Dual / Triple WAN HowTo | DHCP scripts on Page 5!!!!

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2, 3 ... 66, 67, 68  Next
Author Message
jbarbieri
DD-WRT Guru


Joined: 06 Apr 2007
Posts: 545
Location: New Hampshire

PostPosted: Wed Apr 11, 2007 18:13    Post subject: Dual / Triple WAN HowTo | DHCP scripts on Page 5!!!! Reply with quote
Big UPDATE!!This does not appear to work on v24 RC7, but works fine on DD-WRT v23 SP2 (09/15/06)

4/9/2008: Even BIGGER UPDATE!!I am testing/using the dual WAN setup with DHCP now. Scripts are on page 5!


New scripts are in this post:


This setup is working for me, so I will post down what my router looks like.

My setup: I have 2 cable modems from the same ISP. I also have 2 static IPs, but in DIFFERENT RANGES (not sure how much this helps, but I did not try with IPs in the same range). I also am not sure on how to get this to work with DHCP or PPPoE. As usual, YMMV. I can try to help you out as best as I can, but.....if it involves DHCP or PPPoE, I wont be able to help.

First, we have to put port 4 onto its own VLAN. I am using a WRT54GS V2, and the port numbering was switched with a newer version, so your numbering might be different. In the web gui, set port 4 to vlan 2. Then login into the router, and run these commands:
Code:

nvram set vlan0ports="1 2 3 5*"
nvram set vlan2ports="4 5"
nvram set vlan2hwname=et0
nvram commit
reboot


After many trials and errors, there is a good working baseline. Here are the current scripts....3 in all. 2 of them are loaded under startup, the other is the firewall. You can download them from this post: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=169172#169172

The first piece of code, I put on JFFS and called udhcpc-wan2.script:

Code:

#!/bin/sh
# udhcpc script edited by Tim Riker <Tim@Rikers.org>
[ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1

ifconfig $interface up

RESOLV_CONF="/etc/resolv.conf"
[ -n "$broadcast" ] && BROADCAST="broadcast $broadcast"
[ -n "$subnet" ] && NETMASK="netmask $subnet"

case "$1" in
   deconfig)
     # /sbin/ifconfig $interface 0.0.0.0
     ;;

  renew|bound)
    # /sbin/ifconfig $interface $ip $BROADCAST $NETMASK
    echo "$ip $BROADCAST $NETMASK"

  if [ -n "$router" ] ; then
    echo "deleting routers"
    # while route del default gw 0.0.0.0 dev $interface ; do
    #  :
    # done

    # for i in $router ; do
    #   route add default gw $i dev $interface
    # done
    echo "$router"
  fi

  echo -n > $RESOLV_CONF
  [ -n "$domain" ] && echo search $domain >> $RESOLV_CONF
  for i in $dns ; do
    echo adding dns $i
    echo nameserver $i >> $RESOLV_CONF
  done
  nvram set wan2_ifname=$interface
  nvram set wan2_gateway=$router
  nvram set wan2_ipaddr=$ip
  nvram set wan2_netmask=$subnet
  nvram set wan2_broadcast=$broadcast
  nvram commit
  ifconfig $(nvram get wan2_ifname) $(nvram get wan2_ipaddr) netmask $(nvram get wan2_netmask) up
  ;;
esac

exit 0


This script does dhcp on vlan2, and stores the values into NVRAM to be used in later scripts.

The second piece of code, I called routes.firewall:
Code:

#!/bin/sh

ip rule flush

ip rule add lookup main prio 32766
ip rule add lookup default prio 32767

ip rule add from $(nvram get wan_ipaddr) table 100 prio 100
ip rule add fwmark 0x100 table 100 prio 101

ip rule add from $(nvram get wan2_ipaddr) table 200 prio 200
ip rule add fwmark 0x200 table 200 prio 201

ip route flush table 100
ip route flush table 200

for TABLE in 100 200
do
   ip route | grep link | while read ROUTE
   do
     ip route add table $TABLE to $ROUTE
   done
done

ip route add table 100 default via $(nvram get wan_gateway)
ip route add table 200 default via $(nvram get wan2_gateway)
ip route delete default
ip route add default scope global equalize nexthop via $(nvram get wan_gateway) dev  $(nvram get wan_ifname) nexthop via $(nvram get wan2_gateway) dev $(nvram get wan2_ifname)


This sets up the routing tables.

The last piece, I called firewall.firewall...the tricky part here is, depending on what version of firmware you are running, this will be different. For V23 and V24RC4 and below, use this code:
Code:

#!/bin/sh
IPTABLES="/usr/sbin/iptables"

#DD-WRT firewall rules #BEGIN

#apply simple forward rules

for RULE in $(nvram get forward_spec)
do
   FROM=`echo $RULE | cut -d '>' -f 1`
   TO=`echo $RULE | cut -d '>' -f 2`
   STATE=`echo $FROM | cut -d ':' -f 2`
   PROTO=`echo $FROM | cut -d ':' -f 3`
   SPORT=`echo $FROM | cut -d ':' -f 4`
   DEST=`echo $TO | cut -d ':' -f 1`
   DPORT=`echo $TO | cut -d ':' -f 2`

   if [ "$STATE" = "on" ]; then
      if [ "$PROTO" = "both" ]; then
        #udp
        iptables -A PREROUTING -t nat -p udp -d $(nvram get wan2_ipaddr) --dport $SPORT -j DNAT --to $DEST:$DPORT
        #tcp
        iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $SPORT -j DNAT --to $DEST:$DPORT
      else
        iptables -A PREROUTING -t nat -p $PROTO -d $(nvram get wan2_ipaddr) --dport $SPORT -j DNAT --to $DEST:$DPORT
      fi
   fi
done

#apply range forward rules
for RULE in $(nvram get forward_port)
do
  FROM=`echo $RULE | cut -d '>' -f 1`
  TO=`echo $RULE | cut -d '>' -f 2`
  STATE=`echo $FROM | cut -d ':' -f 2`
  PROTO=`echo $FROM | cut -d ':' -f 3`
  SPORT=`echo $FROM | cut -d ':' -f 4`
  EPORT=`echo $FROM | cut -d ':' -f 5`

  if [ "$STATE" = "on" ]; then
    if [ "$PROTO" = "both" ]; then
      #udp
      iptables -A PREROUTING -t nat -p udp -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
      #tcp
      iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
    else
      iptables -A PREROUTING -t nat -p $PROTO -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
    fi
  fi
done

iptables -A PREROUTING -t nat -p icmp -d $(nvram get wan2_ipaddr) -j DNAT --to $(nvram get lan_ipaddr)

if [ $(nvram get remote_management) -eq 1 ]; then
        iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $(nvram get http_wanport) -j DNAT --to $(nvram get lan_ipaddr):$(nvram get http_lanport)
fi

if [ $(nvram get dmz_enable) -eq 1 ]; then
        DMZ_IP=$(nvram get lan_ipaddr | sed -r 's/[0-9]+$//')$(nvram get dmz_ipaddr)
        iptables -A PREROUTING -t nat -d $(nvram get wan2_ipaddr) -j DNAT --to $DMZ_IP
fi

iptables -A PREROUTING -t nat --dest $(nvram get wan2_ipaddr) -j TRIGGER --trigger-type dnat
iptables -A FORWARD -i $(nvram get wan2_ifname) -o $(nvram get lan_ifname) -j TRIGGER --trigger-type in

#DD-WRT END

$IPTABLES -t mangle -F PREROUTING
$IPTABLES -t mangle -F OUTPUT

$IPTABLES -F POSTROUTING -t nat

$IPTABLES -t mangle -N ETH1
$IPTABLES -t mangle -F ETH1
#$IPTABLES -t mangle -A ETH1 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH1 "
#$IPTABLES -t mangle -A ETH1 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH1 "
$IPTABLES -t mangle -A ETH1 -j MARK --set-mark 0x100
$IPTABLES -t mangle -A ETH1 -j CONNMARK --save-mark

$IPTABLES -t mangle -N ETH2
$IPTABLES -t mangle -F ETH2
#$IPTABLES -t mangle -A ETH2 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH2 "
#$IPTABLES -t mangle -A ETH2 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH2 "
$IPTABLES -t mangle -A ETH2 -j MARK --set-mark 0x200
$IPTABLES -t mangle -A ETH2 -j CONNMARK --save-mark

$IPTABLES -t mangle -N RANDOM
$IPTABLES -t mangle -F RANDOM
$IPTABLES -t mangle -A RANDOM -m random --average 50 -j ETH1
$IPTABLES -t mangle -A RANDOM -m random --average 50 -j ETH2

$IPTABLES -t nat -N SPOOF_ETH1
$IPTABLES -t nat -F SPOOF_ETH1
#$IPTABLES -t nat -A SPOOF_ETH1 -j LOG --log-prefix " SPOOF_ETH1 "
$IPTABLES -t nat -A SPOOF_ETH1 -j SNAT --to $(nvram get wan_ipaddr)

$IPTABLES -t nat -N SPOOF_ETH2
$IPTABLES -t nat -F SPOOF_ETH2
#$IPTABLES -t nat -A SPOOF_ETH2 -j LOG --log-prefix " SPOOF_ETH2 "
$IPTABLES -t nat -A SPOOF_ETH2 -j SNAT --to $(nvram get wan2_ipaddr)

$IPTABLES -t nat -A POSTROUTING -o $(nvram get wan_ifname) -j SPOOF_ETH1
$IPTABLES -t nat -A POSTROUTING -o $(nvram get wan2_ifname) -j SPOOF_ETH2

$IPTABLES -t mangle -A OUTPUT -o ! br0 -m state --state NEW -j RANDOM
$IPTABLES -t mangle -A OUTPUT -j CONNMARK --restore-mark
$IPTABLES -t mangle -A OUTPUT --match mark --mark 0x100 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT --match mark --mark 0x200 -j ACCEPT

$IPTABLES -t mangle -A PREROUTING -i br0 -m state --state NEW -j RANDOM
$IPTABLES -t mangle -A PREROUTING -j CONNMARK --restore-mark
$IPTABLES -t mangle -A PREROUTING --match mark --mark 0x100 -j ACCEPT
$IPTABLES -t mangle -A PREROUTING --match mark --mark 0x200 -j ACCEPT
$IPTABLES -t mangle -A PREROUTING -i vlan1 -j ETH1
$IPTABLES -t mangle -A PREROUTING -i vlan2 -j ETH2

RP_PATH=/proc/sys/net/ipv4/conf
for IFACE in `ls $RP_PATH`; do
    echo 0 > $RP_PATH/$IFACE/rp_filter
done
iptables -I INPUT -p icmp -j ACCEPT

echo "`date` firewall.firewall is now completed" >> /var/log/messages




For above V24RC4:

Code:

#!/bin/sh
insmod ipt_CONNMARK
IPTABLES="/usr/sbin/iptables"

#DD-WRT firewall rules #BEGIN

#apply simple forward rules

for RULE in $(nvram get forward_spec)
do
   FROM=`echo $RULE | cut -d '>' -f 1`
   TO=`echo $RULE | cut -d '>' -f 2`
   STATE=`echo $FROM | cut -d ':' -f 2`
   PROTO=`echo $FROM | cut -d ':' -f 3`
   SPORT=`echo $FROM | cut -d ':' -f 4`
   DEST=`echo $TO | cut -d ':' -f 1`
   DPORT=`echo $TO | cut -d ':' -f 2`

   if [ "$STATE" = "on" ]; then
      if [ "$PROTO" = "both" ]; then
        #udp
        #iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p udp --dport $SPORT -j ACCEPT
        iptables -A PREROUTING -t nat -p udp -d $(nvram get wan2_ipaddr) --dport $SPORT -j DNAT --to $DEST:$DPORT
        #tcp
        #iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p tcp --dport $SPORT -j ACCEPT
        iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $SPORT -j DNAT --to $DEST:$DPORT
      else
        #iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p $PROTO --dport $SPORT -j ACCEPT
        iptables -A PREROUTING -t nat -p $PROTO -d $(nvram get wan2_ipaddr) --dport $SPORT -j DNAT --to $DEST:$DPORT
      fi
   fi
done

