OpenWrt 22 with iptables. possible?

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi.

I had an old x86 router working with Opernwrt version 21.

Now I have a new x86 router with 6 ports Intel i-225v. The drivers igc doesn't work on kernel 5.4 (openwrt 21). I've installed 22.03.0 and ethernet bridge works well, but now I have other problem.

I have paid TV at home. Live TV is multicast and works well with igmproxy, but VOD (rtsp) and timeshift (rtsp too) don't work. I suppose it's related with the change to firewall4 and nftables. Before this version, it was working with iptables and kmod-ipt-nathelper-rtsp package. So i'm thinking.. is possible compile or install iptables and fw3 in 22.03.0 to have working igc drivers an kmod-ipt-nathelper-rtsp package? Or... does anybody know other alternative?

Thanks

1 Like
2

Sure, it is possible. I'm using iptables on a 22.03 myself.

3

And how have you done it? I've changed the defaults in include/target.mk:

DEFAULT_PACKAGES.router:=\
        dnsmasq \
        firewall \
        iptables \
        ip6tables \
        kmod-ipt-offload \
        odhcp6c \
        odhcpd-ipv6only \
        ppp \
        ppp-mod-pppoe

Compiled and flashed. The router seems to be working but if i list iptables rules it shows empty tables...

Thanks

4

I used image builder to do it. First, you remove the nftables packages and then add back the iptables packages; see below:

-firewall4 firewall -nftables iptables-legacy ip6tables-legacy -kmod-nft-offload kmod-ipt-offload
2 Likes
5

I’m using iptables on 22.03 too (actually snapshot). If you are building yourself, I could provide you my config.buildinfo.

Or my working custom image for x86 if you want…

6

Yes please... If you can share with me... thanks!

7

Here you can download both (Image and version.buildinfo):

This is a Snapshot Version from the 08.09.2022.

If you want a newer Version: I’m compiling a new image in this moment. Should be ready in approx. 30 min. I will put it on my cloud once it’s finished…

8

Thanks. I'm going to download and flash it

1 Like
9

The images works fine, but no luck with VOD and rtsp on-demand tv.

Comparing conntrack output beetween version 21 and 22 I can see a difference:

Version 21:

root@router:~# conntrack -L -p tcp –dport 554
tcp 6 7411 ESTABLISHED src=192.168.3.234 dst=172.26.85.9 sport=43935 dport=554 packets=42 bytes=10795 src=172.26.85.9 dst=10.195.118.235 sport=554 dport=43935 packets=25 bytes=4556 [ASSURED] mark=0 helper=rtsp use=2
conntrack v1.4.6 (conntrack-tools): 1 flow entries have been shown.

Version 22:

root@OpenWrt:~# conntrack -L -p tcp –dport 554
tcp 6 7438 ESTABLISHED src=192.168.3.234 dst=172.26.85.10 sport=40881 dport=554 packets=8 bytes=1650 src=172.26.85.10 dst=10.195.118.235 sport=554 dport=40881 packets=8 bytes=1277 [ASSURED] mark=0 helper=rtsp use=1
tcp 6 8 CLOSE src=192.168.3.234 dst=172.26.85.8 sport=43167 dport=554 packets=13 bytes=2259 src=172.26.85.8 dst=10.195.118.235 sport=554 dport=43167 packets=9 bytes=1384 [ASSURED] mark=0 helper=rtsp use=1
conntrack v1.4.6 (conntrack-tools): 2 flow entries have been shown.

The helper seems to be loaded but, why on version 22 I have two flows (one closed) with diferents IP?? It's extrange