hi all,
I'm using openwrt v.21.02.1 on range pi PC and I need to use the board as a bridge for port forwarding.
I've installed a 2ns eth port (USB-LAN adapter--> mapped to eth1) and configured the bridge with erh0+eth1
the I need to forward incoming port TCP 502 with destination 192.168.1.72 to port 510, so I create this rule
but there's not any port forward, incoming port 502 exit as 502 in stand of 510!! Am I wrong?
any suggestion is kindly appreciated
Traffic on a bridge device (L2) does not go through the firewall, so your port forwarding cannot have any effect. In order to port forward, the traffic must be routed (ie from a different network, l3)
thkx psherman, do you have some sample/post I can read?
You can look if ebtables can help you with the hijacking you are trying.
No, there is no example to follow unless you are port forwarding from an external network (wan) or a different subnet on your own network (ie VLANs)
hmm..idea was to not create WAN/LAN bust just a transparent bridge for port forward. Maybe I cannot realize with openWRT. I get this some years ago with zeroshell but that project is dismissed.
https://ebtables.netfilter.org/examples/basic.html#ex_redirect
Then you can use your hijacking.
https://openwrt.org/docs/guide-user/firewall/fw3_configurations/bridge
Also note that redirecting to the same zone requires both DNAT and SNAT.
thanks a lot vgaetera!! it works!
I've already installed module kmod-br-netfilter , so just type code
# Configure kernel parameters
cat << EOF >> /etc/sysctl.conf
net.bridge.bridge-nf-call-arptables=1
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
EOF
/etc/init.d/sysctl restart
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.