[OpenWrt-Devel] External (public) IP forwarded to internal LAN [SOLVED]
Angelo Corsaro
corsaroangelo at gmail.com
Fri May 15 04:35:15 EDT 2015
Hi Lars,
following your directions I played with the buttons, options but I
haven't found the solution.
I left the checkbutton MASQUERADE only for the internal lan, but always
I haven't the "right" behaviour.
On 15/05/2015 00:45, openwrt-devel-request at lists.openwrt.org wrote:
>> Here is the lan postrouting taken from the above:
>>
>> Chain zone_lan_postrouting (1 references)
>> pkts bytes target prot opt in out source destination
>> 12 860 postrouting_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0
>> 12 860 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0
>>
>> The last line should be the problem: every packet heading for the lan zone
>> (e.g. your webserver) will be masqueraded (SNAT).
>> Maybe you enabled the masquerading checkbox in the firewall config for this
>> interface?
>>
>> The content of /etc/config/firewall would probably show the root cause (in case
>> my above guess is wrong).
>>
>> cheers,
>> lars
>>
>>
Checking another firewall script, I found an interesting rule:
Chain POSTROUTING (policy ACCEPT 98070 packets, 12M bytes)
pkts bytes target prot opt in out source destination
215K 17M MASQUERADE all -- * *eth1* 0.0.0.0/0 0.0.0.0/0
so all address are masquerade only for the destination eth1.
So I issued
iptables -t nat -D zone_lan_postrouting -j MASQUERADE
iptables -t nat -A zone_lan_postrouting -j MASQUERADE -o pppoa-wan
and my webserver is logging the source address.
Doest this is an error or normal behaviour of fw3 ?
Cheers
Angelo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20150515/ade8cb5b/attachment.htm>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list