NATting Multiple Subnets on DD-WRT

Wanted to share an issue that hit my homelab setup the past two weeks. I’ve completed my network setup using my new Cisco SG300-20 L3 switch. My setup is very similar to Vladan’s post where we used the same L3 switch and placed a DD-WRT router (mine’s a Buffalo WZR-HP-G300NH2) in between the Internet router and the Cisco SG300 switch. The reason being my Internet router does not support static routes. So the plan is to use NAT to allow internet access from within the management and VM subnets in the Cisco SG300 switch. My network looks like this:

Cisco SG300-20 L3 switch:

VLAN_10 (Management network):10.10.10.x/24
VLAN_20 (Storage network): 10.10.20.x/24
VLAN_30 (vMotion network): 10.10.30.x/24
VLAN_40 (VM network): 10.10.40.x/24

DD-WRT Router:

WAN_Side (To Internet router): 192.168.11.28/24
LAN_Side: 10.10.10.2/24

I only needed internet access on my¬† management and VM networks, so I have set up the static routes from within the DD-WRT to allow traffic to route back to the VLAN_interfaces of the Cisco SG300 switch. Initially I have tested with the VM’s inside the management network and internet access worked fine so I thought I’m good already. Then when I started running VM’s inside my VM network, this is when I found out that it can access all other configured networks except the internet.

Now I am very new to DD-WRT and I don’t have prior experience using it but I suspect something is wrong with it and why it only translates my management network. But I can say that persistence always pays off as I searched and searched and try to find out similar issues from within the net and finally found this article at around the 10th page of my Google search. Turns out that by default, DD-WRT only translates traffic from the first network. This is the reason why my management network is working fine. To be able to allow NAT for my VM network, I pasted the command in DD-WRT’s gui to edit the firewall rule as suggested by Patrik’s blog:

iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT –to `nvram get wan_ipaddr`

ddwrt

This resolved my issue and now all my VM’s are able to access the internet.

Advertisements