Le 15/04/2010 15:02, Jo-Philipp Wich a écrit :
Hello,
> Right, handling of interface aliases is still somewhat problematic with
> the current firewall framework. I think you have to resort to custom
> rules for now.
So far, it works fine.
/etc/config/network
config 'alias'
option 'proto' 'static'
option 'interface' 'wan'
option 'ipaddr' '10.0.0.1'
option 'netmask' '255.255.255.0'
/etc/firewall.user
# Access to the speedtouch
WANDEV=`uci get network.wan.ifname`
WANALIASADDRESS=`uci get netwo...@alias[0].ipaddr`
WANALIASMASK=`uci get netwo...@alias[0].netmask`
LANADDRESS=`uci get network.lan.ipaddr`
LANMASK=`uci get network.lan.netmask`
iptables -I FORWARD -d ${WANALIASADDRESS}/${WANALIASMASK} -j ACCEPT
iptables -I POSTROUTING -t nat -o ${WANDEV} -s ${LANADDRESS}/${LANMASK}
-d ${WANALIASADDRESS}/${WANALIASMASK} -j MASQUERADE
Thanks a lot for your help.
Regards
Eric Masson
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
