Where does the WL700g do NAT?

[kfurge]

After browsing google for a while, it appears to me that it's common under linux to do NAT via iptables. After looking at /tmp/firewall_rules, I noticed that no rule exists to divert packets into the nat table (via -t nat).

Does anyone know where the box is actually doing the NAT function?

Most all of my experience comes from FreeBSD, which is not very helpful here since iptables / ipfw + divert sockets are quite different.

- K.C.

P.S. After further though, this should probably have been posted in Q&A since there are a lot of custom firmware questions there, but I'll see what happens here.

[kfurge]

If anyone cares, I figured it out. To look at the NAT tables, you need to do "iptables -t nat --list".

The files /tmp/nat_rules and /tmp/nat_forward_rules (DUH!) show what the firmware fed into iptables.

I'm probably the last person to know that doing "iptables --list" only shows the standard firewall rules... ;-)

- K.C.

[hmantsao]

You can use "iptables -L " to see the iptable list , more detail can use "iptables -h",

Or see the iptables rules in /tmp/filter_rules. but where is the file which load on booting ? i also don't know when i try to found out the file yesterday.If anybody know , please let me know becase i want to open some ports for special software. I need telnet into router and type the rules each time.

[kfurge]

Yes. -L is the same as --list. However, that alone did not show me the nat tables. To see them, you need to add "-t nat" to "-L".

Regarding your port forwarding, I'm currently configuring this through the web interface. Go into Advanced->Nat->DMZ. Type in the WAN port you want redirected, then the internal IP and port to redirect to.

For instance, I'm redirecting incoming WAN port 80 to internal LAN port 192.168.1.1:8081 and WAN port 22 to 192.168.1.1:22. If you don't fill out the WAN port IP address, which can change with DHCP, the NAT rule will default to "anywhere".

Now on my box, both web serving and ssh are accessable from the outside. I confirmed the iptables rules are what I expected.

- K.C.

[costinel]

You can use "iptables -L " to see the iptable list , more detail can use "iptables -h",

Or see the iptables rules in /tmp/filter_rules. but where is the file which load on booting ? i also don't know when i try to found out the file yesterday.If anybody know , please let me know becase i want to open some ports for special software. I need telnet into router and type the rules each time.

edit kfurge's rc.local and add (at the end):

iptables -I INPUT -p tcp --dport INSERT-YOUR-PORT-NUMBER-HERE -j ACCEPT

for a detailed iptables description, check http://www.linuxguruz.com/iptables/howto/
for a quick intro, check http://www.cse.msu.edu/~minutsil/iptables.html

[markc]

Now on my box, both web serving and ssh are accessable from the outside. I confirmed the iptables rules are what I expected.

How are you running a sshd daemon on your WL-700gE ?

[gratitude182]

you have to install a the custom firmware from kfurge. look at

http://www.wl500g.info/showthread.php?t=7109

http://home.comcast.net/~kfurge/wl700ge.html

grat182