AFAIK NAT reflection in openwrt was originally meant to stay "inside" LAN, and then one could use for example Split-DNS in order to make a DNS name "just the same" for a client, no matter in or outside the LAN...
Sami Olmari
On Sun, 10 Mar 2013 23:17:36 +0200, Mark Mentovai <m...@moxienet.com> wrote:
Has the source address used for NAT reflection changed with firewall3?At r35938, I’m seeing that when I attempt to connect from a host on my LAN to a redirected port on my main router’s WAN address, the router reflects the request back in to my LAN using its own WAN address as the source address. I noticed this because some of my internal hosts don’t have a route to this WAN address and can’t respond to requests reflected in this way.Previously, I was running r35844, which didn’t have this problem. It used the router’s LAN address as the source address for these reflected packets.Looking through “iptables -t nat -L” confirms that there’s been a change. Previously I’d see in nat_reflection_outSNAT tcp -- 192.168.1.0/24 192.168.1.2 tcp dpt:443 /* wan */ to:192.168.69.1and now I see in zone_lan_postrouting (w.x.y.z is my WAN IP address)SNAT tcp -- 192.168.1.0/24 192.168.1.2 tcp dpt:443 to:w.x.y.zIs it possible to configure the source address used for these reflected packets? I’d prefer to use the LAN address for this because all of my hosts have a route to it by virtue of being connected to this network, and because the LAN address is much less likely to change than the WAN address.
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
