OpenWrt Forum Archive

Topic: WRT54GS Problems - pppoe and snat

The content of this topic has been archived on 1 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
Weedy
23 Jan 2007, 10:02

im running the lastest version of Kamikaze (well almost since [6182] broke iptables)

BusyBox v1.3.1 (2007-01-22 23:03:11 EST) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 KAMIKAZE (bleeding edge, r6181) -------------------
  * 10 oz Vodka       Shake well with ice and strain
  * 10 oz Triple sec  mixture into 10 shot glasses.
  * 10 oz lime juice  Salute!
 ---------------------------------------------------
root@OpenWrt:~#

I'm having to following issues:
1. pppd do not start on its own

root@OpenWrt:~# logread 
Jan  1 00:00:20 (none) syslog.info syslogd started: BusyBox v1.3.1
Jan  1 00:00:20 (none) user.notice kernel: klogd started: BusyBox v1.3.1 (2007-01-22 23:03:11 EST)
Jan  1 00:00:20 (none) user.warn kernel: CPU revision is: 00029007
Jan  1 00:00:20 (none) user.warn kernel: Primary instruction cache 8kB, physically tagged, 2-way, linesize 16 bytes.
Jan  1 00:00:20 (none) user.warn kernel: Primary data cache 4kB, 2-way, linesize 16 bytes.
Jan  1 00:00:20 (none) user.warn kernel: Linux version 2.4.34 (weedy@kamo-chan) (gcc version 3.4.6 (OpenWrt-2.0)) #2 Mon Jan 22 23:17:36 EST 2007
Jan  1 00:00:20 (none) user.warn kernel: Determined physical RAM map:
Jan  1 00:00:20 (none) user.warn kernel:  memory: 02000000 @ 00000000 (usable)
Jan  1 00:00:20 (none) user.warn kernel: On node 0 totalpages: 8192
Jan  1 00:00:20 (none) user.warn kernel: zone(0): 8192 pages.
Jan  1 00:00:20 (none) user.warn kernel: zone(1): 0 pages.
Jan  1 00:00:20 (none) user.warn kernel: zone(2): 0 pages.
Jan  1 00:00:20 (none) user.warn kernel: Kernel command line: root=/dev/mtdblock2 rootfstype=squashfs,jffs2 init=/etc/preinit noinitrd console=ttyS0,115200
Jan  1 00:00:20 (none) user.warn kernel: CPU: BCM4712 rev 1 at 216 MHz
Jan  1 00:00:20 (none) user.warn kernel: Using 108.000 MHz high precision timer.
Jan  1 00:00:20 (none) user.warn kernel: Calibrating delay loop... 212.17 BogoMIPS
Jan  1 00:00:20 (none) user.info kernel: Memory: 30420k/32768k available (1464k kernel code, 2348k reserved, 100k data, 92k init, 0k highmem)
Jan  1 00:00:20 (none) user.info kernel: Dentry cache hash table entries: 4096 (order: 3, 32768 bytes)
Jan  1 00:00:20 (none) user.info kernel: Inode cache hash table entries: 2048 (order: 2, 16384 bytes)
Jan  1 00:00:20 (none) user.info kernel: Mount cache hash table entries: 512 (order: 0, 4096 bytes)
Jan  1 00:00:20 (none) user.info kernel: Buffer cache hash table entries: 1024 (order: 0, 4096 bytes)
Jan  1 00:00:20 (none) user.warn kernel: Page-cache hash table entries: 8192 (order: 3, 32768 bytes)
Jan  1 00:00:20 (none) user.warn kernel: Checking for 'wait' instruction...  unavailable.
Jan  1 00:00:20 (none) user.warn kernel: POSIX conformance testing by UNIFIX
Jan  1 00:00:20 (none) user.warn kernel: PCI: Disabled
Jan  1 00:00:20 (none) user.warn kernel: PCI: Fixing up bus 0
