Join us now. It is free, and it takes less than 1 minute to register.
Register now
Subscribe to our daily newsletter. It is free, and it comes with many benefits.


+ Reply to Thread
Page 80 of 113 FirstFirst ... 307076777879808182838490 ... LastLast
Results 1,186 to 1,200 of 1692

Thread: Splitting international and local traffic on a Linksys WRT54G

  1. #1186
    Grandmaster
    Join Date
    Apr 2008
    Location
    Cape Town
    Posts
    2,450
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Default

    I need a hand with some iptable magic. This seems like a good place to ask.

    This one has me though, so help would be really appreciated.

    Using WRT54G/DD-WRT, normal gateway 192.168.1.1.

    2 PPPOE interfaces (thanks to the scripts here ), ppp0 and ppp1.

    1 PC on the network.

    1 External server with address and port a.b.c.d:xyz

    If PC connects to a.b.c.d:xyz it uses ppp0 for the connection.

    However, if PC connects to 192.168.1.1:mno then this is redirected to a.b.c.d:xyz but using ppp1 for the connection.

    Does this make sense?
    I can do basic iptables. Most examples out there are for inbound traffic redirection, etc.

    I picked 192.168.1.1:mno for the heck of it, but if it simple to just work with a port then any connection to "mno" from the internal network should redirect to port "xyz" on ppp1.

    I'd really appreciate the help with this.

  2. #1187
    Super Grandmaster
    Join Date
    Jan 2005
    Posts
    6,278
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Default

    Quote Originally Posted by TheRift View Post
    I'd really appreciate the help with this.
    Away from home so don't have a router to test this. In theory it should work. In practice, these things are often trickier than one might think.

    Code:
    iptables -t mangle -I PREROUTING -p tcp -m tcp --dport mno -j MARK --set-mark 0x101
    
    iptables -t nat -I PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport mno -j DNAT --to-destination a.b.c.d:xyz
    1) Mangle to mark packets on port mno to go out ppp1 (assumes use of port mno is fairly unique to your network, otherwise you could add "-i br0" after "-m tcp". Also assumes you are using my script so that table 101 and its routing rules exist)

    2) Nat to change destination of packets from 192.168.1.1:mno to a.b.c.d:xyz

  3. #1188
    Grandmaster
    Join Date
    Apr 2008
    Location
    Cape Town
    Posts
    2,450
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Default

    Thank you. Yes, I'm using your script. Been using it since the day I got this linksys.

    It doesn't seem to work though. I can see packets/traffic for both rules, so it is doing as intended.

    Since the server being connected to can be a bit slow to respond, I've tried this by mapping the arb "mno" port to 80 and directing to www.is.co.za, but no luck.

    iptables freak me out!

  4. #1189
    Grandmaster
    Join Date
    Apr 2008
    Location
    Cape Town
    Posts
    2,450
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Default

    The first rule for marking does work. I can feed whatever port to a specific interface. Just the nat rule doesn't like me. :P

    The marking is a neat thing to know though.

  5. #1190
    Super Grandmaster
    Join Date
    Jan 2005
    Posts
    6,278
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Default

    You could try it without "-d 192.168.1.1"

    Code:
    iptables -t nat -I PREROUTING -p tcp -m tcp --dport mno -j DNAT --to-destination a.b.c.d:xyz
    And is there any reason you cannot make your destination a.b.c.d:mno (ie www.is.co.za:mno)? Addressing your gateway might be problematic.

  6. #1191
    Grandmaster
    Join Date
    Apr 2008
    Location
    Cape Town
    Posts
    2,450
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Default

    Tried it without the -d 192.168.1.1 but no luck.The marking works, the nat doesn't. I thought it might be the routing tables as they had an entry in there, but no change after removing it.

    I cannot change the remote machine's port, if that is what you mean in the last statement.

    I tried a "-j REDIRECT" as well to redirect ports. Of course, the result of this was that redirecting my "mno" port to port "80" got me the web interface of the router.

    iptables .. i r can like 2 b complicated.

    Thanks for given me these pointers though. I'm now on the right track, just need to figure out that final step.

  7. #1192
    Grandmaster
    Join Date
    Apr 2008
    Location
    Cape Town
    Posts
    2,450
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Default

    Hmmm... this might have been it:

    Code:
    iptables -I FORWARD -p tcp -m tcp --dport mno -j ACCEPT
    added:

    Code:
    iptables -I FORWARD -p tcp -m tcp --dport 80 -j ACCEPT
    but not sure it makes a difference. Going to drop it to see.

