OpenWrt 22.03: disable NAT for specific IP addresses

Hi all,

I decided to bite to bullet and upgrade my Linksys EA8300 to OpenWRT 22.03 from 21.02 this morning. I'm having some issues with a couple of Strongswan IPSec vpn's.

From my home network, say 192.168.109.0/24 I want to send traffic to 192.168.63.0/24 which is behind a IPSec vpn. When I now send a ping to, for example, 192.168.63.3 from 192.168.109.11, I see the traffic is going out the WAN interface and is being NAT-ted. This is not what I want to happen.

In release 21.02 I had this configuration in /etc/firewall.user:

iptables -t nat -I POSTROUTING -s 192.168.109.0/24 -d 192.168.63.0/24 -j ACCEPT

The result was traffic from the LAN to the other side of the VPN was now no longer being NAT-ted, but send through the VPN.

I understand /etc/firewall.user is no longer used and also iptables has been upgraded to nftables. Can someone tell me how I can translate above iptables command to an /etc/firewall redirect(?) rule?

Thank you and best regards,
Alexander

Use negation.

2 Likes

Thank you for your reply. These settings indeed did the trick!

BR,
Alexander

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.