Author Topic: Port forwarding (loopback) problems in dd-wrt? Using build 15778 or later? Try this code..  (Read 16392 times)

kriss

  • Calf
  • *
  • Posts: 3

Hi guys just looking for some help regarding Loopback.

 

My router setup is a little unique so please bare with me.

 

One of my router (Router B) has an IP of 192.168.2.1 - (Router C) has an IP of 192.168.2.100

 

Router B and Router C are connected Wirelessly using WDS, with Router B assigning IP addresses. All of this works great.

 

Here comes the difficult part.

 

Connected to Router B is Router A (IP 192.168.1.1). Router A is NOT a DD-WRT router, however Router A is the primary router for the Internet, which Router B is connected to.

The reason why this is, is becuase Router B is used as a VPN Client, this also explains the different subnet, as Router A has nothing to do with the VPN (I don't need it to), and Router B is the VPN Client.

Therefore if I connect to Router A i'm NOT using VPN, and if I connect to Router B / C I am using VPN.

 

Heres the problem;

 

One of my Computers is connected to Router A, and if I try to FTP I get timeout errors. Connecting to the devices, browsing the file directory isn't a problem only FTP.

 

If i add the following command to Router B (DD-WRT Router) FTP works great, from my computer which is connected to Router A (Regular Router)

 

iptables -t nat -I POSTROUTING -o br0 -s 192.168.1.1/24 -d 192.168.2.1/24 -j MASQUERADE

 

Adding this command seems that everything is work great and its all fixed. However when adding this command, anything connected to Router C (192.168.2.100) looses connection to any NAS devices connected to Router B (192.168.2.1).

 

Example:

 

Before adding the command to the firewall on Router B, my Apple TV (connected to Router C) can connect to all NAS Devices on both Router B / C

 

After adding the command to the firewall on Router B, my Apple TV (Conected to Router C) CANNOT connect to any NAS devices on Router B.

 

Of course removing the loopback command from the firewall fixes everything, but then I'm back to the problem of not being able to FTP.

 

I know for some of you this seems a vert strange setup, and maybe a little complicated, however it does need to be like this. Any help regarding this loopback problem would be great.

 

Is there anything needed ot be added on Router C?

 

I'd be happy to explain anything more if needed.

 

 

 


buddee

  • Big Bull
  • *****
  • Posts: 547

Your problem really doesn't reside in a loopback functionality. Your problem is more needing to create static routes between subnets. And honestly, this thread should be closed now, loopback has been fixed in dd-wrt for some while now.


pbarwich

  • Calf
  • *
  • Posts: 1

buddee wrote:

Right, you should try setting static leases thru DHCP on the router, not the devices, this way the device will have a static ARP binding and be able to be found in the router's routing table, when you set a hardware IP within the hardware itself, it communicates to the router somewhat transparently, because there is no table for the router to follow nor does it have to because you choosen another method externally and not using the router. Not saying this is going to yield promise, but its worth a try and it something i noticed some while back, so now i use the router to assign static DHCP ip's and have no problem with loopback.

 

Buddee, your advice to get fixed IPs via the router and NOT by setting the network device properties seems to have sorted a problem I've had for a looooong time. My main desktop has a mail server and other stuff running on it so I need a fixed IP and port forwarding. The old Linksys advice was to set fixed IPs outside the range assigned by DHCP, and set them on the machine (not the router), so I've done this since I started networking. I'm now using WDS with two DD-WRT'd routers and mostly it worked fine. Sometimes though DLNA wouldn't work across the link, though it worked on traffic going through a single router. I adjusted every setting possible, and came up with special sequences for switching on the routers, servers and DLNA player, but the bottom line was sometimes it worked and sometimes it didn't. Then I got a Raspberry Pi OpenElec media player, and used a fixed IP again as this was supposed to give easier WiFi connection (plus it's easier to SSH, or WinSCP into it if the IP is fixed). WiFi was fine, but sometimes I couldn't ping it, even using IP and not the name. This meant I couldn't administer it over SSH. I'd got as far as noticing arp -a didn't show up the openelec name next to its IP, but being unable to ping something on the same subnet drove me nuts. Then I saw your post and thought it worth a try. All devices where I want a fixed IP now have that assigned, within the DHCP range, by the host router, which does seem to force it to recognise the link between MAC, IP, and hostname. Like I say, I've had this issue for a long time, and it appeared somewhat randomly, so I'm reluctant to declare a complet fix just yet, but I think we might be there. This advice for getting a fixed IP should be much more widely disseminated. Thank you!!