I have internet connections at eth0.2 and eth1. Config is like this:
config interface wan option ifname eth1 option proto dhcp After boot connection is ok. Computers behind router get NATed internet. Then I do ifdown wan, change eth1 to eth0.2 and ifup wan. Computers start getting "Destination port unreachable" to ping request. Inside the router I can ping the internet. Rebooting (with eth1 or eth0.2 selected, doesn't care) brings NATed connection back. /etc/init.d/network restart doesn't. r...@openwrt:/# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN input_rule all -- anywhere anywhere input all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination zone_wan_MSSFIX all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED forwarding_rule all -- anywhere anywhere forward all -- anywhere anywhere reject all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere output_rule all -- anywhere anywhere output all -- anywhere anywhere Chain forward (1 references) target prot opt source destination zone_lan_forward all -- anywhere anywhere zone_wan_forward all -- anywhere anywhere Chain forwarding_lan (1 references) target prot opt source destination Chain forwarding_rule (1 references) target prot opt source destination Chain forwarding_wan (1 references) target prot opt source destination Chain input (1 references) target prot opt source destination zone_lan all -- anywhere anywhere zone_wan all -- anywhere anywhere Chain input_lan (1 references) target prot opt source destination Chain input_rule (1 references) target prot opt source destination Chain input_wan (1 references) target prot opt source destination Chain output (1 references) target prot opt source destination zone_lan_ACCEPT all -- anywhere anywhere zone_wan_ACCEPT all -- anywhere anywhere Chain output_rule (1 references) target prot opt source destination Chain reject (5 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain syn_flood (1 references) target prot opt source destination RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 DROP all -- anywhere anywhere Chain zone_lan (1 references) target prot opt source destination input_lan all -- anywhere anywhere zone_lan_ACCEPT all -- anywhere anywhere Chain zone_lan_ACCEPT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain zone_lan_DROP (0 references) target prot opt source destination DROP all -- anywhere anywhere DROP all -- anywhere anywhere Chain zone_lan_MSSFIX (0 references) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU Chain zone_lan_REJECT (1 references) target prot opt source destination reject all -- anywhere anywhere reject all -- anywhere anywhere Chain zone_lan_forward (1 references) target prot opt source destination zone_wan_ACCEPT all -- anywhere anywhere forwarding_lan all -- anywhere anywhere zone_lan_REJECT all -- anywhere anywhere Chain zone_wan (1 references) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:68 ACCEPT icmp -- anywhere anywhere icmp echo-request input_wan all -- anywhere anywhere zone_wan_REJECT all -- anywhere anywhere Chain zone_wan_ACCEPT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain zone_wan_DROP (0 references) target prot opt source destination DROP all -- anywhere anywhere DROP all -- anywhere anywhere Chain zone_wan_MSSFIX (1 references) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU Chain zone_wan_REJECT (2 references) target prot opt source destination reject all -- anywhere anywhere reject all -- anywhere anywhere Chain zone_wan_forward (1 references) target prot opt source destination forwarding_wan all -- anywhere anywhere zone_wan_REJECT all -- anywhere anywhere r...@openwrt:/# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination zone_wan_prerouting all -- anywhere anywhere zone_lan_prerouting all -- anywhere anywhere prerouting_rule all -- anywhere anywhere Chain POSTROUTING (policy ACCEPT) target prot opt source destination postrouting_rule all -- anywhere anywhere zone_wan_nat all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain postrouting_rule (1 references) target prot opt source destination Chain prerouting_lan (1 references) target prot opt source destination Chain prerouting_rule (1 references) target prot opt source destination Chain prerouting_wan (1 references) target prot opt source destination Chain zone_lan_nat (0 references) target prot opt source destination MASQUERADE all -- anywhere anywhere Chain zone_lan_prerouting (1 references) target prot opt source destination prerouting_lan all -- anywhere anywhere Chain zone_wan_nat (1 references) target prot opt source destination MASQUERADE all -- anywhere anywhere Chain zone_wan_prerouting (1 references) target prot opt source destination prerouting_wan all -- anywhere anywhere -- + Nuno Gonçalves + nuno...@gmail.com + http://nunoassimassim.blogspot.com/ + PORTUGAL E-mail sent directly from Google Mail webmail using HTTPS on behalf of Nuno João Pinto Gonçalves, birth date 1986-11-16. E-mail headers provide good assurance that this message was not tampered and originates from nuno...@gmail.com. If you require additional security, I may provide on request X509 electronic signature under Portuguese government chain. Se precisar de assinatura digital do Cartão de Cidadão, de uma apitadela. _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel