#22519: Firewall: LAN to LAN REDIRECT is invalid
--------------------------+--------------------------------
Reporter: puchuu | Owner: developers
Type: defect | Status: new
Priority: normal | Milestone:
Component: base system | Version: Chaos Calmer 15.05
Resolution: | Keywords:
--------------------------+--------------------------------
Comment (by puchuu):
{{{
config redirect
option target 'DNAT'
option src 'lan'
option dest 'lan'
option src_ip '192.168.0.0/24'
option src_dip '192.168.0.1'
option src_dport '22'
option dest_port '6322'
option proto 'tcp udp'
option name 'router ssh for lan'
}}}
This works perfect. Thank you.
But in this case I should remember that I can't simply change network
address from `192.168.0.0` to `192.168.1.0` and `/24` to `/16` in
/etc/config/network.
For example:
{{{
config redirect
option target 'DNAT'
option src 'vpn2'
option dest 'lan'
option src_ip '10.0.3.0/24'
option src_dip '10.0.3.6'
option src_dport '22'
option dest_port '6322'
option proto 'tcp udp'
option name 'router ssh for vpn2'
}}}
This generates REDIRECT too. Ip of machine can be changed by vpn server
and this is bad.
{{{
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '51000'
option dest_ip '192.168.0.3'
option dest_port '51000'
option name 'app'
}}}
This generates:
{{{
DNAT tcp -- 192.168.0.0/24 valid-dynamic-adddress.com tcp dpt:51000
/* app (reflection) */ to:192.168.0.3:51000
}}}
This result is perfect. I think REDIRECT should work the same way. Thank
you.
--
Ticket URL: <https://dev.openwrt.org/ticket/22519#comment:5>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
openwrt-tickets@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
