One-to-One NAT pointing all IPs at Router???

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
jccantele49
DD-WRT Novice


Joined: 03 Mar 2011
Posts: 13
PostPosted: Tue Mar 22, 2011 20:35    Post subject: One-to-One NAT pointing all IPs at Router??? Reply with quote
I have followed the tutorial to set up One-to-One NAT. We currently have 13 external IPs.. and for some reason, every single external IP address is pointing at the router instead of the machines I am pointing them at. Here is the script I used:

####################################
#Add additional IP addresses to WAN#
####################################

ifconfig vlan1:1 173.11.xx.xx netmask 255.255.255.240 broadcast 173.11.xx.xx
ifconfig vlan1:2 173.11.xx.xx netmask 255.255.255.240 broadcast 173.11.xx.xx
ifconfig vlan1:3 173.11.xx.xx netmask 255.255.255.240 broadcast 173.11.xx.xx
ifconfig vlan1:4 173.11.xx.xx netmask 255.255.255.240 broadcast 173.11.xx.xx
ifconfig vlan1:5 173.11.xx.xx netmask 255.255.255.240 broadcast 173.11.xx.xx
ifconfig vlan1:6 173.11.xx.xx netmask 255.255.255.240 broadcast 173.11.xx.xx
ifconfig vlan1:7 173.11.xx.xx netmask 255.255.255.240 broadcast 173.11.xx.xx
ifconfig vlan1:8 173.11.xx.xx netmask 255.255.255.240 broadcast 173.11.xx.xx
ifconfig vlan1:9 173.11.xx.xx netmask 255.255.255.240 broadcast 173.11.xx.xx
ifconfig vlan1:10 173.11.xx.xx netmask 255.255.255.240 broadcast 173.11.xx.xx
ifconfig vlan1:11 173.11.xx.xx netmask 255.255.255.240 broadcast 173.11.xx.xx
ifconfig vlan1:12 173.11.xx.xx netmask 255.255.255.240 broadcast 173.11.xx.xx
ifconfig vlan1:13 173.11.xx.xx netmask 255.255.255.240 broadcast 173.11.xx.xx

######################
#Forward IP addresses#
######################

iptables -t nat -I POSTROUTING -o vlan1 -s 192.168.1.100 -j SNAT --to 173.11.xx.xx
iptables -t nat -I PREROUTING -d 173.11.xx.xx -j DNAT --to-destination 192.168.1.100

iptables -t nat -I POSTROUTING -o vlan1 -s 192.168.1.108 -j SNAT --to 173.11.xx.xx
iptables -t nat -I PREROUTING -d 173.11.xx.xx -j DNAT --to-destination 192.168.1.108
Back to top View user's profile Send private message
Sponsor
jccantele49
DD-WRT Novice


Joined: 03 Mar 2011
Posts: 13
PostPosted: Tue Mar 22, 2011 21:28    Post subject: Not routing in telnet.. Reply with quote
I tried looking at the routing in TelNet... I don't understand... it appears to not be working at all. I'm attaching a screenshot.
Back to top View user's profile Send private message
jccantele49
DD-WRT Novice


Joined: 03 Mar 2011
Posts: 13
PostPosted: Tue Mar 22, 2011 22:15    Post subject: tried more ideas... Reply with quote
Hmm.. I tried using this script, which I got off a different website:

Quote:
/usr/sbin/ip addr add 111.111.111.111/29 dev vlan1
/usr/sbin/ip addr add 222.222.222.222/29 dev vlan1
/usr/sbin/ip addr add 333.333.333.333/29 dev vlan1

/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.2 -j SNAT --to 111.111.111.111
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.3 -j SNAT --to 222.222.222.222
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.4 -j SNAT --to 333.333.333.333


This gave exactly the same behavior. I tried switching the vlan1 to vlan2... this made all of the IPs fail to ping from outside the network.
Back to top View user's profile Send private message
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141
PostPosted: Wed Mar 23, 2011 5:52    Post subject: Reply with quote
You need to read the wiki. Your WAN interface appears to be vlan2 not vlan1.

http://www.dd-wrt.com/wiki/index.php/One-to-one_NAT
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Back to top View user's profile Send private message
jccantele49
DD-WRT Novice


Joined: 03 Mar 2011
Posts: 13
PostPosted: Thu Mar 24, 2011 15:47    Post subject: vlan2 not working Reply with quote
Thanks for the reply phuzi0n Smile

Unfortunately, if I set the interface to vlan2, it is making all IPs on the network on unpingable from outside. Is there any other possible problem with my script that I need to fix in addition to the vlan2 problem? Or a command I could run to show what is going wrong?

And thanks, but I already read that wiki page about 10 times, lol.
Back to top View user's profile Send private message
jccantele49
DD-WRT Novice


Joined: 03 Mar 2011
Posts: 13
PostPosted: Thu Mar 24, 2011 16:16    Post subject: same problem with vlan2? Reply with quote
Okay, I tried rewriting the script with VLan2 further..

even with Vlan2, all 13 external IP addresses are pointing at the router??? This includes both IPs that I have routed in the second part of my script, and the ID addresses I have not routed.



