[OpenWrt-Devel] FULL CONE NAT in OpenWrt

Alberto Bursi bobafetthotmail at gmail.com
Mon May 4 23:52:55 EDT 2020 

Just allowing inbound connections from any external host on well-known 
port ranges (like a game) is bad and should NOT be default.

It's basically a DMZ or full range port forwarding for all devices in 
the LAN.

Just set a DMZ or full-range port forwarding for your console(s), it's 
still unsafe, but at least it's just for the console and not everything 
else in the LAN too.

-Alberto

On 05/05/20 04:35, Gracias Amigou wrote:
> *Read this:*
> *• *Gaming with Full Cone vs Symmetric NAT Routers 
> <http://badmodems.com/Forum/viewtopic.php?f=6&t=21>
> 
> It is a feature that is necessary and should be by default in OpenWrt.
> 
> I hope you will add it in the next releases or at least the package.
> 
> Thank you.
> 
> El lun., 4 may. 2020 a las 14:52, Joel Wirāmu Pauling 
> (<joel at aenertia.net <mailto:joel at aenertia.net>>) escribió:
> 
>     I am all for exposing Cone Nat in UCI / Firewall zones as an option
>     to the masquerading configuration in a zone.
> 
>     Also as much as I hate it nat66 for IPv6 needs to be exposed in the
>     same place - specifically for mapping routable PD which change often
>     to ULA's.
> 
>     -Joel
> 
>     On Tue, 5 May 2020 at 07:25, Gracias Amigou <puchapapa01 at gmail.com
>     <mailto:puchapapa01 at gmail.com>> wrote:
> 
>         Please add this package as official:
> 
>         *Posts:*
> 
>          1. xt_FULLCONENAT -- Implementing RFC 3489 full cone SNAT in
>             OpenWrt
>             <https://forum.openwrt.org/t/xt-fullconenat-implementing-rfc-3489-full-cone-snat-in-openwrt/14816>
>          2. [12/8更新]OpenWrt 上实现 NAT1 (Full cone NAT) 的方法,无需
>             DMZ/UPnP - OPENWRT专版
>             <https://www.right.com.cn/forum/thread-319827-1-1.html>
>          3. 从DNAT到netfilter内核子系统,浅谈Linux的Full Cone NAT实现 |
>             ChionLab
>             <https://blog.chionlab.moe/2018/02/09/full-cone-nat-with-linux/>
> 
>         *
>         *
>         *Git:*
>         • GitHub - LGA1150/openwrt-fullconenat: Netfilter and iptables
>         extension for full cone NAT ported to OpenWrt.
>         <https://github.com/LGA1150/openwrt-fullconenat>
>         _______________________________________________
>         openwrt-devel mailing list
>         openwrt-devel at lists.openwrt.org
>         <mailto:openwrt-devel at lists.openwrt.org>
>         https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> 
> 
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> 

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list