[Ninux-Wireless] firewall openwrt non va il MASQUERADING

Gioacchino Mazzurco Wed, 09 Feb 2011 10:54:17 -0800

ciao a tutti non riesco a far andare il masquerading col firewall di openwrt


questo e' il mio /etc/config/network

config 'interface' 'loopback'
        option 'ifname' 'lo'
        option 'proto' 'static'
        option 'ipaddr' '127.0.0.1'
        option 'netmask' '255.0.0.0'

config 'switch' 'eth0'
        option 'enable_vlan' '1'

config 'switch_vlan'
        option 'device' 'eth0'
        option 'vlan' '1'
        option 'ports' '0 1 2 3 4'

config 'interface' 'msh0'
        option 'proto' 'static'
        option 'ip6addr' '2001:470:1f13:0325::74ea:3abb:3dde/64'
        option 'ipaddr' '5.187.61.222'
        option 'netmask' '255.0.0.0'

config 'interface' 'wan'
        option 'ifname' 'eth1'
        option 'proto' 'dhcp'

config 'interface' 'lan'
        option 'type' 'bridge'
        option 'ifname' 'eth0'
        option 'proto' 'static'
        option 'ipaddr' '10.61.222.1'
        option 'netmask' '255.255.255.0'

config 'interface' 'niit4to6'
        option 'proto' 'none'
        option 'ifname' 'niit4to6'

config 'interface' 'niit6to4'
        option 'proto' 'none'
        option 'ifname' 'niit6to4'

e questo e' il mio /etc/config/firewall

config 'defaults'
        option 'syn_flood' '1'
        option 'input' 'ACCEPT'
        option 'output' 'ACCEPT'
        option 'forward' 'ACCEPT'
        option 'disable_ipv6' '1'

## zone

config 'zone'
        option 'name' 'lan'
        option 'input' 'ACCEPT'
        option 'output' 'ACCEPT'
        option 'forward' 'ACCEPT'

config 'zone'
        option 'name' 'msh0'
        option 'input' 'ACCEPT'
        option 'output' 'ACCEPT'
        option 'forward' 'ACCEPT'

config 'zone'
        option 'name' 'wan'
        option 'input' 'ACCEPT'
        option 'output' 'ACCEPT'
        option 'forward' 'ACCEPT'
        option 'masq' '1'
        option 'mtu_fix' '1'

config 'zone'
        option 'name' 'niit4to6'
        option 'input' 'ACCEPT'
        option 'output' 'ACCEPT'
        option 'forward' 'ACCEPT'


config 'zone'
        option 'name' 'niit6to4'
        option 'input' 'ACCEPT'
        option 'output' 'ACCEPT'
        option 'forward' 'ACCEPT'

## msh0 ->

config 'forwarding'
        option 'src' 'msh0'
        option 'dst' 'wan'

config 'forwarding'
        option 'src' 'msh0'
        option 'dst' 'lan'

config 'forwarding'
        option 'src' 'msh0'
        option 'dst' 'niit4to6'

## lan ->

config 'forwarding'
        option 'src' 'lan'
        option 'dst' 'wan'

config 'forwarding'
        option 'src' 'lan'
        option 'dst' 'msh0'

config 'forwarding'
        option 'src' 'lan'
        option 'dst' 'niit4to6'

## wan ->

config 'forwarding'
        option 'src' 'wan'
        option 'dst' 'lan'

config 'forwarding'
        option 'src' 'wan'
        option 'dst' 'msh0'

config 'forwarding'
        option 'src' 'wan'
        option 'dst' 'niit4to6'

## niit6to4 ->

config 'forwarding'
        option 'src' 'niit6to4'
        option 'dst' 'lan'

config 'forwarding'
        option 'src' 'niit6to4'
        option 'dst' 'msh0'

config 'forwarding'
        option 'src' 'niit6to4'
        option 'dst' 'wan'



come potete vedere masq e' settato a 1 su wan ma sniffando i pacchetti
escono con l'ip sorgente non modificato :|

_______________________________________________
Wireless mailing list
Wireless@ml.ninux.org
http://ml.ninux.org/mailman/listinfo/wireless

[Ninux-Wireless] firewall openwrt non va il MASQUERADING

Rispondere a