Port forwarding (loopback) problems in dd-wrt? Using build 15778 or later? Try this code..

[JosephChild]

Networking is not my area of expertise by any means, so my use of terminology in this area may be misconstrued.  My appologies for not being clear to begin with.  I appreciate you taking your personal time to answer mine and every one else's questions.  You seem to be pretty knowledgable in this area.

 

In my research for my issue I came across this and several other threads for problems that seemed to match my own, so I figured this was the right place.  My loose understanding of Loopback is to send the signal back to the source for testing purposes.

 

Let me explain what I am doing.   For simplicity, I'll just explain that I have a web server on one of the computers on my home network (other things such as ftp and telnet have the same issue).  I CAN access my web page by using my Web Server's internal IP address directly (192.168.x.x). I CANNOT access my web page using my external IP address, when I try from any computer/device that is inside my network.  I CAN access my web page by using a computer/device from outside of my local network by using my External IP address.   So, I can deduce that my port forwarding is working correctly, and the data is being passed to web server with no issues.

 

When I say that it works for a few seconds after the reboot,  what I'm doing is, I have an internet browser open, with my external IP address punched in the address line.. and after I click reboot on my Router, I start hitting refresh in the browser to see if I'm able to access my webpage from inside my network, using the external IP address.   After I see that my network start to come back online, I am able to access my webpage for a few seconds.  After those few seconds, I am unable to access my webpage from inside my network again.  This makes me think that something loads late in the router boot up sequence, that blocks my communication to the website from inside the network.

 

My old router (linksys with dd-wrt loaded on it) worked fine in this area.  

 

If you need any other information than I've given you already, let me know and I will be glad to give it to you.  

 

[buddee]

How are you assigning the IP to the web machine? Manually on the device itself, or are you using static DHCP lease thru the router?

[JosephChild]

Each computer I have a port being forwarded to, I set the IP manually, and other devices/computers obtain theirs from the router.  

 

Each computer uses the 192.168.1.x block of ip's   subnet mask 255.255.255.0 .. default gateway 192.168.1.1 ..  pretty standard addresses.

[buddee]

Right, you should try setting static leases thru DHCP on the router, not the devices, this way the device will have a static ARP binding and be able to be found in the router's routing table, when you set a hardware IP within the hardware itself, it communicates to the router somewhat transparently, because there is no table for the router to follow nor does it have to because you choosen another method externally and not using the router. Not saying this is going to yield promise, but its worth a try and it something i noticed some while back, so now i use the router to assign static DHCP ip's and have no problem with loopback.

[JosephChild]

I set up the router to assign static IP's to my computers and set the computers to obtain an address automatically.  Still unable to get anything from inside the network.  

[buddee]

Show me from command line 'iptables -vL' no quotes, this will show me all your chains, then we can determine if the router is the culprit. And yes i know, it'll output alot, so you may have to use the code insertion function of this forum.

[JosephChild]

