DD-WRT Access to LAN ressources

Hi there,

-The website is locally hosted on the LAN, which is available from the Internet
-From the LAN and using a web browser,  I enter the FQDN of that website
-The packets goes to the default gateway, most likely out on the Internet but don't come back to the LAN.  So therefore, from the LAN, I am unable to access the website.

I remember, a few years ago, I enabled something (I think it was a simple check box but not sure) in DD-WRT that was making the packets route back to the LAN were I was able to see a locally hosted website from the LAN.  But I don't remember how I did this.

Thanks for your help,

LVL 10
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan CraciunIT ConsultantCommented:
You need a rule for hairpin NAT. Some DD-WRT firmware don't have it enabled by default.

Add this to your iptables rules:
iptables -t nat -I POSTROUTING -o br0 -s -d -j MASQUERADE

Open in new window

Obviously, change to your internal IP class.

LE: or you can update DD-WRT to a newer version.

ReneGeAuthor Commented:
Hi Dan,

Thanks for your prompt reply and sorry for taking so long.

Here is the version I use:
Firmware: DD-WRT v24SP2-MULTI (09/27/12) std

When you make reference to updating the firmware, does this includes mine, and how would that help me to resolve this need?

Can you please tell me how do I run this command line? Is it by adding a cron job?

Also, I find that it does not work and causes problems for whatever reason, should i just disable that cron job?

Thanks and cheers,
Dan CraciunIT ConsultantCommented:
1. Security->Firewall->Filter WAN NAT redirection. Make sure it's disabled.
2. Use the iptables rule in Administration->Commands->Firewall Scripts

This says the complete script is:
insmod ipt_mark 
insmod xt_mark 
iptables -t mangle -A PREROUTING -i ! `get_wanface` -d `nvram get wan_ipaddr` -j MARK --set-mark 0xd001 
iptables -t mangle -A PREROUTING -j CONNMARK --save-mark 
iptables -t nat -A POSTROUTING -m mark --mark 0xd001 -j MASQUERADE

Open in new window

But the one-liner in my original answer should work also.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

ReneGeAuthor Commented:
By disabling NAT redirection; will the ports i setup uo to be forwarded through NAT port forwarding still work?

Dan CraciunIT ConsultantCommented:
You're not disabling NAT redirection.
Filter WAN NAT Redirection Prevents hosts on LAN from using WAN address of router to contact servers on the LAN (which have been configured using port redirection)
Meaning it disables hairpin NAT.
ReneGeAuthor Commented:
Hi Dan,

Sorry for the late response.

I sill did not have a chance to try your solution.  I'll accept it and if I have more questions, I'll let you know.

Thanks and cheers,
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.