So I configured a Pi 4 as LTE modem (EM7455 over M.2 PCI to USB3.0 adapter).
(
)
I can access the internet when I set APN to internet (no public IP) with another SIM.
My ISP provides public IP. When I change the APN to get a public IP, I can't access the internet.
I use modemmanager interface. The interface gets the public IP. The interface sometimes shows ppp and another time wwan0.
The public APN works, tested with a consumer modem.
What's missing?
Thank you!
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
iptables-save -c; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru
#ubus call system board; \
{
"kernel": "5.4.61",
"hostname": "MODEM",
"model": "Raspberry Pi 4 Model B Rev 1.1",
"board_name": "raspberrypi,4-model-b",
"release": {
"distribution": "OpenWrt",
"version": "SNAPSHOT",
"revision": "r14389-920d975cab",
"target": "bcm27xx/bcm2711",
"description": "OpenWrt SNAPSHOT r14389-920d975cab"
}
}
#uci export network; uci export wireless; \
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fca7:ae1g:7g13::/11'
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option delegate '0'
option stp '1'
config interface 'wwan'
option delegate '0'
option ifname 'wwan0'
option proto 'modemmanager'
option pincode '1234'
option apn 'publicinternet'
option device '/sys/devices/platform/scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb2/2-2'
option auth 'none'
option force_link '1'
option iptype 'ipv4'
config interface 'vpn2'
option proto 'none'
option ifname 'tun0'
config interface 'vpn1_VPN'
option proto 'none'
option ifname 'tun1'
config interface 'vpn3'
option ifname 'tun2'
option proto 'static'
option ipaddr '111.22.333.44'
config interface 'VPNSERVER'
option proto 'none'
option ifname 'tun3'
package wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
option disabled '0'
option htmode 'HT40'
option hwmode '11g'
option channel '6'
option country 'US'
option legacy_rates '0'
option noscan '1'
option short_gi_40 '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option key 'KEYKEYKEYKEY'
option mode 'ap'
option encryption 'psk-mixed'
option network 'lan'
option ieee80211w '1'
option ssid 'MODEMAP'
option macfilter 'allow'
list maclist 'MA:CA:DD:RE:SS:01'
#uci export dhcp; uci export firewall; \
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option quietdhcp '1'
option nonegcache '1'
option confdir '/tmp/dnsmasq.d'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option name 'DEVICE99999112'
option dns '1'
option ip '192.168.1.2'
option mac 'MA:CA:DD:RE:SS:01'
config host
option name 'DEVICE123456789'
option dns '1'
option ip '192.168.1.99'
option mac 'MA:CA:DD:RE:SS:06'
config host
option name 'DEVICE792143568456'
option dns '1'
option ip '192.168.1.3'
config host
option name 'DEVICE99'
option dns '1'
option ip '192.168.1.14'
option mac 'MA:CA:DD:RE:SS:02'
config host
option name 'MODEM'
option dns '1'
option ip '192.168.1.1'
config host
option name 'DEVICE999991'
option dns '1'
option ip '192.168.1.13'
config host
option name 'DEVICE999'
option dns '1'
option ip '192.168.1.17'
option mac 'MA:CA:DD:RE:SS:03'
config host
option name 'DEVICE987456123456879'
option dns '1'
option ip '192.168.1.137'
option mac 'MA:CA:DD:RE:SS:04'
config host
option name 'DEVICE9999'
option dns '1'
option ip '192.168.1.15'
option mac 'MA:CA:DD:RE:SS:05'
config host
option name 'DEVICE99999'
option dns '1'
option ip '192.168.1.174'
package firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan6 wwan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled '0'
config include
option path '/etc/firewall.user'
config redirect
option target 'DNAT'
option src_dport '80'
option dest 'lan'
option dest_ip '192.168.1.1'
option dest_port '80'
option enabled '0'
option src 'vpn3_fw'
list proto 'tcp'
option src_dip '111.22.333.1/24'
option name 'MODEM'
config redirect
option target 'DNAT'
option src_dport '443'
option dest 'lan'
option dest_ip '192.168.1.1'
option dest_port '443'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
option name 'REDIRECT0'
config redirect
option src 'vpn3_fw'
option src_dport '21'
option target 'DNAT'
option dest_ip '192.168.1.1'
option dest 'lan'
list proto 'tcp'
option dest_port '22'
option src_dip '111.22.333.1/24'
option name 'REDIRECT2'
config redirect
option target 'DNAT'
option name 'REDIRECT75'
option src_dport '25'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '25'
list proto 'tcp'
list proto 'udp'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT90'
option src_dport '110'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '110'
option enabled '0'
list proto 'tcp'
list proto 'udp'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT91'
option src_dport '143'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '143'
option enabled '0'
list proto 'tcp'
list proto 'udp'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT98'
option src_dport '587'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '587'
list proto 'tcp'
list proto 'udp'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT1'
option src_dport '90'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '90'
list proto 'tcp'
list proto 'udp'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT99'
option src_dport '465'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '465'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT96'
option src_dport '995'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '995'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT97'
option src_dport '993'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '993'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT92'
option src_dport '21'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '21'
option enabled '0'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT95'
option src_dport '990'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '990'
option enabled '0'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT94'
option src_dport '20'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '20'
option enabled '0'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT93'
option src_dport '1024-65535'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '1024-65535'
option enabled '0'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT76'
option src_dport '89'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '89'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT77'
option src_dport '22'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '22'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT78'
option src_dport '88'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '88'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '9091'
option name 'REDIRECT79'
option src_dport '9091'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option src_dport '5333'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '5333'
option name 'REDIRECT80'
option src_dip '111.22.333.1/24'
option src 'vpn3_fw'
config redirect
option target 'DNAT'
option name 'REDIRECT81'
option src_dport '5334'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '5334'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option src_dport '7443'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '7443'
option name 'REDIRECT84'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option src_dport '7777'
option dest 'lan'
option dest_ip '192.168.1.99'
option name 'REDIRECT82'
option dest_port '7777'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT83'
