About the correct rule name for openwrt firewall protocol.

Hongyi Zhao hongyi.zhao at gmail.com
Thu Apr 1 10:49:37 BST 2021

I noticed the following DNAT rule described by openwrt documentation
on <https://openwrt.org/docs/guide-user/firewall/firewall_configuration#destination_nat>:

config redirect
option name 'DNAT WAN to LAN for SSH'
option src 'wan'
option src_dport '19900'
option dest 'lan'
option dest_ip ''
option dest_port '22'
option proto 'tcp'
option target 'DNAT'

But base on my testing, the proto line mentioned above should be
written as below, otherwise, it won't work at all:

list proto 'tcp'

The testing environment is Proxmox VE 6.3 and the
the firmware of openwrt used for my scenario is retrieved from

Assoc. Prof. Hongyi Zhao <hongyi.zhao at gmail.com>
Theory and Simulation of Materials
Hebei Polytechnic University of Science and Technology engineering
NO. 552 North Gangtie Road, Xingtai, China

More information about the openwrt-devel mailing list