangle -A ETH1 -j MARK --set-mark 0x100
$IPTABLES -t mangle -N ETH2
$IPTABLES -t mangle -F ETH2
$IPTABLES -t mangle -A ETH2 -j MARK --set-mark 0x200
$IPTABLES -t nat -N SPOOF_ETH1
$IPTABLES -t nat -F SPOOF_ETH1
$IPTABLES -t nat -A SPOOF_ETH1 -j LOG --log-prefix " SPOOF_ETH1 "
$IPTABLES -t nat -A SPOOF_ETH1 -j SNAT --to $(nvram get wan_ipaddr)
$IPTABLES -t nat -N SPOOF_ETH2
$IPTABLES -t nat -F SPOOF_ETH2
$IPTABLES -t nat -A SPOOF_ETH2 -j LOG --log-prefix " SPOOF_ETH2 "
$IPTABLES -t nat -A SPOOF_ETH2 -j SNAT --to $(nvram get wan2_ipaddr)
$IPTABLES -A INPUT -p icmp -s 192.168.1.0/24 -d 192.168.1.1 -j ACCEPT
#Save the gateway in the connection mark for new incoming connections
$IPTABLES -t mangle -A PREROUTING -i $(nvram get wan_ifname) -m conntrack --ctstate NEW -j CONNMARK --set-mark 0x100
$IPTABLES -t mangle -A PREROUTING -i $(nvram get wan2_ifname) -m conntrack --ctstate NEW -j CONNMARK --set-mark 0x200
$IPTABLES -A POSTROUTING -t mangle -o $(nvram get wan_ifname) -j MARK --set-mark 0x100
$IPTABLES -A POSTROUTING -t mangle -o $(nvram get wan2_ifname) -j MARK --set-mark 0x200
$IPTABLES -t nat -A POSTROUTING -o $(nvram get wan_ifname) -j SPOOF_ETH1
$IPTABLES -t nat -A POSTROUTING -o $(nvram get wan2_ifname) -j SPOOF_ETH2
$IPTABLES -t mangle -A POSTROUTING -j CONNMARK --save-mark
$IPTABLES -t mangle -A PREROUTING -i br0 -m state --state RELATED,ESTABLISHED -j CONNMARK --restore-mark
# Use the correct gateway for reply packets from local connections
$IPTABLES -t mangle -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j CONNMARK --restore-mark
Router page go to setup > vlan and put port 4 on vlan 2.
Then administration > commands and put the startup script in the startup and save and firewall in the firewall and save.
I then telnet in and do ifconfig vlan2 up to make sure the vlan2 goes up and it all works and then cycle the router 1 more time.
I still can't get my IM/irc clients to stop disconnecting over and over though. So it's only good when you don't want to chat with friends until there is a better fix. Maybe it's just my issue.
Bricked the router copying the scripts in startup/firewall nvram. Had to open it up and short out pin 15+16 with power from left antenna.
After successful recovery of the router jffs script mode or copying/pasting the whole scripts into nvram does not work anymore.
vlan1 and vlan2 both get external ip's from the cable modems, but it just simply does not work. Websites stall out and whatismyip sites show only 1 ip not 2 anymore.
Yeah I just pasted 1 script in startup 1 in firewall and it started rebooting. Then all the ethernet leds and wlan led went solid and the power led was blinking non stop. The tftp revival methods were useless, I had to open it up and short out pin 15+16 with juice from the left antenna to revive it.
This actually does a little bit of connection tracking, so any inbound connections get marked, and it has helped me out with HTTPS sessions, as well as AIM and ICQ logins. It has allowed me to shorten the firewall.firewall file a little bit, since I don't need entries for each IM client and for HTTPS.
--John _________________
Linksys EA6500v2 | 5GHz 1st Floor AP | Advanced Tomato 1.28.0000 -2.9-131 K26ARM USB AIO-64K
Netgear WNR2000v3 | 2nd Floor AP | DD-WRT v3.0-r27805 std
I've been trying to set up load-balancing with the following setup:
- WRT54GS 1.0 with PPPoE on WAN1 (load-balancer, 10.0.1.1/24)
- WRT54G 2.0 also with PPPoE and hooked up to the WRT54GS on port 4 (10.0.0.1/24)
The GS is running v23sp2 std and is configured as laid out in Stalonges setup with PPPoE as main and DHCP on WAN2 behind the G unit. It's using jbarbieri's latest firewall script.
The problem now is that apparently the PPPoE link on WAN1 isn't used at all - a few thousand outbound packets but hardly any inbound. Everything is piped through WAN2. Torrents are working without apparent problems and at full speed (single link that is) but websurfing is not always reliable and tends to time out to about 50%.
I would be extremely grateful if anyone could point me to the problem in my configuration. I have spent hours on it and can't find the flaw.
Code:
IP ROUTE OUTPUT:
213.191.76.92 dev ppp0 proto kernel scope link src 85.179.59.252
10.0.0.0/24 dev vlan2 proto kernel scope link src 10.0.0.90
10.0.1.0/24 dev br0 proto kernel scope link src 10.0.1.1
127.0.0.0/8 dev lo scope link
default equalize
nexthop via 213.191.76.92 dev ppp0 weight 1
nexthop via 10.0.0.1 dev vlan2 weight 2
This is what I have done:
Code:
NVRAM SETTINGS:
nvram set vlan0ports="1 2 3 5*"
nvram set vlan2ports="4 5"
nvram set vlan2hwname=et0
nvram set wan_ifname2=ppp0
if [ "$(nvram get wan2_ipaddr)" != "$WAN2_IPADDR" ]; then
nvram set wan2_ifname=$WAN2_IFNAME
nvram set wan2_ipaddr=$WAN2_IPADDR
nvram set wan2_gateway=$WAN2_GATEWAY
nvram set wan2_netmask=$WAN2_NETMASK
nvram set wan2_broadcast=$WAN2_BROADCAST
nvram commit
fi
ifconfig $(nvram get wan2_ifname) down hw ether 00:12:17:D4:2D:C9
ifconfig $(nvram get wan2_ifname) $(nvram get wan2_ipaddr) netmask $(nvram get wan2_netmask) broadcast $(nvram get wan2_broadcast) up
echo "Rebuilding rules and tables" >> /var/log/messages
ip rule add lookup main prio 32766
ip rule add lookup default prio 32767
ip rule add from $(nvram get wan_ipaddr) table 100 prio 100
ip rule add fwmark 0x100 table 100 prio 101
ip rule add from $(nvram get wan2_ipaddr) table 200 prio 200
ip rule add fwmark 0x200 table 200 prio 201
ip route flush table 100
ip route flush table 200
for TABLE in 100 200
do
ip route | grep link | while read ROUTE
do
ip route add table $TABLE to $ROUTE
done
done
ip route add table 100 default via $(nvram get wan_gateway)
ip route add table 200 default via $(nvram get wan2_gateway)
echo "Deleting default route" >> /var/log/messages
ip route delete default
echo "Adding in equalized route" >> /var/log/messages
ip route add default scope global equalize nexthop via $(nvram get wan_gateway) dev $(nvram get wan_ifname2) weight 1 nexthop via $(nvram get wan2_gateway) dev $(nvram get wan2_ifname) weight 2
echo "routes.firewall completed" >> /var/log/messages
Code:
FIREWALL.FIREWALL
#!/bin/sh
echo "`date` Flushing and adding new firewall rules" >> /var/log/messages
IPTABLES="/usr/sbin/iptables"
#IPTABLES="/jffs/iptables"
if [ "$STATE" = "on" ]; then
if [ "$PROTO" = "both" ]; then
#udp
iptables -A PREROUTING -t nat -p udp -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
#tcp
iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
else
iptables -A PREROUTING -t nat -p $PROTO -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
fi
fi
done
iptables -A PREROUTING -t nat -p icmp -d $(nvram get wan2_ipaddr) -j DNAT --to $(nvram get lan_ipaddr)
if [ $(nvram get remote_management) -eq 1 ]; then
iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $(nvram get http_wanport) -j DNAT --to $(nvram get lan_ipaddr):$(nvram get http_lanport)
fi
if [ $(nvram get dmz_enable) -eq 1 ]; then
DMZ_IP=$(nvram get lan_ipaddr | sed -r 's/[0-9]+$//')$(nvram get dmz_ipaddr)
iptables -A PREROUTING -t nat -d $(nvram get wan2_ipaddr) -j DNAT --to $DMZ_IP
fi
iptables -A PREROUTING -t nat --dest $(nvram get wan2_ipaddr) -j TRIGGER --trigger-type dnat
iptables -A FORWARD -i $(nvram get wan2_ifname) -o $(nvram get lan_ifname) -j TRIGGER --trigger-type in
$IPTABLES -t mangle -N ETH1
$IPTABLES -t mangle -F ETH1
$IPTABLES -t mangle -A ETH1 -j MARK --set-mark 0x100
$IPTABLES -t mangle -A ETH1 -j CONNMARK --save-mark
$IPTABLES -t mangle -N ETH2
$IPTABLES -t mangle -F ETH2
$IPTABLES -t mangle -A ETH2 -j MARK --set-mark 0x200
$IPTABLES -t mangle -A ETH2 -j CONNMARK --save-mark
$IPTABLES -t mangle -N RANDOM
$IPTABLES -t mangle -F RANDOM
$IPTABLES -t mangle -A RANDOM -m random --average 50 -j ETH1
$IPTABLES -t mangle -A RANDOM -m random --average 50 -j ETH2
$IPTABLES -t nat -A POSTROUTING -o $(nvram get wan_ifname) -j SPOOF_ETH1
$IPTABLES -t nat -A POSTROUTING -o $(nvram get wan2_ifname) -j SPOOF_ETH2
$IPTABLES -t mangle -A OUTPUT -o ! br0 -m state --state NEW -j RANDOM
$IPTABLES -t mangle -A OUTPUT -j CONNMARK --restore-mark
$IPTABLES -t mangle -A OUTPUT --match mark --mark 0x100 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT --match mark --mark 0x200 -j ACCEPT
$IPTABLES -t mangle -A PREROUTING -i br0 -m state --state NEW -j RANDOM
$IPTABLES -t mangle -A PREROUTING -j CONNMARK --restore-mark
$IPTABLES -t mangle -A PREROUTING --match mark --mark 0x100 -j ACCEPT
$IPTABLES -t mangle -A PREROUTING --match mark --mark 0x200 -j ACCEPT
$IPTABLES -t mangle -A PREROUTING -i vlan1 -j ETH1
$IPTABLES -t mangle -A PREROUTING -i vlan2 -j ETH2
RP_PATH=/proc/sys/net/ipv4/conf
for IFACE in `ls $RP_PATH`; do
echo 0 > $RP_PATH/$IFACE/rp_filter
done
iptables -I INPUT -p icmp -j ACCEPT
echo "`date` firewall.firewall is now completed" >> /var/log/messages
I have another problem. A bit distinct from the others.
I am trying to have two IP addresses over one WAN port. I have only one DSL modem and one WRT54GL router. One address would be strictly for the web, dns and mail server, the other for torrents, mail, web surfing, etc... (workstations). The server has higher priority!
Is that possible with these scripts and how?
I have two static IP addresses (different ip, different netmask, different gateway) assigned from my ISP.