Since the upstep to firewall3 in the attitude adjustment branch I notice
NAT masquerade issues when the masq_dest and/or masq_src parameters are set
to 0.0.0.0/0 in the zone topic.
The running config for the zone lan and wan is as follows :
firewall.@zone[0]=zone
firewall.@zone[0].name=lan
firewall.@zone[0].network=lan
firewall.@zone[0].input=ACCEPT
firewall.@zone[0].output=ACCEPT
firewall.@zone[0].forward=REJECT
firewall.@zone[1]=zone
firewall.@zone[1].name=wan
firewall.@zone[1].network=wan wan6
firewall.@zone[1].input=DROP
firewall.@zone[1].output=ACCEPT
firewall.@zone[1].forward=DROP
firewall.@zone[1].masq=1
firewall.@zone[1].mtu_fix=1
firewall.@zone[1].masq_dest=0.0.0.0/0
Dump of the iptables NAT chain zone_wan_postrouting
root@OpenWrt:/etc/init.d# iptables -t nat -L zone_wan_postrouting -v -n
Chain zone_wan_postrouting (5 references)
pkts bytes target prot opt in out source
destination
3 200 postrouting_wan_rule all -- * * 0.0.0.0/0
0.0.0.0/0 /* user chain for postrouting */
0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0
The masquerade rule has as destination value 0.0.0.0 (and breaks
connectivity) although the masq_dest UCI parameter is set to 0.0.0.0/0.
If the masq_dest UCI parameter is not specified; the dump of iptables NAT
chain zone_wan_postrouting :
root@OpenWrt:/etc/init.d# iptables -t nat -L zone_wan_postrouting -v -n
Chain zone_wan_postrouting (5 references)
pkts bytes target prot opt in out source
destination
0 0 postrouting_wan_rule all -- * * 0.0.0.0/0
0.0.0.0/0 /* user chain for postrouting */
0 0 MASQUERADE all -- * * 0.0.0.0/0
0.0.0.0/0
Br,
Hans
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
