Redirect dest option

kokitodaito · March 18, 2021, 4:07am

My router has two internal zone, one is lan(192.168.8.0/24), another is guest(192.168.9.0/24). I created a redirect rule to let me access the internal webserver from outside, but when I set the rule I was confused with the dest option.

Here is the rule:

config redirect             
        option target 'DNAT'                
        option name 'web'        
        option src 'wan'                        
        option proto 'tcp udp'         
        option src_dport '51980'      
        option dest_ip '192.168.8.208'
        option dest_port '80'                                 
        option dest 'guestzone'

I can always access my webserver no matter what the dest option is, so I am not sure about the meaning of the dest option, is it useless when setting DNAT? And how can I limit the dest zone in this situation?

trendy · March 18, 2021, 11:32am

The dest zone option is not directly used in the DNAT rule.
However it is important that there is a rule in the destination zone to allow forwarding of the packets with a DNAT state.

vgaetera · March 19, 2021, 2:15am

Yes, dest is irrelevant for DNAT, I updated the wiki.

It is limited by dest_ip.

Yes, but the rule is in the source zone to allow ingress redirected traffic and it is created automatically:

As long as there's at least one DNAT redirect configured for the source zone.
When custom_chains=1 which is the default.

system · March 29, 2021, 2:15am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.