Modify

Opened 6 years ago

Last modified 4 years ago

#10302 new defect

Bug in the port redirection for inbound UDP connection?

Reported by: anonymous Owned by: developers
Priority: normal Milestone: Chaos Calmer 15.05
Component: base system Version: Backfire 10.03.1 RC5
Keywords: Cc:

Description

I'm testing a TP-link 1043nd loaded with OpenWrt backfire 10.3.1.RC5 as router (IP 192.168.1.1) to the Internet for a LAN. On the LAN, I have a host running Askozia (a in-box Astersik, IP 192.168.1.2) as PBX for some SIP Client, several of them are on the remote site. ( I'm planning to squeeze the Asterisk to TP1043nd)

So, what I want is a (or a range of) port forwarding, or port redirection in OpenWrt's term for the SIP registar (Arbitrary on 1605 UDP) and RTP stream (10000-10200 UDP).

But when I set the /etc/config/firewall to:
...
config redirect

option src wan
option dest lan
option src_dport 1605
option dest_ip 192.168.1.2
option dest_port 1605
option proto udp

...

After doing a due restart, the connection for UDP port 1605 from Internet fails always. a ICMP response "udp port 1605 unreachable, length 556" is sent out by the router. And the Askozia box receives nothing. To be brief, the firewall code does not work as expected. I don't think there could be anything wrong with the settings, because it's too simple.

Occasionally, when I tested to change the UDP proto to TCP with others untouched, and use a browser to initiate a TCP connection to 1605 port on my WAN IP from outside, the connection was successfully redirected to the Askozia box (I TCPDUMPed the packets on the br-lan interface.)

After looking through the "iptables -L -n -v" results constantly, I found the UDP connection doesn't match the redirection rule and is always dropped by others on the WAN zone while TCP does.

Here is a snippet:
...
Chain zone_wan_REJECT (2 references)
pkts bytes target prot opt in out source destination

0 0 reject all -- * eth1 0.0.0.0/0 0.0.0.0/0
3 1516 reject all -- eth1 * 0.0.0.0/0 0.0.0.0/0

Chain zone_wan_forward (1 references)
pkts bytes target prot opt in out source destination

0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.2 udp dpt:1605
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.2 tcp dpt:8080

...

To be brief again, the port redirection works for the TCP but not the UDP!

Attachments (0)

Change History (1)

comment:1 Changed 4 years ago by jow

  • Milestone changed from Backfire 10.03.2 to Chaos Calmer (trunk)

Milestone Backfire 10.03.2 deleted

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.