On 13 July 2012 21:56, Damian Kaczkowski <[email protected]>wrote:
> I need your help guys. Could someone with bigger experience with OpenWrt > please explain me why SNAT does not work when *option masq is set to 0*? > I lost a whole day to find out that SNAT only works when *option masq is > set to 1* (in /etc/config/firewall). Why is that? *"**iptables -t nat -A > zone_wan_nat -j MASQUERADE**"* is redundant if one want to use SNAT > instead. So why SNAT doesn't work without it? What really does *option > masq '1' *besides setting *"**iptables -t nat -A zone_wan_nat -j > MASQUERADE**"*? > To answer my own question. *'option conntrack*' depends on *'option masq*'. If *'option masq == 0'* then *'option conntrack == 0'*. But conntrack must be enabled for SNAT so forcing *option conntrack 1* for wan zone solves the problem...
_______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-users