Chain INPUT (policy ACCEPT 180K packets, 36M bytes) pkts bytes target     prot opt in     out     source               destination             0     0 DROP       tcp  --  vlan2  any     anywhere             anywhere            tcp dpt:webcache     0     0 DROP       tcp  --  vlan2  any     anywhere             anywhere            tcp dpt:www     0     0 DROP       tcp  --  vlan2  any     anywhere             anywhere            tcp dpt:https     0     0 DROP       tcp  --  vlan2  any     anywhere             anywhere            tcp dpt:69     9   456 DROP       tcp  --  vlan2  any     anywhere             anywhere            tcp dpt:ssh     0     0 DROP       tcp  --  vlan2  any     anywhere             anywhere            tcp dpt:telnet Chain FORWARD (policy ACCEPT 5183 packets, 209K bytes) pkts bytes target     prot opt in     out     source               destination             1   137 ACCEPT     udp  --  any    any     anywhere             Kashyyyk            udp dpt:61876   656  207K ACCEPT     udp  --  any    any     anywhere             192.168.1.26        udp dpt:10479 40785   16M ACCEPT     0    --  br0    br0     anywhere             anywhere            20266 1034K TCPMSS     tcp  --  any    any     anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU 1143K  363M lan2wan    0    --  any    any     anywhere             anywhere            1124K  362M ACCEPT     0    --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED     0     0 ACCEPT     udp  --  any    any     anywhere             Kashyyyk            udp dpt:52231   278 15513 ACCEPT     tcp  --  any    any     anywhere             Coruscant           tcp dpt:www     0     0 ACCEPT     udp  --  any    any     anywhere             Coruscant           udp dpt:www     3   180 ACCEPT     tcp  --  any    any     anywhere             Endor               tcp dpt:ftp     0     0 ACCEPT     udp  --  any    any     anywhere             Endor               udp dpt:fsp     9   396 ACCEPT     tcp  --  any    any     anywhere             Kashyyyk            tcp dpts:1433:1434     1   404 ACCEPT     udp  --  any    any     anywhere             Kashyyyk            udp dpts:1433:1434     0     0 ACCEPT     tcp  --  any    any     anywhere             Kashyyyk            tcp dpts:2382:2383     0     0 ACCEPT     udp  --  any    any     anywhere             Kashyyyk            udp dpts:2382:2383     4   184 ACCEPT     tcp  --  any    any     anywhere             Coruscant           tcp dpt:https     0     0 ACCEPT     udp  --  any    any     anywhere             Coruscant           udp dpt:https     0     0 ACCEPT     tcp  --  any    any     anywhere             Kashyyyk            tcp dpt:62917     0     0 ACCEPT     udp  --  any    any     anywhere             Kashyyyk            udp dpt:62917    29  1524 ACCEPT     tcp  --  any    any     anywhere             Endor               tcp dpt:telnet     0     0 ACCEPT     udp  --  any    any     anywhere             Endor               udp dpt:23     0     0 ACCEPT     tcp  --  any    any     anywhere             Coruscant           tcp dpt:3784     0     0 ACCEPT     udp  --  any    any     anywhere             Coruscant           udp dpt:3784    49  2472 ACCEPT     tcp  --  any    any     anywhere             Coruscant           tcp dpts:5800:5900     0     0 ACCEPT     udp  --  any    any     anywhere             Coruscant           udp dpts:5800:5900     0     0 ACCEPT     tcp  --  any    any     anywhere             Kashyyyk            tcp dpt:7777     0     0 ACCEPT     udp  --  any    any     anywhere             Kashyyyk            udp dpt:7777     0     0 ACCEPT     tcp  --  any    any     anywhere             Kashyyyk            tcp dpt:8777     0     0 ACCEPT     udp  --  any    any     anywhere             Kashyyyk            udp dpt:8777     0     0 ACCEPT     tcp  --  any    any     anywhere             Kashyyyk            tcp dpt:9777     0     0 ACCEPT     udp  --  any    any     anywhere             Kashyyyk            udp dpt:9777     0     0 ACCEPT     tcp  --  any    any     anywhere             Kashyyyk            tcp dpt:27900     0     0 ACCEPT     udp  --  any    any     anywhere             Kashyyyk            udp dpt:27900     0     0 ACCEPT     tcp  --  any    any     anywhere             192.168.1.4         tcp dpts:9997:9999     0     0 ACCEPT     udp  --  any    any     anywhere             192.168.1.4         udp dpts:9997:9999     0     0 ACCEPT     tcp  --  any    any     anywhere             192.168.1.4         tcp dpt:1234     0     0 ACCEPT     udp  --  any    any     anywhere             192.168.1.4         udp dpt:1234     0     0 ACCEPT     tcp  --  any    any     anywhere             192.168.1.4         tcp dpts:5000:5001     0     0 ACCEPT     udp  --  any    any     anywhere             192.168.1.4         udp dpts:5000:5001    11   741 TRIGGER    0    --  vlan2  br0     anywhere             anywhere            TRIGGER type:in match:0 relate:0 18687 1008K trigger_out  0    --  br0    any     anywhere             anywhere            13515  799K ACCEPT     0    --  br0    any     anywhere             anywhere            state NEW Chain OUTPUT (policy ACCEPT 147K packets, 29M bytes) pkts bytes target     prot opt in     out     source               destination         Chain advgrp_1 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain advgrp_10 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain advgrp_2 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain advgrp_3 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain advgrp_4 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain advgrp_5 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain advgrp_6 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain advgrp_7 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain advgrp_8 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain advgrp_9 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain grp_1 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain grp_10 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain grp_2 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain grp_3 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain grp_4 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain grp_5 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain grp_6 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain grp_7 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain grp_8 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain grp_9 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain lan2wan (1 references) pkts bytes target     prot opt in     out     source               destination         Chain logaccept (0 references) pkts bytes target     prot opt in     out     source               destination             0     0 ACCEPT     0    --  any    any     anywhere             anywhere            Chain logdrop (0 references) pkts bytes target     prot opt in     out     source               destination             0     0 DROP       0    --  any    any     anywhere             anywhere            Chain logreject (0 references) pkts bytes target     prot opt in     out     source               destination             0     0 REJECT     tcp  --  any    any     anywhere             anywhere            reject-with tcp-reset Chain trigger_out (1 references) pkts bytes target     prot opt in     out     source               destination         

 

[buddee]

According to your route table, there isn't even an entry for loopback, so no wonder it is not working. If there was a loopback entry, a line like this should be in there: 217 14342 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0 but there isn't an entry with 'lo' (loopback) interface.