#apply range forward rules
for RULE in $(nvram get forward_port)
do
  FROM=`echo $RULE | cut -d '>' -f 1`
  TO=`echo $RULE | cut -d '>' -f 2`
  STATE=`echo $FROM | cut -d ':' -f 2`
  PROTO=`echo $FROM | cut -d ':' -f 3`
  SPORT=`echo $FROM | cut -d ':' -f 4`
  EPORT=`echo $FROM | cut -d ':' -f 5`

  if [ "$STATE" = "on" ]; then
    if [ "$PROTO" = "both" ]; then
      #udp
      #iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p udp --dport $SPORT:$EPORT -j ACCEPT
      iptables -A PREROUTING -t nat -p udp -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
      #tcp
      #iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p tcp --dport $SPORT:$EPORT -j ACCEPT
      iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
    else
      #iptables -A FORWARD -d $(nvram get wan2_ipaddr) -p $PROTO --dport $SPORT:$EPORT -j ACCEPT
      iptables -A PREROUTING -t nat -p $PROTO -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
    fi
  fi
done

iptables -A PREROUTING -t nat -p icmp -d $(nvram get wan2_ipaddr) -j DNAT --to $(nvram get lan_ipaddr)

if [ $(nvram get remote_management) -eq 1 ]; then
        iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $(nvram get http_wanport) -j DNAT --to $(nvram get lan_ipaddr):$(nvram get http_lanport)
fi

if [ $(nvram get dmz_enable) -eq 1 ]; then
        DMZ_IP=$(nvram get lan_ipaddr | sed -r 's/[0-9]+$//')$(nvram get dmz_ipaddr)
        iptables -A PREROUTING -t nat -d $(nvram get wan2_ipaddr) -j DNAT --to $DMZ_IP
fi

iptables -A PREROUTING -t nat --dest $(nvram get wan2_ipaddr) -j TRIGGER --trigger-type dnat
iptables -A FORWARD -i $(nvram get wan2_ifname) -o $(nvram get lan_ifname) -j TRIGGER --trigger-type in

#iptables -A PREROUTING -t mangle -i $(nvram get wan2_ifname) -j IMQ --todev 0
#iptables -A PREROUTING -t mangle -i $(nvram get wan2_ifname) -j SVQOS_IN
#iptables -A POSTROUTING -t mangle -o $(nvram get wan2_ifname) -j SVQOS_OUT

#DD-WRT END

$IPTABLES -F POSTROUTING -t nat
$IPTABLES -t mangle -N ETH1
$IPTABLES -t mangle -F ETH1
#$IPTABLES -t mangle -A ETH1 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH1 "
#$IPTABLES -t mangle -A ETH1 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH1 "
$IPTABLES -t mangle -A ETH1 -j MARK --set-mark 0x100
$IPTABLES -t mangle -N ETH2
$IPTABLES -t mangle -F ETH2
#$IPTABLES -t mangle -A ETH2 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH2 "
#$IPTABLES -t mangle -A ETH2 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH2 "
$IPTABLES -t mangle -A ETH2 -j MARK --set-mark 0x200
$IPTABLES -t nat -N SPOOF_ETH1
$IPTABLES -t nat -F SPOOF_ETH1
$IPTABLES -t nat -A SPOOF_ETH1 -j LOG --log-prefix " SPOOF_ETH1 "
$IPTABLES -t nat -A SPOOF_ETH1 -j SNAT --to $(nvram get wan_ipaddr)
#$IPTABLES -t nat -A SPOOF_ETH1 -j MASQUERADE
$IPTABLES -t nat -N SPOOF_ETH2
$IPTABLES -t nat -F SPOOF_ETH2
$IPTABLES -t nat -A SPOOF_ETH2 -j LOG --log-prefix " SPOOF_ETH2 "
$IPTABLES -t nat -A SPOOF_ETH2 -j SNAT --to $(nvram get wan2_ipaddr)
#$IPTABLES -t nat -A SPOOF_ETH2 -j MASQUERADE
$IPTABLES -A INPUT -p icmp -s 192.168.1.0/24 -d 192.168.1.1 -j ACCEPT
#Save the gateway in the connection mark for new incoming connections
$IPTABLES -t mangle -A PREROUTING -i $(nvram get wan_ifname) -m conntrack --ctstate NEW -j CONNMARK --set-mark 0x100
$IPTABLES -t mangle -A PREROUTING -i $(nvram get wan2_ifname) -m conntrack --ctstate NEW -j CONNMARK --set-mark 0x200
$IPTABLES -A POSTROUTING -t mangle -o $(nvram get wan_ifname) -j MARK --set-mark 0x100
$IPTABLES -A POSTROUTING -t mangle -o $(nvram get wan2_ifname) -j MARK --set-mark 0x200
$IPTABLES -t nat -A POSTROUTING -o $(nvram get wan_ifname) -j SPOOF_ETH1
$IPTABLES -t nat -A POSTROUTING -o $(nvram get wan2_ifname) -j SPOOF_ETH2
$IPTABLES -t mangle -A POSTROUTING -j CONNMARK --save-mark
$IPTABLES -t mangle -A PREROUTING -i br0 -m state --state RELATED,ESTABLISHED -j CONNMARK --restore-mark
# Use the correct gateway for reply packets from local connections
$IPTABLES -t mangle -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j CONNMARK --restore-mark

RP_PATH=/proc/sys/net/ipv4/conf
for IFACE in `ls $RP_PATH`; do
    echo 0 > $RP_PATH/$IFACE/rp_filter
done


Save the file. Next, goto Admin>commands, and put the following in the box:

Code:

udhcpc -s /jffs/scripts/udhcpc-wan2.script  -i vlan2
/jffs/scripts/routes.firewall

and click save startup.

Then in the box again, put this in:
Code:
/jffs/scripts/firewall.firewall


And click save firewall.

After that, everything SHOULD be up and running. That is all I did to get it working. I was pinging an external server that I had root on, and was doing a tcpdump icmp to see where my pings where coming from, and they were swapping from one interface to the other. It wasnt 1 for 1, but it was close (sometimes it would repeat 2 or 3 times on an interface).

