#20285: Firewall not creating iptables rules to reflect src of a SNAT redirect
----------------------+------------------------
Reporter: ed@… | Owner: developers
Type: defect | Status: new
Priority: normal | Milestone:
Component: packages | Version: Trunk
Keywords: |
----------------------+------------------------
Steps to reproduce
1. Configure (either via LuCI or editing firewall file) a SNAT redirect
from a zone to another zone. See below for a sample firewall config
stanza.
2. Restart firewall
3. Observe the iptables output for the nat table (see below - cleaned up
to remove irrelevant stuff) - notice that nowhere is the redirect src
option reflected in the iptables.
Looking at the fw3 source in redirects.c I don't see the code attempting
to use src for SNAT.
config redirect
option target 'SNAT'
option src 'lan'
option dest 'employee'
option proto 'all'
option src_dip '192.168.3.1'
option name 'lan_to_employee_snat'
Chain POSTROUTING (policy ACCEPT)
target prot opt in out source destination
delegate_postrouting all -- any any anywhere
anywhere
Chain delegate_postrouting (1 references)
target prot opt in out source destination
zone_employee_postrouting all -- any br-employee anywhere
anywhere
Chain zone_employee_postrouting (1 references)
target prot opt in out source destination
SNAT all -- any any anywhere anywhere
/* lan_to_employee_snat */ to:192.168.3.1
--
Ticket URL: <https://dev.openwrt.org/ticket/20285>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
