Changeset 35998 introduced a new option reflection_src which may be
internal or external and defaults to internal.
When set to internal it behaves like the old firewall scripts where
the internal networks address is taken as SNAT source. When set to
external the external networks IP address is
This works perfectly. Thanks, jow.
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
reflection_src_dip? That matches src_dip as used for SNAT rules, but makes
it clear that it’s for reflection. (src_dip has a matching function instead
of a rewriting function for DNAT rules.)
I’ve got a strong preference to allow an interface name argument (“lan”)
instead of requiring an IP
What about turning the reflection parameter from a bool into a string
value which is either src or dest.
If set to src it would reflect to the ip of the network referenced by
option src (i.e. the external/wan one) and if set to dest it would
use the ip of the network referenced by option dest
This would work just fine for me, although configuration’s meaning wouldn’t
be nearly as evident without consulting some reference documentation.
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
AFAIK NAT reflection in openwrt was originally meant to stay "inside" LAN, and then one could use for example Split-DNS in order to make a DNS name "just the same" for a client, no matter in or outside the LAN...Sami OlmariOn Sun, 10 Mar 2013 23:17:36 +0200, Mark Mentovai m...@moxienet.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Mark,
yes I did indeed change set as some user requested such a change
stating that mapping the reflection to the wan ip would more closely
resemble the behaviour of OEM firmwares.
I'll look into making it configurable during the next few days,
Has the source address used for NAT reflection changed with firewall3?
At r35938, I’m seeing that when I attempt to connect from a host on my LAN
to a redirected port on my main router’s WAN address, the router reflects
the request back in to my LAN using its own WAN address as the source