Opened 2 years ago

#20674 new defect

dnat redirect to additional IPs of the router creates a dnat+forward instead of dnat+input rule

Reported by: pier4r Owned by: developers
Priority: normal Milestone:
Component: other Version: Attitude Adjustment 12.09
Keywords: firewall, redirects Cc:


Hello everyone, i found the following problem on openwrt 12.09 (tplink wdr3600).

With mwan3 and an openvpn server, to let the vpn clients be connected from both the wan connections it is suggested to bind
the vpn server on one local ip of the router and then make a redirect from wan to the lan side.

Now, if the lan side has more than one address (due to aliasing), only the first address shown by ifconfig will create a proper 'local' redirect (that is: DNAT in prerouting and a rule in zone_wan , that is in the INPUT chain of the filter table), the others will create a DNAT+forward and they won't reach any usable system because the packets will be forwarded out of the router.

Attachments (0)

Change History (0)

Add Comment

Modify Ticket

as new .

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.