[Ninux-Wireless] firewall openwrt non va il MASQUERADING
Gioacchino Mazzurco
gmazzurco89 a gmail.com
Mer 9 Feb 2011 19:53:49 CET
ciao a tutti non riesco a far andare il masquerading col firewall di openwrt
questo e' il mio /etc/config/network
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'switch' 'eth0'
option 'enable_vlan' '1'
config 'switch_vlan'
option 'device' 'eth0'
option 'vlan' '1'
option 'ports' '0 1 2 3 4'
config 'interface' 'msh0'
option 'proto' 'static'
option 'ip6addr' '2001:470:1f13:0325::74ea:3abb:3dde/64'
option 'ipaddr' '5.187.61.222'
option 'netmask' '255.0.0.0'
config 'interface' 'wan'
option 'ifname' 'eth1'
option 'proto' 'dhcp'
config 'interface' 'lan'
option 'type' 'bridge'
option 'ifname' 'eth0'
option 'proto' 'static'
option 'ipaddr' '10.61.222.1'
option 'netmask' '255.255.255.0'
config 'interface' 'niit4to6'
option 'proto' 'none'
option 'ifname' 'niit4to6'
config 'interface' 'niit6to4'
option 'proto' 'none'
option 'ifname' 'niit6to4'
e questo e' il mio /etc/config/firewall
config 'defaults'
option 'syn_flood' '1'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'ACCEPT'
option 'disable_ipv6' '1'
## zone
config 'zone'
option 'name' 'lan'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'ACCEPT'
config 'zone'
option 'name' 'msh0'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'ACCEPT'
config 'zone'
option 'name' 'wan'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'ACCEPT'
option 'masq' '1'
option 'mtu_fix' '1'
config 'zone'
option 'name' 'niit4to6'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'ACCEPT'
config 'zone'
option 'name' 'niit6to4'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'ACCEPT'
## msh0 ->
config 'forwarding'
option 'src' 'msh0'
option 'dst' 'wan'
config 'forwarding'
option 'src' 'msh0'
option 'dst' 'lan'
config 'forwarding'
option 'src' 'msh0'
option 'dst' 'niit4to6'
## lan ->
config 'forwarding'
option 'src' 'lan'
option 'dst' 'wan'
config 'forwarding'
option 'src' 'lan'
option 'dst' 'msh0'
config 'forwarding'
option 'src' 'lan'
option 'dst' 'niit4to6'
## wan ->
config 'forwarding'
option 'src' 'wan'
option 'dst' 'lan'
config 'forwarding'
option 'src' 'wan'
option 'dst' 'msh0'
config 'forwarding'
option 'src' 'wan'
option 'dst' 'niit4to6'
## niit6to4 ->
config 'forwarding'
option 'src' 'niit6to4'
option 'dst' 'lan'
config 'forwarding'
option 'src' 'niit6to4'
option 'dst' 'msh0'
config 'forwarding'
option 'src' 'niit6to4'
option 'dst' 'wan'
come potete vedere masq e' settato a 1 su wan ma sniffando i pacchetti
escono con l'ip sorgente non modificato :|
-------------- parte successiva --------------
Un allegato HTML รจ stato rimosso...
URL: <http://ml.ninux.org/pipermail/wireless/attachments/20110209/486a1130/attachment-0001.html>
Maggiori informazioni sulla lista
Wireless