option src_dport '7070'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '7070'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT85'
option src_dport '10000-20000'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '10000-20000'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT86'
option src_dport '5000'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '5000'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT87'
option src_dport '9983'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '9983'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT123456'
option src_dport '9982'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '9982'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT88'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '3000'
option src_dport '3000'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT74'
option src_dport '9667'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '9667'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT89'
option src_dport '20003'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '20003'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT37'
option src_dport '9981'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '9981'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option name 'REDIRECT33'
option src_dport '8443'
option dest 'lan'
option dest_ip '192.168.1.99'
option dest_port '8443'
option enabled '0'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config redirect
option target 'DNAT'
option dest 'lan'
option dest_ip '192.168.1.99'
option src_dport '4342'
option dest_port '4342'
option name 'REDIRECT31'
option src 'vpn1_fw'
config redirect
option target 'DNAT'
option name 'REDIRECT28'
option src_dport '3746'
option dest_port '3746'
option dest_ip '192.168.1.99'
option dest 'lan'
option src 'vpn3_fw'
option src_dip '111.22.333.1/24'
config zone
option name 'vpn1_fw'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option network 'vpn1_VPN'
option input 'REJECT'
option forward 'REJECT'
config zone
option name 'vpn2_fw'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option network 'vpn2'
option input 'REJECT'
option forward 'REJECT'
config zone
option name 'vpn3_fw'
option output 'ACCEPT'
option network 'vpn3'
option masq '1'
option mtu_fix '1'
option input 'REJECT'
option forward 'REJECT'
config rule
option name 'Allow-VPNSERVER'
option target 'ACCEPT'
option dest_port '1024'
option src_port '1025'
list proto 'tcp'
option src 'wan'
config zone
option name 'vpnsrv_fw'
option input 'ACCEPT'
option output 'ACCEPT'
option network 'VPNSERVER'
option masq '1'
option mtu_fix '1'
option forward 'REJECT'
config redirect
option target 'DNAT'
option name 'VPNSERVER'
option dest_ip '192.168.1.1'
option dest 'lan'
option dest_port '1024'
option src_dport '1025'
option src 'wan'
list proto 'tcp'
config forwarding
option src 'vpnsrv_fw'
option dest 'vpn3_fw'
config forwarding
option src 'vpnsrv_fw'
option dest 'vpn2_fw'
config forwarding
option src 'vpnsrv_fw'
option dest 'vpn1_fw'
config forwarding
option src 'lan'
option dest 'vpn1_fw'
config forwarding
option src 'lan'
option dest 'vpn2_fw'
config forwarding
option src 'lan'
option dest 'vpn3_fw'
config forwarding
option src 'vpnsrv_fw'
option dest 'lan'
config forwarding
option src 'lan'
option dest 'vpnsrv_fw'
config forwarding
option dest 'wan'
option src 'vpnsrv_fw'
# head -n -0 /etc/firewall.user;
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
root@MODEM:~# head -n -0 /etc/firewall.user;
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
# iptables-save -c;
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
root@MODEM:~# head -n -0 /etc/firewall.user;
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
root@MODEM:~# iptables-save -c;
# Generated by iptables-save v1.8.4 on Mon Sep 7 15:31:53 2020
*nat
:PREROUTING ACCEPT [774:59817]
:INPUT ACCEPT [412:27292]
:OUTPUT ACCEPT [1348:88974]
:POSTROUTING ACCEPT [195:13278]
:postrouting_lan_rule - [0:0]
:postrouting_vpn1_fw_rule - [0:0]
:postrouting_vpn2_fw_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_vpnsrv_fw_rule - [0:0]
:postrouting_wan_rule - [0:0]
:postrouting_vpn3_fw_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_vpn1_fw_rule - [0:0]
:prerouting_vpn2_fw_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_vpnsrv_fw_rule - [0:0]
:prerouting_wan_rule - [0:0]
:prerouting_vpn3_fw_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_vpn1_fw_postrouting - [0:0]
:zone_vpn1_fw_prerouting - [0:0]
:zone_vpn2_fw_postrouting - [0:0]
:zone_vpn2_fw_prerouting - [0:0]
:zone_vpnsrv_fw_postrouting - [0:0]
:zone_vpnsrv_fw_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
:zone_vpn3_fw_postrouting - [0:0]
:zone_vpn3_fw_prerouting - [0:0]
[774:59817] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
[774:59817] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
[0:0] -A PREROUTING -i wwan0 -m comment --comment "!fw3" -j zone_wan_prerouting
[0:0] -A PREROUTING -i tun1 -m comment --comment "!fw3" -j zone_vpn1_fw_prerouting
[0:0] -A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_vpn2_fw_prerouting
[0:0] -A PREROUTING -i tun2 -m comment --comment "!fw3" -j zone_vpn3_fw_prerouting
[0:0] -A PREROUTING -i tun3 -m comment --comment "!fw3" -j zone_vpnsrv_fw_prerouting
[1349:89014] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
[2:372] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
[1154:75736] -A POSTROUTING -o wwan0 -m comment --comment "!fw3" -j zone_wan_postrouting
[0:0] -A POSTROUTING -o tun1 -m comment --comment "!fw3" -j zone_vpn1_fw_postrouting
[0:0] -A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_vpn2_fw_postrouting
[0:0] -A POSTROUTING -o tun2 -m comment --comment "!fw3" -j zone_vpn3_fw_postrouting
[0:0] -A POSTROUTING -o tun3 -m comment --comment "!fw3" -j zone_vpnsrv_fw_postrouting
[2:372] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p tcp -m tcp --dport 443 -m comment --comment "!fw3: REDIRECT0 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p udp -m udp --dport 443 -m comment --comment "!fw3: REDIRECT0 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p tcp -m tcp --dport 22 -m comment --comment "!fw3: REDIRECT2 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 25 -m comment --comment "!fw3: REDIRECT75 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 25 -m comment --comment "!fw3: REDIRECT75 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 587 -m comment --comment "!fw3: REDIRECT98 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 587 -m comment --comment "!fw3: REDIRECT98 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 90 -m comment --comment "!fw3: REDIRECT1 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 90 -m comment --comment "!fw3: REDIRECT1 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 465 -m comment --comment "!fw3: REDIRECT99 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 465 -m comment --comment "!fw3: REDIRECT99 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 995 -m comment --comment "!fw3: REDIRECT96 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 995 -m comment --comment "!fw3: REDIRECT96 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 993 -m comment --comment "!fw3: REDIRECT97 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 993 -m comment --comment "!fw3: REDIRECT97 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 89 -m comment --comment "!fw3: REDIRECT76 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 89 -m comment --comment "!fw3: REDIRECT76 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 22 -m comment --comment "!fw3: REDIRECT77 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 22 -m comment --comment "!fw3: REDIRECT77 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: REDIRECT78 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 88 -m comment --comment "!fw3: REDIRECT78 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 9091 -m comment --comment "!fw3: REDIRECT79 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 9091 -m comment --comment "!fw3: REDIRECT79 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 5333 -m comment --comment "!fw3: REDIRECT80 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 5333 -m comment --comment "!fw3: REDIRECT80 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 5334 -m comment --comment "!fw3: REDIRECT81 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 5334 -m comment --comment "!fw3: REDIRECT81 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 7443 -m comment --comment "!fw3: REDIRECT84 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 7443 -m comment --comment "!fw3: REDIRECT84 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 7777 -m comment --comment "!fw3: REDIRECT82 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 7777 -m comment --comment "!fw3: REDIRECT82 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 7070 -m comment --comment "!fw3: REDIRECT83 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 7070 -m comment --comment "!fw3: REDIRECT83 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 10000:20000 -m comment --comment "!fw3: REDIRECT85 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 10000:20000 -m comment --comment "!fw3: REDIRECT85 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 5000 -m comment --comment "!fw3: REDIRECT86 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 5000 -m comment --comment "!fw3: REDIRECT86 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 9983 -m comment --comment "!fw3: REDIRECT87 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 9983 -m comment --comment "!fw3: REDIRECT87 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 9982 -m comment --comment "!fw3: REDIRECT123456 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 9982 -m comment --comment "!fw3: REDIRECT123456 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 3000 -m comment --comment "!fw3: REDIRECT88 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 3000 -m comment --comment "!fw3: REDIRECT88 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 9667 -m comment --comment "!fw3: REDIRECT74 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 9667 -m comment --comment "!fw3: REDIRECT74 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 20003 -m comment --comment "!fw3: REDIRECT89 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 20003 -m comment --comment "!fw3: REDIRECT89 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 9981 -m comment --comment "!fw3: REDIRECT37 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 9981 -m comment --comment "!fw3: REDIRECT37 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p tcp -m tcp --dport 3746 -m comment --comment "!fw3: REDIRECT28 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.99/32 -p udp -m udp --dport 3746 -m comment --comment "!fw3: REDIRECT28 (reflection)" -j SNAT --to-source 192.168.1.1
[0:0] -A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p tcp -m tcp --dport 1024 -m comment --comment "!fw3: VPNSERVER (reflection)" -j SNAT --to-source 192.168.1.1
[774:59817] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 443 -m comment --comment "!fw3: REDIRECT0 (reflection)" -j DNAT --to-destination 192.168.1.1:443
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 443 -m comment --comment "!fw3: REDIRECT0 (reflection)" -j DNAT --to-destination 192.168.1.1:443
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 21 -m comment --comment "!fw3: REDIRECT2 (reflection)" -j DNAT --to-destination 192.168.1.1:22
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 25 -m comment --comment "!fw3: REDIRECT75 (reflection)" -j DNAT --to-destination 192.168.1.99:25
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 25 -m comment --comment "!fw3: REDIRECT75 (reflection)" -j DNAT --to-destination 192.168.1.99:25
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 587 -m comment --comment "!fw3: REDIRECT98 (reflection)" -j DNAT --to-destination 192.168.1.99:587
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 587 -m comment --comment "!fw3: REDIRECT98 (reflection)" -j DNAT --to-destination 192.168.1.99:587
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 90 -m comment --comment "!fw3: REDIRECT1 (reflection)" -j DNAT --to-destination 192.168.1.99:90
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 90 -m comment --comment "!fw3: REDIRECT1 (reflection)" -j DNAT --to-destination 192.168.1.99:90
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 465 -m comment --comment "!fw3: REDIRECT99 (reflection)" -j DNAT --to-destination 192.168.1.99:465
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 465 -m comment --comment "!fw3: REDIRECT99 (reflection)" -j DNAT --to-destination 192.168.1.99:465
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 995 -m comment --comment "!fw3: REDIRECT96 (reflection)" -j DNAT --to-destination 192.168.1.99:995
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 995 -m comment --comment "!fw3: REDIRECT96 (reflection)" -j DNAT --to-destination 192.168.1.99:995
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 993 -m comment --comment "!fw3: REDIRECT97 (reflection)" -j DNAT --to-destination 192.168.1.99:993
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 993 -m comment --comment "!fw3: REDIRECT97 (reflection)" -j DNAT --to-destination 192.168.1.99:993
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 89 -m comment --comment "!fw3: REDIRECT76 (reflection)" -j DNAT --to-destination 192.168.1.99:89
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 89 -m comment --comment "!fw3: REDIRECT76 (reflection)" -j DNAT --to-destination 192.168.1.99:89
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 22 -m comment --comment "!fw3: REDIRECT77 (reflection)" -j DNAT --to-destination 192.168.1.99:22
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 22 -m comment --comment "!fw3: REDIRECT77 (reflection)" -j DNAT --to-destination 192.168.1.99:22
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: REDIRECT78 (reflection)" -j DNAT --to-destination 192.168.1.99:88
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 88 -m comment --comment "!fw3: REDIRECT78 (reflection)" -j DNAT --to-destination 192.168.1.99:88
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 9091 -m comment --comment "!fw3: REDIRECT79 (reflection)" -j DNAT --to-destination 192.168.1.99:9091
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 9091 -m comment --comment "!fw3: REDIRECT79 (reflection)" -j DNAT --to-destination 192.168.1.99:9091
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 5333 -m comment --comment "!fw3: REDIRECT80 (reflection)" -j DNAT --to-destination 192.168.1.99:5333
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 5333 -m comment --comment "!fw3: REDIRECT80 (reflection)" -j DNAT --to-destination 192.168.1.99:5333
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 5334 -m comment --comment "!fw3: REDIRECT81 (reflection)" -j DNAT --to-destination 192.168.1.99:5334
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 5334 -m comment --comment "!fw3: REDIRECT81 (reflection)" -j DNAT --to-destination 192.168.1.99:5334
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 7443 -m comment --comment "!fw3: REDIRECT84 (reflection)" -j DNAT --to-destination 192.168.1.99:7443
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 7443 -m comment --comment "!fw3: REDIRECT84 (reflection)" -j DNAT --to-destination 192.168.1.99:7443
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 7777 -m comment --comment "!fw3: REDIRECT82 (reflection)" -j DNAT --to-destination 192.168.1.99:7777
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 7777 -m comment --comment "!fw3: REDIRECT82 (reflection)" -j DNAT --to-destination 192.168.1.99:7777
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 7070 -m comment --comment "!fw3: REDIRECT83 (reflection)" -j DNAT --to-destination 192.168.1.99:7070
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 7070 -m comment --comment "!fw3: REDIRECT83 (reflection)" -j DNAT --to-destination 192.168.1.99:7070
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 10000:20000 -m comment --comment "!fw3: REDIRECT85 (reflection)" -j DNAT --to-destination 192.168.1.99:10000-20000
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 10000:20000 -m comment --comment "!fw3: REDIRECT85 (reflection)" -j DNAT --to-destination 192.168.1.99:10000-20000
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 5000 -m comment --comment "!fw3: REDIRECT86 (reflection)" -j DNAT --to-destination 192.168.1.99:5000
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 5000 -m comment --comment "!fw3: REDIRECT86 (reflection)" -j DNAT --to-destination 192.168.1.99:5000
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 9983 -m comment --comment "!fw3: REDIRECT87 (reflection)" -j DNAT --to-destination 192.168.1.99:9983
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 9983 -m comment --comment "!fw3: REDIRECT87 (reflection)" -j DNAT --to-destination 192.168.1.99:9983
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 9982 -m comment --comment "!fw3: REDIRECT123456 (reflection)" -j DNAT --to-destination 192.168.1.99:9982
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 9982 -m comment --comment "!fw3: REDIRECT123456 (reflection)" -j DNAT --to-destination 192.168.1.99:9982
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 3000 -m comment --comment "!fw3: REDIRECT88 (reflection)" -j DNAT --to-destination 192.168.1.99:3000
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 3000 -m comment --comment "!fw3: REDIRECT88 (reflection)" -j DNAT --to-destination 192.168.1.99:3000
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 9667 -m comment --comment "!fw3: REDIRECT74 (reflection)" -j DNAT --to-destination 192.168.1.99:9667
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 9667 -m comment --comment "!fw3: REDIRECT74 (reflection)" -j DNAT --to-destination 192.168.1.99:9667
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 20003 -m comment --comment "!fw3: REDIRECT89 (reflection)" -j DNAT --to-destination 192.168.1.99:20003
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 20003 -m comment --comment "!fw3: REDIRECT89 (reflection)" -j DNAT --to-destination 192.168.1.99:20003
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 9981 -m comment --comment "!fw3: REDIRECT37 (reflection)" -j DNAT --to-destination 192.168.1.99:9981
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 9981 -m comment --comment "!fw3: REDIRECT37 (reflection)" -j DNAT --to-destination 192.168.1.99:9981
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p tcp -m tcp --dport 3746 -m comment --comment "!fw3: REDIRECT28 (reflection)" -j DNAT --to-destination 192.168.1.99:3746
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 111.22.333.1/32 -p udp -m udp --dport 3746 -m comment --comment "!fw3: REDIRECT28 (reflection)" -j DNAT --to-destination 192.168.1.99:3746
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 11.111.11.133/32 -p tcp -m tcp --dport 1025 -m comment --comment "!fw3: VPNSERVER (reflection)" -j DNAT --to-destination 192.168.1.1:1024
[0:0] -A zone_vpn1_fw_postrouting -m comment --comment "!fw3: Custom vpn1_fw postrouting rule chain" -j postrouting_vpn1_fw_rule
[0:0] -A zone_vpn1_fw_postrouting -m comment --comment "!fw3" -j MASQUERADE
[0:0] -A zone_vpn1_fw_prerouting -m comment --comment "!fw3: Custom vpn1_fw prerouting rule chain" -j prerouting_vpn1_fw_rule
[0:0] -A zone_vpn1_fw_prerouting -p tcp -m tcp --dport 4342 -m comment --comment "!fw3: REDIRECT31" -j DNAT --to-destination 192.168.1.99:4342
[0:0] -A zone_vpn1_fw_prerouting -p udp -m udp --dport 4342 -m comment --comment "!fw3: REDIRECT31" -j DNAT --to-destination 192.168.1.99:4342
[0:0] -A zone_vpn2_fw_postrouting -m comment --comment "!fw3: Custom vpn2_fw postrouting rule chain" -j postrouting_vpn2_fw_rule
[0:0] -A zone_vpn2_fw_postrouting -m comment --comment "!fw3" -j MASQUERADE
[0:0] -A zone_vpn2_fw_prerouting -m comment --comment "!fw3: Custom vpn2_fw prerouting rule chain" -j prerouting_vpn2_fw_rule
[0:0] -A zone_vpnsrv_fw_postrouting -m comment --comment "!fw3: Custom vpnsrv_fw postrouting rule chain" -j postrouting_vpnsrv_fw_rule
[0:0] -A zone_vpnsrv_fw_postrouting -m comment --comment "!fw3" -j MASQUERADE
[0:0] -A zone_vpnsrv_fw_prerouting -m comment --comment "!fw3: Custom vpnsrv_fw prerouting rule chain" -j prerouting_vpnsrv_fw_rule
[1154:75736] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
[1154:75736] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
[0:0] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
[0:0] -A zone_wan_prerouting -p tcp -m tcp --dport 1025 -m comment --comment "!fw3: VPNSERVER" -j DNAT --to-destination 192.168.1.1:1024
[0:0] -A zone_vpn3_fw_postrouting -m comment --comment "!fw3: Custom vpn3_fw postrouting rule chain" -j postrouting_vpn3_fw_rule
[0:0] -A zone_vpn3_fw_postrouting -m comment --comment "!fw3" -j MASQUERADE
[0:0] -A zone_vpn3_fw_prerouting -m comment --comment "!fw3: Custom vpn3_fw prerouting rule chain" -j prerouting_vpn3_fw_rule
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 443 -m comment --comment "!fw3: REDIRECT0" -j DNAT --to-destination 192.168.1.1:443
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 443 -m comment --comment "!fw3: REDIRECT0" -j DNAT --to-destination 192.168.1.1:443
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 21 -m comment --comment "!fw3: REDIRECT2" -j DNAT --to-destination 192.168.1.1:22
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 25 -m comment --comment "!fw3: REDIRECT75" -j DNAT --to-destination 192.168.1.99:25
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 25 -m comment --comment "!fw3: REDIRECT75" -j DNAT --to-destination 192.168.1.99:25
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 587 -m comment --comment "!fw3: REDIRECT98" -j DNAT --to-destination 192.168.1.99:587
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 587 -m comment --comment "!fw3: REDIRECT98" -j DNAT --to-destination 192.168.1.99:587
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 90 -m comment --comment "!fw3: REDIRECT1" -j DNAT --to-destination 192.168.1.99:90
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 90 -m comment --comment "!fw3: REDIRECT1" -j DNAT --to-destination 192.168.1.99:90
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 465 -m comment --comment "!fw3: REDIRECT99" -j DNAT --to-destination 192.168.1.99:465
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 465 -m comment --comment "!fw3: REDIRECT99" -j DNAT --to-destination 192.168.1.99:465
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 995 -m comment --comment "!fw3: REDIRECT96" -j DNAT --to-destination 192.168.1.99:995
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 995 -m comment --comment "!fw3: REDIRECT96" -j DNAT --to-destination 192.168.1.99:995
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 993 -m comment --comment "!fw3: REDIRECT97" -j DNAT --to-destination 192.168.1.99:993
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 993 -m comment --comment "!fw3: REDIRECT97" -j DNAT --to-destination 192.168.1.99:993
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 89 -m comment --comment "!fw3: REDIRECT76" -j DNAT --to-destination 192.168.1.99:89
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 89 -m comment --comment "!fw3: REDIRECT76" -j DNAT --to-destination 192.168.1.99:89
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 22 -m comment --comment "!fw3: REDIRECT77" -j DNAT --to-destination 192.168.1.99:22
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 22 -m comment --comment "!fw3: REDIRECT77" -j DNAT --to-destination 192.168.1.99:22
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: REDIRECT78" -j DNAT --to-destination 192.168.1.99:88
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 88 -m comment --comment "!fw3: REDIRECT78" -j DNAT --to-destination 192.168.1.99:88
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 9091 -m comment --comment "!fw3: REDIRECT79" -j DNAT --to-destination 192.168.1.99:9091
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 9091 -m comment --comment "!fw3: REDIRECT79" -j DNAT --to-destination 192.168.1.99:9091
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 5333 -m comment --comment "!fw3: REDIRECT80" -j DNAT --to-destination 192.168.1.99:5333
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 5333 -m comment --comment "!fw3: REDIRECT80" -j DNAT --to-destination 192.168.1.99:5333
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 5334 -m comment --comment "!fw3: REDIRECT81" -j DNAT --to-destination 192.168.1.99:5334
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 5334 -m comment --comment "!fw3: REDIRECT81" -j DNAT --to-destination 192.168.1.99:5334
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 7443 -m comment --comment "!fw3: REDIRECT84" -j DNAT --to-destination 192.168.1.99:7443
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 7443 -m comment --comment "!fw3: REDIRECT84" -j DNAT --to-destination 192.168.1.99:7443
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 7777 -m comment --comment "!fw3: REDIRECT82" -j DNAT --to-destination 192.168.1.99:7777
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 7777 -m comment --comment "!fw3: REDIRECT82" -j DNAT --to-destination 192.168.1.99:7777
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 7070 -m comment --comment "!fw3: REDIRECT83" -j DNAT --to-destination 192.168.1.99:7070
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 7070 -m comment --comment "!fw3: REDIRECT83" -j DNAT --to-destination 192.168.1.99:7070
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 10000:20000 -m comment --comment "!fw3: REDIRECT85" -j DNAT --to-destination 192.168.1.99:10000-20000
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 10000:20000 -m comment --comment "!fw3: REDIRECT85" -j DNAT --to-destination 192.168.1.99:10000-20000
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 5000 -m comment --comment "!fw3: REDIRECT86" -j DNAT --to-destination 192.168.1.99:5000
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 5000 -m comment --comment "!fw3: REDIRECT86" -j DNAT --to-destination 192.168.1.99:5000
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 9983 -m comment --comment "!fw3: REDIRECT87" -j DNAT --to-destination 192.168.1.99:9983
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 9983 -m comment --comment "!fw3: REDIRECT87" -j DNAT --to-destination 192.168.1.99:9983
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 9982 -m comment --comment "!fw3: REDIRECT123456" -j DNAT --to-destination 192.168.1.99:9982
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 9982 -m comment --comment "!fw3: REDIRECT123456" -j DNAT --to-destination 192.168.1.99:9982
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 3000 -m comment --comment "!fw3: REDIRECT88" -j DNAT --to-destination 192.168.1.99:3000
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 3000 -m comment --comment "!fw3: REDIRECT88" -j DNAT --to-destination 192.168.1.99:3000
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 9667 -m comment --comment "!fw3: REDIRECT74" -j DNAT --to-destination 192.168.1.99:9667
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 9667 -m comment --comment "!fw3: REDIRECT74" -j DNAT --to-destination 192.168.1.99:9667
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 20003 -m comment --comment "!fw3: REDIRECT89" -j DNAT --to-destination 192.168.1.99:20003
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 20003 -m comment --comment "!fw3: REDIRECT89" -j DNAT --to-destination 192.168.1.99:20003
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 9981 -m comment --comment "!fw3: REDIRECT37" -j DNAT --to-destination 192.168.1.99:9981
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 9981 -m comment --comment "!fw3: REDIRECT37" -j DNAT --to-destination 192.168.1.99:9981
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p tcp -m tcp --dport 3746 -m comment --comment "!fw3: REDIRECT28" -j DNAT --to-destination 192.168.1.99:3746
[0:0] -A zone_vpn3_fw_prerouting -d 110.22.333.0/24 -p udp -m udp --dport 3746 -m comment --comment "!fw3: REDIRECT28" -j DNAT --to-destination 192.168.1.99:3746
COMMIT
# Generated by iptables-save v1.8.4 on Mon Sep 7 15:31:53 2020
*raw
:PREROUTING ACCEPT [3654:330211]
:OUTPUT ACCEPT [5315:1492644]
:zone_lan_helper - [0:0]
[2969:282139] -A PREROUTING -i br-lan -m comment --comment "!fw3: lan CT helper assignment" -j zone_lan_helper
COMMIT
# Generated by iptables-save v1.8.4 on Mon Sep 7 15:31:53 2020
*mangle
:PREROUTING ACCEPT [3635:328759]
:INPUT ACCEPT [3273:296234]
:FORWARD ACCEPT [6:440]
:OUTPUT ACCEPT [5279:1492964]
:POSTROUTING ACCEPT [5279:1492964]
:VPR_FORWARD - [0:0]
:VPR_INPUT - [0:0]
:VPR_OUTPUT - [0:0]
:VPR_PREROUTING - [0:0]
:mwan3_connected - [0:0]
:mwan3_hook - [0:0]
:mwan3_ifaces_in - [0:0]
:mwan3_policy_balanced - [0:0]
:mwan3_policy_wan_only - [0:0]
:mwan3_policy_wan_wanb - [0:0]
:mwan3_policy_wanb_only - [0:0]
:mwan3_policy_wanb_wan - [0:0]
:mwan3_rule_https - [0:0]
:mwan3_rules - [0:0]
[8218:810755] -A PREROUTING -j mwan3_hook
[3638:328989] -A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING
[3147:288910] -A INPUT -m mark --mark 0x0/0xff0000 -j VPR_INPUT
