On Tue, Oct 5, 2010 at 12:00, Christ Schlacta <[email protected]> wrote: > Might want to include your firewall rules
Firewall rules are very simple. First I turn off the firewall put in by OpenWRT. I then remove the iptable_raw and iptable_mangle modules, then do the following: iptables -t nat -F iptables -t nat -X iptables -F iptables -X iptables -t nat -A PREROUTING -d 64.###.##.164/32 -j DNAT --to-destination 172.17.1.173 iptables -t nat -A PREROUTING -d 64.###.##.165/32 -j DNAT --to-destination 172.17.0.124 iptables -t nat -A PREROUTING -d 64.###.##.166/32 -j DNAT --to-destination 172.17.179.200 iptables -t nat -A PREROUTING -d 64.###.##.167/32 -j DNAT --to-destination 172.17.1.157 iptables -t nat -A PREROUTING -d 64.###.##.168/32 -j DNAT --to-destination 172.17.1.219 iptables -t nat -A POSTROUTING -s 172.17.1.219/32 -o vlan50 -j SNAT --to-source 64.###.##.168 iptables -t nat -A POSTROUTING -s 172.17.1.157/32 -o vlan50 -j SNAT --to-source 64.###.##.167 iptables -t nat -A POSTROUTING -s ! 64.###.##.0/24 -o vlan50 -j SNAT --to-source 64.###.##.140-64.###.##.159 I also have the following ports (tcp and udp) blocked in the filter FORWARDing chain: 42,135,137,138,139,445,1433, and 1434. That's it. All 60+ vlans just route. They all get dhcp. Note: The box I am replacing is a Debian-live (custom configured) and has exactly the same setup running properly. Problem is, Debian keeps getting bigger and bigger with dependencies, etc., I don't need and now exceeds the size of the CF disk. Ciao, David A. Bandel -- Focus on the dream, not the competition. - Nemesis Air Racing Team motto Visit my blog at: http://www.pananix.com/cgi-bin/blosxom _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-users
