[OpenWrt-Devel] openwrt-devel Digest, Vol 113, Issue 43
Angelo Corsaro
corsaroangelo at gmail.com
Mon May 18 05:28:37 EDT 2015
Hi Lars,
here's my conf:
/etc/config/firewall
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '22'
option dest_port '22'
option name 'ssh'
option dest_ip '192.168.100.200'
option reflection_src 'external'
option reflection '0'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option dest_ip '192.168.100.200'
option dest_port '80'
option name 'Photo'
option src_dport '10080'
option proto 'tcp'
option reflection '0'
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option drop_invalid '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option mtu_fix '1'
option network 'wan wan6'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule
option target 'ACCEPT'
option src 'wan'
option dest_port '1022'
option name 'ssh_modem'
option proto 'tcp'
config forwarding
option dest 'wan'
option src 'lan'
/etc/firewall.user
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
iptables -t nat -D zone_lan_postrouting -j MASQUERADE
iptables -t nat -A zone_lan_postrouting -j MASQUERADE -o pppoa-wan
On 16/05/2015 12:00, openwrt-devel-request at lists.openwrt.org wrote:
> ------------------------------
>
> Message: 5
> Date: Sat, 16 May 2015 01:27:38 +0200
> From: Lars Kruse<lists at sumpfralle.de>
> To:openwrt-devel at lists.openwrt.org
> Subject: Re: [OpenWrt-Devel] External (public) IP forwarded to
> internal LAN [SOLVED]
> Message-ID:<20150516012738.7c28dfdb at erker.lan>
> Content-Type: text/plain; charset=US-ASCII
>
> Hi Angelo,
>
>> >[..]
>> >Doest this is an error or normal behaviour of fw3 ?
> Could you add the network and the firewall configuration files?
>
> Lars
>
>
> ------------------------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list