Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Dray]

So take a copy of the config before you make the changes
Make the changes
Take another copy
Do a diff

[SignedAdam]

Code: [Select]

DD-WRT v3.0-r29300M kongac (c) 2016 NewMedia-NET GmbH
Release: 03/27/16

DD-WRT login: root
Password:
==========================================================

     ___  ___     _      _____  ______       ____  ___
    / _ \/ _ \___| | /| / / _ \/_  __/ _  __|_  / / _ \
   / // / // /___/ |/ |/ / , _/ / /   | |/ //_ <_/ // /
  /____/____/    |__/|__/_/|_| /_/    |___/____(_)___/

                       DD-WRT v3.0
                   http://www.dd-wrt.com

==========================================================


BusyBox v1.24.1 (2016-03-27 01:26:48 CET) built-in shell (ash)

root@DD-WRT:~# sh


BusyBox v1.24.1 (2016-03-27 01:26:48 CET) built-in shell (ash)

root@DD-WRT:~# ash


BusyBox v1.24.1 (2016-03-27 01:26:48 CET) built-in shell (ash)

root@DD-WRT:~# busybox
BusyBox v1.24.1 (2016-03-27 01:26:48 CET) multi-call binary.
BusyBox is copyrighted by many authors between 1998-2015.
Licensed under GPLv2. See source distribution for detailed
copyright notices.

Usage: busybox [function [arguments]...]
   or: busybox --list
   or: function [arguments]...

        BusyBox is a multi-call binary that combines many common Unix
        utilities into a single executable.  Most people will create a
        link to busybox for each function they wish to use and BusyBox
        will act like whatever it was invoked as.

Currently defined functions:
        [, [[, adjtimex, arp, arping, ash, awk, basename, bash, blkid, bunzip2,
        bzcat, cat, chattr, chgrp, chmod, chown, chroot, clear, cmp, cp, cut,
        date, dc, dd, df, dirname, dmesg, dnsdomainname, du, echo, egrep, env,
        expr, false, fdisk, fgrep, find, free, fsck, ftpget, ftpput, getopt,
        grep, gunzip, gzip, halt, hdparm, head, hexdump, hostname, hwclock, id,
        ifconfig, ifdown, ifup, insmod, install, kill, killall, klogd, less,
        ln, logger, login, logread, ls, lsattr, lsmod, lsusb, lzcat, md5sum,
        mesg, mkdir, mkdosfs, mkfifo, mkfs.vfat, mknod, mkswap, modprobe, more,
        mount, mv, nameif, nc, netstat, nice, nohup, nslookup, pidof, ping,
        ping6, pivot_root, poweroff, printenv, printf, ps, pwd, reboot, renice,
        reset, rm, rmdir, rmmod, route, run-parts, rx, sed, sendmail, seq, sh,
        sha1sum, sleep, sort, strings, stty, swapoff, swapon, sync, sysctl,
        syslogd, tail, tar, taskset, tee, telnet, telnetd, test, tftp, time,
        top, touch, tr, traceroute, traceroute6, true, tty, tune2fs, udhcpc,
        umount, uname, uniq, unlzma, unxz, uptime, usleep, uudecode, uuencode,
        vconfig, vi, watch, wc, wget, which, whoami, xargs, xzcat, yes, zcat

root@DD-WRT:~# SH
ash: SH: not found
root@DD-WRT:~# ifconfig
br0       Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11869567 errors:0 dropped:28934 overruns:0 frame:0
          TX packets:20043330 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:928534634 (885.5 MiB)  TX bytes:25902818991 (24.1 GiB)

br0:0     Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
          inet addr:169.254.255.1  Bcast:169.XXX.XXX.XXX  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0      Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:24025095 errors:0 dropped:493 overruns:0 frame:0
          TX packets:16952201 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:897072629 (855.5 MiB)  TX bytes:2768837734 (2.5 GiB)
          Interrupt:179 Base address:0x4000

eth0:1    Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
          inet addr:192.168.2.253  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:179 Base address:0x4000

eth1      Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6168246 errors:0 dropped:0 overruns:0 frame:5126990
          TX packets:12622684 errors:43 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:525031461 (500.7 MiB)  TX bytes:3867387064 (3.6 GiB)
          Interrupt:163

eth2      Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2160017 errors:0 dropped:0 overruns:0 frame:416585
          TX packets:3564760 errors:3185 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:268946539 (256.4 MiB)  TX bytes:3739129931 (3.4 GiB)
          Interrupt:169

imq0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
-00
          UP RUNNING NOARP  MTU:1500  Metric:1
          RX packets:15499849 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15465241 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:30
          RX bytes:3037063025 (2.8 GiB)  TX bytes:2983042026 (2.7 GiB)

imq1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
-00
          UP RUNNING NOARP  MTU:1500  Metric:1
          RX packets:966357 errors:0 dropped:0 overruns:0 frame:0
          TX packets:966892 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:30
          RX bytes:179738762 (171.4 MiB)  TX bytes:179776914 (171.4 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING MULTICAST  MTU:65536  Metric:1
          RX packets:137 errors:0 dropped:0 overruns:0 frame:0
          TX packets:137 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:19560 (19.1 KiB)  TX bytes:19560 (19.1 KiB)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:217.XX.XXX.XXX  P-t-P:XXX.XX.XX.X  Mask:255.255.255.255
          UP POINTOPOINT RUNNING MULTICAST  MTU:1492  Metric:1
          RX packets:19871692 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11456921 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:25598767757 (23.8 GiB)  TX bytes:873321645 (832.8 MiB)

vlan1     Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4108763 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5453958 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:377432945 (359.9 MiB)  TX bytes:5869382578 (5.4 GiB)

vlan2     Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:19915136 errors:0 dropped:53 overruns:0 frame:0
          TX packets:11498243 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:25759774032 (23.9 GiB)  TX bytes:1126613648 (1.0 GiB)
Which ones my WAN port, Would I use :

Code: [Select]

ifconfig eth0:1 192.168.3.253 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253

as well ? or do i need to change it to

Code: [Select]

ifconfig br0:1 192.168.3.253 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253


[Chrysalis]

yeah on pppoe the ppp interface has the wan ip. Trial and error, it be one of the vlan's or eth devices you need to bind the new subnet to, try one at a time until it works.  You need to do some of this yourself.

--edit--

My guess is it is vlan2. As the data stats are very close to ppp0.

ifconfig vlan2:1 192.168.3.253 netmask 255.255.255.0

you dont need the iptables command for the router to ping the hg612, so you can test very quickly just by binding the ip and then pinging from the router providing you have either disabled the hg612 firewall or added the rules I provided.

[SignedAdam]

so ?

Code: [Select]

ifconfig ppp0:1 192.168.3.253 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253
is the correct command for my router/setup,

[Chrysalis]

dont add it to ppp

[SignedAdam]

Code: [Select]

ifconfig br0:1 192.168.3.253 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253
br0 is it then ? wont that change the routers address as well

[Chrysalis]

reboot the router

to clear everything you done.

then run the vlan command I gave you, disable firewall on hg612 and add to br1 on hg612.

After those 3 steps the router should be able to ping the hg612, if it works, then all you need is the iptables command on the router to give rest of your lan access.

The bad news is, is that it seems ddwrt has a similar setup to tomatousb, as when I used tomatousb it was also vlan2, and everytime ppp recconnects vlan2 gets reset.  So you will need to add an automated command on ddwrt to run the ifconfig command whenever wan initiates.

and believe me given the trouble of you getting this right, if it was possible in the gui I would have done it that way.

[SignedAdam]

people are using the network at the moment, so i will try this tonight or tomorrow, thank you for your help so far

[SignedAdam]

Modem HG612
1) connect to modem port 2, change ethernet address of the computer to 192.168.1.100
2) install telnet windows feature (addon)
3) open admin command prompt
4) telnet 192.168.1.1

iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p ICMP -j ACCEPT
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 80 -j ACCEPT
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 23 -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p ICMP -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 80 -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 23 -j ACCEPT
ifconfig br1 192.168.3.1 netmask 255.255.255.0

Router Netgear R7000
1) connect over wifi,
2) login to router,
3) go to the command line and enter
ifconfig vlan2:1 192.168.3.253 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253

when i went to 192.168.3.253, i ended up seeing my routers user interface, so i went back over the ethernet to the modem, and changed its Local IP Address to 192.168.3.253, connected over wifi and ended up seeing my router again, please could you be deataled, in your reply, and list exactly what to do, talk to me like i'm a n00b, just as ive layed it out here

[Chrysalis]

did you get an error running the iptables command?

In all honesty I cannot say how every single router on the market works when not using that router, to see your router's interface is odd, netgear may be using a lazy method of listening on all ip's for their interface but something isnt working right for sure.