 

Put this in and make sure you 'save firewall' and not save it as a start up script after you add it, reboot the router:

 

iptables -t nat -I POSTROUTING -o br0 -s 192.168.1.0/24 -d 192.168.1.0/24 -j MASQUERADE

[JosephChild]

I have the code in the firewall section.. and I still dont see any entries different than what I showed you before.   Am I saving this incorrectly?   I put the command in the Command Shell box, hit save firewall ..   then I go to the management tab and reboot router.  Here is a screenshot of the commands tab.

 

http://manchild.homeip.net/joseph/routerfirewall.jpg

 

[buddee]

It appears to be entered correctly, just still no loop reference, i'm gonna think on this and will post back when time permits. This is kinda stumbling me as to why it isn't working for you. One last curious question, in Security > Firewall, how is your WAN blocking setup?

[JosephChild]

Currently, I have the firewall disabled.  If you would like to remote into this to get a better look, PM me, and I can get you set up.

[GadgetComa]

Hey guys. Pardon me for jumping in on your party. :) I am having the same symptoms as JosephChild, but there may be something different going on with mine. I have the same firewall command entered, but my iptables -vL output does appear to have a loopback entry. However, it doesn't appear to be correct. Don't know if my input will help with JosephChild's problem or if they are totally separate. I'm on build 19484 and here's the output:

 

Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target     prot opt in     out     source               destination         27890 1745K ACCEPT     0    --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED     0     0 logdrop    udp  --  ppp0   any     anywhere             anywhere            udp dpt:route     0     0 logdrop    udp  --  br0    any     anywhere             anywhere            udp dpt:route     0     0 ACCEPT     udp  --  any    any     anywhere             anywhere            udp dpt:route     0     0 logdrop    icmp --  ppp0   any     anywhere             anywhere                0     0 logdrop    igmp --  any    any     anywhere             anywhere                6   422 ACCEPT     0    --  lo     any     anywhere             anywhere            state NEW  1494  155K ACCEPT     0    --  br0    any     anywhere             anywhere            state NEW   349 45881 logdrop    0    --  any    any     anywhere             anywhere            Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target     prot opt in     out     source               destination             0     0 ACCEPT     udp  --  any    any     anywhere             Jims-Mac            udp dpt:5353     0     0 ACCEPT     udp  --  any    any     anywhere             Jims-Mac            udp dpt:4500     0     0 ACCEPT     gre  --  any    ppp0    192.168.1.0/24       anywhere                0     0 ACCEPT     tcp  --  any    ppp0    192.168.1.0/24       anywhere            tcp dpt:1723     0     0 ACCEPT     0    --  br0    br0     anywhere             anywhere              775 47332 TCPMSS     tcp  --  any    any     anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU  102K   61M lan2wan    0    --  any    any     anywhere             anywhere             101K   61M ACCEPT     0    --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED     0     0 TRIGGER    0    --  ppp0   br0     anywhere             anywhere            TRIGGER type:in match:0 relate:0   643 46023 trigger_out  0    --  br0    any     anywhere             anywhere              462 36815 ACCEPT     0    --  br0    any     anywhere             anywhere            state NEW   181  9208 logdrop    0    --  any    any     anywhere             anywhere            Chain OUTPUT (policy ACCEPT 27326 packets, 5590K bytes) pkts bytes target     prot opt in     out     source               destination         Chain advgrp_1 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain advgrp_10 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain advgrp_2 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain advgrp_3 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain advgrp_4 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain advgrp_5 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain advgrp_6 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain advgrp_7 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain advgrp_8 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain advgrp_9 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain grp_1 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain grp_10 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain grp_2 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain grp_3 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain grp_4 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain grp_5 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain grp_6 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain grp_7 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain grp_8 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain grp_9 (0 references) pkts bytes target     prot opt in     out     source               destination         Chain lan2wan (1 references) pkts bytes target     prot opt in     out     source               destination         Chain logaccept (0 references) pkts bytes target     prot opt in     out     source               destination             0     0 ACCEPT     0    --  any    any     anywhere             anywhere            Chain logdrop (6 references) pkts bytes target     prot opt in     out     source               destination           530 55089 DROP       0    --  any    any     anywhere             anywhere            Chain logreject (0 references) pkts bytes target     prot opt in     out     source               destination             0     0 REJECT     tcp  --  any    any     anywhere             anywhere            reject-with tcp-reset Chain trigger_out (1 references) pkts bytes target     prot opt in     out     source               destination      

[GadgetComa]

In the immortal words of Rosanne Rosanadana : Nevermind! :) Maybe I had to wait for something to update/propogate. It seems to work now. Sorry for the interruption. We now return you to our regularly scheduled help. 

 

Best of luck with your problem JosephChild.

[scottpang]

I have same problem as Joseph.

[scottpang]

your commands do not work for me as well.