[1:60] -A FORWARD -o wwan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[0:0] -A FORWARD -i wwan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[0:0] -A FORWARD -o tun1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpn1_fw MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[0:0] -A FORWARD -i tun1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpn1_fw MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[0:0] -A FORWARD -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpn2_fw MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[0:0] -A FORWARD -i tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpn2_fw MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[0:0] -A FORWARD -o tun2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpn3_fw MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[0:0] -A FORWARD -i tun2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpn3_fw MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[0:0] -A FORWARD -o tun3 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpnsrv_fw MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[0:0] -A FORWARD -i tun3 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone vpnsrv_fw MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[6:440] -A FORWARD -m mark --mark 0x0/0xff0000 -j VPR_FORWARD
[9748:4342411] -A OUTPUT -j mwan3_hook
[5287:1493510] -A OUTPUT -m mark --mark 0x0/0xff0000 -j VPR_OUTPUT
[0:0] -A VPR_FORWARD -m set --match-set vpn3 dst -j MARK --set-xmark 0x40000/0xff0000
[0:0] -A VPR_FORWARD -m set --match-set vpn1_VPN dst -j MARK --set-xmark 0x30000/0xff0000
[0:0] -A VPR_FORWARD -m set --match-set vpn2 dst -j MARK --set-xmark 0x20000/0xff0000
[0:0] -A VPR_FORWARD -m set --match-set wwan dst -j MARK --set-xmark 0x10000/0xff0000
[0:0] -A VPR_INPUT -m set --match-set vpn3 dst -j MARK --set-xmark 0x40000/0xff0000
[0:0] -A VPR_INPUT -m set --match-set vpn1_VPN dst -j MARK --set-xmark 0x30000/0xff0000
[0:0] -A VPR_INPUT -m set --match-set vpn2 dst -j MARK --set-xmark 0x20000/0xff0000
[0:0] -A VPR_INPUT -m set --match-set wwan dst -j MARK --set-xmark 0x10000/0xff0000
[0:0] -A VPR_OUTPUT -s 192.168.1.1/32 -p udp -m multiport --sports 1024 -m comment --comment VPNSRV -j MARK --set-xmark 0x10000/0xff0000
[0:0] -A VPR_OUTPUT -s 192.168.1.1/32 -p tcp -m multiport --sports 1024 -m comment --comment VPNSRV -j MARK --set-xmark 0x10000/0xff0000
[0:0] -A VPR_OUTPUT -m set --match-set vpn3 dst -j MARK --set-xmark 0x40000/0xff0000
[0:0] -A VPR_OUTPUT -m set --match-set vpn1_VPN dst -j MARK --set-xmark 0x30000/0xff0000
[0:0] -A VPR_OUTPUT -m set --match-set vpn2 dst -j MARK --set-xmark 0x20000/0xff0000
[0:0] -A VPR_OUTPUT -m set --match-set wwan dst -j MARK --set-xmark 0x10000/0xff0000
[134:8249] -A VPR_PREROUTING -s 192.168.1.99/32 -p udp -m multiport --sports 0:65535 -m comment --comment vpn12 -j MARK --set-xmark 0x30000/0xff0000
[314:18840] -A VPR_PREROUTING -s 192.168.1.99/32 -p tcp -m multiport --sports 0:65535 -m comment --comment vpn12 -j MARK --set-xmark 0x30000/0xff0000
[134:8249] -A VPR_PREROUTING -s 192.168.1.99/32 -p udp -m multiport --dports 0:65535 -m comment --comment vpn11 -j MARK --set-xmark 0x30000/0xff0000
[314:18840] -A VPR_PREROUTING -s 192.168.1.99/32 -p tcp -m multiport --dports 0:65535 -m comment --comment vpn11 -j MARK --set-xmark 0x30000/0xff0000
[0:0] -A VPR_PREROUTING -s 192.168.1.99/32 -p udp -m multiport --dports 5334,7070,7443,7777,9091,9667,9981,9982,9983,10000:20000,20003 -m comment --comment vpn34 -j MARK --set-xmark 0x40000/0xff0000
[313:18780] -A VPR_PREROUTING -s 192.168.1.99/32 -p tcp -m multiport --dports 5334,7070,7443,7777,9091,9667,9981,9982,9983,10000:20000,20003 -m comment --comment vpn34 -j MARK --set-xmark 0x40000/0xff0000
[0:0] -A VPR_PREROUTING -s 192.168.1.99/32 -p udp -m multiport --dports 22,25,88,89,90,465,587,993,995,3000,3746,5000,5333 -m comment --comment vpn33 -j MARK --set-xmark 0x40000/0xff0000
[0:0] -A VPR_PREROUTING -s 192.168.1.99/32 -p tcp -m multiport --dports 22,25,88,89,90,465,587,993,995,3000,3746,5000,5333 -m comment --comment vpn33 -j MARK --set-xmark 0x40000/0xff0000
[0:0] -A VPR_PREROUTING -s 192.168.1.99/32 -p udp -m multiport --sports 5334,7070,7443,7777,9091,9667,9981,9982,9983,10000:20000,20003 -m comment --comment vpn32 -j MARK --set-xmark 0x40000/0xff0000
[0:0] -A VPR_PREROUTING -s 192.168.1.99/32 -p tcp -m multiport --sports 5334,7070,7443,7777,9091,9667,9981,9982,9983,10000:20000,20003 -m comment --comment vpn32 -j MARK --set-xmark 0x40000/0xff0000
[0:0] -A VPR_PREROUTING -s 192.168.1.99/32 -p udp -m multiport --sports 22,25,88,89,90,465,587,993,995,3000,3746,5000,5333 -m comment --comment vpn31 -j MARK --set-xmark 0x40000/0xff0000
[0:0] -A VPR_PREROUTING -s 192.168.1.99/32 -p tcp -m multiport --sports 22,25,88,89,90,465,587,993,995,3000,3746,5000,5333 -m comment --comment vpn31 -j MARK --set-xmark 0x40000/0xff0000
[0:0] -A VPR_PREROUTING -s 192.168.1.1/32 -p udp -m multiport --sports 22,80,443 -m comment --comment MODEM -j MARK --set-xmark 0x40000/0xff0000
[0:0] -A VPR_PREROUTING -s 192.168.1.1/32 -p tcp -m multiport --sports 22,80,443 -m comment --comment MODEM -j MARK --set-xmark 0x40000/0xff0000
[0:0] -A VPR_PREROUTING -m set --match-set vpn3_mac src -j MARK --set-xmark 0x40000/0xff0000
[0:0] -A VPR_PREROUTING -m set --match-set vpn3_ip src -j MARK --set-xmark 0x40000/0xff0000
[0:0] -A VPR_PREROUTING -m set --match-set vpn3 dst -j MARK --set-xmark 0x40000/0xff0000
[0:0] -A VPR_PREROUTING -m set --match-set vpn1_VPN_mac src -j MARK --set-xmark 0x30000/0xff0000
[0:0] -A VPR_PREROUTING -m set --match-set vpn1_VPN_ip src -j MARK --set-xmark 0x30000/0xff0000
[0:0] -A VPR_PREROUTING -m set --match-set vpn1_VPN dst -j MARK --set-xmark 0x30000/0xff0000
[0:0] -A VPR_PREROUTING -m set --match-set vpn2_mac src -j MARK --set-xmark 0x20000/0xff0000
[0:0] -A VPR_PREROUTING -m set --match-set vpn2_ip src -j MARK --set-xmark 0x20000/0xff0000
[0:0] -A VPR_PREROUTING -m set --match-set vpn2 dst -j MARK --set-xmark 0x20000/0xff0000
[0:0] -A VPR_PREROUTING -m set --match-set wwan_mac src -j MARK --set-xmark 0x10000/0xff0000
[0:0] -A VPR_PREROUTING -m set --match-set wwan_ip src -j MARK --set-xmark 0x10000/0xff0000
[0:0] -A VPR_PREROUTING -m set --match-set wwan dst -j MARK --set-xmark 0x10000/0xff0000
[1587:122555] -A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0x3f00/0x3f00
[17966:5153166] -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00
[2912:204744] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in
[2912:204744] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected
[1572:101277] -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules
[17966:5153166] -A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00
[3680:244041] -A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected
[1572:101277] -A mwan3_policy_balanced -m mark --mark 0x0/0x3f00 -m comment --comment unreachable -j MARK --set-xmark 0x3e00/0x3f00
[0:0] -A mwan3_policy_wan_only -m mark --mark 0x0/0x3f00 -m comment --comment unreachable -j MARK --set-xmark 0x3e00/0x3f00
[0:0] -A mwan3_policy_wan_wanb -m mark --mark 0x0/0x3f00 -m comment --comment unreachable -j MARK --set-xmark 0x3e00/0x3f00
[0:0] -A mwan3_policy_wanb_only -m mark --mark 0x0/0x3f00 -m comment --comment unreachable -j MARK --set-xmark 0x3e00/0x3f00
[0:0] -A mwan3_policy_wanb_wan -m mark --mark 0x0/0x3f00 -m comment --comment unreachable -j MARK --set-xmark 0x3e00/0x3f00
[0:0] -A mwan3_rule_https -m mark --mark 0x0/0x3f00 -j mwan3_policy_balanced
[0:0] -A mwan3_rule_https -m mark ! --mark 0xfc00/0xfc00 -j SET --del-set mwan3_sticky_https src,src
[0:0] -A mwan3_rule_https -m mark ! --mark 0xfc00/0xfc00 -j SET --add-set mwan3_sticky_https src,src
[0:0] -A mwan3_rules -p tcp -m multiport --dports 443 -m mark --mark 0x0/0x3f00 -j mwan3_rule_https
[1572:101277] -A mwan3_rules -m mark --mark 0x0/0x3f00 -j mwan3_policy_balanced
COMMIT
