[OpenWrt-Devel] iptables NAT not being updated on WAN changes
I have internet connections at eth0.2 and eth1. Config is like this: config interface wan option ifname eth1 option protodhcp After boot connection is ok. Computers behind router get NATed internet. Then I do ifdown wan, change eth1 to eth0.2 and ifup wan. Computers start getting "Destination port unreachable" to ping request. Inside the router I can ping the internet. Rebooting (with eth1 or eth0.2 selected, doesn't care) brings NATed connection back. /etc/init.d/network restart doesn't. r...@openwrt:/# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere syn_flood tcp -- anywhere anywheretcp flags:FIN,SYN,RST,ACK/SYN input_rule all -- anywhere anywhere input all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination zone_wan_MSSFIX all -- anywhere anywhere ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED forwarding_rule all -- anywhere anywhere forwardall -- anywhere anywhere reject all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywherestate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere output_rule all -- anywhere anywhere output all -- anywhere anywhere Chain forward (1 references) target prot opt source destination zone_lan_forward all -- anywhere anywhere zone_wan_forward all -- anywhere anywhere Chain forwarding_lan (1 references) target prot opt source destination Chain forwarding_rule (1 references) target prot opt source destination Chain forwarding_wan (1 references) target prot opt source destination Chain input (1 references) target prot opt source destination zone_lan all -- anywhere anywhere zone_wan all -- anywhere anywhere Chain input_lan (1 references) target prot opt source destination Chain input_rule (1 references) target prot opt source destination Chain input_wan (1 references) target prot opt source destination Chain output (1 references) target prot opt source destination zone_lan_ACCEPT all -- anywhere anywhere zone_wan_ACCEPT all -- anywhere anywhere Chain output_rule (1 references) target prot opt source destination Chain reject (5 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain syn_flood (1 references) target prot opt source destination RETURN tcp -- anywhere anywheretcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 DROP all -- anywhere anywhere Chain zone_lan (1 references) target prot opt source destination input_lan all -- anywhere anywhere zone_lan_ACCEPT all -- anywhere anywhere Chain zone_lan_ACCEPT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain zone_lan_DROP (0 references) target prot opt source destination DROP all -- anywhere anywhere DROP all -- anywhere anywhere Chain zone_lan_MSSFIX (0 references) target prot opt source destination TCPMSS tcp -- anywhere anywheretcp flags:SYN,RST/SYN TCPMSS clamp to PMTU Chain zone_lan_REJECT (1 references) target prot opt source destination reject all -- anywhere anywhere reject all -- anywhere anywhere Chain zone_lan_forward (1 references) target prot opt source destination zone_wan_ACCEPT all -- anywhere anywhere forwarding_lan all -- anywhere anywhere zone_lan_REJECT all -- anywhere anywhere Chain zone_wan (1 references) target prot opt source destination ACCEPT udp -- anywhere anywhereudp dpt:68 ACCEPT icmp -- anywhere anywhereicmp echo-request input_wan all -- anywhere anywhere zone_wan_REJECT all -- anywhere anywhere Chain zone_wan_ACCEPT (2 references) target prot opt source destination ACCEPT al
Re: [OpenWrt-Devel] iptables NAT not being updated on WAN changes