Jan  1 00:00:20 (none) user.info kernel: Linux NET4.0 for Linux 2.4
Jan  1 00:00:20 (none) user.info kernel: Based upon Swansea University Computer Society NET3.039
Jan  1 00:00:20 (none) user.warn kernel: Initializing RT netlink socket
Jan  1 00:00:20 (none) user.warn kernel: Starting kswapd
Jan  1 00:00:20 (none) user.warn kernel: Registering mini_fo version $Id$
Jan  1 00:00:20 (none) user.info kernel: devfs: v1.12c (20020818) Richard Gooch (rgooch@atnf.csiro.au)
Jan  1 00:00:20 (none) user.info kernel: devfs: boot_options: 0x1
Jan  1 00:00:20 (none) user.notice kernel: JFFS2 version 2.1. (C) 2001 Red Hat, Inc., designed by Axis Communications AB.
Jan  1 00:00:20 (none) user.info kernel: squashfs: version 3.0 (2006/03/15) Phillip Lougher
Jan  1 00:00:20 (none) user.warn kernel: pty: 256 Unix98 ptys configured
Jan  1 00:00:20 (none) user.info kernel: Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabled
Jan  1 00:00:20 (none) user.info kernel: ttyS00 at 0xb8000300 (irq = 3) is a 16550A
Jan  1 00:00:20 (none) user.info kernel: ttyS01 at 0xb8000400 (irq = 3) is a 16550A
Jan  1 00:00:20 (none) user.info kernel: b44.c:v0.93 (Mar, 2004)
Jan  1 00:00:20 (none) user.debug kernel: PCI: Setting latency timer of device 00:02.0 to 64
Jan  1 00:00:20 (none) user.info kernel: eth0: Broadcom 47xx 10/100BaseT Ethernet 00:13:10:07:ee:fc
Jan  1 00:00:20 (none) user.debug kernel: Physically mapped flash: Found an alias at 0x800000 for the chip at 0x0
Jan  1 00:00:20 (none) user.debug kernel: Physically mapped flash: Found an alias at 0x1000000 for the chip at 0x0
Jan  1 00:00:20 (none) user.debug kernel: Physically mapped flash: Found an alias at 0x1800000 for the chip at 0x0
Jan  1 00:00:20 (none) user.notice kernel: cfi_cmdset_0001: Erase suspend on write enabled
Jan  1 00:00:20 (none) user.debug kernel: 0: offset=0x0,size=0x20000,blocks=64
Jan  1 00:00:20 (none) user.warn kernel: Using buffer write method
Jan  1 00:00:20 (none) user.notice kernel: Flash device: 0x800000 at 0x1c000000
Jan  1 00:00:20 (none) user.notice kernel: bootloader size: 262144
Jan  1 00:00:20 (none) user.info kernel: Physically mapped flash: Filesystem type: squashfs, size=0x11c5f7
Jan  1 00:00:20 (none) user.notice kernel: Creating 5 MTD partitions on "Physically mapped flash":
Jan  1 00:00:20 (none) user.notice kernel: 0x00000000-0x00040000 : "cfe"
Jan  1 00:00:20 (none) user.notice kernel: 0x00040000-0x007e0000 : "linux"
Jan  1 00:00:20 (none) user.notice kernel: 0x000be000-0x001e0000 : "rootfs"
Jan  1 00:00:20 (none) user.warn kernel: mtd: partition "rootfs" doesn't start on an erase block boundary -- force read-only
Jan  1 00:00:20 (none) user.notice kernel: 0x007e0000-0x00800000 : "nvram"
Jan  1 00:00:20 (none) user.notice kernel: 0x001e0000-0x007e0000 : "OpenWrt"
Jan  1 00:00:20 (none) user.err kernel: sflash: found no supported devices
Jan  1 00:00:20 (none) user.info kernel: Initializing Cryptographic API
Jan  1 00:00:20 (none) user.info kernel: NET4: Linux TCP/IP 1.0 for NET4.0
Jan  1 00:00:20 (none) user.info kernel: IP Protocols: ICMP, UDP, TCP, IGMP
Jan  1 00:00:20 (none) user.info kernel: IP: routing cache hash table of 512 buckets, 4Kbytes
Jan  1 00:00:20 (none) user.info kernel: TCP: Hash tables configured (established 2048 bind 4096)
Jan  1 00:00:20 (none) user.warn kernel: ip_conntrack version 2.1 (5953 buckets, 5953 max) - 360 bytes per conntrack
Jan  1 00:00:20 (none) user.warn kernel: ip_tables: (C) 2000-2002 Netfilter core team
Jan  1 00:00:20 (none) user.info kernel: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
Jan  1 00:00:20 (none) user.info kernel: NET4: Ethernet Bridge 008 for NET4.0
Jan  1 00:00:20 (none) user.info kernel: 802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
Jan  1 00:00:20 (none) user.info kernel: All bugs added by David S. Miller <davem@redhat.com>
Jan  1 00:00:20 (none) user.warn kernel: VFS: Mounted root (squashfs filesystem) readonly.
Jan  1 00:00:20 (none) user.info kernel: Mounted devfs on /dev
Jan  1 00:00:20 (none) user.info kernel: Freeing unused kernel memory: 92k freed
Jan  1 00:00:20 (none) user.warn kernel: Algorithmics/MIPS FPU Emulator v1.5
Jan  1 00:00:20 (none) user.warn kernel: diag: Detected 'Linksys WRT54G/GS/GL'
Jan  1 00:00:20 (none) user.warn kernel: Probing device eth0: found!
Jan  1 00:00:20 (none) user.info kernel: b44: eth0: Link is up at 100 Mbps, full duplex.
Jan  1 00:00:20 (none) user.info kernel: b44: eth0: Flow control is off for TX and off for RX.
Jan  1 00:00:20 (none) user.info kernel: mini_fo: using base directory: /
Jan  1 00:00:20 (none) user.info kernel: mini_fo: using storage directory: /jffs
Jan  1 00:00:20 (none) user.warn kernel: jffs2.bbc: SIZE compression mode activated.
Jan  1 00:00:22 (none) user.info kernel: b44: eth0: Link is up at 100 Mbps, full duplex.
Jan  1 00:00:22 (none) user.info kernel: b44: eth0: Flow control is off for TX and off for RX.
Jan  1 00:00:23 (none) user.warn kernel: BFL_ENETADM not set in boardflags. Use force=1 to ignore.
Jan  1 00:00:24 (none) user.info kernel: eth0.0: dev_set_promiscuity(master, 1)
Jan  1 00:00:24 (none) user.info kernel: device eth0 entered promiscuous mode
Jan  1 00:00:24 (none) user.info kernel: device eth0.0 entered promiscuous mode
Jan  1 00:00:24 (none) user.info kernel: br-lan: port 1(eth0.0) entering learning state
Jan  1 00:00:25 (none) user.info kernel: br-lan: port 1(eth0.0) entering forwarding state
Jan  1 00:00:25 (none) user.info kernel: br-lan: topology change detected, propagating
Jan  1 00:00:25 (none) user.info kernel: CSLIP: code copyright 1989 Regents of the University of California
Jan  1 00:00:25 (none) user.info kernel: PPP generic driver version 2.4.2
Jan  1 00:00:26 (none) user.info kernel: br-lan: port 1(eth0.0) entering disabled state
Jan  1 00:00:26 (none) user.info kernel: br-lan: port 1(eth0.0) entering learning state
Jan  1 00:00:26 (none) user.info kernel: br-lan: port 1(eth0.0) entering forwarding state
Jan  1 00:00:26 (none) user.info kernel: br-lan: topology change detected, propagating
Jan  1 00:00:28 (none) user.debug kernel: PCI: Setting latency timer of device 00:01.0 to 64
Jan  1 00:00:28 (none) user.warn kernel: wl0: Broadcom BCM4320 802.11 Wireless Controller 4.80.53.0
Jan  1 00:00:28 (none) user.info : Warning: loading wl will taint the kernel: no license
Jan  1 00:00:28 (none) user.info :   See http://www.tux.org/lkml/#export-tainted for information about tainted modules
Jan  1 00:00:29 (none) daemon.info pppd[387]: Plugin rp-pppoe.so loaded.
Jan  1 00:00:30 (none) user.info kernel: ipt_recent v0.3.1: Stephen Frost <sfrost@snowman.net>.  http://snowman.net/projects/ipt_recent/
Jan  1 00:00:30 (none) user.info kernel: IPP2P v0.8.1_rc1 loading
Jan  1 00:00:30 (none) user.info kernel: imq driver loaded.
Jan  1 00:00:32 (none) user.warn kernel: ipt_time loading
Jan  1 00:00:33 (none) user.info : Could not load the ptable
Jan  1 00:00:33 (none) user.info : Could not load the ptable
Jan  1 00:00:34 (none) user.info kernel: device wl0 entered promiscuous mode
Jan  1 00:00:34 (none) user.info kernel: br-lan: port 2(wl0) entering learning state
Jan  1 00:00:34 (none) user.info kernel: br-lan: port 2(wl0) entering forwarding state
Jan  1 00:00:34 (none) user.info kernel: br-lan: topology change detected, propagating
Jan  1 00:00:38 (none) user.notice ez-ipupdate: ez-ipupdate Version 3.0.11b8
Jan  1 00:00:38 (none) user.notice ez-ipupdate: Copyright (C) 1998-2001 Angus Mackay
Jan  1 00:00:38 (none) user.notice ez-ipupdate: gethostbyname: Unknown host
Jan  1 00:00:38 (none) user.notice ez-ipupdate: error connecting to members.dyndns.org:80
Jan  1 00:00:43 (none) cron.notice crond[910]: crond 2.3.2 dillon, started, log level 8 
Jan  1 00:00:44 (none) authpriv.info dropbear[923]: Running in background
Jan  1 00:00:48 (none) daemon.info dnsmasq[997]: started, version 2.35 cachesize 150
Jan  1 00:00:48 (none) daemon.info dnsmasq[997]: compile time options: IPv6 GNU-getopt ISC-leasefile no-DBus no-I18N 
Jan  1 00:00:48 (none) daemon.info dnsmasq[997]: DHCP, IP range 192.168.1.100 -- 192.168.1.149, lease time 12h
Jan  1 00:00:48 (none) daemon.info dnsmasq[997]: using local addresses only for domain lan
Jan  1 00:00:48 (none) daemon.info dnsmasq[997]: reading /tmp/resolv.conf.auto
Jan  1 00:00:48 (none) daemon.info dnsmasq[997]: using nameserver 67.69.184.199#53
Jan  1 00:00:48 (none) daemon.info dnsmasq[997]: using nameserver 67.69.184.203#53
Jan  1 00:00:48 (none) daemon.info dnsmasq[997]: using local addresses only for domain lan
Jan  1 00:00:48 (none) daemon.info dnsmasq[997]: read /etc/hosts - 1 addresses
Jan  1 00:00:48 (none) daemon.info dnsmasq[997]: read /etc/ethers - 5 addresses
Jan  1 00:00:49 (none) authpriv.info dropbear[1005]: Child connection from 192.168.1.103:32984
Jan  1 00:00:52 (none) authpriv.warn dropbear[1005]: bad password attempt for 'root' from 192.168.1.103:32984
Jan  1 00:00:55 (none) authpriv.notice dropbear[1005]: password auth succeeded for 'root' from 192.168.1.103:32984
Jan  1 00:00:56 (none) daemon.info dnsmasq[997]: DHCPREQUEST(br-lan) 192.168.1.104 00:16:cf:11:e9:7c 
Jan  1 00:00:56 (none) daemon.info dnsmasq[997]: DHCPACK(br-lan) 192.168.1.104 00:16:cf:11:e9:7c lappy-8ef5b40f5