# Generated by iptables-save v1.8.4 on Mon Sep 7 15:31:53 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_vpn1_fw_rule - [0:0]
:forwarding_vpn2_fw_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_vpnsrv_fw_rule - [0:0]
:forwarding_wan_rule - [0:0]
:forwarding_vpn3_fw_rule - [0:0]
:input_lan_rule - [0:0]
:input_vpn1_fw_rule - [0:0]
:input_vpn2_fw_rule - [0:0]
:input_rule - [0:0]
:input_vpnsrv_fw_rule - [0:0]
:input_wan_rule - [0:0]
:input_vpn3_fw_rule - [0:0]
:output_lan_rule - [0:0]
:output_vpn1_fw_rule - [0:0]
:output_vpn2_fw_rule - [0:0]
:output_rule - [0:0]
:output_vpnsrv_fw_rule - [0:0]
:output_wan_rule - [0:0]
:output_vpn3_fw_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_vpn1_fw_dest_ACCEPT - [0:0]
:zone_vpn1_fw_dest_REJECT - [0:0]
:zone_vpn1_fw_forward - [0:0]
:zone_vpn1_fw_input - [0:0]
:zone_vpn1_fw_output - [0:0]
:zone_vpn1_fw_src_REJECT - [0:0]
:zone_vpn2_fw_dest_ACCEPT - [0:0]
:zone_vpn2_fw_dest_REJECT - [0:0]
:zone_vpn2_fw_forward - [0:0]
:zone_vpn2_fw_input - [0:0]
:zone_vpn2_fw_output - [0:0]
:zone_vpn2_fw_src_REJECT - [0:0]
:zone_vpnsrv_fw_dest_ACCEPT - [0:0]
:zone_vpnsrv_fw_dest_REJECT - [0:0]
:zone_vpnsrv_fw_forward - [0:0]
:zone_vpnsrv_fw_input - [0:0]
:zone_vpnsrv_fw_output - [0:0]
:zone_vpnsrv_fw_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
:zone_vpn3_fw_dest_ACCEPT - [0:0]
:zone_vpn3_fw_dest_REJECT - [0:0]
:zone_vpn3_fw_forward - [0:0]
:zone_vpn3_fw_input - [0:0]
:zone_vpn3_fw_output - [0:0]
:zone_vpn3_fw_src_REJECT - [0:0]
[685:48072] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
[2607:249614] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
[1445:172095] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[13:780] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
[1162:77519] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
[0:0] -A INPUT -i wwan0 -m comment --comment "!fw3" -j zone_wan_input
[0:0] -A INPUT -i tun1 -m comment --comment "!fw3" -j zone_vpn1_fw_input
[0:0] -A INPUT -i tun0 -m comment --comment "!fw3" -j zone_vpn2_fw_input
[0:0] -A INPUT -i tun2 -m comment --comment "!fw3" -j zone_vpn3_fw_input
[0:0] -A INPUT -i tun3 -m comment --comment "!fw3" -j zone_vpnsrv_fw_input
[6:440] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
[0:0] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[6:440] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
[0:0] -A FORWARD -i wwan0 -m comment --comment "!fw3" -j zone_wan_forward
[0:0] -A FORWARD -i tun1 -m comment --comment "!fw3" -j zone_vpn1_fw_forward
[0:0] -A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_vpn2_fw_forward
[0:0] -A FORWARD -i tun2 -m comment --comment "!fw3" -j zone_vpn3_fw_forward
[0:0] -A FORWARD -i tun3 -m comment --comment "!fw3" -j zone_vpnsrv_fw_forward
[6:440] -A FORWARD -m comment --comment "!fw3" -j reject
[685:48072] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
[4633:1451968] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
[1685:1256516] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[2:664] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
[2946:194788] -A OUTPUT -o wwan0 -m comment --comment "!fw3" -j zone_wan_output
[0:0] -A OUTPUT -o tun1 -m comment --comment "!fw3" -j zone_vpn1_fw_output
[0:0] -A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_vpn2_fw_output
[0:0] -A OUTPUT -o tun2 -m comment --comment "!fw3" -j zone_vpn3_fw_output
[0:0] -A OUTPUT -o tun3 -m comment --comment "!fw3" -j zone_vpnsrv_fw_output
[1:60] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
[5:380] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
[13:780] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
[0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
[2:664] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
[6:440] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
[6:440] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpn1_fw forwarding policy" -j zone_vpn1_fw_dest_ACCEPT
[6:440] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpn2_fw forwarding policy" -j zone_vpn2_fw_dest_ACCEPT
[6:440] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpn3_fw forwarding policy" -j zone_vpn3_fw_dest_ACCEPT
[6:440] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpnsrv_fw forwarding policy" -j zone_vpnsrv_fw_dest_ACCEPT
[0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[6:440] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[1162:77519] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
[0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[1162:77519] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
[2:664] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
[2:664] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[1162:77519] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_vpn1_fw_dest_ACCEPT -o tun1 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[0:0] -A zone_vpn1_fw_dest_ACCEPT -o tun1 -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_vpn1_fw_dest_REJECT -o tun1 -m comment --comment "!fw3" -j reject
[0:0] -A zone_vpn1_fw_forward -m comment --comment "!fw3: Custom vpn1_fw forwarding rule chain" -j forwarding_vpn1_fw_rule
[0:0] -A zone_vpn1_fw_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_vpn1_fw_forward -m comment --comment "!fw3" -j zone_vpn1_fw_dest_REJECT
[0:0] -A zone_vpn1_fw_input -m comment --comment "!fw3: Custom vpn1_fw input rule chain" -j input_vpn1_fw_rule
[0:0] -A zone_vpn1_fw_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[0:0] -A zone_vpn1_fw_input -m comment --comment "!fw3" -j zone_vpn1_fw_src_REJECT
[0:0] -A zone_vpn1_fw_output -m comment --comment "!fw3: Custom vpn1_fw output rule chain" -j output_vpn1_fw_rule
[0:0] -A zone_vpn1_fw_output -m comment --comment "!fw3" -j zone_vpn1_fw_dest_ACCEPT
[0:0] -A zone_vpn1_fw_src_REJECT -i tun1 -m comment --comment "!fw3" -j reject
[0:0] -A zone_vpn2_fw_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[0:0] -A zone_vpn2_fw_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_vpn2_fw_dest_REJECT -o tun0 -m comment --comment "!fw3" -j reject
[0:0] -A zone_vpn2_fw_forward -m comment --comment "!fw3: Custom vpn2_fw forwarding rule chain" -j forwarding_vpn2_fw_rule
[0:0] -A zone_vpn2_fw_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_vpn2_fw_forward -m comment --comment "!fw3" -j zone_vpn2_fw_dest_REJECT
[0:0] -A zone_vpn2_fw_input -m comment --comment "!fw3: Custom vpn2_fw input rule chain" -j input_vpn2_fw_rule
[0:0] -A zone_vpn2_fw_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[0:0] -A zone_vpn2_fw_input -m comment --comment "!fw3" -j zone_vpn2_fw_src_REJECT
[0:0] -A zone_vpn2_fw_output -m comment --comment "!fw3: Custom vpn2_fw output rule chain" -j output_vpn2_fw_rule
[0:0] -A zone_vpn2_fw_output -m comment --comment "!fw3" -j zone_vpn2_fw_dest_ACCEPT
[0:0] -A zone_vpn2_fw_src_REJECT -i tun0 -m comment --comment "!fw3" -j reject
[0:0] -A zone_vpnsrv_fw_dest_ACCEPT -o tun3 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[0:0] -A zone_vpnsrv_fw_dest_ACCEPT -o tun3 -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_vpnsrv_fw_dest_REJECT -o tun3 -m comment --comment "!fw3" -j reject
[0:0] -A zone_vpnsrv_fw_forward -m comment --comment "!fw3: Custom vpnsrv_fw forwarding rule chain" -j forwarding_vpnsrv_fw_rule
[0:0] -A zone_vpnsrv_fw_forward -m comment --comment "!fw3: Zone vpnsrv_fw to vpn3_fw forwarding policy" -j zone_vpn3_fw_dest_ACCEPT
[0:0] -A zone_vpnsrv_fw_forward -m comment --comment "!fw3: Zone vpnsrv_fw to vpn2_fw forwarding policy" -j zone_vpn2_fw_dest_ACCEPT
