This is my setup:
Main router TL-1043v1 (OpenWRT) acts as PPTP server and it has external ip-address (184.108.40.206).
Second router is MR-3220v1 (DD-WRT) connected to internet but doesn't have an external ip and it connects to main router as PPTP client.
I need to have an ability to use services from some device with let's say 192.168.33.2 ip-address located inside second router's LAN from internet.
(192.168.1.0/24) INET (220.127.116.11) INET (10.0.0.1) (192.168.33.0/24)
| | | |
192.168.1.1 | MAIN | PPTPd server PPTP client | SECOND | 192.168.33.1
| | (192.168.1.1) (192.168.33.1) | |
I've set up port forwarding at MAIN router (18.104.22.168:1234 > 192.168.33.2:5678) and immediately noticed using tcpdump, that SECOND router successfully delivers packets that came from ppp0 iface (192.168.33.1) to destination host (192.168.33.2) but sends answers back to default gw - eth0 iface (10.0.0.1).
Such default kernel behavior should be fixed by the following (correct me if i'm wrong or missed something):
1. iptables -t mangle -A PREROUTING -i ppp0 -m conntrack --ctstate NEW -j CONNMARK --set-mark 1
2. iptables -t mangle -A PREROUTING -i $(nvram get lan_ifname) -m conntrack --ctstate ESTABLISHED,RELATED -j CONNMARK --restore-mark
3. ip route add default via 192.168.33.1 dev ppp0 table 100
4. ip rule add fwmark 0x1 lookup 100
5. ip route flush cache
It didn't managed to help as expected - packets are still going out through eth0 (internet) iface of router.
The only workaround that came to my mind is to do NAT at the MAIN router:
And it worked. Now i can connect and use services inside my SECOND router LAN.
A couple of question left:
1. Did i do everything correct setting up DD-WRT routing?
1. What are (hidden?) disadvantages of having NAT at ppp iface of main router?
2. Maybe consider to switch to OpenWRT on second router?