i must manualy start it

Jan  1 00:01:55 (none) daemon.info pppd[1084]: Plugin rp-pppoe.so loaded.
Jan  1 00:01:55 (none) daemon.notice pppd[1085]: pppd 2.4.3 started by root, uid 0
Jan  1 00:01:55 (none) daemon.err pppd[1085]: Interface eth0.1 has MTU of 1492 -- should be 1500.  You may have serious connection problems.
Jan  1 00:01:55 (none) daemon.debug pppd[1085]: PADS: Service-Name: ''
Jan  1 00:01:55 (none) daemon.info pppd[1085]: PPP session is 5036
Jan  1 00:01:55 (none) daemon.debug pppd[1085]: using channel 2
Jan  1 00:01:55 (none) daemon.info pppd[1085]: Using interface ppp0
Jan  1 00:01:55 (none) daemon.notice pppd[1085]: Connect: ppp0 <--> eth0.1
Jan  1 00:01:55 (none) daemon.warn pppd[1085]: Couldn't increase MTU to 1500
Jan  1 00:01:55 (none) daemon.warn pppd[1085]: Couldn't increase MRU to 1500
Jan  1 00:01:55 (none) daemon.debug pppd[1085]: sent [LCP ConfReq id=0x1 <mru 1492> <magic 0x6419a93c>]
Jan  1 00:01:55 (none) daemon.debug pppd[1085]: rcvd [LCP ConfReq id=0x6f <mru 1492> <auth pap> <magic 0x358b45be>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jan  1 00:01:55 (none) daemon.debug pppd[1085]: sent [LCP ConfAck id=0x6f <mru 1492> <auth pap> <magic 0x358b45be>]
Jan  1 00:01:55 (none) daemon.debug pppd[1085]: rcvd [LCP ConfAck id=0x1 <mru 1492> <magic 0x6419a93c>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jan  1 00:01:55 (none) daemon.debug pppd[1085]: sent [LCP EchoReq id=0x0 magic=0x6419a93c]
Jan  1 00:01:55 (none) daemon.debug pppd[1085]: sent [PAP AuthReq id=0x1 user="b1tvgv26" password=<hidden>]
Jan  1 00:01:55 (none) daemon.debug pppd[1085]: rcvd [LCP EchoRep id=0x0 magic=0x358b45be] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jan  1 00:01:56 (none) daemon.debug pppd[1085]: rcvd [PAP AuthAck id=0x1 ""] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...
Jan  1 00:01:56 (none) daemon.notice pppd[1085]: PAP authentication succeeded
Jan  1 00:01:56 (none) daemon.notice pppd[1085]: PAP authentication succeeded
Jan  1 00:01:56 (none) daemon.notice pppd[1085]: peer from calling number 00:90:1A:A0:A1:E9 authorized
Jan  1 00:01:56 (none) daemon.debug pppd[1085]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Jan  1 00:01:56 (none) daemon.debug pppd[1085]: rcvd [IPCP ConfNak id=0x1 <addr 65.92.121.148> <ms-dns1 67.69.184.203> <ms-dns3 67.69.184.199>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jan  1 00:01:56 (none) daemon.debug pppd[1085]: sent [IPCP ConfReq id=0x2 <addr 65.92.121.148> <ms-dns1 67.69.184.203> <ms-dns3 67.69.184.199>]
Jan  1 00:01:56 (none) daemon.debug pppd[1085]: rcvd [IPCP ConfReq id=0xc7 <addr 64.230.197.224>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jan  1 00:01:56 (none) daemon.debug pppd[1085]: sent [IPCP ConfAck id=0xc7 <addr 64.230.197.224>]
Jan  1 00:01:56 (none) daemon.debug pppd[1085]: rcvd [IPCP ConfAck id=0x2 <addr 65.92.121.148> <ms-dns1 67.69.184.203> <ms-dns3 67.69.184.199>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jan  1 00:01:56 (none) daemon.notice pppd[1085]: local  IP address 65.92.121.148
Jan  1 00:01:56 (none) daemon.notice pppd[1085]: remote IP address 64.230.197.224
Jan  1 00:01:56 (none) daemon.notice pppd[1085]: primary   DNS address 67.69.184.203
Jan  1 00:01:56 (none) daemon.notice pppd[1085]: secondary DNS address 67.69.184.199
Jan  1 00:01:56 (none) daemon.debug pppd[1085]: Script /etc/ppp/ip-up started (pid 1130)
Jan  1 00:01:57 (none) user.notice ez-ipupdate: ez-ipupdate Version 3.0.11b8
Jan  1 00:01:57 (none) user.notice ez-ipupdate: Copyright (C) 1998-2001 Angus Mackay
Jan  1 00:01:59 (none) daemon.info dnsmasq[997]: reading /tmp/resolv.conf.auto
Jan  1 00:01:59 (none) daemon.info dnsmasq[997]: using nameserver 67.69.184.199#53
Jan  1 00:01:59 (none) daemon.info dnsmasq[997]: using nameserver 67.69.184.203#53
Jan  1 00:01:59 (none) daemon.info dnsmasq[997]: using local addresses only for domain lan
Jan  1 00:02:00 (none) daemon.debug pppd[1085]: Script /etc/ppp/ip-up finished (pid 1130), status = 0x1
Jan  1 00:02:07 (none) user.notice ez-ipupdate: connected to members.dyndns.org (63.208.196.95) on port 80
Jan 23 08:53:45 (none) user.notice ez-ipupdate: request successful
Jan 23 08:53:48 (none) daemon.info pppd[1085]: System time change detected.
Jan 23 08:53:56 (none) authpriv.info dropbear[1285]: Child connection from 192.168.1.134:2103
Jan 23 08:54:02 (none) authpriv.notice dropbear[1285]: password auth succeeded for 'root' from 192.168.1.134:2103
Jan 23 08:54:39 (none) cron.warn crond[910]: time disparity of 3714292 minutes detected

