Which device for Multi-WAN?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
Treppiede
DD-WRT Novice


Joined: 10 Nov 2006
Posts: 1

PostPosted: Fri Nov 10, 2006 20:05    Post subject: Which device for Multi-WAN? Reply with quote
Hello,
I am looking into getting a Linsys/Buffalo WRouter and flashing it with DD-WRT. I was intrigued by DD-WRT because it seems to have a pretty good support for QoS which I need for VoIP traffic here in the office.

What I was unable to clearly understand is whether or not DD-WRT supports multi-WAN (a.k.a. multiNAT, SNAT etc). We are leasing a small subnet of Public Addresses from our ISP and I would like to be able to configure them. We are talking about a single WAN interface, no problem, but will it handle full Multi-NAT configuration?

QoS and Multi-NAT options on the Netgear FVS338 Router we are currently using are a joke, plus the device is quite unstable, so I really look forward implementing this firmware and share my findings with this community.

Thank you in advance!

-Walter

_________________
There are two types of people, those who do backups and those who have never had a HDD fail.
Sponsor
DumphluM
DD-WRT Novice


Joined: 08 Jun 2006
Posts: 27
Location: Diemen (NL)

PostPosted: Fri Nov 10, 2006 23:09    Post subject: Reply with quote
I think you can use ddwrt for your multi-wan. It depend how you want to have it working.
I have a /48 subnet from my provider, and forwarded the 6 usable ip adresses to my wrt which is 1:1 NATing them to internal ip-adresses.
If this is what you are looking for I will post the iptables commands how to do this.
I don't know about the best device. I have a wrt54g which is up for 60 days now without a problem.
mattsl
DD-WRT Novice


Joined: 13 Nov 2006
Posts: 1

PostPosted: Mon Nov 13, 2006 23:12    Post subject: Reply with quote
DumphluM,
Could you post the IPTables commands? I am looking to try Multi-NAT on my WRT54G-L.
Thanks.
adisor19
DD-WRT User


Joined: 11 Jun 2006
Posts: 484

PostPosted: Tue Nov 14, 2006 2:11    Post subject: Reply with quote
Just avoid any of the WZR series router if you're looking for multi wan. Apparently the switch inside this series router does not support reasigning the ports.

Adi
DumphluM
DD-WRT Novice


Joined: 08 Jun 2006
Posts: 27
Location: Diemen (NL)

PostPosted: Tue Nov 14, 2006 18:27    Post subject: Reply with quote
I've set it up like the following.
In the router setup page i've set one static IP-address.

Tthe remaining ip-adresses you have to add like this:
Code:

/usr/sbin/ip addr add [public_ip1]/29 dev vlan1
/usr/sbin/ip addr add [public_ip2]/29 dev vlan1

etc.

To map an internal ip to an external use this:

Code:
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s [internal_ip1] -j SNAT --to [public ip1]

/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s [internal_ip2] -j SNAT --to [public ip2]


For incomming connections it's up to you if you want all ports forwarded (like DMZ), or only specific ports e.g. web server/mail server.

To forward all ports use:

Code:
iptables -t nat -I PREROUTING -d [external_ip1] -j DNAT --to-destination [internal_ip1]

ptables -t nat -I PREROUTING -d [external_ip2] -j DNAT --to-destination [internal_ip2]


For only specific ports (80 in this case):

Code:
/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d [public_ip1] --dport 80 -j DNAT --to-destination [internal_ip1]:80
/usr/sbin/iptables -I FORWARD -p tcp -d [internal_ip1] --dport 80 -j ACCEPT

/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d [public_ip2] --dport 80 -j DNAT --to-destination [internal_ip2]:80
/usr/sbin/iptables -I FORWARD -p tcp -d [internal_ip2] --dport 80 -j ACCEPT



I hope this this is useful for someone:)

Cheers, Guido!
drcomp
DD-WRT Novice


Joined: 19 Jun 2007
Posts: 2

PostPosted: Tue Jun 19, 2007 23:55    Post subject: Reply with quote
Thanks Guido - this is exactly what I was looking for. Very thankful I stumbled upon this thread.

