OpenWrt Forum Archive

Topic: LAN Server see all WAN clients as LAN Router IP

The content of this topic has been archived on 26 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
SomeoneOnLine
8 Mar 2018, 06:50

So I am not sure why this is happening. But it started when I added after I added a second router/netgear wndr3700v4 ontop of my isp provided router. The main reason I did this is because I wanted to separate my home lan clients from the isp provided and managed router. I whipped up a quick and dirty diagram of how my home network is setup. My intention is to not have anything on my ISP provided router LAN except my Netgear router. I have a few ports forwarded on my Netgear and they are working just fine.

Basically what is happening is that on my Home Server (10.1.1.222) which is running windows os which is acting as a web/ftp and about a dozen other web accessible services that have log files log all the remote clients DNS name and or IP as being that of my LAN router IP which is 10.1.1.1 which makes it hard to filter spam bots and people trying to bruteforce there way into my ftp server etc..this is the case regardless of which server app is running on my server so im thinking its something to do with my setup and or DNS or routing perhaps?

Sorry for the choppy url. it would not let me post a link. and I was not sure how else to provide a visual of my setup. Any help is greatly appreciated.

~SOL

(Last edited by SomeoneOnLine on 8 Mar 2018, 08:56)

Post #2
eduperez
8 Mar 2018, 07:51

I think you may have configured the firewall in the internal router to source-NAT the connections to the server. Post your /etc/config/firewall file here, or look for a "SNAT" target in that file.

Post #3
SomeoneOnLine
8 Mar 2018, 08:40

I searched the entire file and did not find a single entry for SNAT. For each port forward I have setup they are basically set as below with the port being different for each different port forward.

config redirect
    option target 'DNAT'
    option src 'wan'
    option dest 'lan'
    option proto 'tcp udp'
    option src_dport '8080'
    option dest_ip '10.1.1.222'
    option dest_port '8080'
    option name '8080'

Post #4
SomeoneOnLine
8 Mar 2018, 08:59

Thank you for the info. That did send me down the firewall path. which let me to find "Masquerading" set for my LAN firewall. Once I unchecked it client connections show with the correct public IP/DNS name. Saweeet. Thanks for jump starting me in the right direction. This has been driving me nuts for a while now. smile

~SOL

The discussion might have continued from here.