#18791: Add POSTROUTING::ACCEPT for DNAT rules
---------------------------+-----------------------------------
Reporter: Andreeeee | Owner: developers
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: base system | Version: Barrier Breaker 14.07
Keywords: firewall DNAT |
---------------------------+-----------------------------------
When a port forwarding is setup (either using LuCI or via 'config
redirect' in /etc/config/firewalll), the routing works properly. However,
the packet IP that arrives has the source IP modified to the router
internal lan IP, due to mangling.
Not seeing the original source IP on the destination machine is sometimes
unpleasant, esp. when logging access, or when using fail2ban.
Something like the following needs to be added to /etc/firewall.user to
keep the source IP unchanged:
%<------------------
iptables -t nat -I POSTROUTING 1 -p tcp --dport 22 -j ACCEPT
%<------------------
If it turns out to not be automagically addable, maybe at least some kind
of help text (on wiki) would be helpful, as I spent considerable amount of
time debugging it.
--
Ticket URL: <https://dev.openwrt.org/ticket/18791>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
