ciao a tutti non riesco a far andare il masquerading col firewall di openwrt
questo e' il mio /etc/config/network
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'switch' 'eth0'
option 'enable_vlan' '1'
config 'switch_vlan'
option 'device' 'eth0'
option 'vlan' '1'
option 'ports' '0 1 2 3 4'
config 'interface' 'msh0'
option 'proto' 'static'
option 'ip6addr' '2001:470:1f13:0325::74ea:3abb:3dde/64'
option 'ipaddr' '5.187.61.222'
option 'netmask' '255.0.0.0'
config 'interface' 'wan'
option 'ifname' 'eth1'
option 'proto' 'dhcp'
config 'interface' 'lan'
option 'type' 'bridge'
option 'ifname' 'eth0'
option 'proto' 'static'
option 'ipaddr' '10.61.222.1'
option 'netmask' '255.255.255.0'
config 'interface' 'niit4to6'
option 'proto' 'none'
option 'ifname' 'niit4to6'
config 'interface' 'niit6to4'
option 'proto' 'none'
option 'ifname' 'niit6to4'
e questo e' il mio /etc/config/firewall
config 'defaults'
option 'syn_flood' '1'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'ACCEPT'
option 'disable_ipv6' '1'
## zone
config 'zone'
option 'name' 'lan'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'ACCEPT'
config 'zone'
option 'name' 'msh0'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'ACCEPT'
config 'zone'
option 'name' 'wan'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'ACCEPT'
option 'masq' '1'
option 'mtu_fix' '1'
config 'zone'
option 'name' 'niit4to6'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'ACCEPT'
config 'zone'
option 'name' 'niit6to4'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'ACCEPT'
## msh0 ->
config 'forwarding'
option 'src' 'msh0'
option 'dst' 'wan'
config 'forwarding'
option 'src' 'msh0'
option 'dst' 'lan'
config 'forwarding'
option 'src' 'msh0'
option 'dst' 'niit4to6'
## lan ->
config 'forwarding'
option 'src' 'lan'
option 'dst' 'wan'
config 'forwarding'
option 'src' 'lan'
option 'dst' 'msh0'
config 'forwarding'
option 'src' 'lan'
option 'dst' 'niit4to6'
## wan ->
config 'forwarding'
option 'src' 'wan'
option 'dst' 'lan'
config 'forwarding'
option 'src' 'wan'
option 'dst' 'msh0'
config 'forwarding'
option 'src' 'wan'
option 'dst' 'niit4to6'
## niit6to4 ->
config 'forwarding'
option 'src' 'niit6to4'
option 'dst' 'lan'
config 'forwarding'
option 'src' 'niit6to4'
option 'dst' 'msh0'
config 'forwarding'
option 'src' 'niit6to4'
option 'dst' 'wan'
come potete vedere masq e' settato a 1 su wan ma sniffando i pacchetti
escono con l'ip sorgente non modificato :|
_______________________________________________
Wireless mailing list
[email protected]
http://ml.ninux.org/mailman/listinfo/wireless
