Modify

Opened 11 years ago

Closed 11 years ago

Last modified 4 years ago

#1894 closed defect (duplicate)

/etc/config/firewall forward does not allow specify of source IP

Reported by: anonymous Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: other Version:
Keywords: firewall forward source Cc:

Description

The configuration file /etc/config/firewall does not seem to allow the user to specify the source IP of the traffic.

Rearranging the order of the <match> does not seem to matter.

This is supposedly specified by:
# forward:<match>:<target>[:<port>]
# - forwards all packets matched by <match> to <target>,
# optionally changing the port to <port>

But the match syntax for the 'forward:' rule does not allow 'src' to be specified.

Examples tried:


forward:src=1.1.1.1/32 proto=tcp dport=25:192.168.0.1:25

iptables -L -n -v:
Chain forwarding_wan (1 references)

pkts bytes target prot opt in out source destination

0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.1 tcp dpt:25


forward:proto=tcp src=1.1.1.1/32 dport=25:192.168.0.1:25

iptables -L -n -v:
Chain forwarding_wan (1 references)

pkts bytes target prot opt in out source destination

0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.1 tcp dpt:25


forward:proto=tcp dport=25 src=1.1.1.1/32:192.168.0.1:25

iptables -L -n -v:
Chain forwarding_wan (1 references)

pkts bytes target prot opt in out source destination

0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.1 tcp dpt:25

Attachments (0)

Change History (5)

comment:1 Changed 11 years ago by mbm

The /etc/config/firewall is a legacy format that will probably be changed; there is a /etc/firewall.user if you prefer to type iptables commands directly.

comment:2 Changed 11 years ago by lubek <lubek@…>

It works well.
You are looking into the wrong chain. The forwarding_wan table is a filter target. You must look into the prerouting_wan table in the nat target.

comment:3 Changed 11 years ago by lubek <lubek@…>

Sorry for the mystification. :)
I am working with the different firewall.awk.
You are right.

comment:4 Changed 11 years ago by nbd

  • Milestone changed from Kamikaze 7.07 to Kamikaze
  • Resolution set to duplicate
  • Status changed from new to closed

Making a new ticket for a rewrite of /etc/config/firewall: #1964

comment:5 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.