This round robins your outbound traffic, and the servers will reply to the IP you sent it from. This will NOT double download speeds of SINGLE FILES. However, with a program (like download accelerator plus, which makes multiple connections per download), this will work. This works with V23...the newer stuff, you have to use different servers since routes are cached.

Here are my MRTG graphs after implementing and downloading a large file (Fedora Core DVD ISO) with Download Accelerator Plus:

Traffic Analysis for VLAN0 (LAN Traffic):


Traffic Analysis for VLAN1 (WAN1 Traffic):


Traffic Analysis for VLAN2 (WAN2 Traffic):



My ISP's speeds are 6mbit/384 k, and as you can see, I was close to max on both cable modems.


If you have questions/comments/problems post here or shoot me an IM, and I will try to help you.

Regards,

John

_________________


Linksys EA6500v2 | 5GHz 1st Floor AP | Advanced Tomato 1.28.0000 -2.9-131 K26ARM USB AIO-64K
Netgear WNR2000v3 | 2nd Floor AP | DD-WRT v3.0-r27805 std

Behind a Raspberry Pi Dual WAN router


Last edited by jbarbieri on Tue Aug 05, 2008 12:10; edited 12 times in total
Sponsor
jbarbieri
DD-WRT Guru


Joined: 06 Apr 2007
Posts: 545
Location: New Hampshire

PostPosted: Thu Apr 12, 2007 11:13    Post subject: Reply with quote
Well, I got some of the port forwarding to work.

But port range forwarding isnt working yet.

Going to need to specify a couple nvram settings first.

nvram set wan2_gateway=216.yyy.yyy.1
nvram set wan2_netmask=255.255.255.0
nvram set wan2_ipaddr=216.yyy.yyy.132
nvram set wan2_ifname=vlan2
nvram commit


Then, I added this block of code (from the dual wan wiki) under the firewall script using the web interface:

---------------Begin do not copy this line---------------------

# apply simple forward rules
for RULE in $(nvram get forward_spec)
do
FROM=`echo $RULE | cut -d '>' -f 1`
TO=`echo $RULE | cut -d '>' -f 2`
STATE=`echo $FROM | cut -d ':' -f 2`
PROTO=`echo $FROM | cut -d ':' -f 3`
SPORT=`echo $FROM | cut -d ':' -f 4`
DEST=`echo $TO | cut -d ':' -f 1`
DPORT=`echo $TO | cut -d ':' -f 2`
if [ "$STATE" = "on" ]; then
if [ "$PROTO" = "both" ]; then
#udp
iptables -A PREROUTING -t nat -p udp -d $(nvram get wan2_ipaddr) --dport $SPORT -j DNAT --to $DEST:$DPORT
#tcp
iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $SPORT -j DNAT --to $DEST:$DPORT
else
iptables -A PREROUTING -t nat -p $PROTO -d $(nvram get wan2_ipaddr) --dport $SPORT -j DNAT --to $DEST:$DPORT
fi
fi
done
#apply range forward rules
for RULE in $(nvram get forward_port)
do
FROM=`echo $RULE | cut -d '>' -f 1`
TO=`echo $RULE | cut -d '>' -f 2`
STATE=`echo $FROM | cut -d ':' -f 2`
PROTO=`echo $FROM | cut -d ':' -f 3`
SPORT=`echo $FROM | cut -d ':' -f 4`
EPORT=`echo $FROM | cut -d ':' -f 5`

if [ "$STATE" = "on" ]; then
if [ "$PROTO" = "both" ]; then
#udp
iptables -A PREROUTING -t nat -p udp -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
#tcp
iptables -A PREROUTING -t nat -p tcp -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
else
iptables -A PREROUTING -t nat -p $PROTO -d $(nvram get wan2_ipaddr) --dport $SPORT:$EPORT -j DNAT --to $TO
fi
fi
done

----END Do not copy this line----

Like I said normal port forwarding works, but for some reason, port range forwarding is not working, even though its pulling the values from nvram.

_________________


Linksys EA6500v2 | 5GHz 1st Floor AP | Advanced Tomato 1.28.0000 -2.9-131 K26ARM USB AIO-64K
Netgear WNR2000v3 | 2nd Floor AP | DD-WRT v3.0-r27805 std

Behind a Raspberry Pi Dual WAN router
jbarbieri
DD-WRT Guru


Joined: 06 Apr 2007
Posts: 545
Location: New Hampshire

PostPosted: Thu Apr 12, 2007 20:12    Post subject: Reply with quote
Antoher update.


Both port forwarding and port range forwarding are working using that script above.

I also got DMZ to kick in as well, by adding to more lines to rc_firewall


---------------------BEGIN

# First three octets of LAN
BEGIN_LAN=192.168.0
$IPTABLES -t nat -A PREROUTING -d ${NET_EXT_IP2} -j DNAT --to ${BEGIN_LAN}.$(nvram get dmz_ipaddr)


-------END

This pulls the value of the DMZ from NVRAM, and makes the iptables rule for it.


This is working awesome so far for me. With 6mbit cable modems, I can download stuff at about 1.3MB/s

_________________


Linksys EA6500v2 | 5GHz 1st Floor AP | Advanced Tomato 1.28.0000 -2.9-131 K26ARM USB AIO-64K
Netgear WNR2000v3 | 2nd Floor AP | DD-WRT v3.0-r27805 std

Behind a Raspberry Pi Dual WAN router
jbarbieri
DD-WRT Guru


Joined: 06 Apr 2007
Posts: 545
Location: New Hampshire

PostPosted: Fri Apr 20, 2007 15:39    Post subject: dual wan Reply with quote
This also works, for the most part, on a Buffalo WHR G54S.

Not sure what had to be changed, but the configs are roughly the same.


