Port Forwarding through newer dd-wrt router firmware

I have a new Netgear WNDR3700v2 Dual Channel Router & dd-wrt build 17201 is still broke, GOTCHA!

Lifted almost verbatim from Sean Furukawa's Workaround: Fix dd-wrt Port Forwarding on Netgear WNDR3700 build 16785 article on his blog at www.seanfurukawa.com.

As he phrases it: "So it would appear that there is a bug in the dd-wrt build 16785 (and probably several versions older) on the Netgear WNDR3700. Basically you can set as many Port Forwarding rules you want and they will not work." I have also verifed the problem exists with the WNDR3700v2 running the current build 17201 as well!

He points out that the problem appears to stem from a loopback issue identified for dd-wrt r15760 and later. Both he and I have verified that once the following "Original Fix" actions are taken, port forwarding works! The loopback issue is mentioned in the dd-wrt Port Forwarding Troubleshooting Guide, but the guide does not make clear the extent of it’s impact.

The Original Fix:

• Telnet or SSH to the router
• If you are using the default 192.168.1.x subnet issue the following command:

iptables -t nat -I POSTROUTING -o br0 -s 192.168.1.0/24 -d 192.168.1.0/24 -j MASQUERADE

• If not, you can substitute your proper subnet for the "192.168.1.0/24" or you can in use the generic commands:

LAN=`nvram get lan_ipaddr`/`nvram get lan_netmask`
iptables -t nat -I POSTROUTING -o br0 -s $LAN -d $LAN -j MASQUERADE

Better Fix (if you use QoS stuff):

• Save the following commands to the Firewall Script on the Administration->Commands page to fix the port forwarding/loopback probem. This is extracted from dd-wrt Trouble Ticket #1868 and also addresses most if not all of the QoS issues associated with the first fix.

insmod ipt_mark 
insmod xt_mark 
iptables -t mangle -A PREROUTING -i ! `get_wanface` -d `nvram get wan_ipaddr` -j MARK --set-mark 0xd001 
iptables -t nat -A POSTROUTING -m mark --mark 0xd001 -j MASQUERADE