Re: [OpenWrt-Devel] openwrt-devel Digest, Vol 113, Issue 43

Mon, 18 May 2015 02:30:08 -0700 

Hi Lars,
here's my conf:

/etc/config/firewall

config redirect
    option target 'DNAT'
    option src 'wan'
    option dest 'lan'
    option proto 'tcp'
    option src_dport '22'
    option dest_port '22'
    option name 'ssh'
    option dest_ip '192.168.100.200'
    option reflection_src 'external'
    option reflection '0'

config redirect
    option target 'DNAT'
    option src 'wan'
    option dest 'lan'
    option dest_ip '192.168.100.200'
    option dest_port '80'
    option name 'Photo'
    option src_dport '10080'
    option proto 'tcp'
    option reflection '0'

config defaults
    option syn_flood '1'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option drop_invalid '1'

config zone
    option name 'lan'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'ACCEPT'
    option masq '1'
    option network 'lan'

config zone
    option name 'wan'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option mtu_fix '1'
    option network 'wan wan6'

config rule
    option name 'Allow-Ping'
    option src 'wan'
    option proto 'icmp'
    option icmp_type 'echo-request'
    option family 'ipv4'
    option target 'ACCEPT'

config include
    option path '/etc/firewall.user'

config rule
    option target 'ACCEPT'
    option src 'wan'
    option dest_port '1022'
    option name 'ssh_modem'
    option proto 'tcp'

config forwarding
    option dest 'wan'
    option src 'lan'


/etc/firewall.user

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.

iptables -t nat -D zone_lan_postrouting -j MASQUERADE
iptables -t nat -A zone_lan_postrouting -j MASQUERADE -o pppoa-wan


On 16/05/2015 12:00, openwrt-devel-requ...@lists.openwrt.org wrote:

------------------------------

Message: 5
Date: Sat, 16 May 2015 01:27:38 +0200
From: Lars Kruse<li...@sumpfralle.de>
To:openwrt-devel@lists.openwrt.org
Subject: Re: [OpenWrt-Devel] External (public) IP forwarded to
        internal LAN [SOLVED]
Message-ID:<20150516012738.7c28d...@erker.lan>
Content-Type: text/plain; charset=US-ASCII

Hi Angelo,


>[..]
>Doest this is an error or normal behaviour  of fw3 ?

Could you add the network and the firewall configuration files?

Lars


------------------------------

_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Reply via email to