Also, I am throwing in my updated rc_firewall and rc_startup, little changes here and there, so the full from begining to end:

Code:

nvram set vlan0ports="1 2 3 5*"
nvram set vlan2ports="4 5"
nvram set vlan2hwname=et0
nvram commit
reboot


rc_startup
Code:

#!/bin/ash
IF0=br0
IF1=vlan1
IF2=vlan2
P0_NET=192.168.1.0/24
P1_NET=65.xxx.xxx.0/24
P2_NET=216.yyy.yyy.0/24
IP1=65.xxx.xxx.163
IP2=216.yyy.yyy.132
P1=65.xxx.xxx.1
P2=216.yyy.yyy.1
PATH="/sbin:/usr/sbin:/bin:/usr/bin:${PATH}"
ifconfig vlan2 216.yyy.yyy.132 netmask 255.255.255.0 broadcast 216.yyy.yyy.255 up
ip route delete default
ip route add $P1_NET dev $IF1 src $IP1 table 10
ip route add default via $P1 table 10
ip route add $P2_NET dev $IF2 src $IP2 table 20
ip route add default via $P2 table 20
ip route add $P1_NET dev $IF1 src $IP1
ip route add $P2_NET dev $IF2 src $IP2
ip rule add from $IP1 table 10
ip rule add from $IP2 table 20
ip route add $P0_NET     dev $IF0 table 10
ip route add $P2_NET     dev $IF2 table 10
ip route add 127.0.0.0/8 dev lo   table 10
ip route add $P0_NET     dev $IF0 table 20
ip route add $P1_NET     dev $IF1 table 20
ip route add 127.0.0.0/8 dev lo   table 20
ip route add default scope global nexthop via $P1 dev $IF1 nexthop via $P2 dev $IF2
echo "0"> /proc/sys/net/ipv4/conf/vlan1/rp_filter
echo "0"> /proc/sys/net/ipv4/conf/vlan2/rp_filter


rc_firewall
Code:

IPTABLES="/usr/sbin/iptables"
iptables -I INPUT -i vlan2 -p icmp -j ACCEPT
NET_INT_INT=br0
NET_INT_IP=192.168.1.1
NET_INT_SUB=24
NET_INT_NET=192.168.1.0
NET_EXT_INT1=vlan1
NET_EXT_IP1=65.xxx.xxx.163
NET_EXT_GW1=65.xxx.xxx.1
NET_EXT_INT2=vlan2
NET_EXT_IP2=216.yyy.yyy.132
NET_EXT_GW2=216.yyy.yyy.1
ip route add default scope global nexthop via ${NET_EXT_GW1} dev ${NET_EXT_INT1} nexthop via ${NET_EXT_GW2} dev ${NET_EXT_INT2}
$IPTABLES -F POSTROUTING -t nat
$IPTABLES -t mangle -N ETH1
$IPTABLES -t mangle -F ETH1
$IPTABLES -t mangle -A ETH1 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH1 "
$IPTABLES -t mangle -A ETH1 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH1 "
$IPTABLES -t mangle -A ETH1 -j MARK --set-mark 1
$IPTABLES -t mangle -N ETH2
$IPTABLES -t mangle -F ETH2
$IPTABLES -t mangle -A ETH2 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH2 "
$IPTABLES -t mangle -A ETH2 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH2 "
$IPTABLES -t mangle -A ETH2 -j MARK --set-mark 2
$IPTABLES -t nat -N SPOOF_ETH1
$IPTABLES -t nat -F SPOOF_ETH1
$IPTABLES -t nat -A SPOOF_ETH1 -j LOG --log-prefix " SPOOF_ETH1 "
$IPTABLES -t nat -A SPOOF_ETH1 -j SNAT --to ${NET_EXT_IP1}
$IPTABLES -t nat -N SPOOF_ETH2
$IPTABLES -t nat -F SPOOF_ETH2
$IPTABLES -t nat -A SPOOF_ETH2 -j LOG --log-prefix " SPOOF_ETH2 "
$IPTABLES -t nat -A SPOOF_ETH2 -j SNAT --to ${NET_EXT_IP2}
$IPTABLES -A INPUT -p icmp -s ${NET_INT_NET}/${NET_INT_SUB} -d ${NET_INT_IP} -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -o ! ${NET_INT_INT} -m random --average 50 -j ETH1
$IPTABLES -t mangle -A PREROUTING -i ${NET_INT_INT} -m random --average 50 -j ETH1
$IPTABLES -t mangle -A OUTPUT -o ! ${NET_INT_INT} -m random --average 50 -j ETH2
$IPTABLES -t mangle -A PREROUTING -i ${NET_INT_INT} -m random --average 50 -j ETH2
$IPTABLES -t nat -A POSTROUTING -o ${NET_EXT_INT1} -j SPOOF_ETH1
$IPTABLES -t nat -A POSTROUTING -o ${NET_EXT_INT2} -j SPOOF_ETH2
for RULE in $(nvram get forward_spec)
do
FROM=`echo $RULE | cut -d ">" -f 1`
TO=`echo $RULE | cut -d ">" -f 2`
STATE=`echo $FROM | cut -d ":" -f 2`
PROTO=`echo $FROM | cut -d ":" -f 3`
SPORT=`echo $FROM | cut -d ":" -f 4`
DEST=`echo $TO | cut -d ":" -f 1`
DPORT=`echo $TO | cut -d ":" -f 2`
if [ "$STATE" = "on" ]; then
if [ "$PROTO" = "both" ]; then
iptables -A PREROUTING -t nat -p udp -d ${NET_EXT_IP2} --dport $SPORT -j DNAT --to $DEST:$DPORT
iptables -A PREROUTING -t nat -p tcp -d ${NET_EXT_IP2} --dport $SPORT -j DNAT --to $DEST:$DPORT
else
iptables -A PREROUTING -t nat -p $PROTO -d ${NET_EXT_IP2} --dport $SPORT -j DNAT --to $DEST:$DPORT
fi
fi
done
#apply range forward rules
for RULE in $(nvram get forward_port)
do
FROM=`echo $RULE | cut -d ">" -f 1`
TO=`echo $RULE | cut -d ">" -f 2`
STATE=`echo $FROM | cut -d ":" -f 2`
PROTO=`echo $FROM | cut -d ":" -f 3`
SPORT=`echo $FROM | cut -d ":" -f 4`
EPORT=`echo $FROM | cut -d ":" -f 5`
if [ "$STATE" = "on" ]; then
if [ "$PROTO" = "both" ]; then
iptables -A PREROUTING -t nat -p udp -d ${NET_EXT_IP2} --dport $SPORT:$EPORT -j DNAT --to $TO
iptables -A PREROUTING -t nat -p tcp -d ${NET_EXT_IP2} --dport $SPORT:$EPORT -j DNAT --to $TO
else
iptables -A PREROUTING -t nat -p $PROTO -d ${NET_EXT_IP2} --dport $SPORT:$EPORT -j DNAT --to $TO
fi
fi
done
echo "0"> /proc/sys/net/ipv4/conf/vlan1/rp_filter
echo "0"> /proc/sys/net/ipv4/conf/vlan2/rp_filter
echo "1"> /proc/sys/net/ipv4/ip_forward

