Multiple WAN IP Addresses, what's wrong with my config?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Author Message
U235
DD-WRT Novice


Joined: 01 Apr 2009
Posts: 7

PostPosted: Sat Mar 13, 2010 22:26    Post subject: Multiple WAN IP Addresses, what's wrong with my config? Reply with quote
Yesterday I spent a couple hours searching and reading through multiple threads about multiple WAN support on DD-WRT. I finally thought I had it all worked out, but then I realized I was coming through on LOOPBACK and it wasn't actually configured right. I found a bunch of different threads and found a config that I thought worked, but it doesn't.

I'm running v24sp2 on a Buffalo WZR-HP-G300NH.

My main config is set on IP: 71.xxx.xxx.6. I own IPs 1-6 and here's my config. I wanted my webcam which is exposed externally to take 71.xxx.xxx.5. For testing, I thought I configured the firewall to just pass all packets and ports through.

Here's the config, please advise.

Quote:
Startup:
ifconfig eth1:1 71.xxx.xxx.5 netmask 255.255.255.0 broadcast 71.xxx.xxx.255


Quote:
Firewall:
#### Camera ####
iptables -t nat -I PREROUTING -d 71.xxx.xxx.5 -j DNAT --to-destination 192.168.254.20
iptables -t nat -I POSTROUTING -s 192.168.254.20 -j SNAT --to-source 71.xxx.xxx.5
## ALL Ports Forwarded ##
iptables -I FORWARD -d 192.168.254.20 -j ACCEPT


Obviously the camera's local IP is 192.168.254.20 which is the same subnet as the router's LAN side. I also know the IP is live since I had it working on my Siemens router so it's definitely something in the DD router and this config that's wrong.

On a final note, this config is for testing, once I know things are working, I'll change the firewall configuration to only use the ports needed.

I'd appreciate any help!

Regards,
Brian
Sponsor
Markus
Site Admin


Joined: 09 Aug 2006
Posts: 121
Location: Germany, Bensheim

PostPosted: Fri Mar 19, 2010 14:23    Post subject: Reply with quote
I guess you may not define the SNAT. Try it as follows:

Quote:


iptables -t nat -I PREROUTING -i eth1 -d 71.x.x.5 -j DNAT --to 192.168.254.20
iptables -I FORWARD -i eth1 -d 172.27.0.43 -j ACCEPT



Markus

_________________
Forum Rules
Forum Guidelines...How to get help the right way
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10143

PostPosted: Sun Mar 21, 2010 2:16    Post subject: Reply with quote
Your firewall is fine and the SNAT rule is important. Are you sure you have the correct subnet mask/broadcast address though?
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum