<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Is this router doing SNAT? If so, these packets are likely being
mangled by connection tracking before they get matched by the
filter.<br>
<br>
Charlie<br>
<br>
<br>
<div class="moz-cite-prefix">On 04/02/15 13:48, INYO L wrote:<br>
</div>
<blockquote
cite="mid:1749126760.1275313.1423057711241.JavaMail.yahoo@mail.yahoo.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<div style="color:#000; background-color:#fff;
font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial,
Lucida Grande, sans-serif;font-size:16px">
<div style="font-family: Arial; font-size: 14px; line-height:
23.7999992370605px;" class=""
id="yui_3_16_0_1_1423057028389_6370">hi, </div>
<div style="font-family: Arial; font-size: 14px; line-height:
23.7999992370605px;" class=""
id="yui_3_16_0_1_1423057028389_6327"><br class="" style="">
</div>
<div style="font-family: Arial; font-size: 14px; line-height:
23.7999992370605px;" class=""
id="yui_3_16_0_1_1423057028389_6304">I have some trouble
about the openwrt system, and the linux kernelver-3.10.49 ,
iptables version 1.4.21 (barrier_breaker r44257) </div>
<div style="font-family: Arial; font-size: 14px; line-height:
23.7999992370605px;" class=""
id="yui_3_16_0_1_1423057028389_6303"><br class="" style="">
</div>
<div style="font-family: Arial; font-size: 14px; line-height:
23.7999992370605px;" class=""
id="yui_3_16_0_1_1423057028389_6305">iptables -I FORWARD -s
192.168.2.226 -j ACCEPT</div>
<div style="font-family: Arial; font-size: 14px; line-height:
23.7999992370605px;" class=""
id="yui_3_16_0_1_1423057028389_6306"><span style="line-height:
23.7999992370605px;" class=""
id="yui_3_16_0_1_1423057028389_6307">iptables -I FORWARD -d
192.168.2.226 -j ACCEPT</span></div>
<div style="font-family: Arial; font-size: 14px; line-height:
23.7999992370605px;" class=""
id="yui_3_16_0_1_1423057028389_6306" dir="ltr"><span
style="line-height: 23.7999992370605px;" class=""
id="yui_3_16_0_1_1423057028389_6472">iptables -nxv -L
FORWARD</span></div>
<div style="font-family: Arial; font-size: 14px; line-height:
23.7999992370605px;" class=""
id="yui_3_16_0_1_1423057028389_6308"><br class="" style="">
</div>
<div style="font-family: Arial; font-size: 14px; line-height:
23.7999992370605px;" class=""
id="yui_3_16_0_1_1423057028389_6309">When I sufing the
Internet, the kernel can't get the bytes from
source(0.0.0.0/0) to destination(192.168.2.226) . </div>
<div style="font-family: Arial; font-size: 14px; line-height:
23.7999992370605px;" class=""
id="yui_3_16_0_1_1423057028389_6310">Why ?</div>
<div style="font-family: Arial; font-size: 14px; line-height:
23.7999992370605px;" class=""
id="yui_3_16_0_1_1423057028389_6310"><br>
</div>
<div style="font-family: Arial; font-size: 14px; line-height:
23.7999992370605px;" class=""
id="yui_3_16_0_1_1423057028389_6310">
<div class="" style="" id="yui_3_16_0_1_1423057028389_6323">
<img moz-do-not-send="true"
src="file:///C:%5CUsers%5CAdministrator%5CAppData%5CRoaming%5CTencent%5CUsers%5C8606318%5CQQ%5CWinTemp%5CRichOle%5CQ2CN4LWSFG4Y52VJU64J%7D@Q.jpg"
class="" style=""
data-id="29961a0b-3e2b-7fa4-c192-3bd9427f5d09"><span
style="line-height: 23.7999992370605px;" class=""
id="yui_3_16_0_1_1423057028389_6430">root@WirelessRouter:/tmp/logs#
iptables -nxv -L FORWARD</span></div>
<div style="line-height: 23.7999992370605px;"
id="yui_3_16_0_1_1423057028389_6381" class="">
<div class="" style="" id="yui_3_16_0_1_1423057028389_6393">Chain
FORWARD (policy DROP 0 packets, 0 bytes)</div>
<div class="" style="" id="yui_3_16_0_1_1423057028389_6392">
pkts bytes target prot opt in out
source destination </div>
<div id="yui_3_16_0_1_1423057028389_6380" class="" style="">
0 0 ACCEPT all -- * *
0.0.0.0/0 192.168.2.226 </div>
<div class="" style="" id="yui_3_16_0_1_1423057028389_6394">
14 896 ACCEPT all -- * *
192.168.2.226 0.0.0.0/0 </div>
<div class="" style="" id="yui_3_16_0_1_1423057028389_6395">
101 4724 delegate_forward all -- * *
0.0.0.0/0 0.0.0.0/0 </div>
<div class="" style="" id="yui_3_16_0_1_1423057028389_6396"><br
class="" style="">
</div>
<div class="" style="" id="yui_3_16_0_1_1423057028389_6396"
dir="ltr">But, I used the kernel-ver-3.10.36
(barrier_breaker r40976), it works!</div>
<div class="" style="" id="yui_3_16_0_1_1423057028389_6396"
dir="ltr"><br>
</div>
<div class="" style="" id="yui_3_16_0_1_1423057028389_6396"
dir="ltr">Attachment is a few screenshot. </div>
<div class="" style="" id="yui_3_16_0_1_1423057028389_6396"
dir="ltr"><br>
</div>
</div>
<div style="line-height: 23.7999992370605px;" class=""
id="yui_3_16_0_1_1423057028389_6397" dir="ltr">thanks a
lot. </div>
<div class="" style="" id="yui_3_16_0_1_1423057028389_6323"> </div>
</div>
<div id="yui_3_16_0_1_1423057028389_6206" class="" style=""><br
class="" style="">
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
openwrt-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:openwrt-devel@lists.openwrt.org">openwrt-devel@lists.openwrt.org</a>
<a class="moz-txt-link-freetext" href="https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel">https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel</a>
</pre>
</blockquote>
<br>
</body>
</html>