_________________


Linksys EA6500v2 | 5GHz 1st Floor AP | Advanced Tomato 1.28.0000 -2.9-131 K26ARM USB AIO-64K
Netgear WNR2000v3 | 2nd Floor AP | DD-WRT v3.0-r27805 std

Behind a Raspberry Pi Dual WAN router


Last edited by jbarbieri on Mon Oct 08, 2007 15:21; edited 4 times in total
jbarbieri
DD-WRT Guru


Joined: 06 Apr 2007
Posts: 545
Location: New Hampshire

PostPosted: Tue Apr 24, 2007 12:43    Post subject: Reply with quote
Now with triple wan working. Using 3 static IPs

In the routers console:

Code:

nvram set vlan0ports="1 3 5*"
nvram set vlan3ports="2 5"
nvram set vlan3hwname=et0
nvram commit


rc_startup:

Code:

#!/bin/ash
IF0=br0
IF1=vlan1
IF2=vlan2
IF3=vlan3
P0_NET=192.168.0/24
P1_NET=65.xxx.xx6.0/24
P2_NET=216.yyy.yyy.0/24
P3_NET=65.zzz.zz1.0/24
IP1=65.xxx.xx6.163
IP2=216.yyy.yyy.132
IP3=65.zzz.zz1.126
P1=65.xxx.xx6.1
P2=216.yyy.yyy.1
P3=65.zzz.zz1.1
PATH="/sbin:/usr/sbin:/bin:/usr/bin:${PATH}"
ifconfig vlan2 216.yyy.yyy.132 netmask 255.255.255.0 broadcast 216.yyy.yyy.255 up
ifconfig vlan3 65.zzz.zz1.126 netmask 255.255.255.0 broadcast 65.zzz.zz1.255 up
ip route delete default
ip route add $P1_NET dev $IF1 src $IP1 table 10
ip route add default via $P1 table 10
ip route add $P2_NET dev $IF2 src $IP2 table 20
ip route add default via $P2 table 20
ip route add $P3_NET dev $IF3 src $IP3 table 30
ip route add default via $P3 table 30
ip route add $P1_NET dev $IF1 src $IP1
ip route add $P2_NET dev $IF2 src $IP2
ip route add $P3_NET dev $IF3 src $IP3
ip rule add from $IP1 table 10
ip rule add from $IP2 table 20
ip rule add from $IP3 table 30
ip route add $P0_NET     dev $IF0 table 10
ip route add $P2_NET     dev $IF2 table 10
ip route add $P3_NET    dev $IF3 table 10
ip route add 127.0.0.0/8 dev lo   table 10
ip route add $P0_NET     dev $IF0 table 20
ip route add $P1_NET     dev $IF1 table 20
ip route add $P3_NET    dev $IF3 table 20
ip route add 127.0.0.0/8 dev lo   table 20
ip route add $P0_NET     dev $IF0 table 30
ip route add $P1_NET     dev $IF1 table 30
ip route add $P2_NET     dev $IF2 table 30
ip route add 127.0.0.0/8 dev lo   table 30
ip route add default scope global nexthop via $P1 dev $IF1 nexthop via $P2 dev $IF2 nexthop via $P3 dev $IF3
echo "0"> /proc/sys/net/ipv4/conf/vlan1/rp_filter
echo "0"> /proc/sys/net/ipv4/conf/vlan2/rp_filter
echo "0"> /proc/sys/net/ipv4/conf/vlan3/rp_filter



rc_firewall:

Code:

