[OpenWrt-Tickets] [OpenWrt] #18544: firewall3: reflection uses wrong dest_ip when src_dip is set

OpenWrt Thu, 11 Dec 2014 10:07:29 -0800

#18544: firewall3: reflection uses wrong dest_ip when src_dip is set
-----------------------+------------------------
 Reporter:  anonymous  |      Owner:  developers
     Type:  defect     |     Status:  new
 Priority:  normal     |  Milestone:
Component:  packages   |    Version:  Trunk
 Keywords:             |
-----------------------+------------------------
 When src_dip is set in redirection rule:


 config redirect
         option src      wan
         option src_dip  192.168.200.2
         option src_dport        8888
         option dest     lan
         option dest_ip  192.168.1.10
         option proto    tcp

 The reflection rule in zone_lan_prerouting uses external ip instead of
 src_dip:

 # iptables -t nat -nvL | grep 8888

     0     0 SNAT       tcp  --  *      *       192.168.1.0/24
 192.168.1.10         tcp dpt:8888 /* @redirect[0] (reflection) */
 to:192.168.1.1
     0     0 DNAT       tcp  --  *      *       192.168.1.0/24
 192.168.200.1        tcp dpt:8888 /* @redirect[0] (reflection) */
 to:192.168.1.10:8888
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0
 192.168.200.2        tcp dpt:8888 /* @redirect[0] */ to:192.168.1.10:8888

 The second DNAT rule should also use 192.168.200.2 in this case, not the
 configured external ip (192.168.200.1). This worked correctly in Backfire.

 Tested on kvm snapshot CHAOS CALMER (Bleeding Edge, r43602).

--
Ticket URL: <https://dev.openwrt.org/ticket/18544>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets

[OpenWrt-Tickets] [OpenWrt] #18544: firewall3: reflection uses wrong dest_ip when src_dip is set

Reply via email to