OpenWrt 22.03: disable NAT for specific IP addresses

Hi all,

I decided to bite to bullet and upgrade my Linksys EA8300 to OpenWRT 22.03 from 21.02 this morning. I'm having some issues with a couple of Strongswan IPSec vpn's.

From my home network, say I want to send traffic to which is behind a IPSec vpn. When I now send a ping to, for example, from, I see the traffic is going out the WAN interface and is being NAT-ted. This is not what I want to happen.

In release 21.02 I had this configuration in /etc/firewall.user:

iptables -t nat -I POSTROUTING -s -d -j ACCEPT

The result was traffic from the LAN to the other side of the VPN was now no longer being NAT-ted, but send through the VPN.

I understand /etc/firewall.user is no longer used and also iptables has been upgraded to nftables. Can someone tell me how I can translate above iptables command to an /etc/firewall redirect(?) rule?

Thank you and best regards,

Use negation.


Thank you for your reply. These settings indeed did the trick!


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.