2. Does snat work? this is my firewall.user

root@OpenWrt:~# cat /etc/firewall.user 
#!/bin/sh
# Copyright (C) 2006 OpenWrt.org

. /etc/functions.sh # common functions
include /lib/network # include /lib/network/*.sh
scan_interfaces # read and parse the network config

PPPUP=$(ifconfig `config_get wan ifname` 2>&1 |grep "Device not found")
[ -n "$PPPUP" ] && exit
IP=$(ifconfig `config_get wan ifname` | grep 'inet addr' | awk '{print $2}' | cut -d':' -f 2)
LAN=$(config_get lan ifname)

iptables -F input_rule
iptables -F output_rule
iptables -F forwarding_rule
iptables -t nat -F prerouting_rule
iptables -t nat -F postrouting_rule

# The following chains are for traffic directed at the IP of the 
# WAN interface

iptables -F input_wan
iptables -F forwarding_wan
iptables -t nat -F prerouting_wan

### Open port to WAN
## -- This allows port 22 to be answered by (dropbear on) the router
# iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT 
# iptables        -A input_wan      -p tcp --dport 22 -j ACCEPT

### Port forwarding
## -- This forwards port 8080 on the WAN to port 80 on 192.168.1.2
# iptables -t nat -A prerouting_wan -p tcp --dport 8080 -j DNAT --to 192.168.1.2:80
# iptables        -A forwarding_wan -p tcp --dport 80 -d 192.168.1.2 -j ACCEPT

#tracker
iptables -t nat -A prerouting_wan -d $IP -p tcp -m multiport --dports 6966,8394,8395,8396 -j DNAT --to 192.168.1.102
iptables        -A forwarding_wan -p tcp -m multiport --dports 6966,8394,8395,8396 -d 192.168.1.102 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p tcp -s 192.168.1.0/24 -d 192.168.1.102 -m multiport --dports 6966,8394,8395,8396 -j SNAT --to- ource 192.168.1.1
#192.168.1.102
iptables -t nat -A prerouting_wan -d $IP -p tcp -m multiport --dports 22,80,443 -j DNAT --to 192.168.1.102
iptables        -A forwarding_wan -p tcp -m multiport --dports 22,80,443 -d 192.168.1.102 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p tcp -s 192.168.1.0/24 -d 192.168.1.102 -m multiport --dports 22,80,443 -j SNAT --to-source 192 168.1.1

#192.168.1.100
iptables -t nat -A prerouting_wan -p tcp -d $IP -m multiport --dports 6967,6968,8732 -j DNAT --to 192.168.1.100
iptables        -A forwarding_wan -p tcp -m multiport --dports 6967,6968,8732 -d 192.168.1.100 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p tcp -s 192.168.1.0/24 -d 192.168.1.100 -m multiport --dports 6967,6968,8732 -j SNAT --to-sourc  192.168.1.1
iptables -t nat -A prerouting_wan -p udp -d $IP -m multiport --dports 8733 -j DNAT --to 192.168.1.100
iptables        -A forwarding_wan -p udp -m multiport --dports 8733 -d 192.168.1.100 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p udp -s 192.168.1.0/24 -d 192.168.1.100 -m multiport --dports 8733 -j SNAT --to-source 192.168. .1
iptables -t nat -A prerouting_wan -p tcp -d $IP --dport 9024:9044 -j DNAT --to 192.168.1.100
iptables        -A forwarding_wan -p tcp --dport 9024:9044 -d 192.168.1.100 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p tcp -s 192.168.1.0/24 -d 192.168.1.100 --dport 9024:9044 -j SNAT --to-source 192.168.1.1
#192.168.1.101
iptables -t nat -A prerouting_wan -p tcp -d $IP -m multiport --dports 65000 -j DNAT --to 192.168.1.101
iptables        -A forwarding_wan -p tcp -m multiport --dports 65000 -d 192.168.1.101 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p tcp -s 192.168.1.0/24 -d 192.168.1.101 -m multiport --dports 65000 -j SNAT --to-source 192.168 1.1
iptables -t nat -A prerouting_wan -p udp -d $IP -m multiport --dports 65000 -j DNAT --to 192.168.1.101
iptables        -A forwarding_wan -p udp -m multiport --dports 65000 -d 192.168.1.101 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p udp -s 192.168.1.0/24 -d 192.168.1.101 -m multiport --dports 65000 -j SNAT --to-source 192.168 1.1
#192.168.1.103
iptables -t nat -A prerouting_wan -d $IP -p tcp -m multiport --dports 49680,49686 -j DNAT --to 192.168.1.103
iptables        -A forwarding_wan -p tcp -m multiport --dports 49680,49686 -d 192.168.1.103 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p tcp -s 192.168.1.0/24 -d 192.168.1.103 -m multiport --dports 49680,49686 -j SNAT --to-source 1 2.168.1.1
iptables -t nat -A prerouting_wan -d $IP -p udp -m multiport --dports 49680 -j DNAT --to 192.168.1.103
iptables        -A forwarding_wan -p udp -m multiport --dports 49680 -d 192.168.1.103 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p udp -s 192.168.1.0/24 -d 192.168.1.103 -m multiport --dports 49680 -j SNAT --to-source 192.168 1.1
#192.168.1.104
iptables -t nat -A prerouting_wan -d $IP -p tcp -m multiport --dports 49685 -j DNAT --to 192.168.1.104
iptables        -A forwarding_wan -p tcp -m multiport --dports 49685 -d 192.168.1.104 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p tcp -s 192.168.1.0/24 -d 192.168.1.104 -m multiport --dports 49685 -j SNAT --to-source 192.168 1.1
iptables -t nat -A prerouting_wan -d $IP -p udp -m multiport --dports 49685,49687 -j DNAT --to 192.168.1.104
iptables        -A forwarding_wan -p udp -m multiport --dports 49685,49687 -d 192.168.1.104 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p udp -s 192.168.1.0/24 -d 192.168.1.104 -m multiport --dports 49685,49687 -j SNAT --to-source 1 2.168.1.1
iptables -t nat -A prerouting_wan -d $IP -p tcp --dport 6891:6900 -j DNAT --to 192.168.1.104
iptables        -A forwarding_wan -p tcp --dport 6891:6900 -d 192.168.1.104 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p tcp -s 192.168.1.0/24 -d 192.168.1.104 --dport 6891:6900 -j SNAT --to-source 192.168.1.1
iptables -t nat -A prerouting_wan -d $IP -p udp --dport 6891:6900 -j DNAT --to 192.168.1.104
iptables        -A forwarding_wan -p udp --dport 6891:6900 -d 192.168.1.104 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p udp -s 192.168.1.0/24 -d 192.168.1.104 --dport 6891:6900 -j SNAT --to-source 192.168.1.1

### DMZ
## -- Connections to ports not handled above will be forwarded to 192.168.1.2
# iptables -t nat -A prerouting_wan -j DNAT --to 192.168.1.2
# iptables        -A forwarding_wan -d 192.168.1.2 -j ACCEPT

Thank you in advance.

Post #2
Weedy
23 Jan 2007, 10:13

qos-scripts also need a manual "qos-start"

The discussion might have continued from here.