Quote:
####################################
#Add additional IP addresses to WAN#
####################################

ifconfig vlan2:1 173.11.222.33 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:2 173.11.222.34 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:3 173.11.222.35 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:4 173.11.222.36 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:5 173.11.222.37 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:6 173.11.222.38 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:7 173.11.222.39 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:8 173.11.222.40 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:9 173.11.222.41 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:10 173.11.222.42 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:11 173.11.222.43 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:12 173.11.222.44 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:13 173.11.222.45 netmask 255.255.255.240 broadcast 173.11.222.47

######################
#Forward IP addresses#
######################

iptables -t nat -I POSTROUTING -o vlan2 -s 192.168.1.1 -j SNAT --to 173.11.222.34
iptables -t nat -I PREROUTING -d 173.11.222.34 -j DNAT --to-destination 192.168.1.1

iptables -t nat -I POSTROUTING -o vlan2 -s 192.168.1.108 -j SNAT --to 173.11.222.35
iptables -t nat -I PREROUTING -d 173.11.222.35 -j DNAT --to-destination 192.168.1.108

iptables -t nat -I POSTROUTING -o vlan2 -s 192.168.1.106 -j SNAT --to 173.11.222.36
iptables -t nat -I PREROUTING -d 173.11.222.36 -j DNAT --to-destination 192.168.1.106
Back to top View user's profile Send private message
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141
PostPosted: Thu Mar 24, 2011 18:06    Post subject: Re: same problem with vlan2? Reply with quote
jccantele49 wrote:
Okay, I tried rewriting the script with VLan2 further..

even with Vlan2, all 13 external IP addresses are pointing at the router??? This includes both IPs that I have routed in the second part of my script, and the ID addresses I have not routed.



Quote:
####################################
#Add additional IP addresses to WAN#
####################################

ifconfig vlan2:1 173.11.222.33 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:2 173.11.222.34 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:3 173.11.222.35 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:4 173.11.222.36 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:5 173.11.222.37 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:6 173.11.222.38 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:7 173.11.222.39 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:8 173.11.222.40 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:9 173.11.222.41 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:10 173.11.222.42 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:11 173.11.222.43 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:12 173.11.222.44 netmask 255.255.255.240 broadcast 173.11.222.47
ifconfig vlan2:13 173.11.222.45 netmask 255.255.255.240 broadcast 173.11.222.47

######################
#Forward IP addresses#
######################

iptables -t nat -I POSTROUTING -o vlan2 -s 192.168.1.1 -j SNAT --to 173.11.222.34
iptables -t nat -I PREROUTING -d 173.11.222.34 -j DNAT --to-destination 192.168.1.1

iptables -t nat -I POSTROUTING -o vlan2 -s 192.168.1.108 -j SNAT --to 173.11.222.35
iptables -t nat -I PREROUTING -d 173.11.222.35 -j DNAT --to-destination 192.168.1.108

iptables -t nat -I POSTROUTING -o vlan2 -s 192.168.1.106 -j SNAT --to 173.11.222.36
iptables -t nat -I PREROUTING -d 173.11.222.36 -j DNAT --to-destination 192.168.1.106

Remove the bold, it's nothing but trouble.
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Back to top View user's profile Send private message
jccantele49
DD-WRT Novice


Joined: 03 Mar 2011
Posts: 13
PostPosted: Thu Mar 24, 2011 19:38    Post subject: same thing. Reply with quote
removed.. same thing.
Back to top View user's profile Send private message
jccantele49
DD-WRT Novice


Joined: 03 Mar 2011
Posts: 13
PostPosted: Thu Mar 24, 2011 19:42    Post subject: Reply with quote
I've tried making some further changes now.. set the Comcast commercial gateway to do 1-to-1 nat, translating my external IPs (173.x.x.x) to the Comcast internal IPs (10.x.x.x), now I have my script on the dd-wrt 1-to-1 NATing the comcast internal IPs to it's internal IP addresses.. this is my current script:

Quote:
####################################
#Add additional IP addresses to WAN#
####################################

ifconfig vlan2:1 10.1.10.12 netmask 255.255.255.0 broadcast 10.1.10.255
ifconfig vlan2:1 10.1.10.13 netmask 255.255.255.0 broadcast 10.1.10.255
ifconfig vlan2:1 10.1.10.14 netmask 255.255.255.0 broadcast 10.1.10.255

######################
#Forward IP addresses#
######################


iptables -t nat -I POSTROUTING -o vlan2 -s 192.168.1.101 -j SNAT --to 10.1.10.13
iptables -t nat -I PREROUTING -d 10.1.10.13 -j DNAT --to-destination 192.168.1.101

iptables -t nat -I POSTROUTING -o vlan2 -s 192.168.1.106 -j SNAT --to 10.1.10.12
iptables -t nat -I PREROUTING -d 10.1.10.12 -j DNAT --to-destination 192.168.1.106

iptables -A FORWARD -i vlan2 -o br0 -j ACCEPT
iptables -A FORWARD -i br0 -o vlan2 -j ACCEPT
Back to top View user's profile Send private message
jccantele49
DD-WRT Novice


