• You are losing out on amazing benefits because you are not a member. Join for free. Register now.
  • Two-Day Giveaway - Win a Google Chromecast, Branded Gear, and a Mystery Gadget. Enter Here.
  • Giveaway - Win a DiskStation DS918+ and Active Backup Suite from Synology. Enter Here.

Splitting international and local traffic on a Linksys WRT54G

Gatecrasher

Executive Member
Joined
Jan 11, 2005
Messages
6,278
After a router reboot and setdr 0 2, 626 now shows me as connected, but still no int. traffic. This seems like progress - maybe the 626 accounts are having trouble on Axxess's side? Will try again tomorrow after 6. Thanks again for the help.
Good luck. The only thing that strikes me as strange is that you say Axxess control panel shows you as not connected. Whether it is the default route or not, conn 0 or conn2, Axxess should always show you as being connected.
 

bHOLDher

Well-Known Member
Joined
Jul 10, 2004
Messages
336
Good luck. The only thing that strikes me as strange is that you say Axxess control panel shows you as not connected. Whether it is the default route or not, conn 0 or conn2, Axxess should always show you as being connected.
GC, strangely the 626 account does show disconnected while it is not a default route!
 

JacquesR

Senior Member
Joined
Nov 9, 2006
Messages
548
Been running with the SAIX int. and Axxess local all day, with the script enabled with the cron job to switch to 626. At 6pm, all seems well - Axxess shows me as connected to 626 as well as my local account.

One of the reasons it's working for me today is that this morning, I edited the startup script to remove my IS account - so it was:

0: Telkom 3gig (int)
1: Axxess SAIX local (loc)
2: 626 (aux)

This is working fine, except that my additional newshost connections off the Axxess local account aren't connecting, such as:

conn 3 aux
news $saixnews $mypc
link $locname $locpass

Is this perhaps because I can't specify $locname and $locpass with an "aux" account? If so, how do I get around this seeing as the 626 account would need to use auxname and auxpass?

On a more curious note, the web interface (over the wireless network) for my WRT54GL stopped working at 6pm, when the cron job ran. I'm getting "The connection to the server was reset while the page was loading." Be interesting to see whether I can get back into that at 6am tomorrow...
 

Gatecrasher

Executive Member
Joined
Jan 11, 2005
Messages
6,278
This is working fine, except that my additional newshost connections off the Axxess local account aren't connecting, such as:

conn 3 aux
news $saixnews $mypc
link $locname $locpass

Is this perhaps because I can't specify $locname and $locpass with an "aux" account? If so, how do I get around this seeing as the 626 account would need to use auxname and auxpass?
Sure, you can assign $locname and $locpass to an aux connecttion. I use 4 connections to my SAIX local account, 1 to loc and 3 to aux. You don't even have to use the variable names $locname and $locpass. You can create your own and give them any name that suits you. For example, I use $tiname for Telkom Internet, $waname for Web Africa, $axname for Axxess, etc. Makes things less confusing.

On a more curious note, the web interface (over the wireless network) for my WRT54GL stopped working at 6pm, when the cron job ran. I'm getting "The connection to the server was reset while the page was loading." Be interesting to see whether I can get back into that at 6am tomorrow...
Hmmm, odd.
 

Gatecrasher

Executive Member
Joined
Jan 11, 2005
Messages
6,278
Last edited:

TheRift

Expert Member
Joined
Apr 20, 2008
Messages
2,451
I need a hand with some iptable magic. This seems like a good place to ask. :)

This one has me though, so help would be really appreciated.

Using WRT54G/DD-WRT, normal gateway 192.168.1.1.

2 PPPOE interfaces (thanks to the scripts here :)), ppp0 and ppp1.

1 PC on the network.

1 External server with address and port a.b.c.d:xyz

If PC connects to a.b.c.d:xyz it uses ppp0 for the connection.

However, if PC connects to 192.168.1.1:mno then this is redirected to a.b.c.d:xyz but using ppp1 for the connection.

Does this make sense?
I can do basic iptables. Most examples out there are for inbound traffic redirection, etc.

I picked 192.168.1.1:mno for the heck of it, but if it simple to just work with a port then any connection to "mno" from the internal network should redirect to port "xyz" on ppp1.

I'd really appreciate the help with this.
 

Gatecrasher

Executive Member
Joined
Jan 11, 2005
Messages
6,278
I'd really appreciate the help with this.
Away from home so don't have a router to test this. In theory it should work. In practice, these things are often trickier than one might think.

Code:
iptables -t mangle -I PREROUTING -p tcp -m tcp --dport mno -j MARK --set-mark 0x101

iptables -t nat -I PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport mno -j DNAT --to-destination a.b.c.d:xyz
1) Mangle to mark packets on port mno to go out ppp1 (assumes use of port mno is fairly unique to your network, otherwise you could add "-i br0" after "-m tcp". Also assumes you are using my script so that table 101 and its routing rules exist)

2) Nat to change destination of packets from 192.168.1.1:mno to a.b.c.d:xyz
 

TheRift

Expert Member
Joined
Apr 20, 2008
Messages
2,451
Thank you. :) Yes, I'm using your script. Been using it since the day I got this linksys.

