Modify

Opened 5 years ago

Closed 5 years ago

Last modified 4 years ago

#13217 closed defect (fixed)

firewall3 redirect rule not working

Reported by: duvi Owned by: developers
Priority: high Milestone: Barrier Breaker 14.07
Component: packages Version: Trunk
Keywords: Cc:

Description

After upgrading to firewall3, the redirect rule does not work. I can not connect to ssh over the redirected port 22001 anymore.

# port redirect of remapped ssh port (22001) on wan
config redirect
	option src		wan
	option src_dport	22001
	option dest		lan
	option dest_port	22
	option proto		tcp

Attachments (0)

Change History (4)

comment:1 Changed 5 years ago by duvi

I see incoming packets in the nat table:

Chain zone_wan_prerouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
  186 16295 MINIUPNPD  all  --  *      *       0.0.0.0/0            0.0.0.0/0
  174 14829 prerouting_wan_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* user chain for wan prerouting */
   15   872 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22469 to:0.0.0.0:22

But I don't see them arriving in the filter table:

Chain zone_wan_input (1 references)
 pkts bytes target     prot opt in     out     source               destination
  174 15199 input_wan_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* user chain for wan input */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:68 /* Allow-DHCP-Renew */
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 /* Allow-Ping */
   80  5830 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:161
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate DNAT
   94  9369 zone_wan_src_REJECT  all  --  *      *       0.0.0.0/0            0.0.0.0/0

comment:2 Changed 5 years ago by duvi

Don't get confused about seeing port 22469 in the previous comment, and 22001 in the config, I just forgot to edit one of them when pasting here, but they are the same.

comment:3 Changed 5 years ago by jow

  • Resolution set to fixed
  • Status changed from new to closed

comment:4 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.