how-to block ads
|
scrotos
join:2009-05-17
Denver, CO
| [ActionTec] GT724WGR - Mapping multiple WAN IPs to my LAN
I just got a new GT724WGR to replace my aging Zyxel Prestige 660HW-61 which was getting 20% packet loss (I guess when they start to die, they start getting PL problems). Here's how my old network was set up:
10.0.0.1 - dsl modem/router
10.0.0.2 - machine with a static IP
10.0.0.3 - machine with a static IP
10.0.0.33 to 10.0.0.64 - DHCP pool
So I have 3 static IPs and they aren't in a block; they are just kind of random. I had them assigned in the Zyxel as thus:
10.0.0.1 = x.x.110.18
10.0.0.2 = x.x.110.230
10.0.0.3 = x.x.110.163
I didn't do anything with a DMZ or any of that stuff, it was some type of 1 to 1 NAT setup that I did 4 or 5 years ago so I barely remember what I did (might have been something in Zynos CLI, can't recall). With the Actiontec, I currently have:
10.0.0.1 - dsl modem/router (x.x.110.18)
10.0.0.2 - (stuck with x.x.110.18)
10.0.0.3 - (stuck with x.x.110.18)
10.0.0.33 to 10.0.0.64 - DHCP pool (using x.x.110.18)
Looking at the web interface and looking in the manual, nothing immediately pops out to me that does what I'm hoping it does. I see a bunch of stuff for port forwarding, but I don't want port forwarding, I guess I want some type of IP forwarding.
I sent a help request to Actiontec, but I'm thinking I might have more luck here. It was here that I found out about this model of Actiontec being pretty good and the reason why my first attempt to replace my Zyxel, a Zoom X5, was having problems--not enough NAT sessions was knocking my other machines off the network whenever I queried for Quake 3 game servers. Most people have that problem with BitTorrent, I get it with a 10 year old game. Sheesh!
I notice that the Actiontec has a telnet interface running Busybox, so maybe there's some CLI tomfoolery I can do to get things working how I want. However, I'm not really familiar with Busybox so I have no idea what I'm doing there.
So for anyone in the know with this router, I guess my questions boil down to these:
1) Can the GT724WGR do 1-to-1 IP mapping like the Zyxel?
2) If so, how?
Thanks for your time! | |
easyed
join:2009-05-16
| I had fooled around with one of these last year for a bit. From what is remembered, there is no 1 to 1 IP mapping function.
Did you get it at Best Buy?  I would be looking for a high performance dual WAN ADSL 2+ router. The Zyxel P 663 H comes to mind. | |
scrotos
join:2009-05-17
Denver, CO
| Yup, got it at Best Buy. Wanted immediate gratification and Amazon was close enough in price that I decided to go local. I actually replaced a Zyxel 660HW with this Actiontec. Hrm. I just threw out the box for the Actiontec thinking that I'd found The One. DOH.
I guess in the US, the product was called P-663H-51 though on Zyxel's site it doesn't look like they sell DSL modems anymore? Oh no wait, it's under "Service Provider" instead of "Business" or "Consumer". Yeah, ok.
I don't really need two ADSL interfaces as my old Zyxel only had 1 and did 1-to-1 NAT just fine. And doing a search, I don't see Best Buy selling any Zyxel, nor Micro Center, nor Newegg (they have a bunch of ZyWALL stuff, but no DSL modems). I guess I could get another 660HW for around the same price as the Actiontec ($80 or so) off of Amazon. The 663H is like $250 and I'd be paying for features I wouldn't use.
Still, I'm pleased enough with the Actiontec so would love to know how to tweak it to do what I want, if at all possible. I'm thinking it'll be something on the CLI, if it's possible. I guess if push comes to shove I can just port forward all http to the machine I want to host a website off of and just change my external IP or the DNS to point to where I need it to. Would be inelegant, though.
Hehehe Whalers! | |
scrotos
join:2009-05-17
Denver, CO
| reply to scrotos
Thanks to a very smart pal of mine, this should work for my purposes:
telnet into the router, in my case:
telnet 10.0.0.1
Then, type the following commands:
ifconfig nas0:1 x.x.110.163 netmask 255.255.255.0
iptables -t nat -A PREROUTING -i nas0 -d x.x.110.163 -j DNAT --to-destination 10.0.0.3
First line adds an additional external IP to nas. The second line does a 1:1 NAT of that IP to whatever internal IP I wanted. To confirm that it took, you can check with the following:
iptables -t nat -L -v -n --line-numbers
Though it line-wraps badly, just copy the whole thing into Notepad and you should get something that looks like this:
# iptables -t nat -L -v -n --line-numbers
Chain PREROUTING (policy ACCEPT 572K packets, 47M bytes)
num pkts bytes target prot opt in out source destination
1 203 12612 DNAT all -- nas0 * 0.0.0.0/0 x.x.110.163 to:10.0.0.3
Also, bear in mind that currently if you power cycle, all these changes will be lost. I think you need to edit the /etc/init.d/rcS file, but the filesystem is mounted as read-only. And if I remount it as read-write, I still get a permission error. Else I would cp rcS rcS.bak and then do a cat to add these lines to the end.
So I guess that's a to-do for me. And of course, the web interface will not show any of this routing or the additional IP you added, so don't worry about that. When I added the ip to nas0:1, I momentarily lost connection, but it popped back up in a second. | |
scrotos
join:2009-05-17
Denver, CO
| reply to scrotos
So, sent an email to Actiontec tech support on the off chance that they'd be able to suggest a way to edit that config file or any config file and got a generic "don't touch anything or you'll void your warranty" response. Bummer.
I pointed them towards this thread so they could see what I'm trying to do, but not sure if they read it. If this stuff could be set via their web interface, I wouldn't be dinking around in telnet manually typing in iptables stuff, but what can ya do.
At least I have the ability to get things working how I want. If I have to reapply this stuff after power cycling, so be it. Not a huge problem, really! If I happen upon a way to save the configs, I'll post it here, but I'll probably be lazy and not actively seek out a solution. I'm about 95% of the way solved with my original problem and the remaining 5% isn't a big deal. | |
-
|
