[OpenWrt-Devel] openwrt-devel Digest, Vol 113, Issue 43

Angelo Corsaro corsaroangelo at gmail.com
Mon May 18 05:28:37 EDT 2015


Hi Lars,
here's my conf:

/etc/config/firewall

config redirect
     option target 'DNAT'
     option src 'wan'
     option dest 'lan'
     option proto 'tcp'
     option src_dport '22'
     option dest_port '22'
     option name 'ssh'
     option dest_ip '192.168.100.200'
     option reflection_src 'external'
     option reflection '0'

config redirect
     option target 'DNAT'
     option src 'wan'
     option dest 'lan'
     option dest_ip '192.168.100.200'
     option dest_port '80'
     option name 'Photo'
     option src_dport '10080'
     option proto 'tcp'
     option reflection '0'

config defaults
     option syn_flood '1'
     option input 'ACCEPT'
     option output 'ACCEPT'
     option forward 'REJECT'
     option drop_invalid '1'

config zone
     option name 'lan'
     option input 'ACCEPT'
     option output 'ACCEPT'
     option forward 'ACCEPT'
     option masq '1'
     option network 'lan'

config zone
     option name 'wan'
     option input 'REJECT'
     option output 'ACCEPT'
     option forward 'REJECT'
     option mtu_fix '1'
     option network 'wan wan6'

config rule
     option name 'Allow-Ping'
     option src 'wan'
     option proto 'icmp'
     option icmp_type 'echo-request'
     option family 'ipv4'
     option target 'ACCEPT'

config include
     option path '/etc/firewall.user'

config rule
     option target 'ACCEPT'
     option src 'wan'
     option dest_port '1022'
     option name 'ssh_modem'
     option proto 'tcp'

config forwarding
     option dest 'wan'
     option src 'lan'


/etc/firewall.user

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.

iptables -t nat -D zone_lan_postrouting -j MASQUERADE
iptables -t nat -A zone_lan_postrouting -j MASQUERADE -o pppoa-wan


On 16/05/2015 12:00, openwrt-devel-request at lists.openwrt.org wrote:
> ------------------------------
>
> Message: 5
> Date: Sat, 16 May 2015 01:27:38 +0200
> From: Lars Kruse<lists at sumpfralle.de>
> To:openwrt-devel at lists.openwrt.org
> Subject: Re: [OpenWrt-Devel] External (public) IP forwarded to
> 	internal LAN [SOLVED]
> Message-ID:<20150516012738.7c28dfdb at erker.lan>
> Content-Type: text/plain; charset=US-ASCII
>
> Hi Angelo,
>
>> >[..]
>> >Doest this is an error or normal behaviour  of fw3 ?
> Could you add the network and the firewall configuration files?
>
> Lars
>
>
> ------------------------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list