LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-18-2010, 11:59 PM   #1
itsecx@gmail.com
LQ Newbie
 
Registered: Aug 2010
Posts: 19

Rep: Reputation: 1
Question Linksys WRT54G dd-wrt NOT able to route when in Router mode


Hi fellow LQers,

Problem Summary:
- Linksys WRT54G dd-wrt NOT able to route when in Router mode

Env:
- Linksys WRT54G running dd-wrt v24 firmware
- LAN Subnet: 10.0.0.0/8
- WAN Subnet: 172.16.0.0/16
- Linux FC13 configured as a IPv4 router
- LAN 172.16.0.0/16
- WAN ISP/Public IP

Setup:
wired/wireless client -> Linksys WRT54G -> Linux FC13 router -> Internet

Problem Details:
When I have the dd-wrt configured as a 'Gateway' (ie: NAT), all-is-well. That is my client is able to "talk" to other computers on the LAN as well as the Internet. However, when I change the operating mode to 'Router', I run into the following problem:
- client is no longer able to communicate to the Internet
- client is no longer able to communicate to other computers on the LAN
- client is ONLY able to ping the LAN & WAN IPs of the Linksys DDWRT
- However, I am able to ping LAN computers & ping public/internet hosts if I SSH into the ddwrt itself.

Analysis:
- Linksys/dd-wrt box itself has LAN & internet connectivity
- Wired and Wireless clients connecting to the Linksys/dd-wrt do *not* have the LAN or the Internet connectivity

Troubleshooting done so far:
- When changing Operating mode (ie: Gateway<->Router), the routing
table on dd-wrt, as expected, do not change.
Here is the routing table just in case its of any interest:
192.168.66.2 255.255.255.255 0.0.0.0 tun0
192.168.66.0 255.255.255.0 192.168.66.2 tun0
172.16.0.0 255.255.0.0 0.0.0.0 WAN
169.254.0.0 255.255.0.0 0.0.0.0 LAN & WLAN
10.0.0.0 255.0.0.0 0.0.0.0 LAN & WLAN
0.0.0.0 0.0.0.0 172.16.150.254 WAN
------------------------

Since I need inbound connectivity to the hosts connected to the LAN interface of the Linksys/dd-wrt, I need to have the Linksys/dd-wrt
configured as a Router and not as a Gateway. Any help/suggestion would be greatly appreciated.

-itsecx

Last edited by itsecx@gmail.com; 09-19-2010 at 12:04 AM. Reason: Typo in the problem definition statement
 
Old 09-19-2010, 09:08 PM   #2
Peacedog
LQ Guru
 
Registered: Sep 2003
Location: Danville, VA
Distribution: Slackware, Windows, FreeBSD, OpenBSD, Mac OS X
Posts: 5,296

Rep: Reputation: 168Reputation: 168
Hi, Welcome to LQ. First, I'd suggest not using your email address in your user name.

Second, did you disable DHCP on one of the devices? Have you tried AP mode on the DD-WRT router? Perhaps I'm misunderstanding something?

Good luck. ;-)
 
Old 09-19-2010, 09:59 PM   #3
damgar
Senior Member
 
Registered: Sep 2009
Location: dallas, tx
Distribution: Slackware - current multilib/gsb Arch
Posts: 1,949
Blog Entries: 8

Rep: Reputation: 201Reputation: 201Reputation: 201
Quote:
Originally Posted by Peacedog View Post
Hi, Welcome to LQ. First, I'd suggest not using your email address in your user name.

Second, did you disable DHCP on one of the devices? Have you tried AP mode on the DD-WRT router? Perhaps I'm misunderstanding something?

Good luck. ;-)
I don't understand why you can't have inbound access in gateway mode? I have a vpn via openVPN and I occasionally host a web server with apache from behind my dd-wrt router in gateway mode. According to the configuration page:
Quote:
Operating Mode:
If the router is hosting your Internet connection, select Gateway mode. If another router exists on your network, select Router mode.
So do you have another router? It would seem from that quote that routing is disabled when in router mode. Maybe I'm missing something in your setup?

Last edited by damgar; 09-19-2010 at 10:01 PM.
 
Old 09-20-2010, 11:37 AM   #4
itsecx@gmail.com
LQ Newbie
 
Registered: Aug 2010
Posts: 19

Original Poster
Rep: Reputation: 1
Linksys WRT54G dd-wrt NOT able to route when in Router mode

Thanks for responding, @peacedog.

It doesn't look like I can now change/edit the username to something other than what is currently setup.

I'm guessing you're referring to the Linksys and the Linux box as the two devices. No, I have not disabled DHCP on either devices as I need DHCP services on both (ie: need dhcp for the local clients (lan) that connect to the linksys. The linux box also needs a dhcp server as it distributes IP to the clients on its subnet. Note, both devices are on a separate subnets and there's one/unique DHCP server for each subnet.

Finally, there's no "AP" mode. There's a Gateway mode, a Router (static) mode, and RIP (dynamic routing) mode.

Again, thanks for taking time for responding.

-itsecx

Quote:
Originally Posted by Peacedog View Post
Hi, Welcome to LQ. First, I'd suggest not using your email address in your user name.

Second, did you disable DHCP on one of the devices? Have you tried AP mode on the DD-WRT router? Perhaps I'm misunderstanding something?

Good luck. ;-)
 
Old 09-20-2010, 12:35 PM   #5
itsecx@gmail.com
LQ Newbie
 
Registered: Aug 2010
Posts: 19

Original Poster
Rep: Reputation: 1
Linksys WRT54G dd-wrt NOT able to route when in Router mode

Thanks for responding, @damgar. Here's the response to your note:

Outbound requests are handled by NAT; however, inbound request origination could only be made to the WAN interface/IP; thus, there would be no way for the router to know which internal host is the target. Ofcourse, one could put a particular host in a DMZ or do port forwarding for certain services; however, that not the intent here.

Scenario:
3 Subnets: 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24
2 Routers:
R1 (LAN) 192.168.1.1, (WAN) 192.168.2.2
R2 (LAN) 192.168.2.1, (WAN) 192.168.3.1
1 Client: (C) 192.168.1.100
1 Server: (S) 192.168.3.100

Client 'C' wants to initiate a SSH session to Server 'S'

*What we want is that 'S' should know that the client connected from 192.168.1.100 and not the masqueraded IP of the router (192.168.1.1) that is doing the NAT.

Hope that makes things a bit clearer.

Regards,
-itsecx

Quote:
Originally Posted by damgar View Post
I don't understand why you can't have inbound access in gateway mode? I have a vpn via openVPN and I occasionally host a web server with apache from behind my dd-wrt router in gateway mode. According to the configuration page:So do you have another router? It would seem from that quote that routing is disabled when in router mode. Maybe I'm missing something in your setup?
 
1 members found this post helpful.
Old 04-15-2018, 03:47 PM   #6
des_a
Member
 
Registered: Sep 2006
Posts: 740
Blog Entries: 29

Rep: Reputation: 19
This thread: https://www.linuxquestions.org/quest...289/page4.html, has a solution to making things work within the NAT environment. Maybe that will do for you? I'll just repeat it here.

To make it work with NAT, you first set both to gateway mode, and do as before. Then, in the first router's routing table, add a static route:

Code:
Network: [your second router's subnet]
Netmask: [your second router's netmask]
Gateway: [your second router's WAN address]
Then, in the second router, you save a firewall script as follows:

Code:
iptables -I FORWARD -j ACCEPT
That's what you do. Then, it works with NAT. Why they recommend having the second router on router mode, instead of this, is beyond me... I couldn't make it work as they said it should either, but this is what I chose to do.
 
Old 04-15-2018, 07:28 PM   #7
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 3,895

Rep: Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679
When you have the WRT54G configured in router mode, how do machines on your 172.16.0.0/16 network know how to route packets to your 10.0.0.0/8 network? If you don't have either (a) your Linux FC13 (horribly out of date, BTW) box or (b) all other machines that need to communicate with 10.0.0.0/8 configured to route all 10.0.0.0/8 packets via your WRT54G's WAN address, your Linux box is going to send those packets via its default route, which will be to your ISP, which will promptly drop them as unroutable.
 
1 members found this post helpful.
Old 04-21-2018, 01:33 PM   #8
des_a
Member
 
Registered: Sep 2006
Posts: 740
Blog Entries: 29

Rep: Reputation: 19
Quote:
When you have the WRT54G configured in router mode, how do machines on your 172.16.0.0/16 network know how to route packets to your 10.0.0.0/8 network? If you don't have either (a) your Linux FC13 (horribly out of date, BTW) box or (b) all other machines that need to communicate with 10.0.0.0/8 configured to route all 10.0.0.0/8 packets via your WRT54G's WAN address, your Linux box is going to send those packets via its default route, which will be to your ISP, which will promptly drop them as unroutable.
Sorry, I'm now the one asking this question, but I believe this information benefits everyone...

Does this mean that you cannot use the private IPs, behind a router mode router, but only NAT, and must use public ones instead? For example:

Code:
10.1.1.0 - Private, won't work
192.168.1.0 - Private won't work

---

1.1.1.0 - Normal, routeable, will work
Am I right in assuming that, based off of your information?
 
Old 04-21-2018, 04:05 PM   #9
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 3,895

Rep: Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679
Quote:
Originally Posted by des_a View Post
Does this mean that you cannot use the private IPs, behind a router mode router, but only NAT, and must use public ones instead?
While those addresses are unroutable on the public internet, you can certainly use them in your private network. You just have to make sure that the machines upstream of that private network know how to route packets to that network, i.e. by having the router's WAN address as a gateway for that address block.
Code:
                          Public
                          Network
                             |
                      +------|------+
                      |   1.2.3.4   |
                      |             |
                      |   Router 1  |
                      |             |
                      |   10.0.0.1  |
                      +------|------+
                             |
                             |
                             +----- 10.0.0.0/8 network
                             |
                             |
                      +------|------+
                      |  10.0.0.100 |
                      |             | 
                      |   Router 2  |
                      |             |
                      | 192.168.22.1|
                      +------|------+
                             |
                             |
                             +----- 192.168.22.0/24 network
Nothing except Router 2 has any knowledge of that 192.168.22.0/24 network. Machines on the 10.0.0.0/8 network will send those packets via their default route to gateway 10.0.0.1, and that router will send them on its default route, which will be to the upstream gateway on the public network**.

You can solve that just by telling Router 1 that packets for 192.168.22.0/24 should be routed via gateway 10.0.0.100. You can avoid having packets hairpin through Router 1 by setting up that gateway route in all machines on the 10.0.0.0/8 network, or at least on the ones likely to have a lot of traffic to route that way.

The need to set that up manually can be avoided by using ICMP Router Discovery, and is pretty much automatic in IPv6.

**Really, if Router 1 is well-behaved it will refuse to send those unroutable packets upstream and either drop them or send back an ICMP error response.

Last edited by rknichols; 04-21-2018 at 04:12 PM. Reason: Add footnote
 
Old 04-21-2018, 05:18 PM   #10
des_a
Member
 
Registered: Sep 2006
Posts: 740
Blog Entries: 29

Rep: Reputation: 19
Quote:
You can solve that just by telling Router 1 that packets for 192.168.22.0/24 should be routed via gateway 10.0.0.100. You can avoid having packets hairpin through Router 1 by setting up that gateway route in all machines on the 10.0.0.0/8 network, or at least on the ones likely to have a lot of traffic to route that way.
And what would a route add command look like in DD-WRT GUI, or Linux BASH command line? What about a Linksys router, with default firmware, if it's any different than those two? Use this scenario, since so far we may not know actual IP addresses.

Quote:
The need to set that up manually can be avoided by using ICMP Router Discovery, and is pretty much automatic in IPv6.
Do you have a link to more information?

Quote:
**Really, if Router 1 is well-behaved it will refuse to send those unroutable packets upstream and either drop them or send back an ICMP error response.
...I guess DD-WRT isn't well behaved...
 
Old 04-21-2018, 05:51 PM   #11
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 3,895

Rep: Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679
Quote:
Originally Posted by des_a View Post
And what would a route add command look like in DD-WRT GUI, or Linux BASH command line? What about a Linksys router, with default firmware, if it's any different than those two?
For the network I showed in the diagram:
Code:
route add -net 192.168.22.0 netmask 255.255.255.0 gw 10.0.0.100
Since the interface for 10.0.0.0/8 is already known, there's no need to specify it again. I tried it via telnet into a DD-WRT router. You can do the same thing in the Administration -> Commands command shell, or in Setup -> Advanced Routing, though I find that GUI more awkward than just typing in the command.
Quote:
Do you have a link to more information?
Nothing beyond the Wikipedia article I referenced or whatever Google might turn up. ICMP Router Discovery is a bit above my pay grade.
Quote:
...I guess DD-WRT isn't well behaved...
I haven't looked into what DD-WRT does there. My DD-WRT router does not face the public network.
 
1 members found this post helpful.
Old 04-21-2018, 06:11 PM   #12
des_a
Member
 
Registered: Sep 2006
Posts: 740
Blog Entries: 29

Rep: Reputation: 19
Quote:
route add -net 192.168.22.0 netmask 255.255.255.0 gw 10.0.0.100
Oh. OK. This is what I meant for connecting using NAT.

Quote:
Network: [your second router's subnet]
Netmask: [your second router's netmask]
Gateway: [your second router's WAN address]
However, in my experiments, doing this was simply not enough to make the second router work, if it's in router mode, on DD-WRT. Somehow, it must still think that there's a problem with routing the IPs. It DOES let you connect to the router's stuff from the first place. Everything there functions as normal.

But when you try to use the Internet, if the first router is connected to the Internet, it will not work. Maybe this has to do with the fact that it's within those special subnets, and must be in a routable one. But I didn't experiment there to be able to tell you.
 
Old 04-21-2018, 06:19 PM   #13
des_a
Member
 
Registered: Sep 2006
Posts: 740
Blog Entries: 29

Rep: Reputation: 19
In my case, for now, I'd settled for using NAT on my guestrouter, but punching the hole in the firewall, which for that, may not have been a bad idea. I was trying to make airprint work, and for that, I had to flatten it, and have my second router (clientrouter) behave like a special kind of access point. Then, airprint worked. Maybe router mode working according the the documentation, rather than in other ways, is broken? It works, but maybe the documentation is what is broken.
 
Old 04-21-2018, 06:21 PM   #14
des_a
Member
 
Registered: Sep 2006
Posts: 740
Blog Entries: 29

Rep: Reputation: 19
P.S. - Then, I'd saw this thread, which was too late to find some of my answers on for my problem, as I'd found a solution that worked for then. But I thought I might help others, and maybe find out more that might make me change my mind about what I'd done. While I had a different objective in mind, part of the solution might apply here for this objective. Whether or not it solves your problem or not, I don't know, but it might!
 
Old 04-21-2018, 06:26 PM   #15
des_a
Member
 
Registered: Sep 2006
Posts: 740
Blog Entries: 29

Rep: Reputation: 19
Quote:
First, I'd suggest not using your email address in your user name.
I think, after you are done here, for security purposes, you should only use your e-mail for this, and open another for other things. Maybe begin to make this a public one or something. Maybe, just so that people can fix mistakes like this, LQ should try to allow to change the username somehow, without opening a new account? If changing constantly is a problem, just limit the amount of times they may change it within a time period.
 
  


Reply

Tags
ddwrt, gateway, linksys, router, routing


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Linksys WRT54G v.5 - DD-WRT --- Server in DMZ -- How to forward ports to my desktop? mitchell7man Linux - Networking 1 04-03-2010 02:07 PM
DD-WRT and Linksys WRT54GS2V1 problems Norami Linux - Embedded & Single-board computer 6 11-30-2009 09:01 AM
LXer: Released: DD-WRT v23 Final for Linksys WRT54G (and others) LXer Syndicated Linux News 0 12-26-2005 12:16 PM
valknut and Linksys wrt 54g router problem slask73 Linux - Wireless Networking 1 10-09-2005 05:44 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration