[OpenWrt-Devel] External (public) IP forwarded to internal LAN

Lars Kruse lists at sumpfralle.de
Thu May 14 11:47:17 EDT 2015

Hi Angelo,

> you can find the output of the two commands on pastebin in the next 2 weeks.
> iptables -L -vn at http://pastebin.com/2b0ewSyu
> iptables -t nat -L -vn at http://pastebin.com/i7qPXEMJ

Here is the lan postrouting taken from the above:

Chain zone_lan_postrouting (1 references)
 pkts bytes target     prot opt in     out     source destination
12 860  postrouting_lan_rule  all  --  * *
12 860  MASQUERADE            all  --  * *          

The last line should be the problem: every packet heading for the lan zone
(e.g. your webserver) will be masqueraded (SNAT).
Maybe you enabled the masquerading checkbox in the firewall config for this

The content of /etc/config/firewall would probably show the root cause (in case
my above guess is wrong).

openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list