On Wed, 2009-10-28 at 21:37 +1100, Ishwor Gurung wrote: > What about just dumping NAT table i.e., without the grep magic foo?
Sure. I've attached an `iptables -t nat -L` from working, and broken. (Not sure if such attachments are allowed on this list, but I have seen some pretty hideous top-posting on this list that is much worse than a couple of KB of text attachments.) What's weird is that the line that should make all the difference (the last line in both attachments) doesn't change at all. At time of writing, the brokenness is sending traffic from port 1240 to port 81 instead of 80. (Has now been ports 82 and 95 in the past.) The only differences between the two dumps are that Transmission doesn't have one of its UDP port forwards for some reason, our (dynamic) WAN IP has changed, and I pulled another port forward that I wasn't using. Given that it has been working and broken without much change, I cannot put my finger on what it is. > I think it could be a bug in OpenWRT. What specific revision is it? I'm running Kamikaze 8.09.1, r16278.
Chain PREROUTING (policy ACCEPT) target prot opt source destination zone_wan_prerouting all -- anywhere anywhere zone_lan_prerouting all -- anywhere anywhere prerouting_rule all -- anywhere anywhere Chain POSTROUTING (policy ACCEPT) target prot opt source destination postrouting_rule all -- anywhere anywhere zone_wan_nat all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain MINIUPNPD (1 references) target prot opt source destination DNAT udp -- anywhere anywhere udp dpt:21287 to:192.168.0.23:21287-0 DNAT tcp -- anywhere anywhere tcp dpt:21287 to:192.168.0.23:21287-0 Chain miniupnpd_wan_rule (1 references) target prot opt source destination MINIUPNPD all -- anywhere ppp121-44-178-139.lns20.syd7.internode.on.net Chain postrouting_rule (1 references) target prot opt source destination Chain prerouting_lan (1 references) target prot opt source destination Chain prerouting_rule (1 references) target prot opt source destination miniupnpd_wan_rule all -- anywhere anywhere Chain prerouting_wan (1 references) target prot opt source destination Chain zone_lan_nat (0 references) target prot opt source destination MASQUERADE all -- anywhere anywhere Chain zone_lan_prerouting (1 references) target prot opt source destination prerouting_lan all -- anywhere anywhere DNAT tcp -- 192.168.0.1 anywhere tcp dpt:5222 to:192.168.0.14 Chain zone_wan_nat (1 references) target prot opt source destination MASQUERADE all -- anywhere anywhere Chain zone_wan_prerouting (1 references) target prot opt source destination prerouting_wan all -- anywhere anywhere DNAT udp -- anywhere anywhere udp dpt:53 to:192.168.0.14 DNAT tcp -- anywhere anywhere tcp dpt:22 to:192.168.0.14 DNAT tcp -- anywhere anywhere tcp dpt:25 to:192.168.0.14 DNAT tcp -- anywhere anywhere tcp dpt:993 to:192.168.0.14 DNAT udp -- anywhere anywhere udp dpt:5060 to:192.168.0.3 DNAT udp -- anywhere anywhere udp dpt:1194 to:192.168.0.14 DNAT tcp -- anywhere anywhere tcp dpt:80 to:192.168.0.14 DNAT tcp -- anywhere anywhere tcp dpt:443 to:192.168.0.14 DNAT tcp -- anywhere anywhere tcp dpt:5269 to:192.168.0.14 DNAT tcp -- anywhere anywhere tcp dpt:5222 to:192.168.0.14 DNAT tcp -- anywhere anywhere tcp dpt:5223 to:192.168.0.14 DNAT udp -- anywhere anywhere udp dpt:13000 to:192.168.0.218 DNAT udp -- anywhere anywhere udp dpt:7777 to:192.168.0.218 DNAT udp -- anywhere anywhere udp dpt:6500 to:192.168.0.218 DNAT tcp -- anywhere anywhere tcp dpts:1230:1239 to:192.168.0.23 DNAT udp -- anywhere anywhere udp dpts:1230:1239 to:192.168.0.23 DNAT tcp -- anywhere anywhere tcp dpt:1240 to:192.168.0.23:80
Chain PREROUTING (policy ACCEPT) target prot opt source destination zone_wan_prerouting all -- anywhere anywhere zone_lan_prerouting all -- anywhere anywhere prerouting_rule all -- anywhere anywhere Chain POSTROUTING (policy ACCEPT) target prot opt source destination postrouting_rule all -- anywhere anywhere zone_wan_nat all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain MINIUPNPD (1 references) target prot opt source destination DNAT tcp -- anywhere anywhere tcp dpt:21287 to:192.168.0.23:21287-0 Chain miniupnpd_wan_rule (1 references) target prot opt source destination MINIUPNPD all -- anywhere ppp121-44-205-223.lns20.syd7.internode.on.net Chain postrouting_rule (1 references) target prot opt source destination Chain prerouting_lan (1 references) target prot opt source destination Chain prerouting_rule (1 references) target prot opt source destination miniupnpd_wan_rule all -- anywhere anywhere Chain prerouting_wan (1 references) target prot opt source destination Chain zone_lan_nat (0 references) target prot opt source destination MASQUERADE all -- anywhere anywhere Chain zone_lan_prerouting (1 references) target prot opt source destination prerouting_lan all -- anywhere anywhere Chain zone_wan_nat (1 references) target prot opt source destination MASQUERADE all -- anywhere anywhere Chain zone_wan_prerouting (1 references) target prot opt source destination prerouting_wan all -- anywhere anywhere DNAT udp -- anywhere anywhere udp dpt:53 to:192.168.0.14 DNAT tcp -- anywhere anywhere tcp dpt:22 to:192.168.0.14 DNAT tcp -- anywhere anywhere tcp dpt:25 to:192.168.0.14 DNAT tcp -- anywhere anywhere tcp dpt:993 to:192.168.0.14 DNAT udp -- anywhere anywhere udp dpt:5060 to:192.168.0.3 DNAT udp -- anywhere anywhere udp dpt:1194 to:192.168.0.14 DNAT tcp -- anywhere anywhere tcp dpt:80 to:192.168.0.14 DNAT tcp -- anywhere anywhere tcp dpt:443 to:192.168.0.14 DNAT tcp -- anywhere anywhere tcp dpt:5269 to:192.168.0.14 DNAT tcp -- anywhere anywhere tcp dpt:5222 to:192.168.0.14 DNAT tcp -- anywhere anywhere tcp dpt:5223 to:192.168.0.14 DNAT udp -- anywhere anywhere udp dpt:13000 to:192.168.0.218 DNAT udp -- anywhere anywhere udp dpt:7777 to:192.168.0.218 DNAT udp -- anywhere anywhere udp dpt:6500 to:192.168.0.218 DNAT tcp -- anywhere anywhere tcp dpts:1230:1239 to:192.168.0.23 DNAT udp -- anywhere anywhere udp dpts:1230:1239 to:192.168.0.23 DNAT tcp -- anywhere anywhere tcp dpt:1240 to:192.168.0.23:80
signature.asc
Description: This is a digitally signed message part
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html