Topic: Funny port forward + WDS problem

Hi,

I have 2 WRT with 7.07 working like a charm.
Here is the schema:

DSL line 1 ---.  WAN 1                       WAN 2  .--- ADSL line 2
               |                                    |
192.168.0.1 [WRT 1] <---------- WDS ---------->  [WRT 2] 192.168.0.2
             |   |                                |   |
             |   |  LAN 1                         |   |  LAN 2
             |   |                                |   |
            \|/ \|/                              \|/ \|/
           SVR1 SVR2                            XBOX  WKS
192.168.0.100    .101                           .150  .200

The 2 servers talks with Xbox & workstation. The gateway for my home is 192.168.0.1 (WRT1).
Since few days I have a second ADSL line, so a second gateway 192.168.0.2.
As I don't have yet setup a EQL or TEQL tunel from the internet, I can contact my home by 2 differents public IPs.
The port forwarding from the WAN1 to the LAN of the WRT1 is okey, I can contact my 2 servers from the world.

My problem: I have setup the SAME port forwarding on the WRT2 to contact my 2 servers, but it didn't cross over the WDS, I guess packets stay only on the 4 ports switch of the WRT2.
How can I contact my 2 servers from the WAN2 of the second WRT ?

If you have ideas...

Thanx

Phil

Re: Funny port forward + WDS problem

I have a nearly identical problem. I have 2 WRTs each with the WAN connected to the public internet and port forwarding to the same server connected to WRT1. I can reach the server from externally on the WRT1's WAN, but not on the WRT2's WAN. They are connected via WDS. An iptables log on the WRT2 shows the incomming connection being forwarded out the interface br-lan. I checked and the WDS link is part of the br-lan. Has anyone found a solution to this problem?

Re: Funny port forward + WDS problem

Hi,

I have work a little on this problem: This is not the WDS problem.
When you port-forward, the WRT just take the packet and send them to the ip:port, without change the original IP.
This means that we are in a pure asymetric route problem: when the SVR1 or SVR2 reply, the default route is WRT1, so the outgoing packets goes thru WRT1, and not WRT2.

To be sure you are the same case, tcpdump on SVR1, and you'll check that the incomming packets arrives, but get out with the wrong gateway.

To solve this, on WRT2 we need to masquerade+port-forwad all connections incomming connection. And the bad point is that it is no more possible to identify IP source, all connection will have IP of WRT2... I didn't do it yet, because I'm not an Iptables ninja smile

++

Phil