stuck trying to configure one-to-one nat on my ddwrt router

Posted on

QUESTION :

my isp has given me a set of external static ips

75.x.x.170
subnet mask 255.255.255.248
gateway 75.x.x.169

i am trying to use one-to-one nat to assign them to lan devices on my ddwrt modified netgear r8000 device. so far i have the following setup

STARTUP

echo "1" > /proc/sys/net/ipv4/ip_forward
ifconfig vlan2:1 75.x.x.170 netmask 255.255.255.248 broadcast 75.x.x.175

FIREWALL

iptables -t nat -I PREROUTING -d 75.x.x.170 -j DNAT --to-destination 192.168.1.65
iptables -t nat -I POSTROUTING -s 192.168.1.65 -j SNAT --to-source 75.x.x.170
iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`
iptables -I FORWARD -d 192.168.1.65 -j ACCEPT

vlan2 was chosen because its the wan interface and i thought that was the correct one to choose.
So far it seems i can open a connection to the host i forwarded the ip to but i’m unable to send or receive data (tested by using netcat with windows firewall disabled). I was following the guide found here http://www.dd-wrt.com/wiki/index.php/One-to-one_NAT as best as i could however i got lost.
If it means anything the host im trying to route the traffic to on the lan is hardwired. It also has a statically assigned ip address configured via the windows adapter properties window.

ANSWER :

after rebooting the router it seems to finally work with these settings.

The 192.168.44.0/24 is a local network addresse range that exists on the wan side of the router and comes from the network device that my isp required that i use. it’s a cable router/modem combo from charter that seems to be preset by them and unable to be changed.

FIREWALL

iptables -t nat -I PREROUTING -d 75.x.x.170 -j DNAT --to-destination 192.168.1.65
iptables -t nat -I POSTROUTING -s 192.168.1.65 -j SNAT --to-source 75.x.x.170
iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`
iptables -I FORWARD -d 192.168.1.65 -j ACCEPT
iptables -I FORWARD -s 192.168.44.0/24 -j ACCEPT

Leave a Reply

Your email address will not be published. Required fields are marked *