IPTABLES="/usr/sbin/iptables"
iptables -I INPUT -i vlan2 -p icmp -j ACCEPT
NET_INT_INT=br0
NET_INT_IP=192.168.1.1
NET_INT_SUB=24
NET_INT_NET=192.168.1.0
NET_EXT_INT1=vlan1
NET_EXT_IP1=65.xxx.xx6.163
NET_EXT_GW1=65.xxx.xx6.1
NET_EXT_INT2=vlan2
NET_EXT_IP2=216.yyy.yyy.132
NET_EXT_GW2=216.yyy.yyy.1
NET_EXT_INT3=vlan3
NET_EXT_IP3=65.zzz.zz1.126
NET_EXT_GW3=65.zzz.zz1.1
ip route add default scope global nexthop via ${NET_EXT_GW1} dev ${NET_EXT_INT1} nexthop via ${NET_EXT_GW2} dev ${NET_EXT_INT2} nexthop via ${NET_EXT_GW3} dev ${NET_EXT_INT3}
$IPTABLES -F POSTROUTING -t nat
$IPTABLES -t mangle -N ETH1
$IPTABLES -t mangle -F ETH1
#$IPTABLES -t mangle -A ETH1 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH1 "
#$IPTABLES -t mangle -A ETH1 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH1 "
$IPTABLES -t mangle -A ETH1 -j MARK --set-mark 1
$IPTABLES -t mangle -N ETH2
$IPTABLES -t mangle -F ETH2
#$IPTABLES -t mangle -A ETH2 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH2 "
#$IPTABLES -t mangle -A ETH2 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH2 "
$IPTABLES -t mangle -A ETH2 -j MARK --set-mark 2
$IPTABLES -t mangle -N ETH3
$IPTABLES -t mangle -F ETH3
#$IPTABLES -t mangle -A ETH3 -p tcp -j LOG --log-prefix " MANGLE_TCP_ETH3 "
#$IPTABLES -t mangle -A ETH3 -p icmp -j LOG --log-prefix " MANGLE_ICMP_ETH3 "
$IPTABLES -t mangle -A ETH3 -j MARK --set-mark 3
$IPTABLES -t nat -N SPOOF_ETH1
$IPTABLES -t nat -F SPOOF_ETH1
#$IPTABLES -t nat -A SPOOF_ETH1 -j LOG --log-prefix " SPOOF_ETH1 "
$IPTABLES -t nat -A SPOOF_ETH1 -j SNAT --to ${NET_EXT_IP1}
$IPTABLES -t nat -N SPOOF_ETH2
$IPTABLES -t nat -F SPOOF_ETH2
#$IPTABLES -t nat -A SPOOF_ETH2 -j LOG --log-prefix " SPOOF_ETH2 "
$IPTABLES -t nat -A SPOOF_ETH2 -j SNAT --to ${NET_EXT_IP2}
$IPTABLES -t nat -N SPOOF_ETH3
$IPTABLES -t nat -F SPOOF_ETH3
#$IPTABLES -t nat -A SPOOF_ETH3 -j LOG --log-prefix " SPOOF_ETH3 "
$IPTABLES -t nat -A SPOOF_ETH3 -j SNAT --to ${NET_EXT_IP3}
$IPTABLES -A INPUT -p icmp -s ${NET_INT_NET}/${NET_INT_SUB} -d ${NET_INT_IP} -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -o ! ${NET_INT_INT} -m random --average 33 -j ETH1
$IPTABLES -t mangle -A PREROUTING -i ${NET_INT_INT} -m random --average 33 -j ETH1
$IPTABLES -t mangle -A OUTPUT -o ! ${NET_INT_INT} -m random --average 33 -j ETH2
$IPTABLES -t mangle -A PREROUTING -i ${NET_INT_INT} -m random --average 33 -j ETH2
$IPTABLES -t mangle -A OUTPUT -o ! ${NET_INT_INT} -m random --average 33 -j ETH3
$IPTABLES -t mangle -A PREROUTING -i ${NET_INT_INT} -m random --average 33 -j ETH3
$IPTABLES -t nat -A POSTROUTING -o ${NET_EXT_INT1} -j SPOOF_ETH1
$IPTABLES -t nat -A POSTROUTING -o ${NET_EXT_INT2} -j SPOOF_ETH2
$IPTABLES -t nat -A POSTROUTING -o ${NET_EXT_INT3} -j SPOOF_ETH3
for RULE in $(nvram get forward_spec)
do
FROM=`echo $RULE | cut -d ">" -f 1`
TO=`echo $RULE | cut -d ">" -f 2`
STATE=`echo $FROM | cut -d ":" -f 2`
PROTO=`echo $FROM | cut -d ":" -f 3`
SPORT=`echo $FROM | cut -d ":" -f 4`
DEST=`echo $TO | cut -d ":" -f 1`
DPORT=`echo $TO | cut -d ":" -f 2`
if [ "$STATE" = "on" ]; then
if [ "$PROTO" = "both" ]; then
iptables -A PREROUTING -t nat -p udp -d ${NET_EXT_IP2} --dport $SPORT -j DNAT --to $DEST:$DPORT
iptables -A PREROUTING -t nat -p tcp -d ${NET_EXT_IP2} --dport $SPORT -j DNAT --to $DEST:$DPORT
else
iptables -A PREROUTING -t nat -p $PROTO -d ${NET_EXT_IP2} --dport $SPORT -j DNAT --to $DEST:$DPORT
fi
fi
done
#apply range forward rules
for RULE in $(nvram get forward_port)
do
FROM=`echo $RULE | cut -d ">" -f 1`
TO=`echo $RULE | cut -d ">" -f 2`
STATE=`echo $FROM | cut -d ":" -f 2`
PROTO=`echo $FROM | cut -d ":" -f 3`
SPORT=`echo $FROM | cut -d ":" -f 4`
EPORT=`echo $FROM | cut -d ":" -f 5`
if [ "$STATE" = "on" ]; then
if [ "$PROTO" = "both" ]; then
iptables -A PREROUTING -t nat -p udp -d ${NET_EXT_IP2} --dport $SPORT:$EPORT -j DNAT --to $TO
iptables -A PREROUTING -t nat -p tcp -d ${NET_EXT_IP2} --dport $SPORT:$EPORT -j DNAT --to $TO
else
iptables -A PREROUTING -t nat -p $PROTO -d ${NET_EXT_IP2} --dport $SPORT:$EPORT -j DNAT --to $TO
fi
fi
done
echo "0"> /proc/sys/net/ipv4/conf/vlan1/rp_filter
echo "0"> /proc/sys/net/ipv4/conf/vlan2/rp_filter
echo "0"> /proc/sys/net/ipv4/conf/vlan3/rp_filter
echo "1"> /proc/sys/net/ipv4/ip_forward


I can now push between 1.8-2.0MB/s downloads!

w00t w00t

_________________


Linksys EA6500v2 | 5GHz 1st Floor AP | Advanced Tomato 1.28.0000 -2.9-131 K26ARM USB AIO-64K
Netgear WNR2000v3 | 2nd Floor AP | DD-WRT v3.0-r27805 std

Behind a Raspberry Pi Dual WAN router


Last edited by jbarbieri on Sun Aug 12, 2007 2:23; edited 1 time in total
GunTolo
DD-WRT Guru


Joined: 09 Aug 2006
Posts: 1103
Location: Surabaya, Indonesia

PostPosted: Tue Apr 24, 2007 20:16    Post subject: Reply with quote
good job,

i'll try that script with my GL and see how it work. i'll post the result.

still wait the IP from my new Wireless ISP

_________________
365'pc WRT54GL 1.1 + DD-WRT
wds - client mode - client bridge
337 GL+DD-WRT v23 SP1 Std
28 GL+DD-WRT v23 SP3 Std
13 WRT300N v.1 v24 06-20-07
2 GL/SP1/200 mW+Hyperlink 24 db >> 16 km Point to Point
h0dg3s
DD-WRT Novice


Joined: 03 Dec 2006
Posts: 19

PostPosted: Tue Apr 24, 2007 22:13    Post subject: Reply with quote
Thanks for the info, never even thought about doing this.

