Re: [OpenWrt-Devel] iptables NAT not being updated on WAN changes

Sun, 18 Apr 2010 07:44:54 -0700 

Also tried "/etc/init.d/firewall restart" after restarting the network?

Maddes

On 18.04.2010 16:38, Nuno Gonçalves wrote:
> I have internet connections at eth0.2 and eth1.
> 
> Config is like this:
> 
> config interface wan
>         option ifname   eth1
>         option proto    dhcp
> 
> After boot connection is ok. Computers behind router get NATed internet.
> Then I do ifdown wan, change eth1 to eth0.2 and ifup wan.
> Computers start getting "Destination port unreachable" to ping
> request. Inside the router I can ping the internet.
> 
> Rebooting (with eth1 or eth0.2 selected, doesn't care) brings NATed
> connection back.
> /etc/init.d/network restart doesn't.
> 
> r...@openwrt:/# iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere            state
> RELATED,ESTABLISHED
> ACCEPT     all  --  anywhere             anywhere
> syn_flood  tcp  --  anywhere             anywhere            tcp
> flags:FIN,SYN,RST,ACK/SYN
> input_rule  all  --  anywhere             anywhere
> input      all  --  anywhere             anywhere
> 
> Chain FORWARD (policy DROP)
> target     prot opt source               destination
> zone_wan_MSSFIX  all  --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere            state
> RELATED,ESTABLISHED
> forwarding_rule  all  --  anywhere             anywhere
> forward    all  --  anywhere             anywhere
> reject     all  --  anywhere             anywhere
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere            state
> RELATED,ESTABLISHED
> ACCEPT     all  --  anywhere             anywhere
> output_rule  all  --  anywhere             anywhere
> output     all  --  anywhere             anywhere
> 
> Chain forward (1 references)
> target     prot opt source               destination
> zone_lan_forward  all  --  anywhere             anywhere
> zone_wan_forward  all  --  anywhere             anywhere
> 
> Chain forwarding_lan (1 references)
> target     prot opt source               destination
> 
> Chain forwarding_rule (1 references)
> target     prot opt source               destination
> 
> Chain forwarding_wan (1 references)
> target     prot opt source               destination
> 
> Chain input (1 references)
> target     prot opt source               destination
> zone_lan   all  --  anywhere             anywhere
> zone_wan   all  --  anywhere             anywhere
> 
> Chain input_lan (1 references)
> target     prot opt source               destination
> 
> Chain input_rule (1 references)
> target     prot opt source               destination
> 
> Chain input_wan (1 references)
> target     prot opt source               destination
> 
> Chain output (1 references)
> target     prot opt source               destination
> zone_lan_ACCEPT  all  --  anywhere             anywhere
> zone_wan_ACCEPT  all  --  anywhere             anywhere
> 
> Chain output_rule (1 references)
> target     prot opt source               destination
> 
> Chain reject (5 references)
> target     prot opt source               destination
> REJECT     tcp  --  anywhere             anywhere
> reject-with tcp-reset
> REJECT     all  --  anywhere             anywhere
> reject-with icmp-port-unreachable
> 
> Chain syn_flood (1 references)
> target     prot opt source               destination
> RETURN     tcp  --  anywhere             anywhere            tcp
> flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
> DROP       all  --  anywhere             anywhere
> 
> Chain zone_lan (1 references)
> target     prot opt source               destination
> input_lan  all  --  anywhere             anywhere
> zone_lan_ACCEPT  all  --  anywhere             anywhere
> 
> Chain zone_lan_ACCEPT (2 references)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere
> 
> Chain zone_lan_DROP (0 references)
> target     prot opt source               destination
> DROP       all  --  anywhere             anywhere
> DROP       all  --  anywhere             anywhere
> 
> Chain zone_lan_MSSFIX (0 references)
> target     prot opt source               destination
> TCPMSS     tcp  --  anywhere             anywhere            tcp
> flags:SYN,RST/SYN TCPMSS clamp to PMTU
> 
> Chain zone_lan_REJECT (1 references)
> target     prot opt source               destination
> reject     all  --  anywhere             anywhere
> reject     all  --  anywhere             anywhere
> 
> Chain zone_lan_forward (1 references)
> target     prot opt source               destination
> zone_wan_ACCEPT  all  --  anywhere             anywhere
> forwarding_lan  all  --  anywhere             anywhere
> zone_lan_REJECT  all  --  anywhere             anywhere
> 
> Chain zone_wan (1 references)
> target     prot opt source               destination
> ACCEPT     udp  --  anywhere             anywhere            udp dpt:68
> ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
> input_wan  all  --  anywhere             anywhere
> zone_wan_REJECT  all  --  anywhere             anywhere
> 
> Chain zone_wan_ACCEPT (2 references)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere
> 
> Chain zone_wan_DROP (0 references)
> target     prot opt source               destination
> DROP       all  --  anywhere             anywhere
> DROP       all  --  anywhere             anywhere
> 
> Chain zone_wan_MSSFIX (1 references)
> target     prot opt source               destination
> TCPMSS     tcp  --  anywhere             anywhere            tcp
> flags:SYN,RST/SYN TCPMSS clamp to PMTU
> 
> Chain zone_wan_REJECT (2 references)
> target     prot opt source               destination
> reject     all  --  anywhere             anywhere
> reject     all  --  anywhere             anywhere
> 
> Chain zone_wan_forward (1 references)
> target     prot opt source               destination
> forwarding_wan  all  --  anywhere             anywhere
> zone_wan_REJECT  all  --  anywhere             anywhere
> r...@openwrt:/# iptables -t nat -L
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
> zone_wan_prerouting  all  --  anywhere             anywhere
> zone_lan_prerouting  all  --  anywhere             anywhere
> prerouting_rule  all  --  anywhere             anywhere
> 
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
> postrouting_rule  all  --  anywhere             anywhere
> zone_wan_nat  all  --  anywhere             anywhere
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain postrouting_rule (1 references)
> target     prot opt source               destination
> 
> Chain prerouting_lan (1 references)
> target     prot opt source               destination
> 
> Chain prerouting_rule (1 references)
> target     prot opt source               destination
> 
> Chain prerouting_wan (1 references)
> target     prot opt source               destination
> 
> Chain zone_lan_nat (0 references)
> target     prot opt source               destination
> MASQUERADE  all  --  anywhere             anywhere
> 
> Chain zone_lan_prerouting (1 references)
> target     prot opt source               destination
> prerouting_lan  all  --  anywhere             anywhere
> 
> Chain zone_wan_nat (1 references)
> target     prot opt source               destination
> MASQUERADE  all  --  anywhere             anywhere
> 
> Chain zone_wan_prerouting (1 references)
> target     prot opt source               destination
> prerouting_wan  all  --  anywhere             anywhere
> 
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Reply via email to