NAT on VLAN [Solved]

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
Ambit
DD-WRT Novice


Joined: 10 Dec 2014
Posts: 1

PostPosted: Thu Dec 11, 2014 17:40    Post subject: NAT on VLAN [Solved] Reply with quote
I want to configure my WRT600N to NAT out to 2 VLANs. Configuring the first one was easy because I just used the WAN port.

The second one however isn't working. In the configuration GUI under "Setup>Networking", I set vlan3 to Unbridged, enabled "Masquerade / NAT", and gave the IP 10.0.0.188 and mask 255.255.255.0.

Under "Setup>Advanced Routing" I created a route with metric 0, IP 10.0.0.0, mask 255.255.0.0, gateway 10.0.0.1, and interface vlan3. (I'm using that mask because 10.0.0.1 routes through a VPN for 10.0.2.0/24 addresses.)

I can ping 10.0.0.1 from the WRT600N, but not from devices behind it.

This is the output of iptables with rule-less lists omitted:

iptables -t nat -vL
Code:

Chain PREROUTING (policy ACCEPT 1913 packets, 303K bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DNAT       icmp --  any    any     anywhere             192.168.0.2         to:192.168.1.1
    5  1437 TRIGGER    0    --  any    any     anywhere             192.168.0.2         TRIGGER type:dnat match:0 relate:0

Chain POSTROUTING (policy ACCEPT 55 packets, 3070 bytes)
 pkts bytes target     prot opt in     out     source               destination
  631 77659 SNAT       0    --  any    vlan2   anywhere             anywhere            to:192.168.0.2
    0     0 RETURN     0    --  any    br0     anywhere             anywhere            PKTTYPE = broadcast
    0     0 MASQUERADE  0    --  any    br0     192.168.1.0/24       192.168.1.0/24
    0     0 RETURN     0    --  any    vlan3   anywhere             anywhere            PKTTYPE = broadcast
    5   420 MASQUERADE  0    --  any    vlan3   10.0.0.0/24          10.0.0.0/24


iptables -t filter -vL
Code:

Chain INPUT (policy ACCEPT 5626 packets, 529K bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       tcp  --  vlan2  any     anywhere             anywhere            tcp dpt:webcache
    0     0 DROP       tcp  --  vlan2  any     anywhere             anywhere            tcp dpt:www
    0     0 DROP       tcp  --  vlan2  any     anywhere             anywhere            tcp dpt:https
    0     0 DROP       tcp  --  vlan2  any     anywhere             anywhere            tcp dpt:69
    0     0 DROP       tcp  --  vlan2  any     anywhere             anywhere            tcp dpt:telnet
    0     0 DROP       tcp  --  vlan2  any     anywhere             anywhere            tcp dpt:telnet

Chain FORWARD (policy ACCEPT 11 packets, 440 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     0    --  vlan3  any     anywhere             anywhere
   57  3420 ACCEPT     0    --  br0    br0     anywhere             anywhere
  524 27264 TCPMSS     tcp  --  any    any     anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
 6268 2800K lan2wan    0    --  any    any     anywhere             anywhere
 5602 2718K ACCEPT     0    --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED
    0     0 TRIGGER    0    --  vlan2  br0     anywhere             anywhere            TRIGGER type:in match:0 relate:0
  666 81645 trigger_out  0    --  br0    any     anywhere             anywhere
  655 81205 logaccept  0    --  br0    any     anywhere             anywhere            state NEW



EDIT (Solution):

It turns out that the only issue was the iptables entry that the GUI automatically creates was wrong. I disabled the "NAT / Masquerade" setting and manually added the following rule to the firewall startup script:

Code:

iptables -t nat -A POSTROUTING -o vlan3 -j MASQUERADE
Sponsor
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum