one to one NAT routing

[wesleyh]

I have 5 static IP addresses from my ISP. I would like to use Gargoyle to do a one to one NAT routing how can this be done? also with the new IPV6 my ISP is starting to offer IPV6 IP's also can you please tell me how i can do this? DD-WRT could but they have way to many problems with the wireless AR71XX right now to even halfway usefull

I really lik eGargoyle and I would like to see this really get up there in features like DD-WRT has. this would make this a great product.

[wesleyh]

bump. anyone have an idea? I would like to use my 5 isp static address to pass through the routers to my systems.

[caeci11ius]

Hi wesleyh, I can't speak for Eric, but I imagine that given what you're looking for here is pretty obscure, he'd probably find it to be lower priority than some of the other stuff he's working on. That said, I'm sure you'd be welcome to work on it yourself, and it can probably be done with the underlying OpenWRT software (as it is very, very flexible and powerful). You might even be able to configure it so that it runs underneath Gargoyle, though of course you won't have a pretty GUI to control it with if you do that...

Assuming you're not a developer, if you can at least find details on how to set it up and provide those, then you'll perhaps have better luck (though probably not much) getting someone to do you a GUI page for it...

I suppose the other question is, does the LUCI interface for bog standard openWRT have a configuration page for it? You might find that better suits your needs (assuming you don't need one of the unique Gargoyle features like WAN only quotas/metering).

[mix]

I would certainly disagree that one to one NAT routing is a obscure feature. This is one of the most requested features in dd-wrt for anyone with a static ip block from their isp. It is quite easy to implement, so I have no idea why it has never been included. This is another feature that would set Gargoyle apart (make it better) than dd-wrt. Essentially all one would have to do is to reserve a nat ip address by mac address, add a virtual interface(s) to the wan port and add a couple of iptables rules to forward inbound traffic to the nat ip address, and outbound traffic back to the public ip address. The reserve nat ip address by mac address already exists in the web interface, all that is missing is the two iptables rules and the addition of a web interface for it.

wesley, this is how you do it on dd-wrt:

http://www.dd-wrt.com/wiki/index.php/One-to-one_NAT

[DoesItMatter]

You should be able to do most or all of the iptables rules already.

But you have to do it via command line.

Don't fear the CLI! OpenWRT is at the heart of Gargoyle and
by default, usually doesn't include the LuCI GUI.

IF in doubt - backup your config first, then try the iptables rules.

Adding iptables rules is more advanced user stuff, so I'm not sure
if it would be a good thing to add to the GUI.

I've used and perused the DD-WRT forums for years and I do like
DD-WRT for all its advanced features and so many configurable options,
but that is also one of its down-falls. There are so many options to
configure that many new users can really screw up a router with
settings they should have never touched in the first place.

Gargoyle keeps it simple yet powerful enough for most everyday stuff.

[Tank_Killer]

Also it seems DD-WRT builds have gone stagnant, I can only speak for my Atheros WNDR3700v1.

[wesleyh]

can we add this as a feature request to be added to a GUI. there is not really good information about this and has been one long ongoing issues to get them right using IPTables. I still have not got them working correctly.

[nate]

Taking the example from DD-WRT it does work with Gargoyle!


I have a block of 4 extra ip addresses from my ISP e.g. 8.8.8.0/30
Range: 8.8.8.0 - 8.8.8.3
IP Addresses: 4
Mask: 255.255.255.252/30
8.8.8.1 and 8.8.8.2 are useable.

Assign 8.8.8.1 to FTP server at 192.168.0.40
Assign 8.8.8.2 to mail server at 192.168.0.60

Startup Script - add ip aliases to wan interface. The 'get_wanface' variable used in the dd-wrt example didn't work so you may need to look up your wan interface name with ifconfig and replace pppoe-wan with your name. Broadcast address and netmask can be calculated here

vim /etc/rc.local

Code: Select all

ifconfig pppoe-wan:1 8.8.8.1 netmask 255.255.255.252 broadcast 8.8.8.3
ifconfig pppoe-wan:2 8.8.8.2 netmask 255.255.255.252 broadcast 8.8.8.3

Firewall Script - set up routes and port forwarding.

vim /etc/firewall.user

Code: Select all

iptables -t nat -I PREROUTING -d 8.8.8.1 -j DNAT --to 192.168.0.40
iptables -t nat -I POSTROUTING -s 192.168.0.40 -j SNAT --to 8.8.8.1
iptables -I FORWARD -d 192.168.0.40 -p tcp --dport 21 -j ACCEPT

iptables -t nat -I PREROUTING -d 8.8.8.2 -j DNAT --to 192.168.0.60
iptables -t nat -I POSTROUTING -s 192.168.0.60 -j SNAT --to 8.8.8.2
iptables -I FORWARD -d 192.168.0.60 -p tcp --dport 443 -j ACCEPT
iptables -I FORWARD -d 192.168.0.60 -p tcp --dport 25 -j ACCEPT

Would be nice to have a place in the GUI to add startup and firewall scripts like dd-wrt has. Please consider devs!