On Thu, Jun 19, 2014 at 10:34 PM, Steve Ramage <[email protected]> wrote: > > I'm having problems getting port forwarding to work after a change in > network layout. Essentially the network is now: > > Host: 172.27.1.10 <--172.27.0.1/21--> OpenWRT #1 (No NAT) > <--10.24.83.1/24--> OpenWRT #2<-- Public IP (NAT) --> Internet >
I am presuming owrt#1 is acting as a WiFi AP and owrt#2 like a gateway (no WiFi). If that is the case why not put owrt#1 on the 10. network and simplify your topology? Or Is this some kind of a bastion host topology? > > I have some port forwarding rules configured on OpenWRT #2, and from the > internet they largely work, I can connect to the public IP on port 25 for > instance and get the SMTP server on host 172.27.1.10. I can also connect > externally on port 80 and get host 10.24.83.10. The problem is that when I'm > on either LAN (172.27.0.1/21 or 10.24.83.1), if I access the external IP > address on say port 25 it doesn't work, I get Connection Refused. Oddly if I > access on port 80, I get a connection (remember the it maps to something on > the 10.24.83.1/24 subnet). > > As far as I can tell from tcpdumps, OpenWRT #2 is simply rejecting this > packet locally, (the SYN packet just gets a reset packet generated locally). > I don't know that much about iptables, and I'm hesitant to start adding > rules directly, instead of using /etc/config/firewall. > Output of 'traceroute -n <external IP>' would help trace the path. To the best of my understanding, the gw device whose external IP you are trying to reach, should figure out that the request is coming from an internal IP. > > root@OpenWrt:~# route > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > default 70.68.116.1 0.0.0.0 UG 0 0 0 eth1 > 10.24.83.0 * 255.255.255.0 U 0 0 0 > br-lan > 10.27.83.0 10.24.83.2 255.255.255.0 UG 1 0 0 > br-lan > 70.68.116.0 * 255.255.252.0 U 0 0 0 eth1 > 172.27.0.0 10.24.83.2 255.255.248.0 UG 1 0 0 > br-lan > root@OpenWrt:~# > > Where does 10.27.83.0/24 fit in the topology outlined in the beginning? -- Arun Khan _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
