<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix"><br>
Hi Lars,<br>
following your directions I played with the buttons, options but I
haven't found the solution.<br>
I left the checkbutton MASQUERADE only for the internal lan, but
always I haven't the "right" behaviour.<br>
<br>
On 15/05/2015 00:45, <a class="moz-txt-link-abbreviated" href="mailto:openwrt-devel-request@lists.openwrt.org">openwrt-devel-request@lists.openwrt.org</a>
wrote:
</div>
<blockquote
cite="mid:mailman.6084.1431643536.2527.openwrt-devel@lists.openwrt.org"
type="cite">
<blockquote type="cite">
<pre wrap="">
Here is the lan postrouting taken from the above:
Chain zone_lan_postrouting (1 references)
pkts bytes target prot opt in out source destination
12 860 postrouting_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0
12 860 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0
The last line should be the problem: every packet heading for the lan zone
(e.g. your webserver) will be masqueraded (SNAT).
Maybe you enabled the masquerading checkbox in the firewall config for this
interface?
The content of /etc/config/firewall would probably show the root cause (in case
my above guess is wrong).
cheers,
lars
</pre>
</blockquote>
</blockquote>
<br>
Checking another firewall script, I found an interesting rule:<br>
<br>
Chain POSTROUTING (policy ACCEPT 98070 packets, 12M bytes)<br>
pkts bytes target prot opt in out source
destination <br>
215K 17M MASQUERADE all -- * <b>eth1</b>
0.0.0.0/0 0.0.0.0/0 <br>
<br>
so all address are masquerade only for the destination eth1.<br>
<br>
So I issued<br>
iptables -t nat -D zone_lan_postrouting -j MASQUERADE<br>
iptables -t nat -A zone_lan_postrouting -j MASQUERADE -o pppoa-wan<br>
<br>
and my webserver is logging the source address.<br>
<br>
Doest this is an error or normal behaviour of fw3 ?<br>
<br>
Cheers<br>
Angelo<br>
<br>
</body>
</html>