[OpenWrt-Devel] External (public) IP forwarded to internal LAN

Angelo Corsaro corsaroangelo at gmail.com
Thu May 14 09:49:52 EDT 2015


Hi,
I'll try to explain better my concern.
I would like to show the "source" ip when I read the log of my web 
browser; this is the scenario:

user A (IP) -------//----- (extern iface)MODEM/ROUTER(internal iface) 
-------------- (WWW iface) WWW

the IP is 1.2.3.4
the extern iface is 5.6.7.8
the internal iface is 192.168.100.100
the WWW iface is 192.168.100.200

when I look the ip packets  on extern iface I can see the packet from 
1.2.3.4 and directed to 5.6.7.8, BUT on internal iface every packet 
comes from 192.168.100.100, not from 1.2.3.4.
in the log of the web server the address recorded is 192.168.100.100.

the dump on the modem's extern iface
   15:07:09.216062 IP 1-2-3-4.foo.com.15716 > adsl-5-6-7-8.foo.it.10080
the dump on the modem's internal iface
   15:07:03.135591 IP 192.168.100.100.15716 > 192.168.100.200.www
on the www side
192.168.100.100 - - [14/May/2015:15:07:03 +0200] "GET / HTTP/1.1" 200 
2735 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:38.0) 
Gecko/20100101 Firefox/38.0"

you can find the output of the two commands on pastebin in the next 2 weeks.

iptables -L -vn at http://pastebin.com/2b0ewSyu
iptables -t nat -L -vn at http://pastebin.com/i7qPXEMJ

Hope this helps.

Cheers
Angelo

> Hi all,
> first of all, I'm sorry for my poor english and if I placed my 
> question in a wrong place.
> I'm facing an issue with,I think, iptables. This is the scenario: I'm 
> using a ddns service to point my external ip to access my server; and 
> it works fine, but the original address is always  the internal iface 
> of my modem.
>
> This is my actual port-forwarding conf in /etc/config/firewall 
> option src 'wan'
>     option dest 'lan'
>     option proto 'tcp udp'
>     option dest_ip '192.168.x.x'
>     option dest_port 'x'
>     option name 'Photo'
>     option src_dport 'x'
>     option reflection '1'
>
>
> surfing on web and in the wiki of openwrt I cannot find any solution.
> If I'm not wrong, in the previous release of openwrt the origin's IP 
> was forwarded to the internal lan.
> Tcpdumping the wan iface I can see both public ip (original and my own 
> ip)
>
> Is there any solution (conf, recompile the packet,patch etc) to 
> reflect the previous behaviour ?
>
> Cheers
> Angelo
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list