Re: [OpenWrt-Devel] FULL CONE NAT in OpenWrt

Mon, 04 May 2020 20:53:34 -0700

Just allowing inbound connections from any external host on well-known port ranges (like a game) is bad and should NOT be default.
It's basically a DMZ or full range port forwarding for all devices in the LAN. 


Just set a DMZ or full-range port forwarding for your console(s), it's 
still unsafe, but at least it's just for the console and not everything 
else in the LAN too.


-Alberto

On 05/05/20 04:35, Gracias Amigou wrote:

*Read this:*

*• *Gaming with Full Cone vs Symmetric NAT Routers 
<http://badmodems.com/Forum/viewtopic.php?f=6&t=21>


It is a feature that is necessary and should be by default in OpenWrt.

I hope you will add it in the next releases or at least the package.

Thank you.


El lun., 4 may. 2020 a las 14:52, Joel Wirāmu Pauling 
(<[email protected] <mailto:[email protected]>>) escribió:


    I am all for exposing Cone Nat in UCI / Firewall zones as an option
    to the masquerading configuration in a zone.

    Also as much as I hate it nat66 for IPv6 needs to be exposed in the
    same place - specifically for mapping routable PD which change often
    to ULA's.

    -Joel

    On Tue, 5 May 2020 at 07:25, Gracias Amigou <[email protected]
    <mailto:[email protected]>> wrote:

        Please add this package as official:

        *Posts:*

         1. xt_FULLCONENAT -- Implementing RFC 3489 full cone SNAT in
            OpenWrt
            
<https://forum.openwrt.org/t/xt-fullconenat-implementing-rfc-3489-full-cone-snat-in-openwrt/14816>
         2. [12/8更新]OpenWrt 上实现 NAT1 (Full cone NAT) 的方法,无需
            DMZ/UPnP - OPENWRT专版
            <https://www.right.com.cn/forum/thread-319827-1-1.html>
         3. 从DNAT到netfilter内核子系统,浅谈Linux的Full Cone NAT实现 |
            ChionLab
            <https://blog.chionlab.moe/2018/02/09/full-cone-nat-with-linux/>

        *
        *
        *Git:*
        • GitHub - LGA1150/openwrt-fullconenat: Netfilter and iptables
        extension for full cone NAT ported to OpenWrt.
        <https://github.com/LGA1150/openwrt-fullconenat>
        _______________________________________________
        openwrt-devel mailing list
        [email protected]
        <mailto:[email protected]>
        https://lists.openwrt.org/mailman/listinfo/openwrt-devel


_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel



_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel






















					Reply via email to