#18700: WNDR3700v4 Port Fowarding / UPnP & NAND Flash Problems
-------------------------+-----------------------------------
Reporter: anonymous | Owner: developers
Type: defect | Status: new
Priority: normal | Milestone:
Component: base system | Version: Barrier Breaker 14.07
Keywords: |
-------------------------+-----------------------------------
Source: https://forum.openwrt.org/viewtopic.php?id=53612
Hello everyone!
I just installed latest BB from official download.
{{{
Linux version 3.10.49 (bb@builder1) (gcc version 4.8.3 (OpenWrt/Linaro GCC
4.8-2014.04 r42625) ) #3 Wed Oct 1 14:09:48 CEST 2014
}}}
Everything works fine except for...
1. I found rootfs only used 14M nand flash instead of 128M, but it's not
very important to me...
2. port fowarding doesn't work (including UPnP). Does anyone have similar
issue?
This is my firewall configuration:
/etc/config/firewall
{{{
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '7789'
option dest_ip '192.168.7.160'
option dest_port '3389'
option name 'MXCORE_RDP'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '8080'
option dest_ip '192.168.7.160'
option dest_port '80'
option name 'MXCORE_WEB'
option enabled '0'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '9092'
option dest_ip '192.168.7.160'
option dest_port '9092'
option name 'MXCORE_UT'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '26373'
option dest_ip '192.168.7.160'
option dest_port '26373'
option name 'MXCORE_EDK'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'udp'
option src_dport '49018'
option dest_ip '192.168.7.160'
option dest_port '49018'
option name 'MXCORE_EDK2'
}}}
EDIT: add iptables info...
{{{
root@OpenWrt:~# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 89 packets, 5578 bytes)
pkts bytes target prot opt in out source
destination
90 5618 delegate_prerouting all -- * * 0.0.0.0/0
0.0.0.0/0
Chain INPUT (policy ACCEPT 40 packets, 2877 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 151 packets, 7515 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 3 packets, 984 bytes)
pkts bytes target prot opt in out source
destination
199 10087 delegate_postrouting all -- * * 0.0.0.0/0
0.0.0.0/0
Chain MINIUPNPD (1 references)
pkts bytes target prot opt in out source
destination
Chain delegate_postrouting (1 references)
pkts bytes target prot opt in out source
destination
199 10087 postrouting_rule all -- * * 0.0.0.0/0
0.0.0.0/0 /* user chain for postrouting */
3 984 zone_lan_postrouting all -- * br-lan 0.0.0.0/0
0.0.0.0/0
196 9103 zone_wan_postrouting all -- * pppoe-wan 0.0.0.0/0
0.0.0.0/0
Chain delegate_prerouting (1 references)
pkts bytes target prot opt in out source
destination
90 5618 prerouting_rule all -- * * 0.0.0.0/0
0.0.0.0/0 /* user chain for prerouting */
60 4386 zone_lan_prerouting all -- br-lan * 0.0.0.0/0
0.0.0.0/0
30 1232 zone_wan_prerouting all -- pppoe-wan * 0.0.0.0/0
0.0.0.0/0
Chain postrouting_lan_rule (1 references)
pkts bytes target prot opt in out source
destination
Chain postrouting_rule (1 references)
pkts bytes target prot opt in out source
destination
Chain postrouting_wan_rule (1 references)
pkts bytes target prot opt in out source
destination
Chain prerouting_lan_rule (1 references)
pkts bytes target prot opt in out source
destination
Chain prerouting_rule (1 references)
pkts bytes target prot opt in out source
destination
Chain prerouting_wan_rule (1 references)
pkts bytes target prot opt in out source
destination
Chain zone_lan_postrouting (1 references)
pkts bytes target prot opt in out source
destination
3 984 postrouting_lan_rule all -- * * 0.0.0.0/0
0.0.0.0/0 /* user chain for postrouting */
0 0 SNAT tcp -- * * 192.168.7.0/24
192.168.7.160 tcp dpt:3389 /* MXCORE_RDP (reflection) */
to:192.168.7.1
0 0 SNAT tcp -- * * 192.168.7.0/24
192.168.7.160 tcp dpt:9092 /* MXCORE_UT (reflection) */
to:192.168.7.1
0 0 SNAT tcp -- * * 192.168.7.0/24
192.168.7.160 tcp dpt:26373 /* MXCORE_EDK (reflection) */
to:192.168.7.1
0 0 SNAT udp -- * * 192.168.7.0/24
192.168.7.160 udp dpt:49018 /* MXCORE_EDK2 (reflection) */
to:192.168.7.1
Chain zone_lan_prerouting (1 references)
pkts bytes target prot opt in out source
destination
60 4386 prerouting_lan_rule all -- * * 0.0.0.0/0
0.0.0.0/0 /* user chain for prerouting */
0 0 DNAT tcp -- * * 192.168.7.0/24
59.172.93.252 tcp dpt:7789 /* MXCORE_RDP (reflection) */
to:192.168.7.160:3389
0 0 DNAT tcp -- * * 192.168.7.0/24
59.172.93.252 tcp dpt:9092 /* MXCORE_UT (reflection) */
to:192.168.7.160:9092
0 0 DNAT tcp -- * * 192.168.7.0/24
59.172.93.252 tcp dpt:26373 /* MXCORE_EDK (reflection) */
to:192.168.7.160:26373
0 0 DNAT udp -- * * 192.168.7.0/24
59.172.93.252 udp dpt:49018 /* MXCORE_EDK2 (reflection) */
to:192.168.7.160:49018
Chain zone_wan_postrouting (1 references)
pkts bytes target prot opt in out source
destination
196 9103 postrouting_wan_rule all -- * * 0.0.0.0/0
0.0.0.0/0 /* user chain for postrouting */
196 9103 MASQUERADE all -- * * 0.0.0.0/0
0.0.0.0/0
Chain zone_wan_prerouting (1 references)
pkts bytes target prot opt in out source
destination
29 1192 MINIUPNPD all -- * * 0.0.0.0/0
0.0.0.0/0
30 1232 prerouting_wan_rule all -- * * 0.0.0.0/0
0.0.0.0/0 /* user chain for prerouting */
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:7789 /* MXCORE_RDP */ to:192.168.7.160:3389
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:9092 /* MXCORE_UT */ to:192.168.7.160:9092
0 0 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:26373 /* MXCORE_EDK */ to:192.168.7.160:26373
0 0 DNAT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:49018 /* MXCORE_EDK2 */
to:192.168.7.160:49018
}}}
--
Ticket URL: <https://dev.openwrt.org/ticket/18700>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
