What's new

AC87U Asus Merlin interface source routing or One to One NAT

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

XabiX

Occasional Visitor
Hello Everyone,

1st of all, Happy New Year to all. I spent too much time during the holidays season to try to bound my ADSL with a 4G modem to increase my bandwitdh.

For doing so I I need to separate my access interfaces towards my NATted server who does mtcp so the sessions are not loadbalanced but cross shared between my different access networks.

Long story short, I did tweak my setup with:
Code:
ifconfig eth0:1 192.168.1.2 netmask 255.255.255.0 up
ifconfig br0:11 10.0.1.1 netmask 255.255.255.0 up
iptables -t nat -A POSTROUTING -o br0 -s 10.0.1.2 -j SNAT --to 192.168.1.2
iptables -t nat -A PREROUTING -i eth0 -d 192.168.1.2 -j DNAT --to-destination 10.0.1.2
iptables -A FORWARD -s 192.168.1.2 -j ACCEPT
iptables -A FORWARD -d 10.0.1.2 -j ACCEPT

ifconfig eth0:2 192.168.8.2 netmask 255.255.255.0 up
ifconfig br0:82 10.0.2.1 netmask 255.255.255.0 up
iptables -t nat -A POSTROUTING -o br0 -s 10.0.2.2 -j SNAT --to 192.168.8.2
iptables -t nat -A PREROUTING -i eth0 -d 192.168.8.2 -j DNAT --to-destination 10.0.2.2
iptables -A FORWARD -s 192.168.8.2 -j ACCEPT
iptables -A FORWARD -d 10.0.2.2 -j ACCEPT

My issue is that somehow the one to one NATTING between 192.168.1.2 and 10.0.1.2 + 192.168.8.2 and 10.0.2.2 doesn't seem to be enough (or I have it wrong).
So I needed to add routes on the router but I find out that we can't really have two default routes.
( route add default gw 192.168.1.1 dev eth0 && route add default gw 192.168.8.1 dev eth0)

So what I would need to king for source routing meaning that everything that arrives on br0:11 always exit on eth0:1 and same for br0:82 exiting on eth0:2

Basically I would need a one to one mapping either between the ip addresses (with routing between themselves) or a mapping between virtual interfaces direclty.

I am not an expert but I would expect that there should be a more easier way to achieve this, no?

BTW if possible I would like also the traffic between those mappings to be isolated but could find how to do that (maybe with vlans but it's port based rather than virtual interfaces based).

THANK YOU
Xavier

(PS: I did select br0:11 because at starts for a short time there is a br0:1 mounted with 1.1.1.1 address, not sure why we have this br0:0 virtual interface either ...)

Some sources I read:
http://www.snbforums.com/threads/configuring-multiple-static-wan-ips-through-one-to-one-nat.15300/
https://www.dd-wrt.com/wiki/index.php/One-to-one_NAT
http://www.snbforums.com/threads/vlans-on-merlin-mini-howto.20529/

ifconfig
br0 Link encap:Ethernet HWaddr 1C:B7:2C:C2:0D:B0
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1492 Metric:1
RX packets:24953 errors:0 dropped:0 overruns:0 frame:0
TX packets:15296 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1619834 (1.5 MiB) TX bytes:6257316 (5.9 MiB)

br0:0 Link encap:Ethernet HWaddr 1C:B7:2C:C2:0D:B0
inet addr:169.254.39.41 Bcast:169.254.39.255 Mask:255.255.255.0
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1492 Metric:1

br0:11 Link encap:Ethernet HWaddr 1C:B7:2C:C2:0D:B0
inet addr:10.0.1.1 Bcast:10.0.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1492 Metric:1

br0:82 Link encap:Ethernet HWaddr 1C:B7:2C:C2:0D:B0
inet addr:10.0.2.1 Bcast:10.0.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1492 Metric:1

eth0 Link encap:Ethernet HWaddr 1C:B7:2C:C2:0D:B0
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1492 Metric:1
RX packets:62310 errors:0 dropped:0 overruns:0 frame:0
TX packets:52315 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:13219641 (12.6 MiB) TX bytes:17228614 (16.4 MiB)
Interrupt:180 Base address:0x5000

eth0:1 Link encap:Ethernet HWaddr 1C:B7:2C:C2:0D:B0
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1492 Metric:1
Interrupt:180 Base address:0x5000

eth0:2 Link encap:Ethernet HWaddr 1C:B7:2C:C2:0D:B0
inet addr:192.168.8.2 Bcast:192.168.8.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1492 Metric:1
Interrupt:180 Base address:0x5000

eth1 Link encap:Ethernet HWaddr 1C:B7:2C:C2:0D:B0
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:6197
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:163

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:564 errors:0 dropped:0 overruns:0 frame:0
TX packets:564 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:97302 (95.0 KiB) TX bytes:97302 (95.0 KiB)

vlan1 Link encap:Ethernet HWaddr 1C:B7:2C:C2:0D:B0
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1492 Metric:1
RX packets:40087 errors:0 dropped:0 overruns:0 frame:0
TX packets:33115 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5126863 (4.8 MiB) TX bytes:13377349 (12.7 MiB)

wl0.1 Link encap:Ethernet HWaddr 1C:B7:2C:C2:0D:B1
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:6197
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.2.2 10.0.2.1 255.255.255.255 UGH 0 0 0 br0
10.0.1.2 10.0.1.1 255.255.255.255 UGH 0 0 0 br0
169.254.39.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.8.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

robocfg show
Switch: enabled
Port 0: 1000FD enabled stp: none vlan: 2 jumbo: on mac: 48:83:c7:38:0d:60
Port 1: DOWN enabled stp: none vlan: 1 jumbo: on mac: 00:00:00:00:00:00
Port 2: 1000FD enabled stp: none vlan: 1 jumbo: on mac: 42:42:42:f6:37:29
Port 3: 1000FD enabled stp: none vlan: 1 jumbo: on mac: ec:f4:bb:65:42:44
Port 4: DOWN enabled stp: none vlan: 1 jumbo: on mac: 00:00:00:00:00:00
Port 8: DOWN enabled stp: none vlan: 1 jumbo: on mac: 00:00:00:00:00:00
VLANs: BCM5301x enabled mac_check mac_hash
1: vlan1: 1 2 3 5 7t
2: vlan2: 0 7
1045: vlan1045: 2 5t 8t
1046: vlan1046: 1 3t 4t 5 7
1047: vlan1047: 0 1 2 3 5 8u
1099: vlan1099: 0 7
1100: vlan1100: 1t 3 4 5t 8u
1101: vlan1101: 0 1t 4t 7
1102: vlan1102: 1t 2t 3t 4t 7t
1103: vlan1103: 0t 2t 3 4 5 7

brctl show
bridge name bridge id STP enabled interfaces
br0 8000.1cb72cc20db0 no vlan1
eth1
wl0.1
 
Last edited:

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top