Question for you:
Is there any way to view a log of the changes that are active? I notice that the SSH terminal prompt gives no feedback after I enter the info. I have confirmed that it is working by successfully reaching a web server (port 80) on the secondary static IP from my DSL provider. So that's GREAT, but still would be nice to know what I have done or failed to do... Shocked

I tried IPTables -l, but did not see either of my static public IPs anywhere in that readout.

ALSO - how would I remove these options if some day I wanted to change or revoke the mappings? I'm particularly curious if I could set DMZ for testing and then revoke it at a later time...

Thanks again-
Eric
DumphluM
DD-WRT Novice


Joined: 08 Jun 2006
Posts: 27
Location: Diemen (NL)

PostPosted: Thu Jun 21, 2007 13:18    Post subject: Reply with quote
drcomp wrote:



Is there any way to view a log of the changes that are active? I notice that the SSH terminal prompt gives no feedback after I enter the info. I have confirmed that it is working by successfully reaching a web server (port 80) on the secondary static IP from my DSL provider. So that's GREAT, but still would be nice to know what I have done or failed to do... Shocked

I tried IPTables -l, but did not see either of my static public IPs anywhere in that readout.


With iptables -L you can see the forwarded ports. But when the router doesn't return a failure mesage you may expect that it works. (ifconfig gives some information, but not what you want)

drcomp wrote:

ALSO - how would I remove these options if some day I wanted to change or revoke the mappings? I'm particularly curious if I could set DMZ for testing and then revoke it at a later time...


To remove the extra IP's just clear those commands from your startupscript and reboot the router.
For the port forwardings you have to copy the exact rule you entered, and replace "-I" or "-A" for "-D".
But it is also possible to remove those rules from your startupscript and reboot the router.

Good luck!
TXC
DD-WRT Novice


Joined: 20 Sep 2007
Posts: 1

PostPosted: Thu Sep 20, 2007 11:02    Post subject: Reply with quote
How should i do if my isp only assigns ip's via dhcp?

Is this possible?

(Sorry for the bump Embarassed )
lynden
DD-WRT Novice


Joined: 01 Feb 2007
Posts: 4

PostPosted: Fri Jul 11, 2008 22:02    Post subject: Reply with quote
I'd like to know as well. DSLExtreme users get 5 DHCP IP addresses. It'd be great if we can have 4 separate NAT'ed VLANs using different public IPs.


TXC wrote:
How should i do if my isp only assigns ip's via dhcp?

Is this possible?

(Sorry for the bump Embarassed )
ivalerio
DD-WRT Novice


Joined: 29 Dec 2009
Posts: 1

PostPosted: Thu Dec 31, 2009 10:56    Post subject: Wow Reply with quote
DumphluM wrote:
drcomp wrote:



Is there any way to view a log of the changes that are active? I notice that the SSH terminal prompt gives no feedback after I enter the info. I have confirmed that it is working by successfully reaching a web server (port 80) on the secondary static IP from my DSL provider. So that's GREAT, but still would be nice to know what I have done or failed to do... Shocked

I tried IPTables -l, but did not see either of my static public IPs anywhere in that readout.


With iptables -L you can see the forwarded ports. But when the router doesn't return a failure mesage you may expect that it works. (ifconfig gives some information, but not what you want)

drcomp wrote:

ALSO - how would I remove these options if some day I wanted to change or revoke the mappings? I'm particularly curious if I could set DMZ for testing and then revoke it at a later time...


To remove the extra IP's just clear those commands from your startupscript and reboot the router.
For the port forwardings you have to copy the exact rule you entered, and replace "-I" or "-A" for "-D".
But it is also possible to remove those rules from your startupscript and reboot the router.

Good luck!


You really know your way in there... Bravo my friend! Is the coding in the shell similar to that of cisco routers? If so maybe I can practice with my router and gain some much needed experience.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum