Modify

Opened 5 years ago

Closed 5 years ago

Last modified 4 years ago

#13197 closed defect (fixed)

sudden cange in public IP handling!

Reported by: anonymous Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: packages Version: Trunk
Keywords: Cc:

Description

I run a wndr3700v2, DSL connection, with a /28 block of fixed IPs.
I recently updated to build r36033 for a WNDR3700v2, this was the first update in about a month (vacations etc).
On reboot all of my web facing servers stopped working.
After a little digging I found that I had to add a SNAT entry for each server address (total of 10).
This is a complete change in behavior from previous builds.
It seems a little redundant to SNAT from 74.116.186.178 to 74.116.186.178, there must be a better and/or more efficient way of achieving the same result.
Below are my network and firewall configs, confidential info redaced,
[b]Network[/b]
[code]

config interface 'loopback'

option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config interface 'lan'

option ifname 'eth0.1'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.30.1'
option netmask '255.255.255.224'

config interface 'wan'

option ifname 'eth1'
option proto 'pppoe'
option username '██████████████████████████████'
option password '██████████'

config switch

option name 'rtl8366s'
option reset '1'
option enable_vlan '1'
option blinkrate '2'
option enable_vlan4k '1'
option max_length '3'

config switch_vlan

option device 'rtl8366s'
option vlan '1'
option ports '0 1 5t'

config switch_port

option device 'rtl8366s'
option port '1'
option led '6'

config switch_port

option device 'rtl8366s'
option port '2'
option led '9'

config switch_port

option device 'rtl8366s'
option port '5'
option led '2'

config switch_vlan

option device 'rtl8366s'
option vlan '2'
option ports '2 3 5t'

config interface 'dmz'

option proto 'static'
option ifname 'eth0.2'
option ipaddr '███.███.███.177'
option netmask '255.255.255.240'

[/code]
[b]Firewall[/b]
[code]

config rule

option name 'Allow-DHCP-Renew'
option src 'wan'

.
. standard stanzas
.
config defaults

option syn_flood '1'
option forward 'REJECT'
option drop_invalid '1'
option input 'ACCEPT'
option output 'ACCEPT'

config zone

option name 'wan'
option network 'wan'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option conntrack '1'
list masq_src '!dmz'
list masq_dest '!dmz'
option input 'ACCEPT'

config zone

option name 'dmz'
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
option network 'dmz'

config zone

option name 'lan'
option network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'

config forwarding

option dest 'dmz'
option src 'lan'

config forwarding

option dest 'wan'
option src 'dmz'

config forwarding

option dest 'wan'
option src 'lan'

config forwarding

option dest 'dmz'
option src 'wan'

config include 'miniupnpd'

option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'IPv4'
option reload '1'

config redirect

option target 'SNAT'
option src 'dmz'
option dest 'wan'
option proto 'all'
option src_ip '███.███.███.178'
option src_dip '███.███.███.178'
option name 'DMZ'

config redirect

option target 'SNAT'
option src 'dmz'
option dest 'wan'
option proto 'all'
option src_dip '███.███.███.179'
option src_ip '███.███.███.179'
option name 'DMZ'

config redirect

option target 'SNAT'
option src 'dmz'
option dest 'wan'
option proto 'all'
option src_dip '███.███.███.180'
option src_ip '███.███.███.180'
option name 'DMZ'

config redirect

option target 'SNAT'
option dest 'wan'
option proto 'all'
option src_dip '███.███.███.181'
option src_ip '███.███.███.181'
option src 'dmz'
option name 'DMZ'

config redirect

option target 'SNAT'
option src 'dmz'
option dest 'wan'
option proto 'all'
option src_ip '███.███.███.182'
option src_dip '███.███.███.182'
option name 'DMZ'

config redirect

option target 'SNAT'
option src 'dmz'
option dest 'wan'
option proto 'all'
option src_dip '███.███.███.186'
option src_ip '███.███.███.186'
option name 'DMZ'

config redirect

option target 'SNAT'
option src 'dmz'
option dest 'wan'
option proto 'all'
option src_dip '███.███.███.187'
option src_ip '███.███.███.187'
option name 'DMZ'

config redirect

option target 'SNAT'
option dest 'wan'
option proto 'all'
option src_dip '███.███.███.188'
option src_ip '███.███.███.188'
option src 'dmz'
option name 'DMZ'

config redirect

option target 'SNAT'
option src 'dmz'
option dest 'wan'
option proto 'all'
option src_dip '███.███.███.189'
option src_ip '███.███.███.189'
option name 'DMZ'

config redirect

option target 'SNAT'
option src 'dmz'
option dest 'wan'
option proto 'all'
option src_dip '███.███.███.190'
option name 'DMZ'
option src_ip '███.███.███.190'

[/code]

Attachments (0)

Change History (2)

comment:1 Changed 5 years ago by jow

  • Resolution set to fixed
  • Status changed from new to closed

Symbolic masq_src / masq_dest support restored with r36090.

comment:2 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.