It doesn't seem to work though. I can see packets/traffic for both rules, so it is doing as intended.

Since the server being connected to can be a bit slow to respond, I've tried this by mapping the arb "mno" port to 80 and directing to www.is.co.za, but no luck.

iptables freak me out! :D
 

TheRift

Expert Member
Joined
Apr 20, 2008
Messages
2,451
The first rule for marking does work. I can feed whatever port to a specific interface. Just the nat rule doesn't like me. :p :)

The marking is a neat thing to know though.
 

Gatecrasher

Executive Member
Joined
Jan 11, 2005
Messages
6,278
You could try it without "-d 192.168.1.1"

Code:
iptables -t nat -I PREROUTING -p tcp -m tcp --dport mno -j DNAT --to-destination a.b.c.d:xyz
And is there any reason you cannot make your destination a.b.c.d:mno (ie www.is.co.za:mno)? Addressing your gateway might be problematic.
 

TheRift

Expert Member
Joined
Apr 20, 2008
Messages
2,451
Tried it without the -d 192.168.1.1 but no luck.The marking works, the nat doesn't. I thought it might be the routing tables as they had an entry in there, but no change after removing it.

I cannot change the remote machine's port, if that is what you mean in the last statement.

I tried a "-j REDIRECT" as well to redirect ports. Of course, the result of this was that redirecting my "mno" port to port "80" got me the web interface of the router. :D

iptables .. i r can like 2 b complicated.

Thanks for given me these pointers though. I'm now on the right track, just need to figure out that final step. :)
 

TheRift

Expert Member
Joined
Apr 20, 2008
Messages
2,451
Hmmm... this might have been it:

Code:
iptables -I FORWARD -p tcp -m tcp --dport mno -j ACCEPT
added:

Code:
iptables -I FORWARD -p tcp -m tcp --dport 80 -j ACCEPT
but not sure it makes a difference. Going to drop it to see.
 

TheRift

Expert Member
Joined
Apr 20, 2008
Messages
2,451
oh screw it... it works. :D Weird. I deleted those 2 FORWARD entries and it works. Didn't work last night and didn't work 20 minutes ago, but now it seems to work. Going to reboot the router and redo those commands you gave to see if it still works or whether doing the FORWARD ACCEPT made any difference.
 

dshutts

Well-Known Member
Joined
Jun 27, 2007
Messages
101
Resource usage et al.

Hi Guys

Going to be upgrading to the new 12d script on my wrt54GL, after many many months of woderfulness with gatecrasher's script. Have read through the conversation as much as possible and just wanted clarification on something.

v24 or v24sp1?

Also, and this has been an issue for as long as I have been splitting, Every 18 - 24 hours the memory on the router fills up and things start to fail, ifconfig command, and indeed all others give an "sh - cannot fork" error. I understand this is due to no mem being available on the device. A simple hard reboot fixes things, so it is no biggy, but would like to solve it.

http://209.20.70.6/wrt54g_mem_usage.JPG

As one can see, through the day the mem fills up, until things start breaking.
Is there a way to reboot completely and/or flush the memory via a cron command in the early hours of every morning? Also, is there an interfaceless version of dd-wrt so one can configure everything over SSH, thus freeing up the memory that it consumes?

Thanks for everything, community - you guys rock!
 

Gatecrasher

Executive Member
Joined
Jan 11, 2005
Messages
6,278
@dshutts: 12d uses a bit less memory, so that might help. Whether you use v24 or V24sp1 wont affect the script, so probably best to go with sp1.
 

TheRift

Expert Member
Joined
Apr 20, 2008
Messages
2,451
Add some more RAM! :D I have a 64MB DDR IC lying at home. Still needs to go in. Need to get myself a hot air rework station or cough up R350+ for a pro shop to do it.
 

TheRift

Expert Member
Joined
Apr 20, 2008
Messages
2,451
You could try it without "-d 192.168.1.1"

Code:
iptables -t nat -I PREROUTING -p tcp -m tcp --dport mno -j DNAT --to-destination a.b.c.d:xyz
And is there any reason you cannot make your destination a.b.c.d:mno (ie www.is.co.za:mno)? Addressing your gateway might be problematic.
It's working nicely now. Actually added another pppoe connection, doing the same thing to that and it works like a charm. Only thing I notice is the ones that have translation put through less bandwidth. I guess the old iptables slows 'em down a tad. :D
 

ian2808

Active Member
Joined
Jul 21, 2009
Messages
82
Hi Gatecrasher,

First of all thanks so much for the WRT54GL scripts - Works like a charm. I was doing this with windows server routing before. Nice to not need a server for the routing.

I have one question / request though.

We have uncapped bandwidth which is throttled during the day, hence using local account to speed up tasks during the day. After 8PM the throttle is lifted so I have full speed on uncapped. If the local connection stays active downloads from say Microsoft will go over the local connection. This means that I am now using local bandwidth while I have uncapped bandwidth available.

I would like to make a cron job to connect local at 8AM in the morning and disconnect local at 8PM in the evening.

At present I am manually loading your startup script at the specified times with the connections modified (I just comment out the local connection).

Is this possible and if so could you point me in the right direction?

Any help will be appreciated.
 
Top