[OpenWrt-Devel] iptables NAT not being updated on WAN changes
I have internet connections at eth0.2 and eth1. Config is like this: config interface wan option ifname eth1 option protodhcp After boot connection is ok. Computers behind router get NATed internet. Then I do ifdown wan, change eth1 to eth0.2 and ifup wan. Computers start getting Destination port unreachable to ping request. Inside the router I can ping the internet. Rebooting (with eth1 or eth0.2 selected, doesn't care) brings NATed connection back. /etc/init.d/network restart doesn't. r...@openwrt:/# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere syn_flood tcp -- anywhere anywheretcp flags:FIN,SYN,RST,ACK/SYN input_rule all -- anywhere anywhere input all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination zone_wan_MSSFIX all -- anywhere anywhere ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED forwarding_rule all -- anywhere anywhere forwardall -- anywhere anywhere reject all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere output_rule all -- anywhere anywhere output all -- anywhere anywhere Chain forward (1 references) target prot opt source destination zone_lan_forward all -- anywhere anywhere zone_wan_forward all -- anywhere anywhere Chain forwarding_lan (1 references) target prot opt source destination Chain forwarding_rule (1 references) target prot opt source destination Chain forwarding_wan (1 references) target prot opt source destination Chain input (1 references) target prot opt source destination zone_lan all -- anywhere anywhere zone_wan all -- anywhere anywhere Chain input_lan (1 references) target prot opt source destination Chain input_rule (1 references) target prot opt source destination Chain input_wan (1 references) target prot opt source destination Chain output (1 references) target prot opt source destination zone_lan_ACCEPT all -- anywhere anywhere zone_wan_ACCEPT all -- anywhere anywhere Chain output_rule (1 references) target prot opt source destination Chain reject (5 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain syn_flood (1 references) target prot opt source destination RETURN tcp -- anywhere anywheretcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 DROP all -- anywhere anywhere Chain zone_lan (1 references) target prot opt source destination input_lan all -- anywhere anywhere zone_lan_ACCEPT all -- anywhere anywhere Chain zone_lan_ACCEPT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain zone_lan_DROP (0 references) target prot opt source destination DROP all -- anywhere anywhere DROP all -- anywhere anywhere Chain zone_lan_MSSFIX (0 references) target prot opt source destination TCPMSS tcp -- anywhere anywheretcp flags:SYN,RST/SYN TCPMSS clamp to PMTU Chain zone_lan_REJECT (1 references) target prot opt source destination reject all -- anywhere anywhere reject all -- anywhere anywhere Chain zone_lan_forward (1 references) target prot opt source destination zone_wan_ACCEPT all -- anywhere anywhere forwarding_lan all -- anywhere anywhere zone_lan_REJECT all -- anywhere anywhere Chain zone_wan (1 references) target prot opt source destination ACCEPT udp -- anywhere anywhereudp dpt:68 ACCEPT icmp -- anywhere anywhereicmp echo-request input_wan all -- anywhere anywhere zone_wan_REJECT all -- anywhere anywhere Chain zone_wan_ACCEPT (2 references) target prot opt source destination ACCEPT all
Re: [OpenWrt-Devel] iptables NAT not being updated on WAN changes
Also tried /etc/init.d/firewall restart after restarting the network? Maddes On 18.04.2010 16:38, Nuno Gonçalves wrote: I have internet connections at eth0.2 and eth1. Config is like this: config interface wan option ifname eth1 option protodhcp After boot connection is ok. Computers behind router get NATed internet. Then I do ifdown wan, change eth1 to eth0.2 and ifup wan. Computers start getting Destination port unreachable to ping request. Inside the router I can ping the internet. Rebooting (with eth1 or eth0.2 selected, doesn't care) brings NATed connection back. /etc/init.d/network restart doesn't. r...@openwrt:/# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere syn_flood tcp -- anywhere anywheretcp flags:FIN,SYN,RST,ACK/SYN input_rule all -- anywhere anywhere input all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination zone_wan_MSSFIX all -- anywhere anywhere ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED forwarding_rule all -- anywhere anywhere forwardall -- anywhere anywhere reject all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere output_rule all -- anywhere anywhere output all -- anywhere anywhere Chain forward (1 references) target prot opt source destination zone_lan_forward all -- anywhere anywhere zone_wan_forward all -- anywhere anywhere Chain forwarding_lan (1 references) target prot opt source destination Chain forwarding_rule (1 references) target prot opt source destination Chain forwarding_wan (1 references) target prot opt source destination Chain input (1 references) target prot opt source destination zone_lan all -- anywhere anywhere zone_wan all -- anywhere anywhere Chain input_lan (1 references) target prot opt source destination Chain input_rule (1 references) target prot opt source destination Chain input_wan (1 references) target prot opt source destination Chain output (1 references) target prot opt source destination zone_lan_ACCEPT all -- anywhere anywhere zone_wan_ACCEPT all -- anywhere anywhere Chain output_rule (1 references) target prot opt source destination Chain reject (5 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain syn_flood (1 references) target prot opt source destination RETURN tcp -- anywhere anywheretcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 DROP all -- anywhere anywhere Chain zone_lan (1 references) target prot opt source destination input_lan all -- anywhere anywhere zone_lan_ACCEPT all -- anywhere anywhere Chain zone_lan_ACCEPT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain zone_lan_DROP (0 references) target prot opt source destination DROP all -- anywhere anywhere DROP all -- anywhere anywhere Chain zone_lan_MSSFIX (0 references) target prot opt source destination TCPMSS tcp -- anywhere anywheretcp flags:SYN,RST/SYN TCPMSS clamp to PMTU Chain zone_lan_REJECT (1 references) target prot opt source destination reject all -- anywhere anywhere reject all -- anywhere anywhere Chain zone_lan_forward (1 references) target prot opt source destination zone_wan_ACCEPT all -- anywhere anywhere forwarding_lan all -- anywhere anywhere zone_lan_REJECT all -- anywhere anywhere Chain zone_wan (1 references) target prot opt source destination ACCEPT udp -- anywhere anywhereudp dpt:68 ACCEPT icmp -- anywhere
Re: [OpenWrt-Devel] iptables NAT not being updated on WAN changes
You have to take care of it. Maddes On 18.04.2010 23:41, Nuno Gonçalves wrote: From: Matthias Buecher / Germany m...@maddes.net To: OpenWrt Development List openwrt-devel@lists.openwrt.org Subject: Re: [OpenWrt-Devel] iptables NAT not being updated on WAN changes Message-ID: 4bcb1ad8.3000...@maddes.net Content-Type: text/plain; charset=UTF-8 Also tried /etc/init.d/firewall restart after restarting the network? Maddes Restarting the firewall works. Is that something that I should do manually or just a bug? Regards ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