Also tried "/etc/init.d/firewall restart" after restarting the network? Maddes On 18.04.2010 16:38, Nuno Gonçalves wrote: > I have internet connections at eth0.2 and eth1. > > Config is like this: > > config interface wan > option ifname eth1 > option protodhcp > > After boot connection is ok. Computers behind router get NATed internet. > Then I do ifdown wan, change eth1 to eth0.2 and ifup wan. > Computers start getting "Destination port unreachable" to ping > request. Inside the router I can ping the internet. > > Rebooting (with eth1 or eth0.2 selected, doesn't care) brings NATed > connection back. > /etc/init.d/network restart doesn't. > > r...@openwrt:/# iptables -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > ACCEPT all -- anywhere anywherestate > RELATED,ESTABLISHED > ACCEPT all -- anywhere anywhere > syn_flood tcp -- anywhere anywheretcp > flags:FIN,SYN,RST,ACK/SYN > input_rule all -- anywhere anywhere > input all -- anywhere anywhere > > Chain FORWARD (policy DROP) > target prot opt source destination > zone_wan_MSSFIX all -- anywhere anywhere > ACCEPT all -- anywhere anywherestate > RELATED,ESTABLISHED > forwarding_rule all -- anywhere anywhere > forwardall -- anywhere anywhere > reject all -- anywhere anywhere > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > ACCEPT all -- anywhere anywherestate > RELATED,ESTABLISHED > ACCEPT all -- anywhere anywhere > output_rule all -- anywhere anywhere > output all -- anywhere anywhere > > Chain forward (1 references) > target prot opt source destination > zone_lan_forward all -- anywhere anywhere > zone_wan_forward all -- anywhere anywhere > > Chain forwarding_lan (1 references) > target prot opt source destination > > Chain forwarding_rule (1 references) > target prot opt source destination > > Chain forwarding_wan (1 references) > target prot opt source destination > > Chain input (1 references) > target prot opt source destination > zone_lan all -- anywhere anywhere > zone_wan all -- anywhere anywhere > > Chain input_lan (1 references) > target prot opt source destination > > Chain input_rule (1 references) > target prot opt source destination > > Chain input_wan (1 references) > target prot opt source destination > > Chain output (1 references) > target prot opt source destination > zone_lan_ACCEPT all -- anywhere anywhere > zone_wan_ACCEPT all -- anywhere anywhere > > Chain output_rule (1 references) > target prot opt source destination > > Chain reject (5 references) > target prot opt source destination > REJECT tcp -- anywhere anywhere > reject-with tcp-reset > REJECT all -- anywhere anywhere > reject-with icmp-port-unreachable > > Chain syn_flood (1 references) > target prot opt source destination > RETURN tcp -- anywhere anywheretcp > flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 > DROP all -- anywhere anywhere > > Chain zone_lan (1 references) > target prot opt source destination > input_lan all -- anywhere anywhere > zone_lan_ACCEPT all -- anywhere anywhere > > Chain zone_lan_ACCEPT (2 references) > target prot opt source destination > ACCEPT all -- anywhere anywhere > ACCEPT all -- anywhere anywhere > > Chain zone_lan_DROP (0 references) > target prot opt source destination > DROP all -- anywhere anywhere > DROP all -- anywhere anywhere > > Chain zone_lan_MSSFIX (0 references) > target prot opt source destination > TCPMSS tcp -- anywhere anywheretcp > flags:SYN,RST/SYN TCPMSS clamp to PMTU > > Chain zone_lan_REJECT (1 references) > target prot opt source destination > reject all -- anywhere anywhere > reject all -- anywhere anywhere > > Chain zone_lan_forward (1 references) > target prot opt source destination > zone_wan_ACCEPT all -- anywhere anywhere > forwarding_lan all -- anywhere anywhere > zone_lan_REJECT all -- anywhere anywhere > > Chain zone_wan (1 references) > target prot opt source
Re: [OpenWrt-Devel] iptables NAT not being updated on WAN changes
You have to take care of it. Maddes On 18.04.2010 23:41, Nuno Gonçalves wrote: >> From: Matthias Buecher / Germany >> To: OpenWrt Development List >> Subject: Re: [OpenWrt-Devel] iptables NAT not being updated on WAN >>changes >> Message-ID: <4bcb1ad8.3000...@maddes.net> >> Content-Type: text/plain; charset=UTF-8 >> >> Also tried "/etc/init.d/firewall restart" after restarting the network? >> >> Maddes > > Restarting the firewall works. Is that something that I should do > manually or just a bug? > > Regards ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
