One-to-one NAT
From DD-WRT Wiki
Revision as of 14:03, 9 July 2008 (edit) Soulstace (Talk | contribs) m (→PORT FORWARD - unnecessary.. check resource #2) ← Previous diff |
Revision as of 16:22, 20 March 2009 (edit) (undo) Soulstace (Talk | contribs) m Next diff → |
||
Line 1: | Line 1: | ||
- | One-to-one NAT is a way to make systems behind a firewall and configured with private IP addresses (those addresses reserved for private use in RFC 1918) appear to have public IP addresses.¹ | + | One-to-one NAT (aka Static NAT) is a way to make systems behind a firewall and configured with private IP addresses (those addresses reserved for private use in RFC 1918) appear to have public IP addresses.¹ |
I'm using this type of setup, with three public IPs. WRT54GL v.1.1 with DD-WRT RC6 and it works just fine.² | I'm using this type of setup, with three public IPs. WRT54GL v.1.1 with DD-WRT RC6 and it works just fine.² |
Revision as of 16:22, 20 March 2009
One-to-one NAT (aka Static NAT) is a way to make systems behind a firewall and configured with private IP addresses (those addresses reserved for private use in RFC 1918) appear to have public IP addresses.¹
I'm using this type of setup, with three public IPs. WRT54GL v.1.1 with DD-WRT RC6 and it works just fine.²
I have done following:
Contents |
Setup
Startup
set up new public static ip on dd-wrt wan interface vlan1
ifconfig vlan1:1 PUBLIC_IP netmask NETMASK broadcast BROADCAST
Firewall
SNAT/DNAT
route all packets for the new public ip, to a certain local ip
iptables -t nat -I PREROUTING -i vlan1 -d PUBLIC_IP -j DNAT --to-destination LAN_IP
masquerade returned packets from the local ip to the public ip
iptables -t nat -I POSTROUTING -o vlan1 -s LAN_IP -j SNAT --to-source PUBLIC_IP
PORT FORWARD
forward port X to above local IP
iptables -I FORWARD -p tcp -i vlan1 -d LAN_IP --dport X -j ACCEPT
You could also replace above rule with the following:
iptables -I FORWARD -p all -i vlan1 -d LAN_IP -j ACCEPT
which instead of forwarding just a single port, will let through all tcp/udp connections on all ports to this public ip-->lan ip.
With other words, no firewalling what so ever.
Resources
¹ http://www.shorewall.net/NAT.htm
² http://www.dd-wrt.com/phpBB2/viewtopic.php?t=24555