Posted: Wed Sep 12, 2012 15:52 Post subject: Re: Bad argument `2'
Dave Cohen wrote:
The router replied:
Code:
Bad argument `2'
You're not supposed to run the commands, you're supposed to save the commands to your firewall script on the admin->commands page. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
One can only pray that one of these patches stick. Now that someone is interested in fixing this major bug, we could be one small step closer a stable build. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
One can only pray that one of these patches stick. Now that someone is interested in fixing this major bug, we could be one small step closer a stable build.
I just updated my N66U, I will be putting 19946 bins on barrywares ftp within the next 20 minutes..
i tried all 4 lines and it seems its working however im still not able to get a port forward going.
I'm trying to get a connection to a few of my games from other people. Like Borderlands 2 and Terraria. I port forwarded it correctly and i've been testing out terraria by trying to connect to it myself. And all it never gets into the game. I have the server window showing me who is connecting. And i've checked nMap and it says my port is open.
is there anything else im not doing? i'm on a E4200 running a 18777 build big.
edit: i've also did a reset after i saved the script to my firewall.
Posted: Thu Oct 11, 2012 16:35 Post subject: Re: NAT Loopback fix for 15760 and higher, (Port forward iss
phuzi0n wrote:
I spent some time thinking about the best way to fix loopback. Despite some bad documentation throwing me off before, I found that it's possible to mark traffic destined to the WAN IP and then only masquerade the marked traffic. This should allow loopback to work for all local interfaces without causing problems when ebtables is loaded.
Save the following commands to the Firewall Script on the Administration->Commands page to fix loopback.
insmod ipt_mark
insmod xt_mark
iptables -t mangle -A PREROUTING -i ! `get_wanface` -d `nvram get wan_ipaddr` -j MARK --set-mark 0xd001
iptables -t nat -A POSTROUTING -m mark --mark 0xd001 -j MASQUERADE
If you have a block of static IP's using 1:1 NAT then you also need to add another iptables rule to cover your IP block. Edit the bolded netblock to be your static IP block.
iptables -t mangle -A PREROUTING -i ! `get_wanface` -d 1.1.1.0/24 -j MARK --set-mark 0xd001
The one known caveat is that badly written QoS scripts will prevent it from working but that's a problem with the scripts that needs to be fixed...
1 Line Fix-(worked on 2 of my Asus RT-N16 and reported by atleast one other person to have worked on an Asus RT-N66U)
iptables -t nat -A POSTROUTING -j MASQUERADE
Don;t forget to hit apply and if it does work, then save startup or save firewall so it remains after a reboot.
Is this verified to be safe, security-wise? It won't break anything? The four-line fix works fine for me for loopback. The problem is that access to port-forwards from the WAN isn't working. This one line fixes that AND access from the lan to loopback, but I don't trust it...