[0:0] -A zone_vpnsrv_fw_forward -m comment --comment "!fw3: Zone vpnsrv_fw to vpn1_fw forwarding policy" -j zone_vpn1_fw_dest_ACCEPT
[0:0] -A zone_vpnsrv_fw_forward -m comment --comment "!fw3: Zone vpnsrv_fw to lan forwarding policy" -j zone_lan_dest_ACCEPT
[0:0] -A zone_vpnsrv_fw_forward -m comment --comment "!fw3: Zone vpnsrv_fw to wan forwarding policy" -j zone_wan_dest_ACCEPT
[0:0] -A zone_vpnsrv_fw_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_vpnsrv_fw_forward -m comment --comment "!fw3" -j zone_vpnsrv_fw_dest_REJECT
[0:0] -A zone_vpnsrv_fw_input -m comment --comment "!fw3: Custom vpnsrv_fw input rule chain" -j input_vpnsrv_fw_rule
[0:0] -A zone_vpnsrv_fw_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[0:0] -A zone_vpnsrv_fw_input -m comment --comment "!fw3" -j zone_vpnsrv_fw_src_ACCEPT
[0:0] -A zone_vpnsrv_fw_output -m comment --comment "!fw3: Custom vpnsrv_fw output rule chain" -j output_vpnsrv_fw_rule
[0:0] -A zone_vpnsrv_fw_output -m comment --comment "!fw3" -j zone_vpnsrv_fw_dest_ACCEPT
[0:0] -A zone_vpnsrv_fw_src_ACCEPT -i tun3 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_dest_ACCEPT -o wwan0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[2946:194788] -A zone_wan_dest_ACCEPT -o wwan0 -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_dest_REJECT -o wwan0 -m comment --comment "!fw3" -j reject
[0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
[0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
[0:0] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
[0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
[0:0] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
[0:0] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
[0:0] -A zone_wan_input -p tcp -m tcp --sport 1025 --dport 1024 -m comment --comment "!fw3: Allow-VPNSERVER" -j ACCEPT
[0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[0:0] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
[2946:194788] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
[2946:194788] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
[0:0] -A zone_wan_src_REJECT -i wwan0 -m comment --comment "!fw3" -j reject
[0:0] -A zone_vpn3_fw_dest_ACCEPT -o tun2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[0:0] -A zone_vpn3_fw_dest_ACCEPT -o tun2 -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_vpn3_fw_dest_REJECT -o tun2 -m comment --comment "!fw3" -j reject
[0:0] -A zone_vpn3_fw_forward -m comment --comment "!fw3: Custom vpn3_fw forwarding rule chain" -j forwarding_vpn3_fw_rule
[0:0] -A zone_vpn3_fw_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_vpn3_fw_forward -m comment --comment "!fw3" -j zone_vpn3_fw_dest_REJECT
[0:0] -A zone_vpn3_fw_input -m comment --comment "!fw3: Custom vpn3_fw input rule chain" -j input_vpn3_fw_rule
[0:0] -A zone_vpn3_fw_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[0:0] -A zone_vpn3_fw_input -m comment --comment "!fw3" -j zone_vpn3_fw_src_REJECT
[0:0] -A zone_vpn3_fw_output -m comment --comment "!fw3: Custom vpn3_fw output rule chain" -j output_vpn3_fw_rule
[0:0] -A zone_vpn3_fw_output -m comment --comment "!fw3" -j zone_vpn3_fw_dest_ACCEPT
[0:0] -A zone_vpn3_fw_src_REJECT -i tun2 -m comment --comment "!fw3" -j reject
COMMIT
# ip -4 addr ; ip -4 ro li tab all ; ip -4 ru
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP group default qlen 1000
inet 123.425.167.115/16 brd 123.425.255.255 scope global noprefixroute wlan0
valid_lft forever preferred_lft forever
4: wwan0: <BROADCAST,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
inet 11.111.11.133/27 brd 11.111.11.144 scope global wwan0
valid_lft forever preferred_lft forever
8: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
inet 123.425.111.181/16 brd 123.425.255.255 scope global noprefixroute br-lan
valid_lft forever preferred_lft forever
default via 11.111.11.122 dev wwan0 table 201
unreachable default table 202
unreachable default table 203
unreachable default table 204
default via 11.111.11.122 dev wwan0 proto static src 11.111.11.133
default dev br-lan scope link src 123.425.111.181 metric 208
11.111.11.111/27 dev wwan0 proto kernel scope link src 11.111.11.133
123.425.0.0/16 dev br-lan scope link src 123.425.111.181 metric 208
123.425.0.0/16 dev wlan0 scope link src 123.425.167.115 metric 303
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
broadcast 11.111.11.111 dev wwan0 table local proto kernel scope link src 11.111.11.133
local 11.111.11.133 dev wwan0 table local proto kernel scope host src 11.111.11.133
broadcast 11.111.11.144 dev wwan0 table local proto kernel scope link src 11.111.11.133
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 123.425.0.0 dev wlan0 table local proto kernel scope link src 123.425.167.115
broadcast 123.425.0.0 dev br-lan table local proto kernel scope link src 123.425.111.181
local 123.425.111.181 dev br-lan table local proto kernel scope host src 123.425.111.181
local 123.425.167.115 dev wlan0 table local proto kernel scope host src 123.425.167.115
broadcast 123.425.255.255 dev wlan0 table local proto kernel scope link src 123.425.167.115
broadcast 123.425.255.255 dev br-lan table local proto kernel scope link src 123.425.111.181
broadcast 192.168.1.0 dev br-lan table local proto kernel scope link src 192.168.1.1
local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1
broadcast 192.168.1.255 dev br-lan table local proto kernel scope link src 192.168.1.1
0: from all lookup local
32758: from all fwmark 0x40000/0xff0000 lookup 204
32759: from all fwmark 0x30000/0xff0000 lookup 203
32760: from all fwmark 0x20000/0xff0000 lookup 202
32761: from all fwmark 0x10000/0xff0000 lookup 201
32766: from all lookup main
32767: from all lookup default
As you can see, I already use the modem and configured vpn etc.. That's why the lists are so long now.
But the problem again, I get public and private ip depending on the apn i use, but without internet access. I have to correct, I get no internet access even with private ip. The problem occurs when using this SIM card.
The SIM that is not working with the Pi is not working on mobile devices like smartphones.
The SIM that works and that I use at the moment is a SIM from my mobile device.
There is no forwarding lan->wan. You have lan-> various vpn zones, but not wan, which includes the wwan interface.
The config works with the mobile phone's SIM. I configured kill switch.
Enabled lan > wan forwarding, still doesn't work.
IMEI fencing? My ISP told me, they only support several 4g lte devices.
Shut down VPN stuff temporarily. Examine routing table confirm that the LTE modem is the default route.
Ping to the Internet directly from the WAN: ping -I <your public IP> 8.8.8.8 That should not require any firewall rules other than the default output enabled on wan.
I can see some VPR and MWAN3 configurations in there. It would be helpful if you had mentioned something.
I wouldn't recommend using them both, as their functions overlap and at the end you can't be sure which one is deciding on the traffic manipulation.
So keep only one active and in case it still doesn't work tell us which IP/protocol/port are you trying to reach from which lan hosts and paste one more time the output of the previous commands.
Problem solved.
LTE via USB adapter is recognized as mobile device and/or unsupported device by ISP. The SIM card does only work with a modem/router model supported by ISP.
When I insert a SIM card that is compatible with mobiles devices, it works.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.