Joined: 03 Mar 2011
Posts: 13
PostPosted: Sun Mar 27, 2011 16:18    Post subject: bump. Reply with quote
bump? could I please get assistance with this?? Sad
Back to top View user's profile Send private message
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141
PostPosted: Sun Mar 27, 2011 16:32    Post subject: Reply with quote
I suspect that the ISP gateway doesn't like all your IP's having the same MAC address and it's not possible to use multiple MAC's on the same interface in dd-wrt. You can try to use VLAN's to switch some devices directly with the ISP gateway instead of doing static NAT but you might not like that alternative.
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Back to top View user's profile Send private message
jccantele49
DD-WRT Novice


Joined: 03 Mar 2011
Posts: 13
PostPosted: Sun Mar 27, 2011 16:45    Post subject: Reply with quote
ah, yes, could you point me where I could try that with VLans? On last Thursday, I was able to get everything working through the help of someone on the IRC channel remoting into the device and creating IP tables via SSH. I think what he did was through creating multiple vlans..

He said he'd email me a startup script that I could use.. but then never did. And the device rebooted and now I am back to where I started..

phuzi0n, are you on IRC?
Back to top View user's profile Send private message
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141
PostPosted: Sun Mar 27, 2011 19:18    Post subject: Reply with quote
It will only work if you have Broadcom based hardware.

http://www.dd-wrt.com/wiki/index.php/Public_Sub-Net_Over_Dynamic_WAN
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Back to top View user's profile Send private message
jccantele49
DD-WRT Novice


Joined: 03 Mar 2011
Posts: 13
PostPosted: Thu Mar 31, 2011 17:00    Post subject: Reply with quote
I finally got it to work using this script:

Quote:
####################################
#Add additional IP addresses to WAN#
####################################

ifconfig vlan2:1 10.1.10.12 netmask 255.255.255.0 broadcast 10.1.10.255
ifconfig vlan2:1 10.1.10.13 netmask 255.255.255.0 broadcast 10.1.10.255
ifconfig vlan2:1 10.1.10.14 netmask 255.255.255.0 broadcast 10.1.10.255
ifconfig vlan2:1 10.1.10.15 netmask 255.255.255.0 broadcast 10.1.10.255
ifconfig vlan2:1 10.1.10.16 netmask 255.255.255.0 broadcast 10.1.10.255
ifconfig vlan2:1 10.1.10.17 netmask 255.255.255.0 broadcast 10.1.10.255
ifconfig vlan2:1 10.1.10.18 netmask 255.255.255.0 broadcast 10.1.10.255
ifconfig vlan2:1 10.1.10.19 netmask 255.255.255.0 broadcast 10.1.10.255
ifconfig vlan2:1 10.1.10.20 netmask 255.255.255.0 broadcast 10.1.10.255
ifconfig vlan2:1 10.1.10.21 netmask 255.255.255.0 broadcast 10.1.10.255
ifconfig vlan2:1 10.1.10.22 netmask 255.255.255.0 broadcast 10.1.10.255
ifconfig vlan2:1 10.1.10.23 netmask 255.255.255.0 broadcast 10.1.10.255

######################
#Forward IP addresses#
######################


iptables -t nat -I POSTROUTING -o vlan2 -s 192.168.1.10 -j SNAT --to 10.1.10.12
iptables -t nat -I PREROUTING -d 10.1.10.12 -j DNAT --to-destination 192.168.1.10

iptables -t nat -I POSTROUTING -o vlan2 -s 192.168.1.11 -j SNAT --to 10.1.10.13
iptables -t nat -I PREROUTING -d 10.1.10.13 -j DNAT --to-destination 192.168.1.11

iptables -t nat -I POSTROUTING -o vlan2 -s 192.168.1.13 -j SNAT --to 10.1.10.14
iptables -t nat -I PREROUTING -d 10.1.10.14 -j DNAT --to-destination 192.168.1.13

iptables -t nat -I POSTROUTING -o vlan2 -s 192.168.1.14 -j SNAT --to 10.1.10.15
iptables -t nat -I PREROUTING -d 10.1.10.15 -j DNAT --to-destination 192.168.1.14

iptables -t nat -I POSTROUTING -o vlan2 -s 192.168.1.15 -j SNAT --to 10.1.10.16
iptables -t nat -I PREROUTING -d 10.1.10.16 -j DNAT --to-destination 192.168.1.15

iptables -t nat -I POSTROUTING -o vlan2 -s 192.168.1.17 -j SNAT --to 10.1.10.17
iptables -t nat -I PREROUTING -d 10.1.10.17 -j DNAT --to-destination 192.168.1.17

#############
#Passthrough#
#############

iptables -A FORWARD -i vlan2 -o br0 -j ACCEPT
iptables -A FORWARD -i br0 -o vlan2 -j ACCEPT
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum