DD-WRT: How to allow port forwarding to apply to requests originating from inside the LAN?

port-forwarding router dd-wrt dynamic-dns

With the original firmware of my router I had port forwarding defined from port 80 to the server in the LAN, which I used in conjunction with an external dynamic DNS service.

I've now upgraded to DD-WRT and alas the port forwarding only works for requests to the external IP from outside the LAN. From inside the LAN I can only access the server by its internal IP.

How can I get the external IP (and thereby the domain name connected to the dynamic external IP) to be properly accessible also from inside the LAN?

I prefer to find out how to achieve it with standard DD-WRT definitions but using e.g. iptables isn't out of the question.


Seems like it's a bug in recent DD-WRT builds.

Use iptables:

iptables -t nat -I POSTROUTING -o br0 -s 192.168.1.0/24 -d 192.168.1.0/24 -j MASQUERADE

(change your subnet according to your specific LAN)

From http://hax.at/text/41


In spirit of UrEl's answer: A self-configuring iptables script that can just be copy-pasted without further adaptation can be found on the DD-WRT forum:

insmod ipt_mark 
insmod xt_mark 
iptables -t mangle -A PREROUTING -i ! `get_wanface` -d `nvram get wan_ipaddr` -j MARK --set-mark 0xd001 
iptables -t mangle -A PREROUTING -j CONNMARK --save-mark 
iptables -t nat -A POSTROUTING -m mark --mark 0xd001 -j MASQUERADE

As noted by Jarett, this has to be used as Firewall script and not as Startup script.


Try disabling "Filter WAN NAT redirection" in the Security->Firewall tab. From the help description:

Filter WAN NAT Redirection Prevents hosts on LAN from using WAN address of router to contact servers on the LAN (which have been configured using port redirection).


It sounds like your real problem is that you need two views of the DNS A record. Externally your dynamic dns points to your network public IP which forwards port 80 to the local host. All you need to do is add an entry in dnsmasq with an A record pointing the same fully qualified domain name to the local host ip for your local hosts. You can do that by adding the following on the Services page/Additional dnsmasq options:

 address=/www.mydomain.com./xx.xx.xx.xx

just replace the xx's with the local ip and the domain name with your domain name. Don't forget the trailing dot or it will append your local domain name to it.

Related

Can I make a script always execute as root?
What is the lifespan of an SSD drive? [closed]
Windows 8: How to Lock (not sleep) laptop on lid close?
How do I easily highlight the syntax of PHP code in Word?
Tab + Enter no longer taking me to first Google search result in Chrome
How to list encrypted files in Windows 7?
How to stop Firefox update notifications?
How to start a program when another one is started
Is there a command line tool to put Windows 8 to sleep? [duplicate]
How to setup custom DPI below 100% on Windows 7?
Disable mouse speed check between monitors in windows 8.1 update 1
Converting between GPT and MBR hard drive without losing data