DD-WRT: How to allow port forwarding to apply to requests originating from inside the LAN?

With the original firmware of my router I had port forwarding defined from port 80 to the server in the LAN, which I used in conjunction with an external dynamic DNS service.

I've now upgraded to DD-WRT and alas the port forwarding only works for requests to the external IP from outside the LAN. From inside the LAN I can only access the server by its internal IP.

How can I get the external IP (and thereby the domain name connected to the dynamic external IP) to be properly accessible also from inside the LAN?

I prefer to find out how to achieve it with standard DD-WRT definitions but using e.g. iptables isn't out of the question.


Seems like it's a bug in recent DD-WRT builds.

Use iptables:

iptables -t nat -I POSTROUTING -o br0 -s 192.168.1.0/24 -d 192.168.1.0/24 -j MASQUERADE

(change your subnet according to your specific LAN)

From http://hax.at/text/41


In spirit of UrEl's answer: A self-configuring iptables script that can just be copy-pasted without further adaptation can be found on the DD-WRT forum:

insmod ipt_mark 
insmod xt_mark 
iptables -t mangle -A PREROUTING -i ! `get_wanface` -d `nvram get wan_ipaddr` -j MARK --set-mark 0xd001 
iptables -t mangle -A PREROUTING -j CONNMARK --save-mark 
iptables -t nat -A POSTROUTING -m mark --mark 0xd001 -j MASQUERADE 

As noted by Jarett, this has to be used as Firewall script and not as Startup script.


Try disabling "Filter WAN NAT redirection" in the Security->Firewall tab. From the help description:

Filter WAN NAT Redirection Prevents hosts on LAN from using WAN address of router to contact servers on the LAN (which have been configured using port redirection).


It sounds like your real problem is that you need two views of the DNS A record. Externally your dynamic dns points to your network public IP which forwards port 80 to the local host. All you need to do is add an entry in dnsmasq with an A record pointing the same fully qualified domain name to the local host ip for your local hosts. You can do that by adding the following on the Services page/Additional dnsmasq options:

 address=/www.mydomain.com./xx.xx.xx.xx

just replace the xx's with the local ip and the domain name with your domain name. Don't forget the trailing dot or it will append your local domain name to it.