  8. #1193
    Grandmaster
    Join Date
    Apr 2008
    Location
    Cape Town
    Posts
    2,450
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Default

    oh screw it... it works. Weird. I deleted those 2 FORWARD entries and it works. Didn't work last night and didn't work 20 minutes ago, but now it seems to work. Going to reboot the router and redo those commands you gave to see if it still works or whether doing the FORWARD ACCEPT made any difference.

  9. #1194
    Senior Member
    Join Date
    Jun 2007
    Posts
    101
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Default Resource usage et al.

    Hi Guys

    Going to be upgrading to the new 12d script on my wrt54GL, after many many months of woderfulness with gatecrasher's script. Have read through the conversation as much as possible and just wanted clarification on something.

    v24 or v24sp1?

    Also, and this has been an issue for as long as I have been splitting, Every 18 - 24 hours the memory on the router fills up and things start to fail, ifconfig command, and indeed all others give an "sh - cannot fork" error. I understand this is due to no mem being available on the device. A simple hard reboot fixes things, so it is no biggy, but would like to solve it.

    http://209.20.70.6/wrt54g_mem_usage.JPG

    As one can see, through the day the mem fills up, until things start breaking.
    Is there a way to reboot completely and/or flush the memory via a cron command in the early hours of every morning? Also, is there an interfaceless version of dd-wrt so one can configure everything over SSH, thus freeing up the memory that it consumes?

    Thanks for everything, community - you guys rock!

  10. #1195
    Super Grandmaster
    Join Date
    Jan 2005
    Posts
    6,278
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Default

    @dshutts: 12d uses a bit less memory, so that might help. Whether you use v24 or V24sp1 wont affect the script, so probably best to go with sp1.

  11. #1196
    Senior Member
    Join Date
    Mar 2009
    Posts
    318
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Default

    has anyone been able to get this working on the micro edition yet? I tried the most recent 12d edition with no luck on mine.

  12. #1197
    Grandmaster
    Join Date
    Apr 2008
    Location
    Cape Town
    Posts
    2,450
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Default

    Add some more RAM! I have a 64MB DDR IC lying at home. Still needs to go in. Need to get myself a hot air rework station or cough up R350+ for a pro shop to do it.

  13. #1198
    Grandmaster
    Join Date
    Apr 2008
    Location
    Cape Town
    Posts
    2,450
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Default

    Quote Originally Posted by Gatecrasher View Post
    You could try it without "-d 192.168.1.1"

    Code:
    iptables -t nat -I PREROUTING -p tcp -m tcp --dport mno -j DNAT --to-destination a.b.c.d:xyz
    And is there any reason you cannot make your destination a.b.c.d:mno (ie www.is.co.za:mno)? Addressing your gateway might be problematic.
    It's working nicely now. Actually added another pppoe connection, doing the same thing to that and it works like a charm. Only thing I notice is the ones that have translation put through less bandwidth. I guess the old iptables slows 'em down a tad.

  14. #1199
    Senior Member
    Join Date
    Mar 2009
    Posts
    318
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Default

    Quote Originally Posted by TheRift View Post
    Add some more RAM! I have a 64MB DDR IC lying at home. Still needs to go in. Need to get myself a hot air rework station or cough up R350+ for a pro shop to do it.
    Appreciate the answer, but don't think that is the way to go with a linksys router.

  15. #1200
    Active Member
    Join Date
    Jul 2009
    Posts
    81
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Talking

    Hi Gatecrasher,

    First of all thanks so much for the WRT54GL scripts - Works like a charm. I was doing this with windows server routing before. Nice to not need a server for the routing.

    I have one question / request though.

    We have uncapped bandwidth which is throttled during the day, hence using local account to speed up tasks during the day. After 8PM the throttle is lifted so I have full speed on uncapped. If the local connection stays active downloads from say Microsoft will go over the local connection. This means that I am now using local bandwidth while I have uncapped bandwidth available.

    I would like to make a cron job to connect local at 8AM in the morning and disconnect local at 8PM in the evening.

    At present I am manually loading your startup script at the specified times with the connections modified (I just comment out the local connection).

    Is this possible and if so could you point me in the right direction?

    Any help will be appreciated.

+ Reply to Thread
Page 80 of 113 FirstFirst ... 307076777879808182838490 ... LastLast

Tags for this Thread

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •