WRT54GLv1.1 & Port Forwarding

Toggle sidebar Toggle sidebar
P

philipz

Junior Member
Jun 14, 2005
4
0
0
Hello,

Here is my current setup (I have no choice over using the first router):

Internet-->Router-->WRT54GLv1.1 (DD-WRT v23 SP2 (09/15/06) std)-->LAN

Router
WAN: 66.251.63.182
LAN: 209.239.241.17
Mask: 255.255.255.248

WRT54GL
WAN: 209.239.241.20
Gateway: 209.239.241.17
LAN: 192.168.2.106
Mask: 255.255.255.0

I am trying to port forward to other PC's on the LAN, but it is not working. Below is list of rules for the WRT54GL. I'm not sure if this is a "double-NAT" problem or something that I am doing wrong. In DD-WRT logs I see the incoming connection as accepted, but it is not being forwarded as expected. Any help or suggestions would be greatly appreciated.

*mangle
:pREROUTING ACCEPT [0:0]
:eek:UTPUT ACCEPT [0:0]
COMMIT
*nat
:pREROUTING ACCEPT [0:0]
:pOSTROUTING ACCEPT [0:0]
:eek:UTPUT ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp -d 209.239.241.20 --dport 8080 -j DNAT --to-destination 192.168.2.106:80
-A PREROUTING -p icmp -d 209.239.241.20 -j DNAT --to-destination 192.168.2.106
-A PREROUTING -p tcp -m tcp -d 209.239.241.20 --dport 23 -j DNAT --to-destination 192.168.2.101:23
-A PREROUTING -p udp -m udp -d 209.239.241.20 --dport 23 -j DNAT --to-destination 192.168.2.101:23
-A PREROUTING -p tcp -m tcp -d 209.239.241.20 --dport 25887 -j DNAT --to-destination 192.168.2.105:25887
-A PREROUTING -p udp -m udp -d 209.239.241.20 --dport 25887 -j DNAT --to-destination 192.168.2.105:25887
-A PREROUTING -d 209.239.241.20 -j TRIGGER --trigger-type dnat
-A POSTROUTING -o vlan1 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:eek:UTPUT ACCEPT [0:0]
:logaccept - [0:0]
:logdrop - [0:0]
:logreject - [0:0]
:trigger_out - [0:0]
:lan2wan - [0:0]
:grp_1 - [0:0]
:advgrp_1 - [0:0]
:grp_2 - [0:0]
:advgrp_2 - [0:0]
:grp_3 - [0:0]
:advgrp_3 - [0:0]
:grp_4 - [0:0]
:advgrp_4 - [0:0]
:grp_5 - [0:0]
:advgrp_5 - [0:0]
:grp_6 - [0:0]
:advgrp_6 - [0:0]
:grp_7 - [0:0]
:advgrp_7 - [0:0]
:grp_8 - [0:0]
:advgrp_8 - [0:0]
:grp_9 - [0:0]
:advgrp_9 - [0:0]
:grp_10 - [0:0]
:advgrp_10 - [0:0]
-A INPUT -p tcp -i vlan1 --dport 22 -j DROP
-A INPUT -p tcp -i vlan1 --dport 22 -j DROP
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -m state --state INVALID -j logdrop
-A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1461: -j TCPMSS --set-mss 1460
-A FORWARD -i br0 -j lan2wan
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -m tcp -d 192.168.2.101 --dport 23 -j logaccept
-A FORWARD -p udp -m udp -d 192.168.2.101 --dport 23 -j logaccept
-A FORWARD -p tcp -m tcp -d 192.168.2.105 --dport 25887 -j logaccept
-A FORWARD -p udp -m udp -d 192.168.2.105 --dport 25887 -j logaccept
-A FORWARD -i vlan1 -o br0 -j TRIGGER --trigger-type in
-A FORWARD -i br0 -j trigger_out
-A FORWARD -i br0 -m state --state NEW -j logaccept
-A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logaccept -j ACCEPT
-A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logdrop -m state --state INVALID -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logdrop -j DROP
-A logreject -j LOG --log-prefix "WEBDROP " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logreject -p tcp -m tcp -j REJECT --reject-with tcp-reset
COMMIT

 
D

dxpaap

Senior member
Jul 2, 2001
572
0
0
I have a similar but more basic question, my config:

a DSL MODEM W/ FIREWALLl capability with a D-link DGL-4300 router connected with a Netgear 4 port router connected to it.

Have 3 pc connected to the Netgear router - I only functionally need a simple switch or multi port hub at this point because I really want all traffic to pass through to the D-link router (which only has one PC connected - my son's in which I just got it for him to play games faster and for me to have the control to block his usage past 10pm).

Problem: trying to access the D-link (setup menu) from a PC behind the Netgear - but both routers have the same IP address and I can only get to the Netgear router setup menu from my system (not the D-link setup menu (can only access the D-link router from the single pc (son's system) that is directly connected to the dlink router)

So I think these are my only two options (are they valid or is there a better solution):

A: turn off all the routing capability of the Netgear router (to make it look like a dumb hub), of course I'd lose my subnet (which is good for keeping my son away from my pc on the netgear network). Is turning a router into a hub technically feasable?

B: can "port forwarding" solve my problem - allow a system on the netgear network to pass through the netgear router and access the Dlink setup menu (note I can access the internet from any systems currently, so I know data can pass through the netgear & dlink to the DSL modem) just cant get to the dlink set menu (guess I don't really understand exatly what port forwarding is.

Sorry for all the words -
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom