Hi Lars,
following your directions I played with the buttons, options but I
haven't found the solution.
I left the checkbutton MASQUERADE only for the internal lan, but always
I haven't the "right" behaviour.
On 15/05/2015 00:45, openwrt-devel-requ...@lists.openwrt.org wrote:
Here is the lan postrouting taken from the above:
Chain zone_lan_postrouting (1 references)
pkts bytes target prot opt in out source destination
12 860 postrouting_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0
12 860 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0
The last line should be the problem: every packet heading for the lan zone
(e.g. your webserver) will be masqueraded (SNAT).
Maybe you enabled the masquerading checkbox in the firewall config for this
interface?
The content of /etc/config/firewall would probably show the root cause (in case
my above guess is wrong).
cheers,
lars
Checking another firewall script, I found an interesting rule:
Chain POSTROUTING (policy ACCEPT 98070 packets, 12M bytes)
pkts bytes target prot opt in out source destination
215K 17M MASQUERADE all -- * *eth1* 0.0.0.0/0 0.0.0.0/0
so all address are masquerade only for the destination eth1.
So I issued
iptables -t nat -D zone_lan_postrouting -j MASQUERADE
iptables -t nat -A zone_lan_postrouting -j MASQUERADE -o pppoa-wan
and my webserver is logging the source address.
Doest this is an error or normal behaviour of fw3 ?
Cheers
Angelo
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
