Modify

Opened 3 years ago

#18791 new enhancement

Add POSTROUTING::ACCEPT for DNAT rules

Reported by: Andreeeee Owned by: developers
Priority: normal Milestone:
Component: base system Version: Barrier Breaker 14.07
Keywords: firewall DNAT Cc:

Description

When a port forwarding is setup (either using LuCI or via 'config redirect' in /etc/config/firewalll), the routing works properly. However, the packet IP that arrives has the source IP modified to the router internal lan IP, due to mangling.

Not seeing the original source IP on the destination machine is sometimes unpleasant, esp. when logging access, or when using fail2ban.

Something like the following needs to be added to /etc/firewall.user to keep the source IP unchanged:

%<------------------
iptables -t nat -I POSTROUTING 1 -p tcp --dport 22 -j ACCEPT
%<------------------

If it turns out to not be automagically addable, maybe at least some kind of help text (on wiki) would be helpful, as I spent considerable amount of time debugging it.

Attachments (0)

Change History (0)

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.