Has the source address used for NAT reflection changed with firewall3? At r35938, I’m seeing that when I attempt to connect from a host on my LAN to a redirected port on my main router’s WAN address, the router reflects the request back in to my LAN using its own WAN address as the source address. I noticed this because some of my internal hosts don’t have a route to this WAN address and can’t respond to requests reflected in this way.
Previously, I was running r35844, which didn’t have this problem. It used the router’s LAN address as the source address for these reflected packets. Looking through “iptables -t nat -L” confirms that there’s been a change. Previously I’d see in nat_reflection_out SNAT tcp -- 192.168.1.0/24 192.168.1.2 tcp dpt:443 /* wan */ to:192.168.69.1 and now I see in zone_lan_postrouting (w.x.y.z is my WAN IP address) SNAT tcp -- 192.168.1.0/24 192.168.1.2 tcp dpt:443 to:w.x.y.z Is it possible to configure the source address used for these reflected packets? I’d prefer to use the LAN address for this because all of my hosts have a route to it by virtue of being connected to this network, and because the LAN address is much less likely to change than the WAN address.
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