You need to check if you can ping the hg612 192.168.3.1 ip from your router

and also you bodged it up do NOT change the main ip on the hg612 to 192.168.3.1, change the main lan ip back to 192.168.1.1 as you assigned the same ip to two interfaces, after verify if the new ip is still bound to br1.

You need to do some reading and research and figure some things out yourself, sorry I cannot really help more than i already have done.

also run this command on your netgear to verify it functions as expected.

nvram get lan_ipaddr

[Chrysalis]

so

Code: [Select]

Modem HG612
1) connect to modem port 2, change ethernet address of the computer to 192.168.1.100
2) install telnet windows feature (addon)
3) open admin command prompt
4) telnet 192.168.1.1

iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p ICMP -j ACCEPT
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 80 -j ACCEPT
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 23 -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p ICMP -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 80 -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 23 -j ACCEPT
ifconfig br1 192.168.3.1 netmask 255.255.255.0

Router Netgear R7000
1) connect over wifi,
2) login to router,
3) go to the command line and enter
ifconfig vlan2:1 192.168.3.253 netmask 255.255.255.0
ping 192.168.3.1 (if this fails there is no point in proceeding)
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253
Also on your pc you goto 192.168.3.1 not 192.168.3.253.

[SignedAdam]

1st photo i connect to the modem and entered the commands you see in the photo, after each command i got a (^)
2ed I connected to the router and entered the commands then tried ping, None were lost, but unreachable
3ed I entered the commands drirectly in to the routers interface, both the commands, i know the photo only shows one, but i did enter each one after the other, so the command in the photo is the last one, i tried a ping and ended up with the samething, when i went to 192.168.3.1, the page would just load then go black

after all that, i tried
iptables -t nat -I POSTROUTING -s ! $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253
to see if the old command would work,
not even that sorted the problem out

[SignedAdam]

when i look at the ip address, i see 192.168.3.253 also shows my routers ui, when i go to 192.168.3.2, nothing shows up, when i go to 192.168.3.1 nothing shows up

i've also done a ping test, which you can find in the attached images

[Chrysalis]

on the modem you havent typed 'sh' first to get into the shell.

you was told to do this many posts ago by someone else.

leave the router as it is.

when you login to the modem first run 'sh'.

you should see a busybox message.

then run the modem commands.

it looks like router is done correctly.

after you have done the modem then try the ping again.

the 192.168.3.253 router ui is expected, my earlier reply I didnt realise at first you tried .253 not .1, the .253 is bound to the router so obviously that wont reach the modem.

[SignedAdam]

That did the trick, how can we make it stick, we get alot of power cuts where i live, so anytime, the lights go out, so does all my work ?

Guide for the networking n00bs :

Modem HG612 (Alert, some browsers like firefox 64x wont be able to connect to the HG612 user interface, best use buggy internet explorer... or the lovely new edge)

1) connect to ethernet\lan port two on the modem, change ethernet IP address of the computer to 192.168.1.100 (Guide http://www.kitz.co.uk/routers/hg612unlock.htm thank you Kitz)
2) install telnet windows feature (addon) (Thanks Dray) http://www.technipages.com/windows-10-enable-telnet
3) open admin command prompt
4) enter : telnet 192.168.1.1 (Thanks olwalh)
5) Enter : sh (Thanks roseway + Dray)
6) Enter the following commands, one by one :

Code: [Select]

iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p ICMP -j ACCEPT
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 80 -j ACCEPT
iptables -I INPUT_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 23 -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p ICMP -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 80 -j ACCEPT
iptables -t nat -I PRE_SERVICE_ACL -i br1 -s 192.168.3.253 -p TCP --dport 23 -j ACCEPT
ifconfig br1 192.168.3.1 netmask 255.255.255.0
Router Netgear R7000 (dd-wrt)
1) connect over wifi, disconnect ethernet
2) login to router,
3) go to the command line and enter one by one :

Code: [Select]

ifconfig vlan2:1 192.168.3.253 netmask 255.255.255.0
iptables -t nat -I POSTROUTING ! -s $(nvram get lan_ipaddr) -d 192.168.3.0/24 -j SNAT --to 192.168.3.253
ping 192.168.3.1 (if this fails there is no point in proceeding)

go to 192.168.3.1 to see your hard work, if nothing shows, repeat the steps again, by turning off the router and modem, which will clear any of the previous mistakes you may have made, yes, that means if theres a power cut, you will have to repeat this Guide,

And a big thanks to Chrysalis, big respect

Admin\Mod may edit, My spelling and wording is atrocious