#20674: dnat redirect to additional IPs of the router creates a dnat+forward
instead of dnat+input rule
---------------------------------+---------------------------------------
Reporter: pier4r | Owner: developers
Type: defect | Status: new
Priority: normal | Milestone:
Component: other | Version: Attitude Adjustment 12.09
Keywords: firewall, redirects |
---------------------------------+---------------------------------------
Hello everyone, i found the following problem on openwrt 12.09 (tplink
wdr3600).
With mwan3 and an openvpn server, to let the vpn clients be connected from
both the wan connections it is suggested to bind
the vpn server on one local ip of the router and then make a redirect from
wan to the lan side.
Now, if the lan side has more than one address (due to aliasing), only the
first address shown by ifconfig will create a proper 'local' redirect
(that is: DNAT in prerouting and a rule in zone_wan , that is in the INPUT
chain of the filter table), the others will create a DNAT+forward and they
won't reach any usable system because the packets will be forwarded out of
the router.
--
Ticket URL: <https://dev.openwrt.org/ticket/20674>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