You can buy routers with 2 WAN ports (though where's the fun in that? Smile )

http://www.newegg.com/Product/ProductList.aspx?Submit=ENE&N=2000400028+1138610150&name=2+x+10%2f100Mbps
jbarbieri
DD-WRT Guru


Joined: 06 Apr 2007
Posts: 545
Location: New Hampshire

PostPosted: Tue Apr 24, 2007 22:47    Post subject: Reply with quote
h0dg3s wrote:

You can buy routers with 2 WAN ports (though where's the fun in that? Smile )

http://www.newegg.com/Product/ProductList.aspx?Submit=ENE&N=2000400028+1138610150&name=2+x+10%2f100Mbps


Yea, but look at the price of those routers compared to 35 bucks spent on a WRT54GS

Plus, can you do triple wan with those?? Razz

_________________


Linksys EA6500v2 | 5GHz 1st Floor AP | Advanced Tomato 1.28.0000 -2.9-131 K26ARM USB AIO-64K
Netgear WNR2000v3 | 2nd Floor AP | DD-WRT v3.0-r27805 std

Behind a Raspberry Pi Dual WAN router
vhoang
DD-WRT Novice


Joined: 22 Apr 2007
Posts: 9

PostPosted: Tue Apr 24, 2007 22:53    Post subject: Reply with quote
very nice write-up...

two small subnotes...

1. Since you only have one internal subnet, you can simplify your multiple SNAT lines to
iptables -t nat -I POSTROUTING -o ! br0 -j MASQUERADE.

the exclusion of br0 will allow internal servers to see the real ip of the request.

2. If you save mark as packets come in from multiple wans and restore mark as they go back from br0, you port forwarding might get you more mileage
Jabroni
DD-WRT User


Joined: 17 Jun 2006
Posts: 88

PostPosted: Fri May 04, 2007 18:50    Post subject: Reply with quote
Great guide! I just tested it and it worked great.. I just have a question, is there a way to force X tcp port to use just WAN1 ??? Something like its on the wiki
Code:

iptables -t mangle -A PREROUTING -i $(nvram get lan_ifname) -m multiport -p tcp --dport 22,25,80,110,119,143,443,993,3389 -j MARK --set-mark 0x100
themysteryman83
DD-WRT Novice


Joined: 25 Dec 2006
Posts: 10

PostPosted: Thu Jun 07, 2007 5:35    Post subject: Reply with quote
I have a few questions...
Call me stupid, but as soon as I tried to run the very first script on my buffalo high power it completely stopped responding to all requests. No ip address, nothing. I had to reset the router back to default settings to get it back up and running. I would assume this is because the ports on the buffalo are named differently? I have ports 1234 and W under the vlan tab. I noticed that the script assigns ports 1-5 to certain functions, but #5 I do not have. I would assume that one of these is the wan port.

Is it possible to use this with dhcp instead of static ip addressing on the wan ports?

Most importantly is there a way to use this with the wireless being a port as well as the wired ones? I currently have my router setup as a repeater/bridge and would love to use the wireless and another wired connection in conjunction with each other.

Ian
arcterex
DD-WRT Novice


Joined: 06 Jul 2007
Posts: 1

PostPosted: Fri Jul 06, 2007 22:52    Post subject: Wouldn't work for me :( Reply with quote
Is there anyway to test or troubleshoot as you go along? I copied both sets of scripts, put in my own stuff, but while the routing looked ok, I got no net access Sad Any troubleshooting tips appreciated.

This is on a linksys wrt box with v23 sp2.
jbarbieri
DD-WRT Guru


Joined: 06 Apr 2007
Posts: 545
Location: New Hampshire

PostPosted: Fri Jul 13, 2007 20:01    Post subject: Re: Wouldn't work for me :( Reply with quote
arcterex wrote:
Is there anyway to test or troubleshoot as you go along? I copied both sets of scripts, put in my own stuff, but while the routing looked ok, I got no net access Sad Any troubleshooting tips appreciated.

This is on a linksys wrt box with v23 sp2.


if you want, PM me the scripts you used, and I can help you out.


Or you can usually hit me up on AIM, and if I am not busy @ work I can try and help you out there too.

_________________


Linksys EA6500v2 | 5GHz 1st Floor AP | Advanced Tomato 1.28.0000 -2.9-131 K26ARM USB AIO-64K
Netgear WNR2000v3 | 2nd Floor AP | DD-WRT v3.0-r27805 std

Behind a Raspberry Pi Dual WAN router
rpcblast
DD-WRT Novice


Joined: 17 Jul 2007
Posts: 2

PostPosted: Tue Jul 17, 2007 3:02    Post subject: Reply with quote
you can have a lot of wans using a cisco router(1721 around 100 on ebay) and a cisco or any switch supporting 802.1q trunking(cisco 2924 for about $50)
jbarbieri
DD-WRT Guru


Joined: 06 Apr 2007
Posts: 545
Location: New Hampshire

PostPosted: Sun Aug 12, 2007 2:20    Post subject: Reply with quote
I found a slight little bug in my firewall code, so I edited it (the one the link in the first post goes to)


Also, it looks like buffalo routers have different vlan settings.


so buffalos should be:

Code:
nvram set vlan0ports="0 1 2 5*"
nvram set vlan2ports="3 5"
nvram set vlan2hwname=et0
nvram commit
reboot





If you guys need any help, just hit me up on AIM, and I'll try to help ya out.

_________________


Linksys EA6500v2 | 5GHz 1st Floor AP | Advanced Tomato 1.28.0000 -2.9-131 K26ARM USB AIO-64K
Netgear WNR2000v3 | 2nd Floor AP | DD-WRT v3.0-r27805 std

Behind a Raspberry Pi Dual WAN router
Goto page 1, 2, 3 ... 66, 67, 68  Next Display posts from previous:    Page 1 of 68
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum