router <--> WAN not working

An area specifically for port forwarding, firewalls and other (on-line) security related issues.
Post Reply
sapek6
Newbie
Newbie
Posts: 6
Joined: Fri Jan 29, 2010 10:18 am

router <--> WAN not working

Post by sapek6 » Wed May 19, 2010 4:53 pm

I have D-Link DSL-G604T v2.93 firmware.
LAN -> WAN working
WAN -> LAN working
LAN -> router working
router -> LAN working
router -> WAN not working
WAN -> router not working

Ssh or web access to router from internet not working. Dynamic DNS from router also not working. etc.
How to enable it?

My firewall rules:

/var # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp echo-request state NEW
ACCEPT tcp -- xxx.xxxxxxxx.xxxxx.xx anywhere state NEW tcp dpt:ssh
DROP tcp -- xxx.xxxxxxxx.xxxxx.xx anywhere state NEW tcp dpt:8080
ACCEPT tcp -- xxx.xxxxxxxxl.xxxxx.xx anywhere state NEW tcp dpt:www
DROP all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere 192.168.111.11 udp dpts:6881:6889
ACCEPT tcp -- anywhere 192.168.111.11 tcp dpts:6881:6889
ACCEPT udp -- anywhere 192.168.111.11 udp dpt:4672
ACCEPT udp -- anywhere 192.168.111.11 udp dpt:4665
ACCEPT tcp -- anywhere 192.168.111.11 tcp dpt:4662
ACCEPT udp -- anywhere 192.168.111.11 udp dpt:3389
ACCEPT tcp -- anywhere 192.168.111.11 tcp dpt:3389
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
DROP all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- anywhere anywhere icmp destination-unreachable
DROP icmp -- anywhere anywhere state INVALID
/var #
mstombs
RouterTech Team
RouterTech Team
Posts: 3753
Joined: Wed Jan 10, 2007 11:54 pm

Re: router <--> WAN not working

Post by mstombs » Wed May 19, 2010 6:37 pm

Not too sure what you mean by WAN - is your DSL connection working?

WLAN is usually used for wireless lan

For remote access have you configured it via the web interface?

demo/2-7/remote-web-access.htm

and when you do be careful of testing remote access from the lan, you would need to enable "wan ip local nat loopback" localnat.sh to use the wan ip address from the lan.
sapek6
Newbie
Newbie
Posts: 6
Joined: Fri Jan 29, 2010 10:18 am

Re: router <--> WAN not working

Post by sapek6 » Wed May 19, 2010 7:40 pm

Of curse, I use a DSL connection (WAN - Wide Area Network, not wi-fi). When I try to run ftp, wget, updatedd etc. (via telnet on router from LAN) to internet, connection can't be established. Ping from router to any host in internet works good. I can't to connect to the router from internet also (ssh, web administration). "SSH Access Control" and "Remote Web Access" is enabled. Dynamic DNS on router not working. Unfortunately localnat.sh not solved my problem. Connection from LAN to internet and port forwarding working good. Sorry for my weak English.
mstombs
RouterTech Team
RouterTech Team
Posts: 3753
Joined: Wed Jan 10, 2007 11:54 pm

Re: router <--> WAN not working

Post by mstombs » Wed May 19, 2010 8:21 pm

OK I see the rules on iptables INPUT which suggests you have enabled remote access for specific hosts, so it should work, there should also be extra rules in "-t nat PREROUTING" which allow port 8080 etc to be used from WAN for the web interface.

ping from router to WAN works, so you have connectivity - does this work both by IP address and by name - confirming DNS working?

Some web sites working is usually an MTU issue, try lowering the value in the connection setup to 1400, can be increased to optimize later if this works.
sapek6
Newbie
Newbie
Posts: 6
Joined: Fri Jan 29, 2010 10:18 am

Re: router <--> WAN not working

Post by sapek6 » Wed May 19, 2010 10:20 pm

DNS working:
/var # ping google.com
PING google.com (74.125.79.147): 56 data bytes
64 bytes from 74.125.79.147: seq=0 ttl=53 time=70.000 ms
64 bytes from 74.125.79.147: seq=1 ttl=53 time=60.000 ms
64 bytes from 74.125.79.147: seq=2 ttl=53 time=60.000 ms
64 bytes from 74.125.79.147: seq=3 ttl=53 time=60.000 ms

--- google.com ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 60.000/62.500/70.000 ms
/var #

When I try to clear firewall ( iptables -F ) connection between internet and router still not working.
Post Reply