Posted: Tue Jan 03, 2012 21:10 Post subject: Buffalo WZR-HP-G300NH2, can't port forward TCP 80 for HTTP?
Buffalo WZR-HP-G300NH2
I had bricked my router and have managed to recover by installing the following firmware, which is reported in the upper-right of the DD-WRT interface as DD-WRT v24-sp2 (12/12/11) std:
Code:
wzr-hp-g300nh2-dd-wrt-webupgrade-MULTI20hex.bin
I performed the 30/30/30 reset and reconfigured the router with my settings, but I can't get the router to forward for TCP port 80.
In the wiki under the Check the WAN IP section, this is my setup:
Quote:
Any other WAN IP is likely a public (routable) address that just needs a properly configured port forward on the router.
I followed the steps in the Port Forwarding Troubleshooting and tried applying the Firewall commands recommended in the bug ticket as follows:
Code:
insmod ipt_mark
insmod xt_mark
iptables -t mangle -A PREROUTING -i ! 'get_wanface' -d 'nvram get wan_ipaddr' -j MARK --set-mark 0xd001
iptables -t nat -A POSTROUTING -m mark --mark 0xd001 -j MASQUERADE
I also ran the following command having had no success thus far, with the proper value for my subnet, 192.168.2.0:
I'm pretty certain my ISP (AT&T) isn't messing with my traffic, as I connected a spare Linksys WRTG54 router running factory firmware, and it forwarded port 80 without a hitch.
Please help! Something peculiar to this router and/or DD-WRT doesn't seem to be allowing me to forward HTTP. Thanks!
The "DPT" aka destination port is clearly identified (e.g.: 3000) as the port the incoming http request is tagged with, not sure if this gets NAT'd <?> over to the interal server's <local-ip>:80 correctly or not. Will see if I can get more logging farther down the chain.
Posted: Sat Jan 07, 2012 18:51 Post subject: "Chicken Little" figures out the sky is not fall
OK, first let me apologize to the hundreds that have read these previous posts who might have invested any amount of time trying to resolve this issue with my router operation/config....
....the good news is port forwarding is working as it should with the given configuration & dd-wrt distro.
After spending quite a bit of time trying to think this issue through, I decided to simplify some things to remove any other possibilities. On 3 of the ports (3000-3002) I had webcams, and 2 of these had some basic authentication turned on...my thought was "if the authentication is an issue, one of the cams will still get through since it does not have authentication turned on". As soon as I turned authentication off for the two cameras where it was on, all three camera images started showing up in my web page. Appears the authentication stuff is still an issue, but with it turned off the port forward/translation is performed as expected.
So that solved 3 of my 4 ports that weren't performing....
Even though I had looked around to see if using port 2000 for my 4th web server would/could be an issue, I found none...but I went ahead and tried moving it to another port (3500 in this case) and it immediately started serving up content to the exterior side of my router immediately.
So, by removing some other features/layers in the technology stack, I was able to get my internal web content from 4 internal devices (all which run on port 80) routed out through my dd-wrt v24sr2 router as was originally intended.
Thanks to all who were interested in this, and hopefully some of the content I posted will prove valuable to others who are also struggling to get content out onto the web. Overall I'm thrilled with the rich set of features that dd-wrt provides us with, some things that are only available on commercial router distros that are many time more expensive. Great work dd-wrt team!
Unfortunately I'm not sure how to apply your findings to my situation. When it comes to IP routing I'm very much a newbie, despite my other extensive experience in IT, routing has been sort of the red-headed step child in my mind and I've just avoided digging deep into it whenever possible.
In my situation I'm trying to port forward traffic on port 80 to IIS 7.5 (Windows 7's web server). As I mentioned my current setup specific to IIS was visible when using a spare Linksys router with its factory firmware I had lying around, but with my current router with the noted build of DD-WRT, no joy.
Any suggestions you or anyone else might have would be greatly appreciated! I'd rather not dump DD-WRT for a relatively small problem.
Hi Darth - I definitely sympathize w/you regarding routing being somewhat foreign to you... I'm a senior Java developer, but don't think I've ever had to roll up my sleeves and get under the hood of a router, ugh! Makes my head hurt!
Something that may help is to turn on some logging using a script like:
I put this script in the Command dialog (Admin/Commands), then use "Run Commands" button. Once this is done, and some requests come in, you can then look in the logs by connecting to the router via SSH, then "cat /tmp/var/log/messages" which will display the contents. You should see the messages with "incoming" attached to them:
This should at least give you a chance to see that the requests are coming in. Once the requests are being seen at this point, you should be able to add logging to POSTROUTING with a similar script. If you can confirm the requests are making it through POSTROUTING, you could then set up a tcp sniffer (TCPMON is one, Fiddler http://www.fiddler2.com/fiddler2/ is another), to watch tcp traffic between your router & IIS.
No luck so far. I posted on ServerFault as well, but thus far nothing I've tried according to the suggestions has worked for me.
I might just get a new router. This seems to be either a bug with DD-WRT itself, a conspiracy to get people away from hosting websites from their home internet, or both, or neither. I don't know, and I'm rather fed up with troubleshooting at this point.