[OpenWrt-Tickets] [OpenWrt] #18787: iptables AA ans iptables on BB

Mon, 19 Jan 2015 10:30:13 -0800 

#18787: iptables AA ans iptables on BB
-----------------------+------------------------
 Reporter:  gsustek@…  |      Owner:  developers
     Type:  defect     |     Status:  new
 Priority:  normal     |  Milestone:
Component:  packages   |    Version:  Trunk
 Keywords:             |
-----------------------+------------------------
 Hi, there is huge difference in iptables on AA and BB. On same entry in
 /etc/config/firewall:
 config redirect
         option target 'DNAT'
         option src 'wan'
         option dest 'lan'
         option proto 'tcp'
         option dest_ip '192.168.168.1'
         option name 'ovpn'
         option dest_port '1194'
         option src_dport '80'


 So for the same rule above, in AA i can telnet from LAN to WAN-ip p80 and
 Forward rule is trigger to LAN-ip p1194  , so iptables added  "Chain
 nat_reflection_out (References: 1)" witch i did not specify.

 Why on BB i can not do the telnet from LAN throuhg WAN to LAN eith
 portforward, and in AA i can.



 Here is iptables on AA:
 1       12963   934.60 KB       prerouting_rule         all     --      *
 *       0.0.0.0/0       0.0.0.0/0   ###hyperlink_

 Chain prerouting_rule (References: 1)
 1       12937   933.33 KB       nat_reflection_in       all     --      *
 *       0.0.0.0/0       0.0.0.0/0       -

 Chain nat_reflection_in (References: 1)
 4       0       0.00 B  DNAT    tcp     --      *       *
 192.168.1.0/24  109.60.73.14    tcp dpt:80 /* wan */ to:192.168.1.1:1194

 Chain zone_wan_prerouting (References: 1)
 4       0       0.00 B  SNAT    tcp     --      *       *
 192.168.1.0/24  192.168.1.1     tcp dpt:1194 /* wan */ to:192.168.1.1

 Chain zone_wan_prerouting (References: 1)


 EXTRA ENTRY; Chain nat_reflection_out (References: 1)
 4       0       0.00 B  SNAT    tcp     --      *       *
 192.168.1.0/24  192.168.1.1     tcp dpt:1194 /* wan */ to:192.168.1.1


 IPTABLES on BB_latest_trunk for same rule above:

 Chain delegate_prerouting  ###is not hyperlink##can not edit

 1       12307   807.05 KB       prerouting_rule         all     --      *
 *       0.0.0.0/0       0.0.0.0/0       /* user chain for prerouting */


 Chain nat_reflection_in (References: 1)
 MISSING
 Chain nat_reflection_out (References: 1)
 MISSING


 Chain zone_wan_prerouting (References: 1)

 5       0       0.00 B  REDIRECT        tcp     --      *       *
 0.0.0.0/0       0.0.0.0/0       tcp dpt:80 /* ovpn */ redir ports 1194

--
Ticket URL: <https://dev.openwrt.org/ticket/18787>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets

Reply via email to