[FS#283] NAT Loopback ("reflections") not working correctly.
LEDE Bugs
lede-bugs at lists.infradead.org
Tue Nov 29 08:37:56 PST 2016
The following task has a new comment added:
FS#283 - NAT Loopback ("reflections") not working correctly.
User who did this - schoerg (schoerg)
----------
(the hostname openwrt-bpi has been kept for naming reason, it is lede)
root at openwrt-bpi:~# cat /etc/config/firewall
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '31337'
option dest_port '22'
option name 'rpi_ssh'
option dest_ip '192.168.0.6'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '28960'
option dest_ip '192.168.0.10'
option dest_port '28960'
option name 'mw2'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '3074-3076'
option dest_ip '192.168.0.10'
option dest_port '3074-3076'
option name 'mw3'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option dest_ip '192.168.0.10'
option name 'steam'
option src_dport '27000-27800'
option dest_port '27000-27800'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '22000'
option dest_ip '192.168.0.9'
option dest_port '22000'
option name 'syncthing'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '3001'
option dest_ip '192.168.0.9'
option dest_port '3001'
option name 'freenas_torrent'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '3002'
option dest_ip '192.168.0.10'
option dest_port '3002'
option name 'fs_torrent'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option name 'nuc_443'
option src_dport '443'
option dest_ip '192.168.0.6'
option dest_port '443'
option reflection '1'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '7002'
option dest_ip '192.168.0.10'
option dest_port '7002'
option name 'skype_fs'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '8081'
option dest_port '3000'
option name 'grafana'
option dest_ip '192.168.0.6'
option enabled '0'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '40000'
option dest_ip '192.168.0.10'
option dest_port '3389'
option name 'fsrdp'
option enabled '0'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '80'
option dest_ip '192.168.0.6'
option dest_port '80'
option name 'nuc_80'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '8920'
option dest_ip '192.168.0.9'
option dest_port '8920'
option name 'emby'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option dest_ip '192.168.0.6'
option name 'nuc_ast_tls'
option proto 'tcp udp'
option src_dport '5060-5061'
option dest_port '5060-5061'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '20000-20500'
option dest_ip '192.168.0.6'
option dest_port '20000-20500'
option name 'nuc_ast_udp'
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option mtu_fix '1'
option masq '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config rule
option src 'lan'
option dest 'wan'
option src_ip '192.168.0.75'
option target 'REJECT'
option enabled '0'
config rule
option target 'ACCEPT'
option src 'lan'
option dest 'lan'
ubus:
{
"interface": [
{
"interface": "lan",
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": false,
"uptime": 30858,
"l3_device": "br-lan",
"proto": "static",
"device": "br-lan",
"updated": [
"addresses"
],
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [
{
"address": "192.168.0.2",
"mask": 24
}
],
"ipv6-address": [
],
"ipv6-prefix": [
],
"ipv6-prefix-assignment": [
{
"address": "fd64:5849:ec76::",
"mask": 60
}
],
"route": [
],
"dns-server": [
"192.168.0.47"
],
"dns-search": [
],
"inactive": {
"ipv4-address": [
],
"ipv6-address": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
]
},
"data": {
}
},
{
"interface": "loopback",
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": false,
"uptime": 30858,
"l3_device": "lo",
"proto": "static",
"device": "lo",
"updated": [
"addresses"
],
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [
{
"address": "127.0.0.1",
"mask": 8
}
],
"ipv6-address": [
],
"ipv6-prefix": [
],
"ipv6-prefix-assignment": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
],
"inactive": {
"ipv4-address": [
],
"ipv6-address": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
]
},
"data": {
}
},
{
"interface": "wan",
"up": true,
"pending": false,
"available": true,
"autostart": true,
"dynamic": false,
"uptime": 30851,
"l3_device": "wwan0",
"proto": "mbim",
"metric": 0,
"dns_metric": 0,
"delegation": true,
"ipv4-address": [
],
"ipv6-address": [
],
"ipv6-prefix": [
],
"ipv6-prefix-assignment": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
],
"inactive": {
"ipv4-address": [
],
"ipv6-address": [
],
"route": [
],
"dns-server": [
],
"dns-search": [
]
},
"data": {
}
}
]
}
ubus shows no ipv4 address, the device is online however.
ifconfig wwan0:
wwan0 Link encap:Ethernet HWaddr B2:0F:20:9E:0A:81
inet addr:178.112.24.186 Bcast:178.112.24.187 Mask:255.255.255.252
inet6 addr: fe80::b00f:20ff:fe9e:a81/64 Scope:Link
UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1628315 errors:0 dropped:0 overruns:0 frame:0
TX packets:828786 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2020185641 (1.8 GiB) TX bytes:62813039 (59.9 MiB)
----------
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=283#comment974
More information about the lede-bugs
mailing list