Modify

Opened 3 years ago

#18700 new defect

WNDR3700v4 Port Fowarding / UPnP & NAND Flash Problems

Reported by: anonymous Owned by: developers
Priority: normal Milestone:
Component: base system Version: Barrier Breaker 14.07
Keywords: Cc:

Description

Source: https://forum.openwrt.org/viewtopic.php?id=53612

Hello everyone!
I just installed latest BB from official download.

Linux version 3.10.49 (bb@builder1) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r42625) ) #3 Wed Oct 1 14:09:48 CEST 2014

Everything works fine except for...

  1. I found rootfs only used 14M nand flash instead of 128M, but it's not very important to me...
  2. port fowarding doesn't work (including UPnP). Does anyone have similar issue?

This is my firewall configuration:
/etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fe80::/10'
        option src_port '547'
        option dest_ip 'fe80::/10'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '7789'
        option dest_ip '192.168.7.160'
        option dest_port '3389'
        option name 'MXCORE_RDP'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '8080'
        option dest_ip '192.168.7.160'
        option dest_port '80'
        option name 'MXCORE_WEB'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '9092'
        option dest_ip '192.168.7.160'
        option dest_port '9092'
        option name 'MXCORE_UT'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '26373'
        option dest_ip '192.168.7.160'
        option dest_port '26373'
        option name 'MXCORE_EDK'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'udp'
        option src_dport '49018'
        option dest_ip '192.168.7.160'
        option dest_port '49018'
        option name 'MXCORE_EDK2'

EDIT: add iptables info...

root@OpenWrt:~# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 89 packets, 5578 bytes)
 pkts bytes target     prot opt in     out     source               destination
   90  5618 delegate_prerouting  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain INPUT (policy ACCEPT 40 packets, 2877 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 151 packets, 7515 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 3 packets, 984 bytes)
 pkts bytes target     prot opt in     out     source               destination
  199 10087 delegate_postrouting  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain MINIUPNPD (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain delegate_postrouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
  199 10087 postrouting_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* user chain for postrouting */
    3   984 zone_lan_postrouting  all  --  *      br-lan  0.0.0.0/0            0.0.0.0/0
  196  9103 zone_wan_postrouting  all  --  *      pppoe-wan  0.0.0.0/0            0.0.0.0/0

Chain delegate_prerouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
   90  5618 prerouting_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* user chain for prerouting */
   60  4386 zone_lan_prerouting  all  --  br-lan *       0.0.0.0/0            0.0.0.0/0
   30  1232 zone_wan_prerouting  all  --  pppoe-wan *       0.0.0.0/0            0.0.0.0/0

Chain postrouting_lan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain postrouting_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain postrouting_wan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain prerouting_lan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain prerouting_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain prerouting_wan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain zone_lan_postrouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
    3   984 postrouting_lan_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* user chain for postrouting */
    0     0 SNAT       tcp  --  *      *       192.168.7.0/24       192.168.7.160        tcp dpt:3389 /* MXCORE_RDP (reflection) */ to:192.168.7.1
    0     0 SNAT       tcp  --  *      *       192.168.7.0/24       192.168.7.160        tcp dpt:9092 /* MXCORE_UT (reflection) */ to:192.168.7.1
    0     0 SNAT       tcp  --  *      *       192.168.7.0/24       192.168.7.160        tcp dpt:26373 /* MXCORE_EDK (reflection) */ to:192.168.7.1
    0     0 SNAT       udp  --  *      *       192.168.7.0/24       192.168.7.160        udp dpt:49018 /* MXCORE_EDK2 (reflection) */ to:192.168.7.1

Chain zone_lan_prerouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
   60  4386 prerouting_lan_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* user chain for prerouting */
    0     0 DNAT       tcp  --  *      *       192.168.7.0/24       59.172.93.252        tcp dpt:7789 /* MXCORE_RDP (reflection) */ to:192.168.7.160:3389
    0     0 DNAT       tcp  --  *      *       192.168.7.0/24       59.172.93.252        tcp dpt:9092 /* MXCORE_UT (reflection) */ to:192.168.7.160:9092
    0     0 DNAT       tcp  --  *      *       192.168.7.0/24       59.172.93.252        tcp dpt:26373 /* MXCORE_EDK (reflection) */ to:192.168.7.160:26373
    0     0 DNAT       udp  --  *      *       192.168.7.0/24       59.172.93.252        udp dpt:49018 /* MXCORE_EDK2 (reflection) */ to:192.168.7.160:49018

Chain zone_wan_postrouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
  196  9103 postrouting_wan_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* user chain for postrouting */
  196  9103 MASQUERADE  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain zone_wan_prerouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
   29  1192 MINIUPNPD  all  --  *      *       0.0.0.0/0            0.0.0.0/0
   30  1232 prerouting_wan_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* user chain for prerouting */
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:7789 /* MXCORE_RDP */ to:192.168.7.160:3389
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:9092 /* MXCORE_UT */ to:192.168.7.160:9092
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:26373 /* MXCORE_EDK */ to:192.168.7.160:26373
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:49018 /* MXCORE_EDK2 */ to:192.168.7.160:49018

Attachments (0)

Change History (0)

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.